Re: [Fed-Talk] Particular user cannot login with AD account on one Mac - ANOTHER POSSIBLE SOLUTION FOR YOU
Re: [Fed-Talk] Particular user cannot login with AD account on one Mac - ANOTHER POSSIBLE SOLUTION FOR YOU
- Subject: Re: [Fed-Talk] Particular user cannot login with AD account on one Mac - ANOTHER POSSIBLE SOLUTION FOR YOU
- From: Mike H <email@hidden>
- Date: Wed, 8 Sep 2010 16:01:17 -0400
I am on 10.5.8 and there is only one AD user who cannot login to the Mac. Anyone else can. Additionally I have verified that he CAN login to a different Centrify-bound Mac.
I tried using /system/library/coreservices/Kerberos.app to get him a ticket, and when he tried to login, we got "Client credentials have been revoked" message. His AD account is not locked, nor is his password set to expire. I was able to get a ticket, no problem.
Does this info help out?
Thanks for all the suggestions!
-Mike
On Wed, Sep 8, 2010 at 2:51 PM, Wieprecht, Karen M.
<email@hidden> wrote:
Another possible solution:
We broke mac users’ ability to authenticate off of our windows active
directory one time by placing an IPv6 type entry in our local host table:
::1 localhost6
Commenting this entry out re-enabled logins, putting it back broke
them again like clockwork, so we are careful not to add this to our local hosts
table on the macs (10.4 flavors of OSX)
Karen Wieprecht
I've seen issue and they all seem to be unrelated. I have
seen a bad NIC cards cause this in 10.4, DNS settings -- also having a clock
off by 5 minutes has caused this too.
I believe you said the computer was bound using Centrify.
Although, I've never used Centrify extensively. If you can again, try unbinding
the computer from the domain and 'if' the computer is in AD Users and Computers
-- delete it.
Then login with a local admin account on the Mac and bind
the computer using Directory Utility and not Centrify.
As a last resort, if the aformentioned doesn't help, I would
backup the user home to a .dmg.
You can delete the account and save it to the deleted
folder. This would require opening the old account .dmg and moving only office
documents and certain preference files manually back into the new account such as Address Book, bookmarks and certain
third-party prefs.
I usually connect a FireWire drive to the computer and
backup the home directory to that location using a terminal command like below.
sudo hdiutil ditto -rsrcFork homedir
/Volumes/homedirbckup.dmg
Thanks,
Things you can get access to you should never remember.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden