[KWik]

[QUOTE]
[CODE]
19.09.11 10:04:20,238 parentalcontrolsd: ActivityTrackerForUID [693:] — *** Couldn’t get user name from uid 3180098417
19.09.11 10:04:20,238 parentalcontrolsd: _FCXMIGUserCanLogin [2251:] — *** tracker for uid 3180098417 was nil.
…
19.09.11 10:04:21,774 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4: creating home directories for (hf-foo.local)
19.09.11 10:04:21,774 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4: created (/Users/klaus)
[/CODE]

and then the dealbreaker:
[CODE]
19.09.11 10:10:02,542 com.apple.launchd: (com.apple.launchd.peruser.3180098417[193]) getpwuid(“3180098417”) failed
[/CODE]

repeated ad nauseam.

IANAACSA, but this hints at some problems with the AD-OD communication, specifically that while OD manages to lookup my user name (through AD) and get my uid, it fails to do the reverse.
[/p][/QUOTE]

*sigh* OK

So a hint for you if you see the same as I do. Log in as a local user and try
[CODE]
id username
netstat | less
[/CODE]

and verify that you get all the required established connections to the server. I was on the wrong subnet. Trying again now.
—
Klaus Wik
(The ids has been changed to protect the inn innoc … *cough*)

[KWik]

[QUOTE][u]Quote by: aaulich[/u][p]Hi Ryan,

AD binding in Lion is broken (at least in the 10.7.0 version), so it might be that your script starts working again as soon as Apple has fixed AD binding.

Cheers,

André
[/p][/QUOTE]
[QUOTE][u]Quote by: electrowave[/u][p]
AD binding in Lion works fine. I was able to bind to AD with Lion right out of the box. The issue with Lion is when you try to bind to Open Directory. 10.7 will not bind to a server that is not at least 10.6 if it requires Authenticated Binding. It will fail every time.[/p][/QUOTE]

AD binding in Lion depends on server, I’d say. Wednesday I was unable to bind to a Win2008 server. Friday I managed to bind, but today the binding seems to be broken. After trying to fix it, DirectoryService isn’t even running after a reboot. Turns out killall DirectoryService is outdated. [CODE]opendirectoryd is a launchd(8) job which replaces “DirectoryService”[/CODE] …
Anyhow, before a softwareupdate at least I had contact with the catalogue (checking with id) but still I was unable to log in. I got the spinning beachball and had to force a restart after quite some time.

Logs say:
[CODE]
Sep 19 10:04:22 hf-foo com.apple.SecurityServer[22]: Succeeded authorizing right ‘system.login.console’ by client ‘/System/Library/CoreServices/loginwindow.app’ [58] for authorization created by ‘/System/Library/CoreServices/loginwindow.app’ [58]
Sep 19 10:04:22 hf-foo loginwindow[58]: Login Window – Returned from Security Agent
[/CODE]
and /Users/username dir has been created. But looking at all the logs, it seems that after my user was checked and cleared by Security Agent, parentalcontrolsd is acting up even before authorizationhost confirms a cerated home dir:

[CODE]
19.09.11 10:04:20,238 parentalcontrolsd: ActivityTrackerForUID [693:] — *** Couldn’t get user name from uid 3180098417
19.09.11 10:04:20,238 parentalcontrolsd: _FCXMIGUserCanLogin [2251:] — *** tracker for uid 3180098417 was nil.
…
19.09.11 10:04:21,774 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4: creating home directories for (hf-foo.local)
19.09.11 10:04:21,774 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4: created (/Users/klaus)
[/CODE]

and then the dealbreaker:
[CODE]
19.09.11 10:10:02,542 com.apple.launchd: (com.apple.launchd.peruser.3180098417[193]) getpwuid(“3180098417”) failed
[/CODE]

repeated ad nauseam.

IANAACSA, but this hints at some problems with the AD-OD communication, specifically that while OD manages to lookup my user name (through AD) and get my uid, it fails to do the reverse.

EDIT: formatting the quotes a bit.
—
Klaus Wik
(The ids has been changed to protect the inn innoc … *cough*)

[Author]

Posts