Symptom
After binding a Mac AD account log-ins fail (shaking login). Console logs report the following:
SecurityAgent[735] Could not get user record for 'username' from Directory ServicesSecurityAgent[735] User infor context values set for usernameSecurityAgent[735] unknown-user (username) login attempt PASSED for auditingSecurityAgent[735] Could not get the user record for 'username' from Directory Services
kinit [username] will generate a Kerberos ticket
id [username] will produce a list of LDAP info for the AD account
login [username] fails
Solution
If you see the Console log errors as described above it generally means that the computer is not able to create a mobile account at log-in. Try creating a mobile account from Terminal first:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
createmobileaccount -n username
sudo createhomedir -c -u username
Log out and back in with the user's AD credentials.
No comments:
Post a Comment