1)
Had you been able to login before? Ie were your credentials
cached?
2)
Can a user who has never logged into that machine log in?
3)
Did the user who can’t login change his password on a different
machine?
4)
Is he using FileVault?
5)
IS the machine still bound to AD? (Run this command in the
terminal to determine if the bind is still good: dscl /Search -read
/Users/<username of ad user>
10.5 was really picky about AD. Our 10.5 machine would lose
their bind frequently – fortunately 10.6 seems to be rock solid.
Jason
- -
Jason Bracy | SAIC
System Administrator | SAIC Creative
Energy | Environment | National Security | Health | Critical
Infrastructure
Please consider the environment before printing this email.
From:
fed-talk-bounces+jason.t.bracy=email@hidden
[mailto:fed-talk-bounces+jason.t.bracy=email@hidden] On Behalf
Of Mike H
Sent: Thursday, September 09, 2010 9:58 AM
To: Valentine, Colin M.; fed-talk
Subject: Re: [Fed-Talk] Particular user cannot login with AD account on
oneMac - ANOTHER POSSIBLE SOLUTION FOR YOU
It's not the time because I can
login. I've already had that happen to one machine but this is not the
issue with this one.
On Thu, Sep 9, 2010 at 9:43 AM, Valentine, Colin M. <email@hidden> wrote:
Check the time on that system....
Colin
>Cc: fed-talk
>Subject: Re: [Fed-Talk] Particular user cannot login with AD account on
>one Mac - ANOTHER POSSIBLE SOLUTION FOR YOU
>
>I am on 10.5.8 and there is only one AD user who cannot login to the
>Mac. Anyone else can. Additionally I have verified that he CAN
login
>to a different Centrify-bound Mac.
>
>I tried using /system/library/coreservices/Kerberos.app to get him a
>ticket, and when he tried to login, we got "Client credentials have
been
>revoked" message. His AD account is not locked, nor is his password
set
>to expire. I was able to get a ticket, no problem.
>
>Does this info help out?
>
>Thanks for all the suggestions!
>
>-Mike
>
>
>On Wed, Sep 8, 2010 at 2:51 PM, Wieprecht, Karen M.
><email@hidden>
wrote:
>
>
> Another possible solution:
>
>
>
> We broke mac users' ability to authenticate off
of our windows
>active directory one time by placing an IPv6 type entry in our
local
>host table:
>
>
>
> ::1 localhost6
>
>
>
> Commenting this entry out re-enabled logins, putting
it back broke
>them again like clockwork, so we are careful not to add this to our
>local hosts table on the macs (10.4 flavors of OSX)
>
>
>
> Karen Wieprecht
>
>
>
> From: fed-talk-bounces+karen.wieprecht=jhuapl.edu@lists.apple.com
>[mailto:fed-talk-bounces+karen.wieprecht
<mailto:fed-talk-
>bounces+karen.wieprecht> =jhuapl.edu@lists.apple.com] On Behalf Of
>Marquette Rogers
> Sent: Wednesday, September 08, 2010 2:19 PM
> To: Lamb, John (NIH/NHLBI) [C]
> Cc: fed-talk
> Subject: Re: [Fed-Talk] Particular user cannot login
with AD
>account on one Mac
>
>
>
> Hi Mike,
>
>
>
> I've seen issue and they all seem to be unrelated. I
have seen a
>bad NIC cards cause this in 10.4, DNS settings -- also having a clock
>off by 5 minutes has caused this too.
>
>
>
> I believe you said the computer was bound using
Centrify.
>Although, I've never used Centrify extensively. If you can again, try
>unbinding the computer from the domain and 'if' the computer is in AD
>Users and Computers -- delete it.
>
>
>
> Then login with a local admin account on the Mac and
bind the
>computer using Directory Utility and not Centrify.
>
>
>
> As a last resort, if the aformentioned doesn't help,
I would
>backup the user home to a .dmg.
>
>
>
> You can delete the account and save it to the deleted
folder. This
>would require opening the old account .dmg and moving only office
>documents and certain preference files manually back into the new
>account such as Address Book, bookmarks and certain third-party prefs.
>
>
>
>
>
> I usually connect a FireWire drive to the computer
and backup the
>home directory to that location using a terminal command like below.
>
>
>
> sudo hdiutil ditto -rsrcFork homedir
/Volumes/homedirbckup.dmg
>
>
>
> Thanks,
>
> Mr. Rogers
>
> Things you can get access to you should never
remember.
>
> Einstein
>
> Sent from iPhone
>
>
>
>
>
>
>
>
_______________________________________________
> Do not post admin
requests to the list. They will be
>ignored.
> Fed-talk mailing list
(email@hidden)
> Help/Unsubscribe/Update
your Subscription:
> 40gmail.com
>
> This email sent to email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be
ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>talk/mikehodges01%40gmail.com
>
> This email sent to email@hidden
>
>