Remote login Network Users

Similar Messages

• Unable to login network user from login windom. SSH login ok.

  I have a MacOS 10.6 client and ldap network users server by MacOS 10.4 Server. Trying to login via the login window I get "Logging in..." which tries forever (or until I reboot).
  * SSH login works fine with network users.
  * Local users can login.
  * Network access is allowed by all users (Preferences->Login)
  * Removing ~/Library/ from the network user doesn't work.
  Logging in via SSH while the login screen is hanging I get:
  [mikael@melba ~]$ ps -Umikael
  PID TTY TIME CMD
  330 ?? 0:00.03 /sbin/launchd
  480 ?? 0:00.02 /System/Library/CoreServices/CCacheServer.app/Contents
  693 ?? 0:00.00 /usr/sbin/sshd -i
  694 ttys000 0:00.12 -bash
  730 ttys000 0:00.00 ps -Umikael
  Any ideas?

  I cannot create the mobile account (real username replaced here with '<username>'). This is true whether I run the command as root or as the user in question (via ssh):
  root# /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount -n <username>
  createmobileaccount built Jul 23 2009 22:14:42
  2009-10-05 15:54:41.906 createmobileaccount[41973:903] MCXCCacheMCXRecordAndGraph(): [localNode createRecordWithRecordType:(null) name:"<username>"] == 4100 (Unable to create record <username> in /Local/Default.)
  2009-10-05 15:54:41.908 createmobileaccount[41973:903] MCXCCreateMobileAccount(): Failed to create account. Error = 4100 (MCXCCacheMCXRecordAndGraph failed). Cleaning up mobile account record.
  2009-10-05 15:54:41.909 createmobileaccount[41973:903] MCXCDeleteAccount(): Trying to delete user id = 0
  * mobile account could not be created: 4100 (Unable to create record <username> in /Local/Default.)
  Directory services and DNS are set manually.
  Message was edited by: BerkeleyAstroBill

• Auto-Login Network User

  I am wondering if there is any way to auto-login as a network user?

  Quit System Preferences.
  Go to Finder and select your user/home folder. With that Finder window as the front window, either select Finder/View/Show View options or go command - J.  When the View options opens, check ’Show Library Folder’. That should make your user library folder visible in your user/home folder.  Select Library. Then go to Preferences/com.apple.systempreferences.plist. Move the .plist to your desktop.
  Restart, open the System Preferences and test. If it works okay, delete the plist from the desktop.
  If the application is the same, return the .plist to where you got it from, overwriting the newer one.
  Thanks to leonie for some information contained in this.

• Mountain Lion Server: add network user to remote management

  Hi,
  So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
  My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
  My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
  Any body have  any ideas?
  Thanks!

  I had this problem on a clean install.
  The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
  That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
  Talk about KISS

• Network Users - Can't login without home folder

  Hey everyone,
  Got a problem. We upgraded our lab from 10.6.8 to 10.9.3. Preserving our settings and bootcamp by simply upgrading. After getting nearly all machines sorted out with active directory we are still having a problem with 2-3 machines with network user accounts being able to login. If no local home folder has been created prior to upgrading to 10.9.3 then the user cannot login, the login prompt dissapears then re-appears. Any way to fix this?
  Here is a run down of the set-up.
  Our settings force network users to have a local home folder on the local mac that they are logging into.
  Mac OS X server is 10.6.8.
  Active directory server is 2012 R2.
  Network users without a pre-created home folder on the local mac prior to upgrade cannot login. The login prompt dissapears, then re-appears. No login.
  Computers are managed with workgroup manager, as well as apple remote desktop. But no settings are applied, and no login scripts are being run.
  Also I have noticed something concerning Mac OS X 10.8.5 and up. And that is in the active directory settings, if you bind to a domain (using active directory and not LDAP), lets say for example:
  mydistrict.maindistrict.net
  And you go to add your local active directory district to the Authentication/Contacts search policy eg: Active Directory/mydistrict.maindistrict.net
  it will only show: Active Directory/mydistrict/alldomains.maindistrict.net.
  It shows a list of all domains for the forest. But it also adds the district that you bound to as the search directory?
  Let me use a precise example using actual names.
  Bind to local district: pineville.ketsds.net
  Now in search policy on 10.8.5 up to 10.9.3 it displays possible search domains like this:
  Active Directory/PINEVILLE/pineville.ketsds.net <- The domain we want.
  Active Directory/PINEVILLE/all-other-domains-in-forest.ketsds.net <--Which is fine.
  Which is all fine, but when we select  the local domain for authentication, and contacts search it adds it, but in the overview it says that it is not in our search policy even though it is.
  On Mac OS X versions below this (10.6.8 and down, cannot verify for 10.7 as we do not have systems with it) it displays the search domains as:
  Active Directory/pineville.ketsds.net
  as compared to  this on 10.8.5 and above:
  Active Directory/PINEVILLE/pineville.ketsds.net
  as well as all the other domains, and when you add the local to the search policy it does not give the error that it is not in your search policy. Is there anyway to make this happen on 10.8.5 and above? We have tried everything. Network accounts will login even though it says this, it is just annoying.
  Last question is on one computer that we upgraded, we had a problem with the network accounts. Tried deleting the .plist for network preferences, and the Directory services folder as well as the Open directory folder and now it create the open directory folder as locked and any changes made with the directory utility in the search policy is immediatley reverted once we hit apply.
  Summary of questions:
  1.) Network users cannot login without local folder created prior to upgrade.
  2.) Mac OS X 10.8.5 and above does not correctly add Authentication/Contact search policy domains as it does in 10.6.8 and below.
  3.) Active Directory/Open Directory Authentication/Contact search policy settings keey reverting after applying. (Happened prior to deleting .plist files and AD/OD folders in /Library/Preferences)
  Thanks guys, sorry if thi post is so long! :/

