10.5.3:  Can't Create  Mobile Account

I have a MacBook Pro that authenticates to Active Directory.
When I try to create a Mobile Account
[ System Preferences --> Accounts --> Mobile Accounts:Create ]
I get prompted to
"*Enter your password to create a mobile account*"
However, it does not accept the password, responding with
"*Incorrect password*"
After three attempts, I get
"*Mobile account creation canceled*"
and then logged off.
I've tried both my Active Directory account password, and the local administrator password. Neither work.
At least I can get that far; in 10.5.2, the Mobile Account:Create button was greyed out.
Is anyone else having the same problem? Is there a fix for this?
I'm going to be out of the office next week for a conference, and would really like to get this working before then.
UPDATE: When trying to enable FileVault for my A.D. account, I get the following message:
*You cannot turn on FileVault for this account.*
*This account is either a network account or the home folder is on a server. You cannot turn on FileVault for these types of accounts.*
This makes this problem more than a minor annoyance, as my company policy -- and plain common sense -- requires encryption enabled for laptops.
Message was edited by: Robert Racansky

Hi Robert
On the Active Directory Server SMB Digital Signing Requirements (there are two: Server and Client) need to be disabled. It's not enough to leave them undefined. Once that has been done make sure client clocks are within 5 minutes of the server's time clock. In the Network Preferences Pane make sure the mac is using the AD DC for resolving internal DNS Services and the Search Domain field is filled in with the appropriate AD Domain Name. It's also advisable to fill in the WINS Tab with the relevant information for the AD..
Launch Directory Utility and select the Services Icon (click Show Advanced Options to see this). Select the Active Directory plug-in and click the disclosure triangle to show Advanced Options. Leave everything as the default and select 'Create Mobile Account at Login'. Fill in the Active Directory Domain field with the relevant information. For example if the AD's FQDN is adserver.addomain.com then the information should be addomain.com. Now click Bind. In the resulting window key in authentication details for an account that has authority for the AD Domain. Typically this would be the AD admin account name and password. What follows next will be a 5 step process. Depending on how well the AD has been configured this should take anything from 5-10 seconds and possibly 1-2 minutes. If it takes a short time this will be a good sign as to the 'health' of internal DNS Services as well as the AD configuration. The longer it takes the more the likelihood of problems.
By the way there is no magic fix for integrating/binding mac clients to an AD Server. Over 90% of how well this goes will rest with how well the AD is configured.
If the bind has been successful you should see a Kerberos TGT (ticket granting ticket) has been created in /Library/Preferences. It will be a file called edu.mit.Kerberos. You can inspect this and it should show the relevant details regarding the KDC (Kerberos Distribution Center). If you now log out you should see the Log in window display the local admin user as well 'Other'. It should look like a shadowed head and shoulders in front of a star field. Select this and supply your AD name and password. Provided the AD admin has defined a UNC path in the Profiles tab for your account on the AD Server for home folder creation and that you have full read/write privileges for that folder then you should be logging into your locally created home folder that also gets created at the same time on the AD.
Its best if you sync when logging out as there have been problems syncing at other times. Mileage may vary.
Hope this helps, Tony

Similar Messages

  • 10.4.11 - Can't create mobile account

    I reimaged one of our powerbook G4 laptops and ran S/W update getting it to version 10.4.11. After rebooting I could not create an Active Directory mobile user account. Tried all the normal things - repair permissions, rebind to AD and reboot, even trashed the edu.mit.kerberos file and all plists in /Library/Preferences/DirectoryService and rebind from scratch. I probably trashed the mcx settings in NetInfo Mgr, but I don't recall for sure. Also the 'ol reset-nvram and reset-all in OpenFirmware. Nothing helped - kept getting the "can't login, users home folder is on an AFP or SMB share". When I logged in as my local admin user, I could connect to the homefolder path using the mobile-user's credentials (with Kerberos).
    My solution was to reimage the laptop again (ver 10.4.10), bind to AD & reboot, create the mobile account and then run S/W update to 10.4.11.
    I'm not really looking for a solution here, just a warning to people that you may not want to create images at 10.4.11 if you use mobile accounts. I plan on using my 10.4.10 images for the time being.
    Ta ta,
    JHL
    P.S. I haven't tried this yet on our iBooks, eMacs or iMacs.

