Network User Login Hangs at 'loginwindow' Occasionally

Similar Messages

• Network user login not always correct

  I am using OS X ML (Mac mini server, 8GB RAM, ML 10.5.8) with several clients (mainly iMacs) logging in the OD. Most of the time the login process seems to work OK, but apparently something goes wrong and the trash is not correctly recognised (getting the infamous "items will be deleted immediately"). Logging out and then again in (sometimes this must be done repeatedly - 3 or 4 times) usually settles it and the trash behaves again normally.
  Any idea why?

  The Snow Leopard/Mac mini Server is bound to the Leopard Server directory. And on the Snow Leopard Server the Network Account Server is set to the Leopard Server. The only issue I am having is that I have a network account, but I cannot login into the Snow Leopard Mac Mini server as a network account user, although I can login into the Snow Leopard Mac mini server as every other network account user on my network. AND I can login into my network user account form the other Leopard Client machines in my office.

• Network user login keychain

  Guys,
  Got one of my network users using his network account - he has an RSS aggregator that's continually popping up and asking to use his login keychain password. I mean "continually" - 20-25 times a day. Now the reason it needs it is fine - he's accessing feeds from one of our own wiki servers which also authenticates using his network user account, however I've set it to "Remember this password" to no avail.
  I've even trashed his login keychain and created a brand new one, but still no joy. Has anyone got any incredibly helpful suggestions, lol?
  This is also posted in the 10.6 server section (since that's the OD server that manages his account).
  Thanks (hopefully) in advance,
  Matt

  Ok then, I got one for you. Similar sort of thing. Just created a 10.6 server, created all the relevant users within WGM, then imported the home folders from the previous 10.5 server. Ensured all new UIDs matched the UIDs from the 10.5 WGM because it then simplifies permissions - i.e. all the permissions are recognised by the new server automatically for the right users.
  Now for one of my users, her login keychain is never open by default. When you start Keychain Access (she's on 10.5.8 btw) you get the System keychain and the System Roots list of certificate authorities, but no login keychain.
  Have checked the permissions of her ~/Library/Keychains/ folder and they're correct, as are the permissions for ~/Library/Keychains/login.keychain.
  Double-clicking on the login.keychain file opens it up just fine in Keychain Access, however as soon as you close KA and re-open it, the login keychain's gone again.
  I've tried importing a keychain, adding an existing keychain (obviously the login one) and creating a new keychain called login, none of which work - there's no error, it just ignores me.
  I'd rather not create a temporary user account, transfer all the docsuments/mail etc, delete the original and recreate a new one using the old name and copy everything back, but unless someone can help me out, that's what I'm going to have to do.
  There has to be some guru's out there somewhere that can help???
  Thanks in advance,
  Matt

• Network User Login on Server: 2 questions

  I'm configuring a small home network using Mavericks Server and have a question about logins.  My concern is based on this note:
  http://support.apple.com/kb/TS3090
  My configuration:
  iMac 2.9 Ghz Intel Core i5 running Mavericks Server
  MacBook Air 1.8 GHz Intel Core i7, OS 10.7.5
  MacBook Pro  2.5 GHz Intel Core 2 Duo, OS 10.7.5
  MacBook 2 GHz Intel Core 2 Duo, OS 10.6.8
  My goal: serve all accounts from the iMac with networked home directories, allowing users to log in from any machine - including the server - and work.  The above tech note seems to rule this out - but I want to be see if there is a configuration that will allow me this freedom.  We have 4 users and three client computers.
  Thanks!

