mike1210

Hello all,
I have a problem with a Lion client connecting to our Active Directory domain. I have made a profile using the Lion server config wizzard for the device. However when i try to login the screen shakes. using console login the error message is cannot create home directory, even though under console you can login. I tried swtiching this to mobile accounts but still to no avail. Below are screen shots of my setup and Mac client profile settings.

Can anyone see why this is not working.

http://i1137.photobucket.com/albums/...s/profile1.jpg

[IMG]http://i1137.photobucket.com/albums/...s/profile2.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...s/profile3.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...s/profile4.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...s/profile5.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...s/profile6.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...s/profile7.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...adius/wire.jpg[/IMG]

[IMG]http://i1137.photobucket.com/albums/...dius/wire2.jpg[/IMG]

Regards
Mike :-)

Markus

Ok, what exactly is the setup?
I'm guessing OS X client is bound via LDAP/OD to the OS X server. The OS X server is then bound to AD, therefore on a client, you can login with AD credentials, which get passed to the OS X Server and then that forwards them on to the AD server.
In other words, what I believe is called the golden triangle.

If that is the setup then it might be a problem I've seen on 10.5 Server (possibly 10.6 Server as well), whereby you MUST set a home directory for all users, otherwise you cannot login.

Have a look at the OD / LDAP log via Lion server, there might be some entry about some schema variable being required. I think you may see something like this:

object class 'posixAccount' requires attribute 'homeDirectory'

As for fixing it. You'd need to ensure the user account has the attribute homeDirectory and I think it does need something assigned to it. Again, let me trawl and see if I can find out how this was resolved.

If you want to drop me an email go ahead

mike1210

Thanks Markus, these Macs in question are only bound to AD not OD. Our labs are bound to both but customer laptops only AD. In the AD options force local home dirctory I'm 99% sure is ticked I'll double check tomorrow. It's a really odd issue

Markus

I was about to say, click on one of the text fields on the login dialog to see what it states about network accounts being available, but I'm not sure that is possible on Lion (bloody stupid if they have removed it!)
*edit* try this command to get some of the info back: sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName

You could login as local admin then jump into terminal and run dscl
type ls and it'll list the services, pretty sure AD should be among them, cd into it, ls, think there should be a Users section, cd into that and try an ls, think it won't show anything at that point, but you might be able to cd into a specific user account if you know the name of a user. You may also need to use read <item name> to print out the user info.

The theory being, if you can see a user object then the machine must be communicating with AD ok, if you can read a user record then you'll see the attirbs set, so look at things and see if they seem to be ok, specifically see what the home folder path is.

If when you're trying to CD into the AD node it moans, then it could be that AD isn't' working. Are these machines on 10.7.3, if not, try one of them on 10.7.3 and see if it works. I've been told that DDNS (not sure if you're using it or not) is a bit flaky on 10.7, but 10.7.3 is meant to make things a bit better.

Markus

Oh, and have a read of this and see if it helps any.

mike1210

thanks Markus I posted this on the apple discussions as well and this fixed it:

https://discussions.apple.com/messag...42432#17770944