    Similar issue...
    Updated an iBook G4 today to 10.4.11. After reboot it logged in with a Network Account (not mobile account this time - AD set to not create mobile account and to not create local home). I unbound from AD, rebooted and created a NetRestore image. Rebound to AD, set the Authentication order and rebooted. Now the network account wouldn't login - gives the Can't login now, homefolder on an AFP or SMB server error. (homefolders, sharepoints and permissions just fine.)
    Now for the strange part... I got sidetracked for about a half hour, then I went back to the iBook and the Network account was able to login again. After several unbinding/reboot/rebinding/reboot processes, I narrowed it down to it takes about 11 or 12 minutes after binding to AD for the network account to login properly.
    I had another tech install the 10.4.11 update on an eMac and the logins worked ok. But when I had him unbind/reboot/rebind/reboot, he had the same 11 to 12 minutes before a network account can login (same error.)
    Now for another strange part... he tried unbind/rebind again, but left AD 3rd in the Authentication order (after NetInfo and LDAP for OpenDir). The network account could login right away - these are AD useraccts.
    In my experience since 10.3, I've always had to put AD before LDAP/OD in the authentication order for the user-acct to authenticate name/password to Active Directory properly. I plan on trying this with the iBook tomorrow.
    My homefolders for these accounts are on x-server running 10.4.10 (haven't been brave enough to update the servers yet.)
    Has anyone else experienced these 10.4.11 anomolies with network or moble accounts? Either with 10.4.10 or 10.4.11 servers?

  • Users unable to create Mobile Accounts

    Good afternoon.
    I have an interesting problem with the creation of Mobile Accounts.
    We have a Computer Group with its Preferences set to allow the creation of Mobile Accounts & Portable Home Directories; with due consideration given to what to synchronise and what not to. The iBooks & Mac Books in this group are all used by one staff member only. They are all running 10.4.7 and have 256 or 512 MB RAM.
    The first two laptops added to the list allowed their users to create Mobile Accounts & PHDs no problem, and they continue to work. But any other machines I add to the group refuse to allow the creation of a Mobile Account. It seems that Workgroup Manager does no pass on their changed Preferences during subsequent logons. I have tested this by renaming a laptop at its entry in the group and seeing if the name is changed on the machine at the next login. It is not, but stepping through the machine’s settings at the logon display does give me a green light for network availability.
    I can create a Mobile Account on a machine by logging on as a user and amending their account Preferences, but this does not provide the same degree of flexibility in configuring synchronisation settings.
    Has anyone else seen this problem please?
    Brian Bowell ICT Support
    [email protected]
    Tel: 07 856 6537
    Fax: 07 856 6588-- -

    The problem was an error in naming the computer group. Renaming it solved the problem.

  • I can't create an account on HP Web Service

    I have just bought an Photosmart 7510 and want to use the ePrint Center but I can't create an account. I try using my normal email account = error. I try using my email account printed from the Web Service Report in the printer = error.
    Any ideas to succeed?
    Rgs Martin

    Hi Martin, the problem here might be that you have created an online account with a HP service e.g. Snapfish some time in the past and when you've tried setting up the ePrintCenter account the password you've selected to use with the email address ifs different to the combination you used in the past. This is an issue that has cropped up on the forum before. Take a look at this post and see if this works for you http://h30434.www3.hp.com/t5/ePrint-Print-Apps-Mobile/I-am-having-problems-getting-into-eprint-becau...
    Best of luck.
    If my reply helped you, feel free to click on the Kudos button (hover over the "thumbs up").
    If my reply solved your problem please click on the Accepted Solution button so other Forum users may benefit from viewing the post.
    I am an HP employee.

  • Can't create eprintcenter account. "Create account" does nothing. Tried 2 different emails...

    Can't create eprintcenter account. "Create account" does nothing. Tried 2 different emails...

    Hello Jww1972,
    If you're having problems creating an ePrintCenter account and you already have a Snapfish account, try the following steps:
    -On the ePrintCenter login page, there is the blue Snapfish icon. This brings up a Snapfish login form.
    -If you do not remember your Snapfish password, go to Snapfish.com and use the snapfish “forgot your password?” tool.
    -Once you login in to ePrintCenter using your Snapfish login, you will now have an “HP Web Services” type account, you can use the normal login form without hitting the Snapfish button
    Are you using your Facebook account to log in to ePrintCenter?
    On February 1st, 2012 ePrintCenter stopped supporting account sign in through Facebook. If you previously signed into ePrintCenter with a Facebook account, you will no longer be able to do so, and you will need to create a new account to access ePrintCenter.  The steps for account creation vary depending on if you have a printer added to your account.
    If you do not have a printer added to your account:
    Visit  https://h30495.www3.hp.com/user_create and create a new HP ePrintCenter account.
    You will now use this new account to login to HP ePrintCenter.
    If you do have a printer added to your account:
    Disable Web Services on your printer. For most printers this will be done on the front panel of your printer. For some printers this will be done through your printer’s embedded web server. This removes your printer from your HP ePrintCenter account. For more details, visit https://h30495.www3.hp.com/help#printer_management.pm-remove-settings.
    Enable Web Services from the same place you disabled Web Services in step one. A page will automatically print out with your new printer claim code.
    Visit https://h30495.www3.hp.com/user_create and create a new HP ePrintCenter account.
    Create a new HP ePrintCenter account.
    Add your printer to your new account using the claim code on the page that printed out in step two.
    You can now create a friendly ePrint email address, download apps, and control ePrint settings from your new account.1 You will not be able to re-use the same friendly email address you had before you re-registered your printer.
    http://h30434.www3.hp.com/t5/ePrint-Print-Apps-Mobile/Using-your-Facebook-account-to-log-in-to-ePC/m...
    I am an HP employee

  • "Grouped" user cannot create Mobile account

    Hello
    Leopard Server 10.5.4 and Leopard client 10.5.4.
    In Server, we have a group of users called Group1. In this group we have a user called User1. When we try to create a mobile account, prompts for password, and then "There was an error creating mobile account" appears.
    When we try to create Mobile account for any user outside any group we have no problem.
    The Mobility prefs are the same in the Group1 and in the account outside the group.
    Any help appreciated.
    K.

    Look in the system log for clues.
    Also you can turn on ManagedClient logging from Terminal this way:
    sudo defaults write /Library/Preferences/com.apple.MCXDebug debugOutput -2
    Then reproduce the problem. The log will be here:
    /Library/Logs/ManagedClient/ManagedClient.log
    Remove /Library/Preferences/com.apple.MCXDebug.plist to stop logging (and increase performance).
    And please file a bug with Apple.

  • How can i create multiple accounts but use the same itunes?

    how can i create multiple accounts but use the same itunes?

    Hi iCloud is Making Me Go Crazy,
    You will need to create a new Apple ID for your GameCenter and iCloud services.  You can continue to use the current Apple ID you share with your Mom for access to iTunes Store purchases if you wish. 
    Using your Apple ID for Apple services
    http://support.apple.com/kb/HT4895
    Frequently asked questions about Apple ID
    http://support.apple.com/kb/HT5622
    Cheers,
    - Judy

  • I just bought a new Ipad mini a while ago, a created a new apple ID "***************" , I can't download anything on apps store, it keeps on asking for a credit card but I don't have one. Can I create an account without a credit card?

    I just bought a new Ipad mini a while ago, and created a new apple ID *********** , I can't download anything on apps store, it keeps on asking for a credit card but I don't have one. Can I create an account without a credit card?
    <Edited by Host>

    Read this:
    iTunes Store: Accepted forms of payment
    It is the same for the app store. You are required to have some sort of payment method in the record.
    Barry

  • HT2731 how can i create an account to sell my music?

    how can i create an account to sell my music?

    iTunes - Partner Programs -Content Providers
    http://www.apple.com/itunes/content-providers/iTunes - Partner Programs -Content Providers ...
    iTunes - Partner Programs - Sell Your Content
    iTunes - Partner Programs - Affiliates

  • How can someone create an account/register on my website?

