MacWindows.com User forum :: View topic - Logging in to AD accounts

I've recently been called in to sort out 10.6 iMac networks, where AD-based accounts cannot log in (they face no problems on their Windows clients). On three separate unconnected premises I have been faced with the same problem - 10.6.3 clients report that no home folder is found. The system log states that the "home folder at <correct address including FQDN> is unavailable. User domains will be volatile"

DNS
Clients can ping DNS server by IP and name.
Time
All clocks are in sync and in the same time zone.
Kerberos
Ticket Viewer can get a ticket.
Golden Triangle (exists on 2 of the sites, no Mac OS X Server on the 3rd, yet).
Mac OS X Server is 10.6 and running AFP, SMB, NFS and ODM.
Mac OS X Server is not running DNS service, nor Kerberos.
Directory Utility (on client)
All binds are successful.
Perhaps obviously, if I force local home folder, the problem disappears.
Where applicable, ODM is listed below AD in client Directory Utility authentication pane.
Active Directory
1 site has W2003 Server, the other 2 W2008 Server
Account Home folder path includes FQDN
Home folders contain no sub-folders

Questions
Are Home folder sub-folders normally created as part of the first login?
If not, how are they created?
Am I looking for an account configuration error within AD?
If so, do you have any suggestions as to what I am looking for?
If not, where else do I look? Permissions?

Thanks for any thoughts on the subject.

Author:	Wikisnoodle [ Thu Jun 24, 2010 3:10 am ]
Post subject:	Logging in to AD accounts
I've recently been called in to sort out 10.6 iMac networks, where AD-based accounts cannot log in (they face no problems on their Windows clients). On three separate unconnected premises I have been faced with the same problem - 10.6.3 clients report that no home folder is found. The system log states that the "home folder at <correct address including FQDN> is unavailable. User domains will be volatile" DNS Clients can ping DNS server by IP and name. Time All clocks are in sync and in the same time zone. Kerberos Ticket Viewer can get a ticket. Golden Triangle (exists on 2 of the sites, no Mac OS X Server on the 3rd, yet). Mac OS X Server is 10.6 and running AFP, SMB, NFS and ODM. Mac OS X Server is not running DNS service, nor Kerberos. Directory Utility (on client) All binds are successful. Perhaps obviously, if I force local home folder, the problem disappears. Where applicable, ODM is listed below AD in client Directory Utility authentication pane. Active Directory 1 site has W2003 Server, the other 2 W2008 Server Account Home folder path includes FQDN Home folders contain no sub-folders Questions Are Home folder sub-folders normally created as part of the first login? If not, how are they created? Am I looking for an account configuration error within AD? If so, do you have any suggestions as to what I am looking for? If not, where else do I look? Permissions? Thanks for any thoughts on the subject.

Author:	tferro999 [ Wed Sep 15, 2010 3:42 pm ]
Post subject:	Re: Logging in to AD accounts
I've done this recently and it does create a basic set of folders during the initial logon client AD logon(Library, Desktop, etc). I found that it did not create Music, Pictures, Downloads, Documents until I actually opened itunes, iphoto, downloaded a file, and saved a doc). It sounds like its a permissions problem with the share that is storing the profiles. I gave the group of users full control under share permissions and List folder/read data and Create files/write data under security permissions. Once they logged in, the subfolders for the home directory were created with full control for that particular users. Hope this helps.

Author:	Wikisnoodle [ Thu Sep 16, 2010 3:09 am ]
Post subject:	Re: Logging in to AD accounts
Thanks for your time on this. When starting from scratch I'm having no problem with this, but on the 3 sites mentioned, someone else had set it up and it was not working. Thanks for the tips re sub-folders, I'll check this out. I'll have to get back to the sites to find out the current state of play – if they haven't sorted it, I will forward your 'permissions' suggestion. Thanks again.

Author:	rachely476 [ Tue Nov 09, 2010 1:59 am ]
Post subject:	Re: Logging in to AD accounts
tferro999 wrote: I've done this recently and it does create a basic set of folders during the initial logon client AD logon(Library, Desktop, etc). I found that it did not create Music, Pictures, Downloads, Documents until I actually opened itunes, iphoto, downloaded a file, and saved a doc). It sounds like its a permissions problem with the share that is storing the profiles. I gave the group of users full control under share permissions and List folder/read data and Create files/write data under security permissions. Once they logged in, the subfolders for the home directory were created with full control for that particular users. Hope this helps. It really useful for me. Thanks you for the reply.

Author:	sadmemories20 [ Wed Mar 23, 2011 1:12 am ]
Post subject:	Re: Logging in to AD accounts
Wikisnoodle wrote: I've recently been called in to sort out 10.6 iMac networks, where AD-based accounts cannot log in (they face no problems on their Windows clients). On three separate unconnected premises I have been faced with the same problem - 10.6.3 clients report that no home folder is found. The system log states that the "home folder at <correct address including FQDN> is unavailable. User domains will be volatile" DNS Clients can ping DNS server by IP and name. Time All clocks are in sync and in the same time zone. Kerberos Ticket Viewer can get a ticket. Golden Triangle (exists on 2 of the sites, no Mac OS X Server on the 3rd, yet). Mac OS X Server is 10.6 and running AFP, SMB, NFS and ODM. Mac OS X Server is not running DNS service, nor Kerberos. Directory Utility (on client) All binds are successful. Perhaps obviously, if I force local home folder, the problem disappears. Where applicable, ODM is listed below AD in client Directory Utility authentication pane. Active Directory 1 site has W2003 Server, the other 2 W2008 Server Account Home folder path includes FQDN Home folders contain no sub-folders Questions Are Home folder sub-folders normally created as part of the first login? If not, how are they created? Am I looking for an account configuration error within AD? If so, do you have any suggestions as to what I am looking for? If not, where else do I look? Permissions? Thanks for any thoughts on the subject. Thanks you for the post. Hi guys, Im a newbie. Nice to join this forum.

MacWindows.com User forum http://www.macwindows.com/forum/

Logging in to AD accounts http://www.macwindows.com/forum/viewtopic.php?f=2&t=43	Page 1 of 1

Page 1 of 1	All times are UTC - 8 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/