Ix4-300d Cannot Log In Active Directory member
I have an ix4-300d that is an Active Directory member that will not let me log in with my username and password. I have tried restarting the device and still will not let me. I can see all of the shares when I type the "\\devicename\sharename" just fine. Any ideas on what I can do to log in?
Thanks,
Eric
Moderator comment: A post which did not conform to the Community Rules has been removed. Incivility will not be tolerated.
English Community Deutsche Community Comunidad en Español Русскоязычное Сообщество
Community Resources: Participation Rules • Images in posts • Search (Advanced) • Private Messaging
PM requests for individual support are not answered. If a post solves your issue, please mark it so.
X1C3 Helix X220 X301 X200T T61p T60p Y3P • T520 T420 T510 T400 R400 T61 Y2P Y13
I am not a Lenovo employee.
Similar Messages
-
EMacs cant log into active directory anymore
Hello,
I'm hoping you can give me some insight as to what is going on.
We run an active directory network which is basically all PCs.
We do however have two rooms with 12 eMacs in them each. Up until mid December they had been mostly fine but what we are exeriencing now is that they are having real difficulty logging into the active directory.
If i click on the names of the machines eventually i will see one of three things:
1. Green dot- network accounts available. These we can log into.
2. Yellow dot - some network accounts available. These we cant log into.
3. Red dot - no network accounts available. These we cant log into.
My knowledge of Macs is about a 3 on a scale of 1 to 10.
The DHCP server is server 2003
The eMacs are running OS X 10.4.11
I can log into them as local administrator and can browse the network and even get onto the internet when they are unable to log onto Active directory.
What ive done so far...
1. If i unbind and then rebind the mac using directory access they can log in for a while but then randomly they change so that we cant log into them anymore.
2. gave each of the macs an ip reservation on the dhcp server so that they always pick up the same ip address.
3. removed them from Active directory and re added them. even gave them different names.
4. Changed out the switch they were plugged into.
none of these has solved the issue so far so im hoping that someone might have seen something like this before...
thank you.Hi halo511, and a warm welcome to the forums!
My knowledge of Win/2003 is about 3 on a scale of 1 to 100!
I wonder if these might help...
http://support.microsoft.com/kb/834498
http://www.macwindows.com/Win2003.html
http://www.macosxhints.com/article.php?story=20050302023720578
http://allinthehead.com/retro/218/accessing-a-windows-2003-share-from-os-x
Does the Server have more than 1 NIC?
http://forum.soft32.com/mac/Windows-Server-2003-MacIntosh-ftopict7128.html
For stubborn Mac<->Windows® problems...
http://www.thursby.com/products/admitmac.html -
Cannot login with Active Directory Account
Hello,
I am testing SnowLeopard (10.6.1) for deployment in my labs for the Spring 2010 semester. We use local home directories. This is a brand new fresh install of SL, on a freshly formatted Hard Drive.
When bound to Active Directory I can get any AD account that I've tested (5 different accounts) to authenticate except one, which happens to be my own personal AD account.
The secure.log shows these entries when I attempt to login:
Oct 9 14:18:29 mac-0017f20fc40 SecurityAgent[209]: User info context values set for ctarbox
Oct 9 14:18:29 mac-0017f20fc40 authorizationhost[208]: Failed to authenticate user <ctarbox> (tDirStatus: -14090).
Considering that I could log in with other accounts, and after resetting my AD password then still not being able to authenticate, I came to the conclusion that I had a corrupt OU in Active Directory.
I contacted one of our AD admins and had him delete both of my AD accounts: ctarbox and ctarbox1 then recreate both accounts. I still cannot login to AD with my ctarbox account.
I can still login to my current lab machines anywhere on campus running 10.5.8 with ctarbox.
I am baffled by this. I have been authenticating to Active Directory since 10.1 and have never seen anything like this.
Any idea, anyone?
Cheryl Tarbox
Macintosh Support Specialist
Binghamton UniversityI have found the solution to my problem. I have accounts in two different domains in our AD tree. I'll called these domains Domain A and Domain B.
Domain A is the primary domain for authentication to our public computing labs.
Domain B is a secondary domain for authentication to shared resources for faculty/staff.
Both accounts have the same user ID, but different passwords. In my Directory Utility>Advanced>Administrative window I have the option "Allow authentication from any domain in the forest' checked.
With this option checked Directory Utility in 10.6.1 will allow me to authenticate Domain B, but not Domain A.