  I cannot say for sure that concurrently using the server as a client does not work but my two cents are below.
  I do exactly what you are on a slightly larger scale. We have 8 users who share 7 machines. All users can log in on all machines except our server. I have been running an Apple server for the last 20 years.
  I understand the financial impact of adding hardware in a small business. I also don't want to be the guy to tell your idea is not a good one, but general practice for most here is to have a dedicated machine. Mini Server can be bought for $1000. Minis for less and server added for a nominal charge.
  An example why a dedicated server machine would be important:
  Network user has logged in on the server machine and an application they are using crashes and winds up freezing the server. All users are then suffer from problems because their network accounts cannot write back to the server. Open files each user had may wind up corrupted causing loss of productivity or loss of vital data. User preferences may wind up corrupted. Every user in your office now cannot get any work done until you come back to fix it.
  Our dedicated server gets "confused" sometimes, lets say once every few months, and some of the same problems above occur. Periodic reboots reduce problems we face. If you run a server and use it as a client I would expect issues on a weekly basis.
  Hope this helps. Good luck.
  -Erich

• Mac OSX Lion Server Network User Login Issue

  We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
  About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
  Fast forward to now, and we've added a new user - Hannah - to our system.
  I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
  She appears in the Logon list on the client machines, and here's where the trouble starts...
  Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
  We've tried sudo kinet on the Terminal as a local user, with variable results.
  I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
  Thanks in advance!

  Your problems are likely occurring because you added her to the directory with Workgroup Manager.
  You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
  My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
  First the user is added to the default "Workgroup" group.
  More importantly (and the source of much confusion), the user is automatically added to SACLs.
  Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
  I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

• Help Needed - Network user login

  Hi Guys,
  Need help.
  I Have a network of imac's which connect to a leopard server OD master. All my user can log on apart from one machine, where none of the users can log in to.
  I have checked the username and passwords and are all correct, but on this one machine the logon screen just shakes just like when a incorrect password is entered.
  Any ideas

  I'm not sure if this is relevant to your situation (which has probably been long solved), but it might help others reading this thread: I've been experiencing a similar problem with network users not being able to log onto a machine and I learned from this thread (http://discussions.apple.com/thread.jspa?threadID=1788420&tstart=30) that network users must have a home directory defined in WGM, even if you're not using networked home directories. Admittedly, the fact that your users could log in from all but one machine suggests that the problem was more likely on the client machine than the server.

• Disable network user login

  Hi forum,
  I installed Mac OS X Server for development reasons in a virtual machine. After I restarted my Mac (not the VM), I had to select a user. The choices are my regular account or other network users.
  As I am not really connected to a Mac OS X Server - how can I get rid of that "other user" option?
  I have already removed "LDAPv3" and "ActiveDirectory" from the directory services list, but this did not help.
  Cheers,
  Sven
  PS: I am running a German version, so I translated freely... therefore the wording might not be accurate.

  I finally found the source of the 'error'. First of all: there was no error, everything works as designed.
  After executing 'dscl . -list /Users UniqueID' I found an user with the ID 501. This user was created by an application I installed in the same session when I ran the OS X Server VM. I did not expect that application to add a new user, so I suspected OS X to be the cause.
  So after all: the topic of my thread is actually wrong. Thank you very much for your time, Björn. I am sorry, that it was a kind of fake error.

• Network account logins hang and spinning ball in Mavericks

  Hello,
  All of a sudden on Monday, 11/3/14, I started getting reports from Mac users that they were running into the spinning ball of death (SBOD) during login. The Macs in question are all running OS X 10.9 (between 10.9.3 and 10.9.5), and bound to active directory through directory utility, and the accounts being used to login are active directory/network accounts. The hardware is identical for all users as well (15" Macbook Pro, 16GB RAM, 2.0GHz Core i7 CPU)
  I haven't been able to come up with much rhyme or reason to this yet as not all of my Mac users have been affected, and some are having to wait longer than others. I'm suspecting it is something with my Active Directory setup, but have not been able to find much useful information the the Windows Event Log. However, I'm not completely sure that's where the issue lies either because some of the MB Pros will sit at the login screen with the SBOD before the user has even tried typing their username.
  What I'm trying to figure out is where should I be looking in Console for any hints at what might be going on or hanging up the boot process? I seem to have a lot of entries being created during the login process, but I'm not as familiar with Console as I should be for troubleshooting this so I'm hoping for some community guidance.
  One thing I did find that didn't help was removing one of the search paths. That path does not exist on our machines so that isn't the issue.
  Thank you in advance for your assistance

  So I've done some snooping with Wireshark and the Mac is sending IGMP requests like crazy while it appears to be hung up. Almost non-stop outbound to port 11111. This only seems to happen with Macs that are joined to the domain. I'm using a Thunderbolt Ethernet adapter. It seems to have problems over Wifi though too, but haven't analyzed that traffic yet to verify it's the same IGMP requests. If I disable wifi and remove the Thunderbolt Ethernet from Network in System Preferences, then reboot, then the system seems to boot quickly.
  I found another topic about Thunderbolt Ethernet and IGMP kernel panics, but I don't seem to be having any panics. It's just that the system will hang for 10 minutes before going to the desktop, and then possibly longer before it will show any icons.
  Anyone have any ideas?

• How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

  Hi,
  I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
  I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
  Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
  Thanks,
  Chris

  I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

• Unable to login network user from login windom. SSH login ok.

  I have a MacOS 10.6 client and ldap network users server by MacOS 10.4 Server. Trying to login via the login window I get "Logging in..." which tries forever (or until I reboot).
  * SSH login works fine with network users.
  * Local users can login.
  * Network access is allowed by all users (Preferences->Login)
  * Removing ~/Library/ from the network user doesn't work.
  Logging in via SSH while the login screen is hanging I get:
  [mikael@melba ~]$ ps -Umikael
  PID TTY TIME CMD
  330 ?? 0:00.03 /sbin/launchd
  480 ?? 0:00.02 /System/Library/CoreServices/CCacheServer.app/Contents
  693 ?? 0:00.00 /usr/sbin/sshd -i
  694 ttys000 0:00.12 -bash
  730 ttys000 0:00.00 ps -Umikael
  Any ideas?

  I cannot create the mobile account (real username replaced here with '<username>'). This is true whether I run the command as root or as the user in question (via ssh):
  root# /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount -n <username>
  createmobileaccount built Jul 23 2009 22:14:42
  2009-10-05 15:54:41.906 createmobileaccount[41973:903] MCXCCacheMCXRecordAndGraph(): [localNode createRecordWithRecordType:(null) name:"<username>"] == 4100 (Unable to create record <username> in /Local/Default.)
  2009-10-05 15:54:41.908 createmobileaccount[41973:903] MCXCCreateMobileAccount(): Failed to create account. Error = 4100 (MCXCCacheMCXRecordAndGraph failed). Cleaning up mobile account record.
  2009-10-05 15:54:41.909 createmobileaccount[41973:903] MCXCDeleteAccount(): Trying to delete user id = 0
  * mobile account could not be created: 4100 (Unable to create record <username> in /Local/Default.)
  Directory services and DNS are set manually.
  Message was edited by: BerkeleyAstroBill

• List of Network Users in Loginwindow Omitted

  I have a Mountain Lion 10.8.5 client machine joined to a Mountain Lion 10.8.5 OS X Server on which I have completed DNS, OD, and network account configuration steps.  I have added a network account on the server (and Server.app displays the account as 'Local Network User').  Also, I have placed the client machine into a device group and created/pushed a profile to the group that includes a Login Window payload specifying that network users are included in the list of users. After pushing the profile, I confirm that the client machine indeed shows the desired Login Window settings in the 'Profiles' preference panel and I also confirm that /Library/Managed Preferences/com.apple.loginwindow.plist indeed shows IncludeNetworkUser as 'True'.  The client machine has been rebooted.
  From the client machine, the loginwindow, however, displays only local accounts and 'Other...'.  I can select 'Other...' and successfully login to the new network account.  Yet I seem unable to get the the loginwindow to include the network account in the user list even though the profile appears correct and the account itself seems to be in good working order (since an 'Other..' login is accepted).
  When I examine the client log in Console, I see nothing that obviously indicates a problem in loginwindow that is relevant to opendirectory.
  What might I have done wrong?  Suggestions on how to narrow down the problem?  Is there a debugging aide that might be useful, or some verbose logging of loginwindow behavior that I can enable?