    Hello!
    I'm somewhat new to Muse so I apologize if this question has already been asked.
    I wanted to create a link where someone can register/create an account on my page so that they will have the ability to have their own personal page when they log in. I would prefer to offer the option where they can either enter their own information, or login with facebook.
    How can I do this in Muse?

    To follow up on the Login behavior; it was done using Authpro.  The client did not want to change hosting just for this element.  I would like to see it added to Muse on a future release.  For most sites I continue to develop in DW, but find Muse quite handy for designing workable comps.  If Muse had a more robust selection of behaviors like non-BC client-side editing, login or non-BC contact forms I would be tempted to keep the Muse sites for more than comp use.  Heck, that would save time and increase revenue.  Of course nothing would be better than a clean roundtrip or export to DWCC. 
    Cheers,
    Jeffery

  • Can't create computer account in Workgroup Manager

    Hi everybody !.
    I am installing a new Xserve with Mac OS X Server 10.5.6 and I am having some trouble with computer accounts in Workgroup Manager.
    I have a couple of PCs with Windows XP that I have added to the Windows domain created by Mac OS X Server with no problem,and they do appear in my computer account list, with the name PC_NameX$.
    My Xserve also appears in this list with the name ServerName.DomainName$
    But my iMacs (with Mac OS X 10.4.11) are not listed. When I try to create their accounts, I write their names and their MAC address but when I push the button "Save", Workgroup Manager says that I can't create this account because there is a computer with that name and that MAC address yet.
    I can't find a solution for this problem by myself. Could anybody give some advices to solve it ?.
    Many thanks.

    Hi Mabel,
    In my computer list appears my Windows computer names (followed by a "$" symbol, i.e., name$) and my Xserve name followed by domain name and a "$" symbol, i.e, name.domain$. Finally, there is a Guest account I added a few days ago (without "$" symbol).
    No iMac is listed here. When I try to add them manually, I write "Name", "Short Name" and "Ethernet ID" fields, and when I push "Save" button, I get this message:
    "The name you have chosen conflicts with a name assigned to another computer. You can’t assign the name “Pollux” to two different computers. Remember that names are not case-sensitive when checking for conflicts." (Pollux is the name I gave to one of the iMacs).
    If I change this name and use another one, but I don't change "Ethernet ID" and then push "Save", the message is:
    "The ethernet address you have chosen conflicts with an ethernet address assigned to another computer. You can’t assign the ethernet address “00:17:f2:d3:38:95” to two different computers."
    So, It seems that WGM knows Name and Ethernet ID from this iMac because it does not let me type them again, but I have not typed this information before nor the iMacs are listed in computer list.
    This is what I don't understand.
    I have have read chapter 6 "Setting Up Computers and Computer Groups", the one that starts on page 105, from top to bottom. I have not found a single clue that helps me solving this problem. Here explains the procedure when everything is working properly.
    Finally, another piece from the puzzle. There is an iMac, that always connects to Directory with Airport interface. I have tried to add this iMac, manually. Well, I get the name conflict message, the Ethernet ID conflict message (with its airport id) and... an Ethernet ID message when I type its Ethernet ID. It seems Directory knows this Ethernet ID even, it has never been used to connect to it.
    Is there some detail I am missing ???.
    Kind regards.

  • HT5114 How can I create multiple accounts without the necessity to create multiple email addresses?  I now have 2 i-phones (mine and my wife's#, 1 i-pad #mine#, 1 i-pad mini #10 year old's#, and 1 I-pod touch #11 year old's).  I would like to maintain pur

    How can I create multiple accounts without the necessity to create multiple email addresses?  I now have 2 i-phones (mine and my wife's), 1 i-pad (mine), 1 i-pad mini (10 year old's), and 1 I-pod touch (11 year old's).  I would like to maintain purchase control, but would like to be able to have a separate account ID for each person.  Is that possible?

