Well, I got real familiar with the mac today (Mac OS 10.4.11). I set out to follow the instructions laid out by Eriq Neal and posted athttp://www.smallbizserver.net/Default.aspx?tabid=266&articleType=CategoryView&categoryId=28 under the heading “Connecting a Macintosh to an SBS 2003 Server via SMB (2007)”. And I ran into some very unexpected behavior. On Phase II, step 21, the documentation states “[Note” If this short name is the same as the Active Directory username, you will not be able to log in to Active Directory.]” In my case, the short name and the AD account name WERE different, but I still had problems. In my case, the Name field matched the AD directory name.
MAC
Name : Susans
Shortname: diamond
AD
Full Name: Susan Smith
Account usrname : susans
I was able to log in via active directory credentials from the Apple login screen, but it never asked me to create a portable home directory as described in step 27. What it DID do was drop me into the home directory of the existing mac user diamond, but I didn’t have the proper permissions to do much of anything since technically the home directory was ‘owned’ by the user diamond, but I was logging on as domain\susans. (I was able to determine only later that it was a permissions issue.) I was unable to Log Off, Restart, or do much of anything. I actually had to hold the power button.
So, I thought, well perhaps I should change the Name field of the local user so that it doesn’t match the AD account name. Well, this could have worked, I think, had I not already logged in with it mixed up.
MAC
Name : Susan Smith
Shortname: diamond
AD
Full Name: Susan Smith
Account username : susans
After changing the name, I got a brand new desktop, but I still had a permissions problem. When I dropped to a terminal, and did ‘ls –al’ in the /Users folder, I saw a home directory for both the local diamond and susans, but they were both ‘owned’ by the local user diamond. Again, not quite the permissions I needed.
So, I changed them again :
MAC
Name : Susan Mac
Shortname: diamond
AD
Full Name: Susan Smith
Account username : susans
I logged back on as the local user diamond, and deleted the AD account from Other Accounts in Preferences -> Accounts. (That was another thing, when the Name of the local account, matched the AD account name, it never created a separate user account.) Now I logged in ‘fresh’ as domain\susans and got my home directory, and it was finally owned by the AD user.
Quite an ordeal. Not to mention that twice along the way, the keyboard seemed to inexplicably change it’s character set, globally. It ‘seemed’ to correspond to my running of the Directory Access utility, but I’m not sure. Even to the point where one time I tried to log in, but it wouldn’t type the English character-set. It was literally, Greek, Japanese, and special ASCII symbols which obviously weren’t the right password. I nearly fell out of my chair because effectively, I was locked out of the machine. Somehow, after multiple reboots, the character set magically returned to regular English. I called Apple tech support and they had me delete a ‘caches’ folder. I dunno. The problem never came back, but I am still nervous that I’m going to get a call tomorrow…
Now, one thing that I don’t know, is what happens when the Mac (in this case a mac book pro) is taken offsite and the user tries to log in as the AD user? Are the credentials cached anywhere? If I find out, I’ll be sure to post it here.
RS