  -BUMP
  Not sure what the bump policy is but my post is fadiing fast. Third page already.
  Kind of an urgent situation guys, any help or insight at all would be greatly appreciated!!

• How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

  Hi,
  I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
  I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
  Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
  Thanks,
  Chris

  I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

• How to login the remote desktop with user id and password using coded ui

  we are using vs 2013, we have automated some automated test cases using coded ui. i have on problem while i am running the those test cases in remote system. here the scenario is "after executed one test case we need to restart the system. After restarted
   I have to login the remote system with user credentials to continues execution for the remaining test cases." it is very helpful to me.. so please guide me how to overcome these problem? 
  Thanks in advance ...

  Hi Divakar,
  As far as I know, there isn’t this feature of remote test in VS2013.
  I suggest that you could submit this feature request:
  http://visualstudio.uservoice.com/forums/121579-visual-studio. The Visual Studio product team is listening to user voice there. You can send your idea there so the others can vote it. If you submit this suggestion, you might post that link here which will
  benefit others who has the similar issue
  Regards
  Starain
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before?

  A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before? It has happen twice. Two different teachers in two different classrooms entering the correct user name and passwords and computer won't allow them to login. Then they try in different computers in same classroom and have no problem login.

  Yes. I can login with a test user. And any other network user can login as well to this particular mac. Actually the mac has bootcamp and boots into either mac or windows. The same user entering the same login username and password can login into the windows side, but not the mac side.
  I had this same issue last semester in another classroom, another mac and a different teacher. This summer I reformatted and imaged that mac and I asked that teacher to login today to that reimagened mac and she had no problem today doing so.

• The connection was denied because the user account is not authorized for remote login

  Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.

  Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
  I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the
  assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.
  Craig
  Found some good info
  here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
  1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
  2) Permissions on the RDP-listener must also be granted.  If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled.  If you are trying to utilize a new, custom group (as I am),
  then there isn't a way to do this via group policy (that I have found).
  EDIT: Found the answer.  I am creating a blog post to outline the steps.  They aren't hard, but they're not self-explanatory.  It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
  don't have to touch each computer.  I think the above poster (Andrey Ganev) got it right, but
  I had trouble deciphering his instructions.
  Here is my blog post that walks through this entire process, step-by-step.

• Administrative user can't access other accounts or delete remote login

  I have the administrative user account on my iMac at home. My daughter can't remember the new password I assigned her and needs me to change it. When I log into system preferences/accounts, it shows that I am the administrative user. However, when I try to access her account or the Guest account on the computer they are gray and I can't select them. I can't add any new accounts or delete any existing ones either.
  I also noticed that remote login SSH is turned on. I tried to uncheck that box multiple times but my iMac just freezes. I have to force quit system preferences.
  Any ideas on how I fix this?

  I enabled the root user. While now I can access the elements that were greyed out before, when I attempt to change something my Mac will freeze and just show the color wheel when I attempt to do something with the mouse. If I go up to the menu and pick Force Quit, the list shows System Preferences (the ap has stopped responding). I've shut system preferences with a force quit, rebooted several times and tried again but the same thing happens every time.
  I also can't get it to read a disc so I can't even reboot from my Mac OS system disc to do an archive and reinstall. Does it sound like my system, hardware or both? Is it something that I bundle off my iMac to a Mac Genius to fix?
  If this was a PC, I would swear that I had a virus.

• Can't login to ML server network user from a client

  Hi,
  The computer name on my customer's ML server was changed post OD installation. Now I can't login with network user credentials from a MacBook.
  I also see the old server/hostname displayed in workgroup manager under "location" (see attached).
  I've tried destroying OD by deleting it in Server app then re-adding it again but it still shows the old name in WGM as shown in the screenshot above.
  I suspect this is related to authentication problems. Should I be running a utility like changeDirData.pl to update the old values? If so, what is the syntaxt?
  Old name was: server1.stmarys.lan
  New name is: server1.local
  I ran the following: sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/changeDirData.pl -i -s 192.168.2.2 -u diradmin -o server1.stmarys.lan -n server1.local
  But got an error: cant contact ldap server to get config info

  After contacting Apple server support, I was told there were two issues:
  1- ".local" cannot be used in a hostname due to conflict with Bonjour
  2- Hostnames must have three parts like "server.company.lan" & "server.lan" cannot be used
  I wish Apple would inform users with a pop-up about these rules before they waste a lot of time having to re-do everything from scrath. I was lucky enough to have an export of all users.
  If these rules are followed from the begining, DNS would auto-configure itself with the appropriate forward & reverse records.

• Network User Login Hangs at 'loginwindow' Occasionally

  The client is a macbook pro (2012) with 10.8.5, the server is a mac mini also running 10.8.5 (w/ OSX Server).
  Network user logins usually work fine.  About 10% of the time, however, the loginwindow displays a spinning beachball endlessly after the name/password are supplied.  The workaround is to login to the client via ssh and 'kill -HUP' the user's loginwindow process; then the next login attempt will work.
  Examining logs, I find that the 2nd through 4th lines of the following sequence of messages appear on the client in the case of the above failure (in the case of a successful login, only the first line appears)...
      Apr 26 08:20:06 whbbook.local WindowServer[153]: Display 0x04248a6a: MappedDisplay Unit 2; ColorProfile { 2, "Thunderbolt Display"}; TransferFormula (1.000000, 1.000000, 1.000000)
      Apr 26 08:20:07 whbbook.local SystemUIServer[36439]: CGSCopyWindowShape: pid (36439) passed NULL window
      Apr 26 08:20:07 whbbook.local SystemUIServer[36439]: could not update menu bar region, 1000
      Apr 26 08:20:07 whbbook.local SystemUIServer[36439]: CGSSetWindowTransformAtPlacement: Singular matrix [0.000 0.000 0.000 0.000]
  Google reveals nothing helpful for the search phrase 'SystemUIServer CGSCopyWindowShape'.  I suspect the underlying cause of the symptom has to do with the fact that SystemUIServer ended up with a NULL window.
  I've already done the usual 'couurtesy' steps of a disk permission repair and a safe boot on both machines.
  Any interpretation of this, or recommendations?

  Check if this works :
  http://social.technet.microsoft.com/Forums/windows/en-US/452798be-30fb-4357-bd6f-827976e3637a/please-wait-for-the-user-profile-service-slow-logon?forum=winservergen
  Arnav Sharma | Facebook |
  Twitter Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members
  reading the thread.

• How to get the Network Users Are Available Dot to Show up Automatically On Mac OS X Login Screen

  i am wondering how you make it so that the little tiny green dot with network users are avalble appere on start up automaticly with out having to do a bunch of crap
  dont know if this matters but i am using an emac (Not Sure What Modle) With mac OS X Server 10.5 and 1 GB Ram and Grand Total of 100GB of HD Space so please Help me i really could use this my clients always come and ask me how they know when the can login our that there account wont let them login so this will he a bunch with trouble shooting
  Message was edited by: Karlplanken

  defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
  Or, use managed preferences in Workgroup Manager,

• Login Options: Where is "Allow network users" stored?

  Hi all
  If I enable "Allow network users to login to this computer" in SystemPreferences / Accounts / Login Options - anyone knows where that gets stored?
  I searched in the /Local/Default/ directory and in /Library/Preferences, but couldn't find anything. I'd like to write a script to modify access for network users; no problems in adding and deleting users from the list, but I can't turn on and off general access...
  Thanks, Tina

  I have set up a Mac OS X Server for Open Directory but I do not seet the additional option to allow network users to log in on a Mac OS X 10.4 client.
  This may be one of the reasons I cannot login with networks accounts.
  Unfortunately, I also cannot login using network accounts to the server which does have the network users option checked.
  I have the Mac OS X Server set up to be a LAN DNS server, which worked fine before I connected the second ethernet interface to the Internet. Now changeip -checkhostname insists that the Web address of the server should be the address of the hostname when it MUST be the LAN IP address to work properly. I can find no one to login to either of these machines as a network users, even though I can find the users through the Address Book, indicating that the Open Directory connection is properly configured and even though I can ping by name through the LAN which indicated DNS is set up properly.

• Allow network users to login at login window option missing

  I hope someone can shed some light on this.
  I have bound a 10.6.2 machine to a Windows 2003 domain successfully. However, the checkbox to "allow network users to login at login window" is missing completely. There's a blank space. I've looked at a few other machines that haven't been joined to the domain and the option is missing from there as well.
  Am I missing something simple? Did I miss something during the OS install? This is a fresh 10.6.2 install.
  Any help would be greatly appreciated as this is keeping us from allowing domain users to log on. Thanks in advance.

  I installed ADmitMac and the option shows up. I removed it and the option goes away. There's obviously a flag being set somewhere. Any thoughts?