Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2159: No domain users are able to login to Mac systems after a reboot.

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to: Centrify DirectControl on Mac OS X 10.6 and lower
 
Question:
 
No AD accounts are able to login to a Mac, only local accounts can login. 
 
The user is correctly configured and adquery shows that the account is Zone-Enabled and authorised for login.
 
However the user still shakes at the login box. Why does this happen?
 
Answer:
 
This can happen if "Allow Network users to log in at login window" is unchecked and disabled:
 
  System Preferences > Users & Groups > Login Options
 
Once enabled, all users should be able to login.
 
The following configuration parameter can configure this setting:
 
adclient.autoedit.mac.netlogin
 
By default, this parameter is set to: true
 
When this is set - even if a user deselects the checkbox, it will be re-enabled when the machine is restarted (Effectively preventing a user from deactivating network login).
 
 
Note: This parameter will only work on OS X 10.6 and lower, for OS X 10.7 and higher, please use the following KB instead:
 
 
For other types of possible login issues, please see the following KB:
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.