  Thanks for replying.
  Yes, the client's Ethernet is set to use DHCP and my DHCP server hands out a DNS resolver config that specifies the OS X Server machine as the nameserver.  And in my client's network preferences for the Ethernet link, on the 'DNS' tab of the 'Advanced' settings, I indeed see that my DHCP assigned settings were applied (using my own DNS zone served from the DNS server on the OS X Server machine, and using the IP address of the OS X Server as the nameserver).  So I =think= these all look correct.
  I add some more info...
  When I run 'id' from the command line, it includes 'workgroup' in the list of groups, which is the OS X Server's group for network accounts.  I treat this as confirmation that OD queries for user/group info from the OS X Server are in working order.
  I wish there were some sort of debug trace log I could turn on for loginwindow so that I could have a look at how/when it queries OD.
  I have a second client machine setup like the first, also running 10.8.5 and joined to my OS X Server - and this one actually =does= display network accounts in the loginwindow.  This second client machine is in the same Profile Manager device group as the first, and hence has exactly the same profiles.  Same DNS config, too.  I haven't been able to identify a difference between the two machines that would explain why one displays network accounts in the loginwindow while the other does not.  The second client client machine is WiFi while the first is Ethernet, but that shouldn't be relevant (?).
  This difference in behavior between the two machines has persisted through reboots of both (and a reboot of the OS X Server).

• How to get the Network Users Are Available Dot to Show up Automatically On Mac OS X Login Screen

  i am wondering how you make it so that the little tiny green dot with network users are avalble appere on start up automaticly with out having to do a bunch of crap
  dont know if this matters but i am using an emac (Not Sure What Modle) With mac OS X Server 10.5 and 1 GB Ram and Grand Total of 100GB of HD Space so please Help me i really could use this my clients always come and ask me how they know when the can login our that there account wont let them login so this will he a bunch with trouble shooting
  Message was edited by: Karlplanken

  defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
  Or, use managed preferences in Workgroup Manager,

• User login screen hangs - AFP session idle

  This is an issue that only happens to 2 of my users on a network of about 8/9 mac's.
  When the user logs in the server accepts the password but then hangs indefinately. One can see a beach ball in the corner twirling away!
  If I log into the server and go the the AFP console I can see the afp connection is idle for x minutes. (We have 3 shares that mount up on login). Once i kill it the user then goes on the the desktop with an error that it was not able to connect to its home folder etc.
  I get the user to log out and log back in 9/10 it works fine!
  This could be ok for a week or 2 but then out of the blue the afp session just hangs and the only way to stop this is to log back in the server and kill the AFP session for that user. Restarting the client wont work as the session will still exist.
  Only happens to 2 users?
  Any ideas what this could be?
  Corrupt home folder?
  Server im running is 10.4.9 PPC
  Client is 10.3.9 afaik

  So I printed those instructions out. I went thru it and the drive came back with the ok msg. I continued what it said and then rebooted.. It went to the login screen, then flashed, then went into darwin etc etc.. i put the username and pw in and then it went to a command prompt, after 30 seconds or so it continued on its boot process after giving a few random messages of code. Nothing saying erros or anything weird. It went to a solid blue screen and the wheel kept spinning.
  This happened a few times after i tried booting it up. Now it doesn't goes to the darwin unix promot thing anymore. Just goes back to what it was doing before. Spinning wheel at user login screen.
  I did though explore through a couple directories during the prompt earlier. Basically I know that I can get the files that are needed off the drive if I remove the drive and put it into this machine. I don't want to take my friends drive out. His cd/dvd drive doesn't work so using the boot up disk really isn't an option. Unless i can get the external dvd drive to read on boot up.
  Any suggestions?
  Still freezes, even after doing kappy's instructions line by line.
  Sigh....
  Cheers,
  Scott

