Re: [Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 242
Re: [Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 242
- Subject: Re: [Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 242
- From: "Simon, Gary" <email@hidden>
- Date: Thu, 4 Sep 2008 17:19:04 -0600
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 242
Title: Re: [Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 242
I’m mapping the UID to a field that was added to our Active Directory schema, which is our unix user id field. I guess you could call that static?
On 9/4/08 5:10 PM, "Daniel Hoit" <email@hidden> wrote:
Are you mapping the UID to a static attribute in Directory Access/Directory Utility?
--DH
On Sep 4, 2008, at 11:59 AM, email@hidden wrote:
I have submitted this as a bug to Apple, but I am curious to see if anyone else has seen this problem:
-------------------------------------------------------------------------------------------------------------------------------------
We are seeing an increasing amount of our Active Directory users that are being locked out from logging into Mac OS X after their initial login. The are able to login once, but after that they are no longer able to login with their Active Directory credentials. If you look at their account after a failed login attempt in the Accounts preference panel (advanced options) you see that the User UID is now set to -2 (nobody user).
We are using mobile accounts on all of our Mac OS X computers.
These same users are able to log into a Windows XP computer in the same Active Directory domain with their same credentials, but cannot log into any Mac OS X system in the domain.
If you try to read the record using the dscl read command you get the following error message:
<dscl_cmd> DS Error: -14136 (eDSRecordNotFound)
You can see that the record exists by doing a dscl ls command on the users directory, but cannot read the actual record.
The user cannot log in even if the computer has been disconnected from the network as the cached record seems to be broken.
Comparing a "broken" user record to a "working" user record did not seem to shed any light on the problem.
-------------------------------------------------------------------------------------------------------------------------------------
Gary
Daniel Hoit
System Management Solutions Group
Lawrence Livermore National Laboratory
Email: email@hidden <mailto:email@hidden>
Phone: 925.424.5256
Pager: 877.402.6321
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden