WPA2 Enterprise Network Accounts are unavailable

Similar Messages

• Lion Clients 10.7.4 show network accounts are unavailable and server is not responding when binding to Snow Leopard server 10.6.8

  Hello,
  I am running Snow Leopard Server 10.6.8 and my clients are Lion 10.7.4.  While testing I had no issues binding 10.7.4 to our 10.6.8 server's OD.  I created a 10.7.4 image to push to all of our machines and in the beginning of last week I was able to push the image and get the machines to bind with OD and apply preferences on these machines through workgroup manager.  Towards the end of the week though this stopped working.  Now any time I bind a 10.7.4 client to OD it allows me to perform an authenticated bind and the machine shows up in workgroup manager but immediatley after binding the client the status jelly next to the OD server in the directory list is red and says "This server is not responding".  If I reboot the client I get a notification that "Network accounts are unavailable" at the login screen.  My preferences from workgroup manager are also not applying, which is my main concern because without workgroup manager my mac server is somewhat pointless as we use it for very little else. 
  I've since tried to bind a snow leopard machine (10.6.8) and this still is working with a green status jelly.  I've also built a lion machine from scratch, updated to the 10.7.4 combined update and am still getting the same issue where it shows the server is not responding when binding to OD.  I then applied the subsiquent OS update after the 10.7.4 combined update but the problem still persists.
  Is anyone else having this issue?  Any help would help me keep my sanity.
  Thanks,
  Dane

  Have you had any luck finding a solution to this?  The only thing I have found was to unbind and then bind without authentication.  Any help with progress on your end would be appreciated!
  Nick.

• "network accounts are unavailable"

  Hi,
  I just upgraded to Lion and now I cannot log in to my mac using my network account.  I checked and the computer is still joined to our windows domain.
  Any ideas?  Nothing has changed on our network so I am assuming it's a Lion issue. Thank you for any help you can provide.

  Okay, some more information from my side - I am running a W2008 R2 PDC where:
  I am able to bind any 10.6 based machine and use the network login
  It was the same for a 10.7 machine which was upgraded from 10.6 (AD was already configured on 10.6)
  Having my first machine installed from scratch with 10.7.1, I am not anymore able to get the network login working. I read several articles describing this issue offering different solutions - without luck!
  Here is what I tried:
  Configure AD with standard Mac OS X tools:
  - Joining the domain works without any issue
  - Network Account Server in System Preferences shows green
  - Login after restart displays 'network accounts are unavailable'
  Did try to add custom Search path, static IP address, verified DNS settings and search domains, reboot after each step, un-/rebind to domain several times w/o 'create home directory' and 'allow administration'
  Also downloaded CentrifyDC Express for Mac: it also did join well to the domain but as well as the standard Mac OS X procedure it does not let me login (ADCheck verifying the global parameters if the conditions are fine to be able to find the DC in the DNS etc. reports no issues)
  From what I learned so far, it must be the configuration which is being written. Most probably I would guess it works fine if you once have created the setup under SL?
  Personally I was not able to find such issues as "sometimes it's working, sometimes not...".
  This is really annoying !
  Any more ideas on that???

• Can't login after Mountain Lion upgrade (Network accounts are unavailable)

  I performed a Mountain Lion upgrade on a 2011 MBP running Lion this weekend. The Mac may have been set up to connect to an AD server with my user account, but I thought I had disabled that months ago... aparently not. I performed the upgrade at home not on the corporate network.
  On first bootup after the Mountain Lion upgrade I'm stuck at the login screen unable to login with my local account or the admin account. I get the "red dot" next to the username field with the "Network accounts are unavailable" pop up. I'm plugged in to the ethernet network at work now... no luck.
  I tried booting into the repair disk and repairing disk permissions. Still no luck.
  Any ideas? I'd happily do a fresh install but I need to get a handful of files off the machine first.

  No worries with the basic questions... it's important to cover all the bases. Thanks so much for the input.
  - I'm trying to log in with the same username I would use to ssh in... so yes.
  - I don't know if the account was a mobile account. The Mac was given to me configured about a year ago, configured to be on the domain. I since have used it on and off many networks without considering it was set up to be on a domain.
  - Never had a problem logging into the machine before the mountain lion install, although to be honest it was very very rarely ever rebooted.
  - I've plugged it into ethernet and let it sit for quite some time. It's still telling me Network accounts are unavailable and I'm unable to login with my personal or admin account.

• 10.7.3 Network accounts are unavailable.

  I installed Lion on my work computer yesterday from a USB drive and I got the message that "Network accounts are unavailable".  Today I updated to 10.7.3 hoping that might do the trick and still get the same message.  Any ideas of how I should deal with this?

  Well then you will need to Log back into the networked resources. How you go about that I'm not sure.
  Look in Users & Groups, Login Options, Network Account server. you will have to unlock that section and type in your local password.

• Network accounts are unavailable - OS X Lion 10.7.4

  My OS X Lion 10.7.4 Mac is successfully binded to my MS DC. However, every time doing reboot I keep receiving "Network accounts are unavailable" with red dot color and after few seconds it goes away.
  Can anyone experienced this kind of behavior and how to resolved this? I have searched around in google but no luck to get rid this annoying message.
  I hope anyone would share their knowledge.
  Thanks.

  I do believe it's fairly normal... one of the crazy things about a fully cooperative multitasking OS, it can try to connect before the Interfaces are up & ready.
  Found a work-around. This command adds a delay, in this case 45 seconds, before displaying the Login Window.
  defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int 45
  If the Login Window UI detects that the network servers are available when it starts, it will skip the delay, also if network servers become available before the delay expires, the Login Window UI cancels the delay and displays.
  Kent
  http://discussions.apple.com/thread.jspa?messageID=10338123#10338123

• "network accounts are unavailable" when not on the network

  Hello,
  I've just got a new Macbook Air via my work. I'm not at home, and when I boot up, I'm getting "Network accounts are unavailable". Does this mean that I need to be on the work network to login ?? I can't seem to log in.
  Cheers,
  Marc.

  It sounds like your company has a domain that they set your computer up on without creating you a mobile user account.  You wont be able to use your work credentials as you don't have access to the domain from home.  Do you know a local user that you can log in as?  If not you will need to wait until you get back to work. 

• Officejet 6000 wireless and WPA2-Enterprise network security

  I own an Officejet 6000 wireless printer. The manual says that it should be compatible with a wireless network with WPA2-Enterprise network security but when setting up the connection (I am using a macbook and am setting the printer up via usb connection) the newtork is listed but the security type is "unsupported." For whatever its worth it is listed 5 or 6 times but probably thats a different issue.
  I can still select the right network but it only asks for a security key, but my network security requires a log-in name and password.
  What can I do to get my printer connected to the network?

  I get the feeling that most of the people replying here don't know the difference between WPA2-Personal and WPA2-Enterprise.
  Personal has a passkey.
  Enterprise uses both a username and password, usually in conjunction with a Radius server (802.1X athentication).
  What we've had to do solve this problem is create a second SSID on the network that authenticates on WPA2-Personal. We use a really long password to secure the network, one that I will never be able to memorize in my lifetime.
  All we can hope for is that these enterprise-level vendors will, perhaps, gain a greater understanding of wireless authentication processes and the needs of actual enterprise customers who at least a percieved need for wireless printer capabilities. It used to be that customer was always right, though. Perhaps those days are gone...
  The other problem that probably ought to be addressed on consumer end is the fact that multicast tools that make AirPrint work (such as Bonjour), are being blocked from crossing between your wired and wireless networks, perhaps by the wireless controller or due to inefficient routing hierarchy or NAT/PAT issues. Solve this issue and you won't have a need for wireless printers.

• Spontaneous disconnects from a WPA2 Enterprise network with iwlwifi

  The wireless network at my work uses WPA2-Enterprise with PEAP authentication and MSCHAPv2 inner authentication.  Given this, cacert.org.crt, and the username and password, I am sometimes able to connect.  However, I am often spontaneously disconnected.  Sometimes this happens seconds after I connect, sometimes, I stay connected for hours.  I use network manager to connect within gnome-shell.
  The following describes my wireless card.
  $ lspci | grep Net
  07:00.0 Network controller: Intel Corporation Centrino Advanced-N 6235 (rev 24)
  The NetworkManager log is not much help...
  May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: scanning -> disconnected
  May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: disconnected -> scanning
  Last edited by astex (2013-05-09 14:27:44)

  I had the same problems with my Intel Centrino Advanced-N 6000 and the WPA2 Enterprise network at university. And now since my last update where the driver seemed to be updated when also netctl replaced netcfg I am completly unable to connect to the network. But with my WPA2-PSK network I don't have any problems and my Notebook connects instantly.
  I'm using wicd but also tried NetworkManager, netctl and also manually using wpa_supplicant but it was the same problem.
  Also shutting down hardware encrpyption and 11n like mentioned in  this topic:
  option iwlwifi swcrypto=1
  option iwlwifi 11n_disable=1
  I guess it must be a driver bug.

• Connecting to WPA/WPA2-Enterprised network

  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Solved!
  Go to Solution.

  idecline wrote:
  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Try configuring your N97 with these instructions:
  Since your WLAN network seems to require more advanced PEAP authentication settings you should probably create / edit appriate WLAN connection profile, known as (Internet) Access Point, manually in a following manner:
  1. Go to Tools -> Settings -> Connection -> Network Destinations
  2. Check if your earlier failed attempt to connect has already created an non-funtional IAP named as your WLAN network SSID (look for a entry named wpa.mcgill.ca) under "Internet" destination.
  3. If you can see existing IAP named as your WLAN SSID then you can Edit that one with necessary changes. (skip to 7.)
  4. If you don't see any existing IAPs that are named like your WLAN network then go to the desired "Destination" (e.g. Internet) and select Options -> Add Connection Method.
  5. Assuming you are in the coverage area of your WLAN network you can let phone "Automatically check for connection methods" (i.e. phone scans available WLAN networks) and you should be able to select the correct WLAN network name (wpa.mcgill.ca) from the list. Once you have selected the WLAN network your "Internet" Destination should now have been added with a new Access Point (IAP) that is named "wpa.mcgill.ca". Note that at this point the particular connection method is still incorrectly configured for your purposes (since by defaul it has EAP-SIM & EAP-AKA authentication methods enabled).
  6. Now you should manually Edit your newly created wpa.mcgill.ca Internet Access Point with necessary PEAP settings.
  7. Configure following WLAN and authentication settings:
    "Connection name" defaults to name of your WLAN network (wpa.mcgill.ca) but you can also change this if you wish
  - "Data Bearer" naturally needs to be "Wireless LAN"
  - "WLAN network name" should match your WLAN network's name (SSID) exactly (wpa.mcgill.ca)
  - "Network status": Public
  - "WLAN network mode": Infrastructure
  - "WLAN Security mode": WPA/WPA2
   => Go to "WLAN security settings"
  - Ensure that "WPA/WPA2 mode is set to "EAP"
  - Leave "WPA-2 Only mode" to "OFF" unless you are absolutely sure that your WLAN network is configured to stricly pure WPA2 mode (i.e. network might be configured to support both WPA and WPA2 security thus enabling WPA-2 Only mode on the phone will cause all your connection attempts to fail).
   => Go to "EAP plug-in configuration"
  - Enable "EAP-PEAP" and make sure that "EAP-SIM" and "EAP-AKA" are disabled (via Options -> Disable)
   => Select "Configure" for EAP-PEAP authentication method
   - Leave "Personal Certificate" to "Not defined"
  - Select "Thawte Premium Server CA" to be used as an "Authority certificate"
  - Set "User name in use" to "User defined" (since there is no Personal Certificate where it could be read automatically)
  - Enter your username (McGill Username) to "Username" field
  - Set "Realm in use" to "User defined" and leave following "Realm" field empty.
  - Note that in case your username (McGill Username) contains the realm (i.e. format is username@realm ) then you can enter realm part of your ID to "Realm" field and enter only the username part to the "Username" field.
  - Configure "Allow PEAPv0" to Yes
  - Configure both "Allow PEAPv1" and "Allow PEAPv2" to "No"
  => Go to "EAP's" tab to configure inner authentication method for the PEAP (use the small arrow pointing right on top of the screen to move between tabs)
  - Enable "EAP-MSCHAPv2" authentication method and Disable all other methods (Option -> Enable / Disable)
  - Select "Edit" for the EAP-MSCHAPv2
  - Enter you username (McGill Username) to "User name" field
  - Configure "Prompt password" to No or Yes depending on whether you want your password to be prompted everytime you make an connection or if you prefer saving your password to following "Password" field permanenly so that it won't be prompted during everytime you connect to this WLAN network with PEAP/EAP-MSCHAPv2 authentication.
  - If you you selected "No" to password prompting then enter your password (McGill Password) to "Password" field.
  => Exit the configuration with "Back" (several times) and you should hopefully be able to connect with this setup.
  If needed you can also change the priority order of the connection methods (IAP's) within the Internet Destination since your new connection most likely ended up being lowest priority WLAN connection within your Internet destination. This should however not be a problem unless you have some other WLAN networks defined as an IAP and these other WLAN networks are simultaneously available at the location of the wpa.mcgill.ca WLAN network.
  Hope this helps you to get connected!!
  Message Edited by saataja on 17-Sep-2009 05:16 PM

• Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?

  L.S,
  For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
  If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
  Is there still a safe way to deploy AD-authentication to BYOD clients?
  Kind Regards,
  Arjen

  I have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
  Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(

• Unable to Connect to WPA/WPA2-Enterprised network

  I work for a private company, and we have a WPA-Enterprised network. Company provide following settings for Blackberry users.
  Name : IxWLANP
  SSID: IxWLANP
  Band Type: 802.11 b/g
  User Name :
  Password:
  CA Certificate: None Selected
  Interlink Security : EAP-MS-CHAPV2
  Token: None
  Select Disable Server Certificate.
  What I have configured for my Nokia E72 is as follows:
  Connection Name: IxWLANP
  Data Bearer: Wireless LAN
  WLAN Network Name :IxWLANP
  Network Status: Public
  WLAN Network Mode: Infrastructure
  WLAN Security Mode : WPA/WPA2
  Under WLAN Security Settings
  WPA/WPA2: EAP
  Under Plug-in settings:
  EAP-PEAP only selected
  Under EAP-PEAP edit mode:
  Personal Certificate: Not defined
  Authority Certificate: Not Defined
  User Name In US: User Defined
  User Name: ******* (My User Name)
  Realm In Use: User Defined
  Realm: Blank
  TLS Privacy: OFF
  Allow PEAPv0 : yes
  Allow PEAPv1 :No
  Allow PEAPv2 : No
  Under EAPs: EAP-MSCHAPv2 Selected
  User Name: (My USer name)
  Prompt password: No
  Password : (My Password.)
  No change in ciphering
  WPA2 only modeff
  This is all I have done.
  Network is showing as known network. But If I am trying to connect to any web page its saying EAP-PEAP authentication Failed.
  Blackberry/ Samsung/ Apple works fine. This problem is only with nokia. Please reply urgently.
  Please help.

  I have also a problem to connect my E72 to my company network.
  The settings are:
  Network Authentication: WPA2
  Data Encryption: AES
  Authentication Type: Protected EAP (PEAP)
  Authentication Protocol EAP-MSCHAPV2
  HAve someone of you an idea or what I have to do that it works?
  Please help. Thank you.
  Argisch

• Connecting to WPA/WPA2 Enterprise Network

  I am trying to configure an Apple TV to connect to our corporate network. I have a service account in AD that I am using in the profile, have pointed to our cert and trusted it in the profile, selected WPA/WPA2 Enterprise, and selected PEAP as the 802.1X authentication. I have done this after going over the settings with our network security engineer. Everything looks correct. After installing the profile and connecting it to the TV, I can only get a 169.X.X.X address (should be our private WiFi network of 10.9.X.X. Has anyone successfuly done this?

  This is a user to user help forum only so no one here knows what Apple is working on.
  http://www.apple.com/feedback/iphone.html

• 10.4.8: Airport busy-loops when in range of a WPA2 Enterprise network

  After installing the 10.4.8 upgrade, the airport process hangs at 100% CPU when within range of a network secured with WPA2 Enterprise. The solution has been to kill it via "Activity Monitor". Everythin works fine with a normal WEP network.
  The workaround has been to turn airport off before entering the office. Forgetting to can completely disable login. The machine just hangs, without accepting keyboard input for the password. The mouse pointer (that delightful beach ball) moves, though.
  Anyone have suggestions as to how this may be fixed?
  MacBook Pro 15"   Mac OS X (10.4.8)  

  And, yes, I have tried that "remove & add back to preferred networks"-thing.

• Mountain lion server network accounts are not mounting network home directory, rather its creating a blank local directory

  I have set up a scratch mountain lion server with open directory.  copied over old user account directories and added my users that match the directory ids.  Currently if a networked user logs into a networked computer, instead of mounting the network home directory, its creating a local home directory.  suggestions?
  thanks,
  Dave

  Additional info: it appears that certificates are not working either: setting up ical: "the certificate for this server was signed by an unknown certifying authority."...