• Network Users - Can't login without home folder

  Hey everyone,
  Got a problem. We upgraded our lab from 10.6.8 to 10.9.3. Preserving our settings and bootcamp by simply upgrading. After getting nearly all machines sorted out with active directory we are still having a problem with 2-3 machines with network user accounts being able to login. If no local home folder has been created prior to upgrading to 10.9.3 then the user cannot login, the login prompt dissapears then re-appears. Any way to fix this?
  Here is a run down of the set-up.
  Our settings force network users to have a local home folder on the local mac that they are logging into.
  Mac OS X server is 10.6.8.
  Active directory server is 2012 R2.
  Network users without a pre-created home folder on the local mac prior to upgrade cannot login. The login prompt dissapears, then re-appears. No login.
  Computers are managed with workgroup manager, as well as apple remote desktop. But no settings are applied, and no login scripts are being run.
  Also I have noticed something concerning Mac OS X 10.8.5 and up. And that is in the active directory settings, if you bind to a domain (using active directory and not LDAP), lets say for example:
  mydistrict.maindistrict.net
  And you go to add your local active directory district to the Authentication/Contacts search policy eg: Active Directory/mydistrict.maindistrict.net
  it will only show: Active Directory/mydistrict/alldomains.maindistrict.net.
  It shows a list of all domains for the forest. But it also adds the district that you bound to as the search directory?
  Let me use a precise example using actual names.
  Bind to local district: pineville.ketsds.net
  Now in search policy on 10.8.5 up to 10.9.3 it displays possible search domains like this:
  Active Directory/PINEVILLE/pineville.ketsds.net <- The domain we want.
  Active Directory/PINEVILLE/all-other-domains-in-forest.ketsds.net <--Which is fine.
  Which is all fine, but when we select  the local domain for authentication, and contacts search it adds it, but in the overview it says that it is not in our search policy even though it is.
  On Mac OS X versions below this (10.6.8 and down, cannot verify for 10.7 as we do not have systems with it) it displays the search domains as:
  Active Directory/pineville.ketsds.net
  as compared to  this on 10.8.5 and above:
  Active Directory/PINEVILLE/pineville.ketsds.net
  as well as all the other domains, and when you add the local to the search policy it does not give the error that it is not in your search policy. Is there anyway to make this happen on 10.8.5 and above? We have tried everything. Network accounts will login even though it says this, it is just annoying.
  Last question is on one computer that we upgraded, we had a problem with the network accounts. Tried deleting the .plist for network preferences, and the Directory services folder as well as the Open directory folder and now it create the open directory folder as locked and any changes made with the directory utility in the search policy is immediatley reverted once we hit apply.
  Summary of questions:
  1.) Network users cannot login without local folder created prior to upgrade.
  2.) Mac OS X 10.8.5 and above does not correctly add Authentication/Contact search policy domains as it does in 10.6.8 and below.
  3.) Active Directory/Open Directory Authentication/Contact search policy settings keey reverting after applying. (Happened prior to deleting .plist files and AD/OD folders in /Library/Preferences)
  Thanks guys, sorry if thi post is so long! :/

  -BUMP
  Not sure what the bump policy is but my post is fadiing fast. Third page already.
  Kind of an urgent situation guys, any help or insight at all would be greatly appreciated!!

• A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before?

  A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before? It has happen twice. Two different teachers in two different classrooms entering the correct user name and passwords and computer won't allow them to login. Then they try in different computers in same classroom and have no problem login.

  Yes. I can login with a test user. And any other network user can login as well to this particular mac. Actually the mac has bootcamp and boots into either mac or windows. The same user entering the same login username and password can login into the windows side, but not the mac side.
  I had this same issue last semester in another classroom, another mac and a different teacher. This summer I reformatted and imaged that mac and I asked that teacher to login today to that reimagened mac and she had no problem today doing so.