Snow leopard Active Domain very odd problem
#1
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Snow leopard Active Domain very odd problem
Hi All,
Another Mac question for you Maccies
This is really odd, have a domain user on the network who can log into an XP machine and Tiger machine fine.
However when he logs into a leopard or Snow Leopard machine is states he is logged is as someone else? For example I log in as user bsmith and it says logging on bsmith with the progress bar, then an error message comes up stating "the home folder for user bsmith is not located in the usual place or cannot be accessed"
When you go to log off the machine it says log off dwilson not the user bsmith. Hence why the home folder cannot be accessed.
This is a really weird problem that I have never seen before. Has anyone ever seen this
To sum he can log on the Windows machines fine and Tiger machines but 10.5 and 10.6 say hes looged on as someone else?
Mike
Another Mac question for you Maccies
This is really odd, have a domain user on the network who can log into an XP machine and Tiger machine fine.
However when he logs into a leopard or Snow Leopard machine is states he is logged is as someone else? For example I log in as user bsmith and it says logging on bsmith with the progress bar, then an error message comes up stating "the home folder for user bsmith is not located in the usual place or cannot be accessed"
When you go to log off the machine it says log off dwilson not the user bsmith. Hence why the home folder cannot be accessed.
This is a really weird problem that I have never seen before. Has anyone ever seen this
To sum he can log on the Windows machines fine and Tiger machines but 10.5 and 10.6 say hes looged on as someone else?
Mike
#2
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
To me it sounds like a UID clash. Login as user dwilson then fire up Terminal and issue the command "ID" and take a screen shot. Logout and login as bsmith and check what the Logout command states, if it's still dwilson then again jump into terminal and issue the "ID" command and again take a screen shot.
Compare the screenshots, and look at what is reported for "uid". It should be unique, hence it's name, Unique ID, however, it is possible it is not unique, and my guess is that the prior users id is being retained and so when the next user logs in, it uses the old ID, the name of the user isn't relevant to the OS, it's the uid it really uses, as a name for an account can be changed but a uid would not be changed by a name change on an account.
From what you have said it sounds as though the machines are bound to AD via Directory Utility. From my experience of this the UID is typically picked up from a portion of the GUID from the users AD account, now, from what I recall, this isn't always unique, and in the past I have experienced issues due to this, plus the uid can also be what I'd call "out-of-bounds" in other words it's value is larger than 4294967295 (unsigned long) and the OS really does not like uid's over that value.
If the problem is the UID then there is a way to get a better uid from AD. It will require changing the Directory Service options for the AD plugin, and I'm not at home at present so cannot access my document which details what needs to be changed and where. Once I'm home tomorrow I'll look it up and let you know what it is.
The home folder side of things could well be because of the same issue because it's trying to access a folder the user has no access to because of the differing uids.
Compare the screenshots, and look at what is reported for "uid". It should be unique, hence it's name, Unique ID, however, it is possible it is not unique, and my guess is that the prior users id is being retained and so when the next user logs in, it uses the old ID, the name of the user isn't relevant to the OS, it's the uid it really uses, as a name for an account can be changed but a uid would not be changed by a name change on an account.
From what you have said it sounds as though the machines are bound to AD via Directory Utility. From my experience of this the UID is typically picked up from a portion of the GUID from the users AD account, now, from what I recall, this isn't always unique, and in the past I have experienced issues due to this, plus the uid can also be what I'd call "out-of-bounds" in other words it's value is larger than 4294967295 (unsigned long) and the OS really does not like uid's over that value.
If the problem is the UID then there is a way to get a better uid from AD. It will require changing the Directory Service options for the AD plugin, and I'm not at home at present so cannot access my document which details what needs to be changed and where. Once I'm home tomorrow I'll look it up and let you know what it is.
The home folder side of things could well be because of the same issue because it's trying to access a folder the user has no access to because of the differing uids.
#4
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
I'm back home now
Ok, here's the tip about UID's and AD.
Fire up Directory Utility, make sure you have clicked on the "Show Advanced Settings" option so you get the buttons across the top of the window.
Click on Services, then double click on the Active Directory item. Flick the triangle next to "Show Advanced Options" then click on the Mappings tab.
Enable the "map UID to attribute" option, the default value will probably be "uniqueID", you want to change it to "uSNCreated" (without the quotes, but in the case displayed). Click OK and then click Apply.
Reboot the computer and then login as the different users and see if you have the same problem. I'd probably fire up terminal and issue the "id" command to double-check what the values are being set to.
Ok, here's the tip about UID's and AD.
Fire up Directory Utility, make sure you have clicked on the "Show Advanced Settings" option so you get the buttons across the top of the window.
Click on Services, then double click on the Active Directory item. Flick the triangle next to "Show Advanced Options" then click on the Mappings tab.
Enable the "map UID to attribute" option, the default value will probably be "uniqueID", you want to change it to "uSNCreated" (without the quotes, but in the case displayed). Click OK and then click Apply.
Reboot the computer and then login as the different users and see if you have the same problem. I'd probably fire up terminal and issue the "id" command to double-check what the values are being set to.
#6
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Glad to help out, it's little stuff like this that can seriously annoy you.
Why Apple doesn't auto-configure the unique id to that aforementioned value I don't know, the option is disabled by default (I think) so it's using something else to obtain the uid which might exceed the bounds that the OS accepts and it'll cause all kinds of weirdness.
Why Apple doesn't auto-configure the unique id to that aforementioned value I don't know, the option is disabled by default (I think) so it's using something else to obtain the uid which might exceed the bounds that the OS accepts and it'll cause all kinds of weirdness.
#7
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Markus I might have spoken too soon. The support guys have discovered the below
The permissions for the user profile change once you restart the mac.
This only affects the domain accounts.
The owner changes to _unknown for the folder.
The actual username does not appear in the list of permissions and as a result the user doesn't have access to their documents.
I askem to change ownership via GUI and terminal but it reverts back once you re-boot .
The permissions for the user profile change once you restart the mac.
This only affects the domain accounts.
The owner changes to _unknown for the folder.
The actual username does not appear in the list of permissions and as a result the user doesn't have access to their documents.
I askem to change ownership via GUI and terminal but it reverts back once you re-boot .
Trending Topics
#8
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
I assume the documents are on a mounted file server volume?
have a look on macwindows and see if it's mentioned there at all.
it's odd as a restart should not change ownership or permissions as those should be set on the server and obtained by the user when they login.
have a look on macwindows and see if it's mentioned there at all.
it's odd as a restart should not change ownership or permissions as those should be set on the server and obtained by the user when they login.
#9
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Nah his profile is a local profile only his home directory is on an smb share. I'll look on that site, cheers for the link I didn't know of that site
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM