Ix4-300d Cannot Log In Active Directory member

Similar Messages

• EMacs cant log into active directory anymore

  Hello,
  I'm hoping you can give me some insight as to what is going on.
  We run an active directory network which is basically all PCs.
  We do however have two rooms with 12 eMacs in them each. Up until mid December they had been mostly fine but what we are exeriencing now is that they are having real difficulty logging into the active directory.
  If i click on the names of the machines eventually i will see one of three things:
  1. Green dot- network accounts available. These we can log into.
  2. Yellow dot - some network accounts available. These we cant log into.
  3. Red dot - no network accounts available. These we cant log into.
  My knowledge of Macs is about a 3 on a scale of 1 to 10.
  The DHCP server is server 2003
  The eMacs are running OS X 10.4.11
  I can log into them as local administrator and can browse the network and even get onto the internet when they are unable to log onto Active directory.
  What ive done so far...
  1. If i unbind and then rebind the mac using directory access they can log in for a while but then randomly they change so that we cant log into them anymore.
  2. gave each of the macs an ip reservation on the dhcp server so that they always pick up the same ip address.
  3. removed them from Active directory and re added them. even gave them different names.
  4. Changed out the switch they were plugged into.
  none of these has solved the issue so far so im hoping that someone might have seen something like this before...
  thank you.

  Hi halo511, and a warm welcome to the forums!
  My knowledge of Win/2003 is about 3 on a scale of 1 to 100!
  I wonder if these might help...
  http://support.microsoft.com/kb/834498
  http://www.macwindows.com/Win2003.html
  http://www.macosxhints.com/article.php?story=20050302023720578
  http://allinthehead.com/retro/218/accessing-a-windows-2003-share-from-os-x
  Does the Server have more than 1 NIC?
  http://forum.soft32.com/mac/Windows-Server-2003-MacIntosh-ftopict7128.html
  For stubborn Mac<->Windows® problems...
  http://www.thursby.com/products/admitmac.html

• Cannot login with Active Directory Account

  Hello,
  I am testing SnowLeopard (10.6.1) for deployment in my labs for the Spring 2010 semester. We use local home directories. This is a brand new fresh install of SL, on a freshly formatted Hard Drive.
  When bound to Active Directory I can get any AD account that I've tested (5 different accounts) to authenticate except one, which happens to be my own personal AD account.
  The secure.log shows these entries when I attempt to login:
  Oct 9 14:18:29 mac-0017f20fc40 SecurityAgent[209]: User info context values set for ctarbox
  Oct 9 14:18:29 mac-0017f20fc40 authorizationhost[208]: Failed to authenticate user <ctarbox> (tDirStatus: -14090).
  Considering that I could log in with other accounts, and after resetting my AD password then still not being able to authenticate, I came to the conclusion that I had a corrupt OU in Active Directory.
  I contacted one of our AD admins and had him delete both of my AD accounts: ctarbox and ctarbox1 then recreate both accounts. I still cannot login to AD with my ctarbox account.
  I can still login to my current lab machines anywhere on campus running 10.5.8 with ctarbox.
  I am baffled by this. I have been authenticating to Active Directory since 10.1 and have never seen anything like this.
  Any idea, anyone?
  Cheryl Tarbox
  Macintosh Support Specialist
  Binghamton University

  I have found the solution to my problem. I have accounts in two different domains in our AD tree. I'll called these domains Domain A and Domain B.
  Domain A is the primary domain for authentication to our public computing labs.
  Domain B is a secondary domain for authentication to shared resources for faculty/staff.
  Both accounts have the same user ID, but different passwords. In my Directory Utility>Advanced>Administrative window I have the option "Allow authentication from any domain in the forest' checked.
  With this option checked Directory Utility in 10.6.1 will allow me to authenticate Domain B, but not Domain A.
  With this option checked in Directory Utility in 10.5.8 just the opposite is taking place, I can authenticate to Domain A, but not Domain B.
  It seems that somewhere in the upgrade to 10.6.1 the search policy for Active Directory has changed. My workaround is to uncheck this option and specifically choose Domain A in the search policy.