With this option checked in Directory Utility in 10.5.8 just the opposite is taking place, I can authenticate to Domain A, but not Domain B.
It seems that somewhere in the upgrade to 10.6.1 the search policy for Active Directory has changed. My workaround is to uncheck this option and specifically choose Domain A in the search policy. -
Cannot login using Active Directory credentials
We are experimenting with macs at our company. We bought a mac pro which is running 10.8.2. I am able to join active directory but cannot log in with any user account. I have tried logging in as myself and some test accounts. I have read some other forums to get some ideas but none have worked so far. I have tried to rejoin the mac to AD, check and uncheck different things under advanced options with no luck. These include Create mobile account at login, force local home directory on startup disk, force unc path from active directory to derive network home location, etc. I have confirmed the mac has a valid ip address with the correct dns settings. I can see users from the directory editor so I know there is some sort of communication with the domain. I am wondering if there is something small that I am missing. Any help is greatly appreciated.
have you set pam.conf ok? have you tested kinit to make sure you can get a ticket?
-
Active directory member;range=0-999 issue
Has anyone else run into a problem with active directory and
it returning the member attribute with the range attached? I am
running into this problem as discussed in a microsoft article (see
below). The data comes back fine and I get all the records I need.
BUT... the problem is the column name is returned as
"member;range=0-999" instead of just member as in a normal active
directory query. The problem is it has that semicolon in the column
name so trying to loop through the query or get to that data keeps
breaking it. So it is there, I just can't get to it. I have tried
escaping the semicolon or aliasing the column name, but I just keep
running into problems. I am hoping someone else has run up against
this or knows ways to get around invalid column names in a query.
If I have a resultset for a query that has a bad column name, how
can I get to that data?
When an Active Directory server returns the values of the
member attribute as the result of a directory search query, its
behavior varies depending on whether the total number of attribute
values for that object exceed the maximum limit on values
retrieved. For example, if a distribution list on a Windows 2000
Server contains 1000 or fewer member values, a search query will
return all of the values in a single call. However, if the list
contains 2497 member values, the first call to the search query
function will return the member attribute with no values, and an
additional member;range=0-999 attribute that contains the first
1000 member values. To retrieve the next group of member values,
the search query should be repeated using a range specifier that
begins at the attribute number one past the number of the previous
group returned. In this example, the search query function would
request the member;range=1000-* values, which would return the
member;range=1000-* attribute with no values and a
member;range=1000-1999 attribute with the next 1000 values. This
process is repeated until the last group of values is retrieved.
The end range on the last group retrieved from the server would be
indicated by an asterisk (*) in the returned attribute name.I found I was able so solve this using the method found at
the following address:
http://www.bennadel.com/index.cfm?dax=blog:357.view -
Delete local accounts created when logging into Active Directory?
When a user logs into their Mac using their Active Directory credentials, a new local user folder is created that corresponds to their login name. But a new account doesn't show up in the System Preferences Accounts. So how do I go about deleting this local account? Can I simply delete their Users folder?
Thanks.
G4 (model M8839LL/A) Mac OS X (10.4.8)AD does this with Windows, too. This is because the AD account is not the same as the local account. If you have a user with the username joeuser, and he has a local account named joeuser, he'll have a home directory in that name. If he logs into and AD system with the domain name ADDomain, there will then be an account with a name something like joeuser.ADDOMAIN, which, by definition, is not the same as the account joeuser. On a Windows box, at the same time as the joeuser.ADDOMAIN account is created the joeuser account will have its name changed; if the box's name is joe's_mac, the joeuser account will become joeuser.JOE'S_MAC. This kind of thing will apply only to users who have both local and domain accounts. Users who have only local accounts, such as jilluser, will not have their account name changed. Users who have only domain accounts, such as bobdomain, will not have their account name changed. Users will not notice any difference in the way they log in; they will log into their domain account, and see just what that account has access to, or will log into their local account, and see just what that local account has acces too, depending only on how they set the login box. They will never have to enter joeuser.ADDOMAIN, just joeuser... and the domain name in the proper place.
If you delete the domain account, a new one will be automatically generated as soon as the user logs back in using a domain account. Any data stored in that account will be deleted when you delete the account. -
HI All We recently purchased an ix4-300d to backup file on. I set a static IP and connected to the web interface. When I try to create a share, I get this error: The selected function is not available due to the state of the pools I tried updating the firmware just in case this is caused by a bug, but I can't either. It just sits there. Does anyone know how I can get past this error? Thanks.
Hi petrocelli,
What is the RAID configuration set to? Have you tried performing a factory reset from the web interface? If the device is new and is not functioning properly, I would recommend contacting technical support or returning the device to the reseller.
Have questions and need answers?
Search the database for answers to FAQ's, software/driver downloads, tutorials, news, features and more!
LenovoEMC Support & Downloads
LenovoEMC North America Support Contact Page -
Ix4-300D cannot remove mapped drives
Windows 8.1 Pro
When I go to "disconnect" the currently mapped drives (to the ix4-300D) they disconnect. When I reopen My Computer the maps are all back.
Moderator comment: Remark(s) contravening the Community Rules removed - implied profanity/profanity.
I see the mod removed the WT acronym, but didn't respond to the issue...typical.
Moderator comment: I would have offered advice, if I'd have had appropriate information for you. Per my sig, I am not a Lenovo employee. I am a volunteer moderator, as are all moderators. Regards.BTW: Could not find WT acronym here : http://www.acronymfinder.com/WT.html
Don't be too local or too 'specific', this is an international community which tries all the best in different languages ( not necessary mother tongues )
Are you talking about ext. USB-Drives connected to your NAS ( and therefore 'mapped' already NAS-internally) or about driveletters assigned to a NAS-share?
Can you leave a screenshot with the community.
I personally at this moment can only think of a MS issue, if none of the instructions provided here works for you
http://www.7tutorials.com/how-delete-mapped-drives-windows-7 ( indeed works similar with 8 )
Various PCs / Laptops ( sorry I still really love Dell and Fujitsu ;-))
Supporting Customers ix2s and ix4s -- Love Networking ( not only technically ).
I am not a Lenovo Employee.
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! -
Permissions issue binding and logging into Active directory
Hello:
We're having an issue with file permissions when our Macs connect to SMB shares via AD. We bind the macs to the active directory but when the users connect to the SMB shares (Go connect to server smb://.......) they see everything on the drive not just their shares. Is there a setting in the Directory utility that will only allow the user to see their shares or is this an issue on the windows side of the house. The windows users do not have this problem. Any help would be greatly appreciated.
Thanks, Rick
Mac Clients are running 10.6 thru 10.8Also be aware of Apple's white paper on this:
http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf
A wide variety of IT-focused white papers are available here:
http://training.apple.com/osx -
Remote Desktop Session Authentication logs in Active Directory
Hi
I would like to know when a Remote Desktop session happens between two workstations in a AD domain, Is there an event logged in the AD servers and if so what is the event code and Category.
Many Thanks,There is an event which is generated on source computers who initiating the remote desktop. If they are above Vista operating system look for 4648 event id in event viewer. You can track kerberos related events on domain controllers. Because
kerberos is responsible for authenticating in your environment, I am not really sure if explicit credentials are logged in event viewer.
Mahdi Tehrani Loves Powershell
Please kindly click on Propose As Answer or to mark this post as
and helpfull to other poeple. -
Hello All,
I am trying to get the information of all the user's who connect to our Domain network by signing in using the domain account. For this I am using the Windows audit group policies ( I am not sure of there is any other way). I can see when the user tries
to login to the network there is a audit event created on the AD/DC server. I can see the Kerberos authentication and logon/logoff events in the audit events under event viewer.
However the info which is being populated in these events include :- Hostname, IP address, Username and so on... But I can't see the MAC address of the user machine/system. Is there any way I can
get the Mac address of the endpoint system as its one of the important criteria for our project.
Any inputs on this would be appreciated, incase if there is any other way other than group policies please suggest.
Thanks,
Kavish> include :- Hostname, IP address, Username and so on... But I can't see
> the MAC address of the user machine/system. Is there any way I can get
> the Mac address of the endpoint system as its one of the important
> criteria for our project.
If you use DHCP, you can query the DHCP server. There's no builtin
method to get the MAC address directly.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Cannot Print. "The Active Directory Domain Services is currently unavailable"
Hi there
I cannot print and I have not been able to find the fix via existing forum threads.
System:
Win 7 Ultimate 64 bit German - Profile language is Danish (installed a week ago and completely windows updated)
Office 365 Small Business Premium
HP DV8 Laptop. i7, 512GB SSD, 8GB RAM
HP LaserJet P1006 USB printer.
Problem
No matter if I try to print from IE, Notebook, Word 2013 or anything else, I cannot chose my printer (P1006).
If I try to Add Printer in Word 2013, I get the "The Active Directory Domain Services is currently unavailable" error.
In Devices and Printers, the P1006 is visible, but there is no driver installed.
Trying to install the correct driver:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3435683&prodTypeId=18972&prodSeriesId=3435682&swLang=8&taskId=135&swEnvOID=4063
only creates a general error during installation: "Printer Software Installer has stopped working - A problem has caused the program to stop working correctly. Windows closes the program and will notify you if a solution has been found"
I have tried all the solution software from Windows, from HP (for the laptop and for the printer) - but nothing comes up with any details or suggestions.
What should I try?
Absolutely everything else works perfectly on the system.
Reffered here via http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/cannot-print-the-active-directory-domain-services/1cf47626-a2cd-4b7a-94b6-10cbc8ab02b0Hi,
I suggest you try the following:
1. Try the steps in the following article:
Troubleshoot printer problems
http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-printer-problems
Fix printing problems by resetting the print spooler
http://support.microsoft.com/kb/2000007
2. Let us try updating the printer driver which might help you in resolving the issue.
Click on the link below for more information on updating the printer drivers.
Find and install printer drivers
http://windows.microsoft.com/en-US/windows-vista/Find-and-install-printer-drivers
3. Remove the printer and add it again:
Go to Control Panel
Select Printers
Right-click on Add Printer
Select Run as Administrator
Now try to add your network printer
Also a thread for your reference:
Error message when attempting to print: Active Directory Domain Service is Currently Unavailable
http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/d6212275-24d6-4168-830a-9441f861cb76
Hope this helps.
Vincent Wang
TechNet Community Support -
How open and see Log File in Active Directory
Hello Friends.. ^-^
how i can open log files active directory and see this data files ?
Can export this logs ?
thanks for help.And adds a definition of edbxxxxx.log for completeness:
These are auxiliary transaction logs used to store changes if the main Edb.log file
gets full before it can be flushed toNtds.dit.
The xxxxx stands for a sequential number in hex. When the Edb.log file
fills up, an Edbtemp.log file
is opened. The original Edb.log file
is renamed to Edb00001.log, and Edbtemp.log is
renamed to Edb.log file,
and the process starts over again. Excess log files are deleted after they have been committed. You may see more than one Edbxxxxx.log file
if a busy domain controller has many updates pending.
Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you! -
SGD cannot access Active Directory
hello everyone
I have sgd server and Active Directory server in a segment before , they worked well.
now I place my sgdservers in a DMZ segment , and place the AD server in backend segment.
there is a firewall between the two segments. now sgd cannot access the ad in the web console.
I know there are some ports which must be opened as the manual said. but even if I open all ports between the two server(SGD server and AD server) , sgd still cannot access the active directory.
SGD Server : SGD4.4.1907 Solaris10
AD Server: windows2008
it seems that there is no problem when using nslookup
# nslookup adsrv1.mydomainname
Server: 10.0.4.111
Address: 10.0.4.111#53
Name: adsrv1.mydomainname
Address: 10.0.4.111
# nslookup 10.0.4.111
Server: 10.0.4.111
Address: 10.0.4.111#53
111.4.0.10.in-addr.arpa name = adsrv1.mydomainname.
# nslookup -querytype=any _gc._tcp.mydomainname
Server: 10.0.4.111
Address: 10.0.4.111#53
_gc._tcp.mydomainname service = 0 100 3268 adsrv2.mydomainname.
_gc._tcp.mydomainname service = 0 100 3268 adsrv1.mydomainname.
# nslookup -querytype=any _ldap._tcp.mydomainname
Server: 10.0.4.111
Address: 10.0.4.111#53
_ldap._tcp.mydomainname service = 0 100 389 adsrv2.mydomainname.
_ldap._tcp.mydomainname service = 0 100 389 adsrv1.mydomainname.Any prompt reply will be appreciatedI also use "dig" command to check DNS setting.
It is surprised that , I cannot dig with sgd server's hostname , but dig with sgd server's FQDN is successful .
# dig sgdsrv01
; <<>> DiG 9.3.4-P1 <<>> sgdsrv01
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: *SERVFAIL*, id: 1361
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;sgdsrv01. IN A
;; Query time: 1 msec
;; SERVER: 10.0.4.111#53(10.0.4.111)
;; WHEN: Tue Jan 20 10:44:20 2009
;; MSG SIZE rcvd: 26
# dig sgdsrv01.mydomain.com
; <<>> DiG 9.3.4-P1 <<>> sgdsrv01.mydomain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: *NOERROR*, id: 1613
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;sgdsrv01.mydomain.com. IN A
;; ANSWER SECTION:
sgdsrv01.mydomain.com. 3600 IN A 10.0.6.41
;; Query time: 1 msec
;; SERVER: 10.0.4.111#53(10.0.4.111)
;; WHEN: Tue Jan 20 10:44:37 2009
;; MSG SIZE rcvd: 61AND I also set /etc/hosts file as the following:
127.0.0.1 localhost
::1 localhost
10.0.6.41 sgdsrv01 sgdsrv01.mydomain.com telford
10.0.6.42 sgdsrv02.mydomain.com sgdsrv02
10.0.4.111 adsrv1.mydomain.com adsrv1
10.0.4.112 adsrv2.mydomain.com adsrv2
10.0.4.101 apsrv01.mydomain.com apsrv01
10.0.4.102 apsrv02.mydomain.com apsrv02 -
Force Active Directory Users to Log Into a Shared Local Profile.
I've searched long and hard for an answer to this but I've found very little info on it so I'm starting to wonder if it's at all possible.
On some of our "Presenter PC's" at work it has been deemed that the creation of a new account from the Default profile takes too long when logging into Active Directory and slows presenting down too much. Our Default profile is probably around 120Mb due to
the contents of the image after deployment and how every application is tailored for use hence the AppData folder takes the bulk of the size up and it's not an option to remove it.
These PC's are (for now at least but hopefully not for much longer) locked down by Deep Freeze which resets all changes to all files when the PC is rebooted so a shared profile is not a problem at this point in time.
What I want to know is whether there is ANY way to make it so that a user authenticating to Active Directory can ALWAYS be forced into a pre-configured, local profile running on Win 7 32/64 Pro?
I've been looking at credential providers and replacing USERINIT.exe. I'm just not 100% sure which part of the process actually tells the PC which profile to use. I know that the registry is checked for the user GUID and if not present creates a new entry and
copies the Default profile but I don't know quite where this is called and how to modify it.
My programming knowledge limited to a bit of CMD and AutoIt but I do know a few coders so if we really have to get our hands dirty on this it isn't the end of the world.
I should also add I've recently been toying with taking the AppData folder outside of the Default profile and creating a SymLink to it but upon copying the Default profile to a new profile (much quicker and more acceptable) the SymLink is lost and replaced
with a relatively empty set of folders which can't be deleted and replaced with a SymLink because the LSASS.exe process is using it and obviously you can't stop that process...
Making the PC log into a local profile on startup is also not an option because a user MUST log into AD to not be in breach of our AUP and all network drives must be availalbe (mapped by GPo and login script).
Any help is more than welcome at this point in time as I've pretty much exhausted all avenues that I know of and have turned to you helpful folk. CheersHi,
For mandatory profile, I suggest you refer to the following articles:
Customize the default local user profile when preparing an image of Windows
http://support.microsoft.com/kb/973289
mandatory profiles
http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/d2406a55-e053-45c5-b064-bf009c4bfafc
Hope this helps.
Vincent Wang
TechNet Community Support
Maybe you are looking for
-
Opening balance very urgent....
Hi Experts, Plese could anyone give me logic for How to calculate Opening balance and Closing balance for perticular period? Thanks in Advance... sudha.
-
My daughter downloaded Babylon (incredibar) malware and we tried to reset Firefox. It got hung up and I closed the window. When I tried to restart Firefox, I got the messsage "Firefox is already running...". I uninstalled and reinstalled Firefox as w
-
QuickTime can't play H264+AAC file??
I have a H264+AAC file, it played on VLC player is ok, but it can't play on QuickTime, have any tool can detect what's wrong? is it incorrect file format?
-
Hi!!! I'm doing a program with the following buttons: Run, Abort, Repeat and Exit. When the program starts from the first time only Run and Exit button will be enabled and not disabled so the user doesn't press the Abort and Repeat button. The user h
-
Microsoft Office 2008 apple os-x install...does it require a restart?
Microsoft Office 2008 apple os-x install...does it require a restart? wondered if i needed to restart my mac to complete installation? seems whenever i install a program that requires a restart to compltet installation my system crashes.... so i can