    Each email address can only be on one iTunes account, and all purchases are tied to the account that buys them. If you want to have separate iTunes accounts on each then you will need separate email accounts for each iTunes account

  • Sorry I can't create my account in my App store, because i am not in that region. I live in Cambodia. Can u fix it as soon as possible? Now there are many citizen in Cambodia use a lot if Apple products.

    Sorry I can't create my account in my App store, because i am not in that region. I live in Cambodia. Can u fix it as soon as possible? Now there are many citizen in Cambodia use a lot if Apple products.

    Go to http://www.apple.com/asia/support/mac/app-store/ , click on 'iTunes Store Account and Billing' then 'Billing Enquiries' to get a link to email them. Ask them whether there is a way you can purchase Apps, perhaps by nominating one of the listed countries (Vietnam, for example).

  • Can't create POP account

    It happens that I can't create POP accounts, while I do easily with Entourage.
    The same data in Entourage work while in Mail don't.
    I can't understand why. Can anyone tell me what's wrong?
    Thanks

    Hector,
    A subtle difference between Mail and Entourage, is in the use of Username. In Mail, what you enter in the Username box of Mail Preferences must be exactly what is required by the provider of the POP server -- this will either be the true username, which is the portion of the email address in front of the "@", which is how it is done for a .mac, or for some providers it must be the entire email address, repeated as the Username entry (this is how it must be for Gmail). You must test with each, or find a support document that provides the format you must enter as the Username.
    I think Entourage, at least sometimes, is able to derive the Username from the email address, and negotiate through this choice.
    Let me know if changing the form of the Username entry will resolve this.
    Ernie

  • Can't create webOS account.

    I just bought TouchPad, startup it, chosen a wifi, and have appeared window with creating webOS account. I filled in all fields and pressing create, after appears warning message (We are unable to create an account for you. Please try in a few minutes or contact HP for help resolving this problem.)
    I do this more than 30 times along a day, but nothing changes.
    What happend?
    Can I create an account in some different place ?
    Post relates to: HP TouchPad (WiFi)

    Are you sure it's connecting to your WiFi source?  Are you talking about a home network with your own router?  Try cycling power to the router, then attempt to create the account.
    You could also try rebooting the TouchPad - go to the "Device Info" app, then tap the "Reset Options" button and the "Restart" button after that.
    If still no joy, I'd follow the suggestion given you - call HP's webOS Butler service.. See this page for info:
    http://kb.hpwebos.com/wps/portal/kb2/common/article/66149_en.html
    Wyrenut 
    I am a Volunteer here, not employed by HP.
    You too can become an HP Expert! Details HERE!
    If my post has helped you, click the Kudos Thumbs up!
    If it solved your issue, Click the "Accept as Solution" button so others can benefit from the question you asked!

Maybe you are looking for

  • Can You Use an iPad With a G5?

    My mother in law just got an iPad, but has been unable to set it up with her G5 PowerMac.  When she first connected the iPad, it told her that her iTunes was too old, so she updated that.  Then it said the just-updated iTunes would not run with her O

  • Not able to delet the order

    hi friends I am not able to delet maintenance order. I have the following error message when I try to. What should I do? Thanks. Balance of ORD 1000006902 is not zero Message no. KO115 Diagnosis The balance on object ORD 1000006902 is not zero. That

  • Still frame from timeline

    In imovie06 I was able to make a still image from the ntime line and use in my project. Can anybody point me to this facility within Final Cut Express, please?

  • Problem using a Boolean variable

    Greetings; I'm writing a game in which the player and 'enemies' fall off the screen when they 'die'. The problem is that I also want to constrain their  movement to within the screen boundaries whenever they have not been killed. To start  I thought

  • How can I create my own iWeb menu bar?

    Hi! I would like to know how can I make a completely different menu than the ones iWeb has for my website? Can you explain step by step? Regards,