Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3000: Troubleshooting login issues on Mac systems.

Centrify Identity Service, Mac Edition ,  

20 March,17 at 08:59 PM

Applies to: Centrify Identity Service


 
Question:
 
What troubleshooting steps can be performed if an AD account cannot log into a Mac?
 
 
Answer:
 
The first step is always to determine EXACTLY what the user sees when the login fails:
 
 
 
Scenario 1: A message prompt is shown
 
If an error prompt is shown, then it is likely that a network home folder is being used - and the Mac system is unable to connect to it:
 
User-added image

 
Note: On OS X 10.9 and above, this behaviour changed in that if the Mac is unable to mount the users network home at login, it will provide them with a temporary local home. The user will still be able to login to the system, but they will not see their own Desktop or home folder files.

To troubleshoot network home folders:
  • Make sure the user's network home path is configured correctly according to one of the following KBs (Depending on the environment):
  • An easy-to-miss error is if extra whitespaces have been entered into the path - scroll to the end of the line and make sure there are no extra spaces inserted at the end.
  • Use either the Mac Diagnostic Tool, or open the Terminal and enter the following command to check what path has been configured for the user:
     
    adquery user -h ad_username
     
  • A properly formatted network home path will appear in the following format:
     
    /SMB/ad_username/server.domain.com/Share/Path/ad_username
     
  • Check that the user and machine has read and write permissions to access the share.
  • A good test for verifying network home accessibility:
    1. Login to the Mac with a local account
    2. Use the Finder > Go > Connect to Server option to mount the share as a regular network folder.
    3. Enter the AD account's credentials when prompted
    4. Check that the user can both read and write to the share from the Mac.
 
 
Scenario 2: The login icon spins for a long time
 
If the login hangs with a spinning icon in the login box, then it is likely that a local home folder is being used, and there is a UID mismatch or that the local path has been configured incorrectly:
 
User-added image
 
 
To troubleshoot local home folders:
 
 
Scenario 3: The login box shakes
 
If the login box shakes, then this indicates an error in the authentication itself:
 

Scenario X: Capturing debug logs of a failed login
 
If none of the above scenarios apply, then please refer to the following KB for gathering debug logs recording the login failure and contact Centrify Support with the debug pack attached.



​For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Centrify Customer Portal at support.centrify.com.​

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.