Jamf Nation Community

TomDay · ‎06-06-2014

I have a new 10.9.3 configuration set up in Casper Admin and when imaging a machine with a clean install of 10.9.3, apps and running a few scripts, the config works 99%. Here is the issue I have:

The computer binds to Active Directory properly but after imaging, no AD user can log in (screen shakes) until after a local user logs in successfully. Nothing popping out in the Casper logs. Any thoughts?

thoule · ‎06-06-2014

When I run into this problem, I do a few things command line.
1) login as local user, then in Termainal type 'id <username>' to see if the computer is properly bound. If no name is found, you are not bound correctly. If an ID is found, continue.

2) login as local user, then in Terminal type 'login'. Then type credentials for AD user and see if it works. You should be a real error message if you cannot login there.

3) Are you on WiFi? the computer won't be able to contact AD if WiFi is not active at the login screen. There are profile settings you can add to use AD credentials at the login window for wifi, then authenticate to the Mac....

TomDay · ‎06-06-2014

@thoule Thx, great things for me to check. I am re-imaging the machine now, hopefully can test before I leave for the day. I am imaging over Ethernet, WiFi is not active yet

TomDay · ‎06-06-2014

@thoule
id returns the exact AD path for the user. I can login with the AD user account in Terminal

thoule · ‎06-06-2014

Hi @tommyday,
In this case, I would open /System/Library/CoreServices/Directory Utility.app and view users in node Active Directory.

Select a user and then check out the entries for NFSHomeDirectory and UserShell, and of course anything else there. I think other required values are UniqueID and GroupID. Perhaps post a screenshot on imgur if nothing is private...?

Another thing I tend to do is to SSH into the box from another machine, then type 'tail -F /var/log/system.log'. Then I try to login GUI and see what is written to the log file on that attempt. What we're trying to do here is get a useful error message.

pblake · ‎06-06-2014

Sounds to me a networking issue where once you login it is being refreshed. Maybe you should add a launchdaemon that refreshes the network settings once at startup.

something that runs:
/usr/sbin/networksetup -detectnewhardware

This is just me spit balling.

TomDay · ‎06-06-2014

I'll revisit this in person on Monday when I return onsite. Considering I created the clean, never before booted image w/ AutoDMG it sure sounds like the WiFi not being detected causing me the issues. Think you both have me headed in the right direction!

TomDay · ‎06-09-2014

I got this working by adding a script that sets the time zone and sets up the airport as well as the SSID (currently open broadcasting network). Thx for your input. For the future, I'm concerned with this as we move to an 802.1x environment but perhaps thats for further discussion later.

TomDay · ‎06-11-2014

Circling back as I thought I had this nipped but it looks like not. Still a little buggy. Still can't log in with an AD account after imaging right away, but if I wait about 5 minutes, the AD login works!

sburrows · ‎06-12-2014

We have noticed similar behavior. We have the AD bind in our imaging workflow. I've gotten in to the habit of after a machine is imaged to login with the local admin account and check the Users & Groups - Login Options. It usually takes anywhere from 1-5 mins for it show that it is bound. I also do some post imaging checks as Casper Imaging hasn't been very reliable for us.

Jamf Nation Community

Odd Post Image AD Login Issue