• Cannot login using Active Directory credentials

  We are experimenting with macs at our company.  We bought a mac pro which is running 10.8.2.  I am able to join active directory but cannot log in with any user account.  I have tried logging in as myself and some test accounts.  I have read some other forums to get some ideas but none have worked so far.  I have tried to rejoin the mac to AD, check and uncheck different things under advanced options with no luck.  These include Create mobile account at login, force local home directory on startup disk, force unc path from active directory to derive network home location, etc.  I have confirmed the mac has a valid ip address with the correct dns settings.  I can see users from the directory editor so I know there is some sort of communication with the domain.  I am wondering if there is something small that I am missing.  Any help is greatly appreciated.

  have you set pam.conf ok? have you tested kinit to make sure you can get a ticket?

• Active directory member;range=0-999 issue

  Has anyone else run into a problem with active directory and
  it returning the member attribute with the range attached? I am
  running into this problem as discussed in a microsoft article (see
  below). The data comes back fine and I get all the records I need.
  BUT... the problem is the column name is returned as
  "member;range=0-999" instead of just member as in a normal active
  directory query. The problem is it has that semicolon in the column
  name so trying to loop through the query or get to that data keeps
  breaking it. So it is there, I just can't get to it. I have tried
  escaping the semicolon or aliasing the column name, but I just keep
  running into problems. I am hoping someone else has run up against
  this or knows ways to get around invalid column names in a query.
  If I have a resultset for a query that has a bad column name, how
  can I get to that data?
  When an Active Directory server returns the values of the
  member attribute as the result of a directory search query, its
  behavior varies depending on whether the total number of attribute
  values for that object exceed the maximum limit on values
  retrieved. For example, if a distribution list on a Windows 2000
  Server contains 1000 or fewer member values, a search query will
  return all of the values in a single call. However, if the list
  contains 2497 member values, the first call to the search query
  function will return the member attribute with no values, and an
  additional member;range=0-999 attribute that contains the first
  1000 member values. To retrieve the next group of member values,
  the search query should be repeated using a range specifier that
  begins at the attribute number one past the number of the previous
  group returned. In this example, the search query function would
  request the member;range=1000-* values, which would return the
  member;range=1000-* attribute with no values and a
  member;range=1000-1999 attribute with the next 1000 values. This
  process is repeated until the last group of values is retrieved.
  The end range on the last group retrieved from the server would be
  indicated by an asterisk (*) in the returned attribute name.

  I found I was able so solve this using the method found at
  the following address:
  http://www.bennadel.com/index.cfm?dax=blog:357.view

• Delete local accounts created when logging into Active Directory?

  When a user logs into their Mac using their Active Directory credentials, a new local user folder is created that corresponds to their login name. But a new account doesn't show up in the System Preferences Accounts. So how do I go about deleting this local account? Can I simply delete their Users folder?
  Thanks.
  G4 (model M8839LL/A)   Mac OS X (10.4.8)  

  AD does this with Windows, too. This is because the AD account is not the same as the local account. If you have a user with the username joeuser, and he has a local account named joeuser, he'll have a home directory in that name. If he logs into and AD system with the domain name ADDomain, there will then be an account with a name something like joeuser.ADDOMAIN, which, by definition, is not the same as the account joeuser. On a Windows box, at the same time as the joeuser.ADDOMAIN account is created the joeuser account will have its name changed; if the box's name is joe's_mac, the joeuser account will become joeuser.JOE'S_MAC. This kind of thing will apply only to users who have both local and domain accounts. Users who have only local accounts, such as jilluser, will not have their account name changed. Users who have only domain accounts, such as bobdomain, will not have their account name changed. Users will not notice any difference in the way they log in; they will log into their domain account, and see just what that account has access to, or will log into their local account, and see just what that local account has acces too, depending only on how they set the login box. They will never have to enter joeuser.ADDOMAIN, just joeuser... and the domain name in the proper place.
  If you delete the domain account, a new one will be automatically generated as soon as the user logs back in using a domain account. Any data stored in that account will be deleted when you delete the account.

• Ix4-300d cannot create shares

  HI All We recently purchased an ix4-300d to backup file on. I set a static IP and connected to the web interface. When I try to create a share, I get this error: The selected function is not available due to the state of the pools I tried updating the firmware just in case this is caused by a bug, but I can't either. It just sits there. Does anyone know how I can get past this error? Thanks.

  Hi petrocelli,
  What is the RAID configuration set to? Have you tried performing a factory reset from the web interface? If the device is new and is not functioning properly, I would recommend contacting technical support or returning the device to the reseller.
  Have questions and need answers?
  Search the database for answers to FAQ's, software/driver downloads, tutorials, news, features and more!
  LenovoEMC Support & Downloads
  LenovoEMC North America Support Contact Page

• Ix4-300D cannot remove mapped drives

  Windows 8.1 Pro
  When I go to "disconnect" the currently mapped drives (to the ix4-300D) they disconnect.  When I reopen My Computer the maps are all back.
  Moderator comment: Remark(s) contravening the Community Rules removed - implied profanity/profanity.
  I see the mod removed the WT acronym, but didn't respond to the issue...typical.
  Moderator comment: I would have offered advice, if I'd have had appropriate information for you. Per my sig, I am not a Lenovo employee. I am a volunteer moderator, as are all moderators. Regards.

  BTW: Could not find WT acronym here : http://www.acronymfinder.com/WT.html
  Don't be too local or too 'specific', this is an international community which tries all the best in different languages ( not necessary mother tongues )
  Are you talking about ext. USB-Drives connected to your NAS ( and therefore 'mapped' already NAS-internally) or about driveletters assigned to a NAS-share?
  Can you leave a screenshot with the community.
  I personally at this moment can only think of a MS issue, if none of the instructions provided here works for you
  http://www.7tutorials.com/how-delete-mapped-drives-windows-7  ( indeed works similar with 8 )
  Various PCs / Laptops ( sorry I still really love Dell and Fujitsu ;-))
  Supporting Customers ix2s and ix4s -- Love Networking ( not only technically ).
  I am not a Lenovo Employee.
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!

• Permissions issue binding and logging into Active directory

  Hello:
  We're having an issue with file permissions when our Macs connect to SMB shares via AD.  We bind the macs to the active directory but when the users connect to the SMB shares (Go connect to server smb://.......)  they see everything on the drive not just their shares.   Is there a setting in the Directory utility that will only allow the user to see their shares or is this an issue on the windows side of the house. The windows users do not have this problem.  Any help would be greatly appreciated.
  Thanks, Rick
  Mac Clients are running 10.6 thru 10.8

  Also be aware of Apple's white paper on this:
  http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf
  A wide variety of IT-focused white papers are available here:
  http://training.apple.com/osx

• Remote Desktop Session Authentication logs in Active Directory

  Hi
  I would like to know when a Remote Desktop session happens between two workstations in a AD domain, Is there an event logged in the AD servers and if so what is the event code and Category.
  Many Thanks,

  There is an event which is generated on source computers who initiating the remote desktop. If they are above Vista operating system look for 4648 event id in event viewer. You can track kerberos related events on domain controllers. Because
  kerberos is responsible for authenticating in your environment, I am not really sure if explicit credentials are logged in event viewer.
  Mahdi Tehrani Loves Powershell
  Please kindly click on Propose As Answer or to mark this post as
  and helpfull to other poeple.

• Can I get the Mac address in Audit logs of Active directory server for the user's machine which connect to the network/Domain

  Hello All,
  I am trying to get the information of all the user's who connect to our Domain network by signing in using the domain account. For this I am using the Windows audit group policies ( I am not sure of there is any other way). I can see when the user tries
  to login to the network there is a audit event created on the AD/DC server. I can see the Kerberos authentication and logon/logoff events in the audit events under event viewer.  
            However the info which is being populated in these events include :- Hostname, IP address, Username and so on... But I can't see the MAC address of the user machine/system. Is there any way I can
  get the Mac address of the endpoint system as its one of the important criteria for our project.
  Any inputs on this would be appreciated, incase if there is any other way other than group policies please suggest.
  Thanks,
  Kavish

  > include :- Hostname, IP address, Username and so on... But I can't see
  > the MAC address of the user machine/system. Is there any way I can get
  > the Mac address of the endpoint system as its one of the important
  > criteria for our project.
  If you use DHCP, you can query the DHCP server. There's no builtin
  method to get the MAC address directly.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Cannot Print. "The Active Directory Domain Services is currently unavailable"

  Hi there
  I cannot print and I have not been able to find the fix via existing forum threads.
  System: 
  Win 7 Ultimate 64 bit German - Profile language is Danish (installed a week ago and completely windows updated)
  Office 365 Small Business Premium
  HP DV8 Laptop. i7, 512GB SSD, 8GB RAM
  HP LaserJet P1006 USB printer.
  Problem
  No matter if I try to print from IE, Notebook, Word 2013 or anything else, I cannot chose my printer (P1006).
  If I try to Add Printer in Word 2013, I get the "The Active Directory Domain Services is currently unavailable" error. 
  In Devices and Printers, the P1006 is visible, but there is no driver installed.
  Trying to install the correct driver: 
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3435683&prodTypeId=18972&prodSeriesId=3435682&swLang=8&taskId=135&swEnvOID=4063
  only creates a general error during installation: "Printer  Software Installer has stopped working - A problem has caused the program to stop working correctly. Windows closes the program and will notify you if a solution has been found"
  I have tried all the solution software from Windows, from HP (for the laptop and for the printer) - but nothing comes up with any details or suggestions. 
  What should I try?
  Absolutely everything else works perfectly on the system. 
  Reffered here via http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/cannot-print-the-active-directory-domain-services/1cf47626-a2cd-4b7a-94b6-10cbc8ab02b0

  Hi,
  I suggest you try the following:
  1. Try the steps in the following article:
  Troubleshoot printer problems
  http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-printer-problems
  Fix printing problems by resetting the print spooler
  http://support.microsoft.com/kb/2000007
  2. Let us try updating the printer driver which might help you in resolving the issue.
  Click on the link below for more information on updating the printer drivers.
  Find and install printer drivers
  http://windows.microsoft.com/en-US/windows-vista/Find-and-install-printer-drivers
  3. Remove the printer and add it again:
    Go to Control Panel
    Select Printers
    Right-click on Add Printer
    Select Run as Administrator
  Now try to add your network printer
  Also a thread for your reference:
  Error message when attempting to print: Active Directory Domain Service is Currently Unavailable 
  http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/d6212275-24d6-4168-830a-9441f861cb76
  Hope this helps.
  Vincent Wang
  TechNet Community Support

• How open and see Log File in Active Directory

  Hello Friends..   ^-^
  how i can open log files active directory and see this data files ?
  Can export this logs ?
  thanks for help.

  And adds a definition of edbxxxxx.log for completeness:
  These are auxiliary transaction logs used to store changes if the main Edb.log file
  gets full before it can be flushed toNtds.dit.
  The xxxxx stands for a sequential number in hex. When the Edb.log file
  fills up, an Edbtemp.log file
  is opened. The original Edb.log file
  is renamed to Edb00001.log, and Edbtemp.log is
  renamed to Edb.log file,
  and the process starts over again. Excess log files are deleted after they have been committed. You may see more than one Edbxxxxx.log file
  if a busy domain controller has many updates pending.
  Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!

• SGD cannot access Active Directory

  hello everyone
  I have sgd server and Active Directory server in a segment before , they worked well.
  now I place my sgdservers in a DMZ segment , and place the AD server in backend segment.
  there is a firewall between the two segments. now sgd cannot access the ad in the web console.
  I know there are some ports which must be opened as the manual said. but even if I open all ports between the two server(SGD server and AD server) , sgd still cannot access the active directory.
  SGD Server : SGD4.4.1907 Solaris10
  AD Server: windows2008
  it seems that there is no problem when using nslookup
  # nslookup adsrv1.mydomainname
  Server:         10.0.4.111
  Address:        10.0.4.111#53
  Name:   adsrv1.mydomainname
  Address: 10.0.4.111
  # nslookup 10.0.4.111
  Server:         10.0.4.111
  Address:        10.0.4.111#53
  111.4.0.10.in-addr.arpa name = adsrv1.mydomainname.
  # nslookup -querytype=any _gc._tcp.mydomainname
  Server:         10.0.4.111
  Address:        10.0.4.111#53
  _gc._tcp.mydomainname     service = 0 100 3268 adsrv2.mydomainname.
  _gc._tcp.mydomainname     service = 0 100 3268 adsrv1.mydomainname.
  # nslookup -querytype=any _ldap._tcp.mydomainname
  Server:         10.0.4.111
  Address:        10.0.4.111#53
  _ldap._tcp.mydomainname   service = 0 100 389 adsrv2.mydomainname.
  _ldap._tcp.mydomainname   service = 0 100 389 adsrv1.mydomainname.Any prompt reply will be appreciated

  I also use "dig" command to check DNS setting.
  It is surprised that , I cannot dig with sgd server's hostname , but dig with sgd server's FQDN is successful .
  # dig sgdsrv01
  ; <<>> DiG 9.3.4-P1 <<>> sgdsrv01
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: *SERVFAIL*, id: 1361
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;sgdsrv01.                      IN      A
  ;; Query time: 1 msec
  ;; SERVER: 10.0.4.111#53(10.0.4.111)
  ;; WHEN: Tue Jan 20 10:44:20 2009
  ;; MSG SIZE  rcvd: 26
  # dig sgdsrv01.mydomain.com
  ; <<>> DiG 9.3.4-P1 <<>> sgdsrv01.mydomain.com
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: *NOERROR*, id: 1613
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;sgdsrv01.mydomain.com.   IN      A
  ;; ANSWER SECTION:
  sgdsrv01.mydomain.com. 3600 IN    A       10.0.6.41
  ;; Query time: 1 msec
  ;; SERVER: 10.0.4.111#53(10.0.4.111)
  ;; WHEN: Tue Jan 20 10:44:37 2009
  ;; MSG SIZE  rcvd: 61AND I also set /etc/hosts file as the following:
  127.0.0.1       localhost
  ::1     localhost
  10.0.6.41     sgdsrv01   sgdsrv01.mydomain.com telford
  10.0.6.42     sgdsrv02.mydomain.com   sgdsrv02
  10.0.4.111    adsrv1.mydomain.com     adsrv1
  10.0.4.112    adsrv2.mydomain.com     adsrv2
  10.0.4.101    apsrv01.mydomain.com    apsrv01
  10.0.4.102    apsrv02.mydomain.com    apsrv02

• Force Active Directory Users to Log Into a Shared Local Profile.

  I've searched long and hard for an answer to this but I've found very little info on it so I'm starting to wonder if it's at all possible.
  On some of our "Presenter PC's" at work it has been deemed that the creation of a new account from the Default profile takes too long when logging into Active Directory and slows presenting down too much. Our Default profile is probably around 120Mb due to
  the contents of the image after deployment and how every application is tailored for use hence the AppData folder takes the bulk of the size up and it's not an option to remove it.
  These PC's are (for now at least but hopefully not for much longer) locked down by Deep Freeze which resets all changes to all files when the PC is rebooted so a shared profile is not a problem at this point in time.
  What I want to know is whether there is ANY way to make it so that a user authenticating to Active Directory can ALWAYS be forced into a pre-configured, local profile running on Win 7 32/64 Pro?
  I've been looking at credential providers and replacing USERINIT.exe. I'm just not 100% sure which part of the process actually tells the PC which profile to use. I know that the registry is checked for the user GUID and if not present creates a new entry and
  copies the Default profile but I don't know quite where this is called and how to modify it.
  My programming knowledge limited to a bit of CMD and AutoIt but I do know a few coders so if we really have to get our hands dirty on this it isn't the end of the world.
  I should also add I've recently been toying with taking the AppData folder outside of the Default profile and creating a SymLink to it but upon copying the Default profile to a new profile (much quicker and more acceptable) the SymLink is lost and replaced
  with a relatively empty set of folders which can't be deleted and replaced with a SymLink because the LSASS.exe process is using it and obviously you can't stop that process...
  Making the PC log into a local profile on startup is also not an option because a user MUST log into AD to not be in breach of our AUP and all network drives must be availalbe (mapped by GPo and login script).
  Any help is more than welcome at this point in time as I've pretty much exhausted all avenues that I know of and have turned to you helpful folk.  Cheers

  Hi,
  For mandatory profile, I suggest you refer to the following articles:
  Customize the default local user profile when preparing an image of Windows
  http://support.microsoft.com/kb/973289
  mandatory profiles
  http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/d2406a55-e053-45c5-b064-bf009c4bfafc
  Hope this helps.
  Vincent Wang
  TechNet Community Support