Skip to main content

Hi,



We are having issues that just started about two weeks ago with our AD user accounts in our Mac labs. We have it set to:



-NO mobile Account Creation
-Force local Home Directory on Startup disk
-Use UNC path from Active Directory to Derive network home location
-SMB protocol
-default user shell bin/bash



Everything has been working great for months, but now we were starting to get keychain errors for some users. I figured out that they were users who had moved to a new machine (probably happens all the time all year). So basically if they had logged into a machine before two weeks ago, they are fine. Now in the last two weeks if anybody goes to a different machine, you can log in, but you get a keychain error because you don't have right to the locally created Home directory on the startup disk. So when you click on Desktop, Documents, etc. you get the "You don't have permission to see the contents of this folder", hence the keychain issues. If they go back to their old machine they logged in at the beginning of the year, they are great. This goes for Mobile account now too....I found out.



So what happened two weeks ago? I am not sure. My system admin changed the AD password for the domain. He upgraded to JSS 8.63. Maybe he changed the permissions on the server groups. It is up to me to figure this out, even though I don't have control over the above mentioned services.



Any ideas anybody?



Thanks!

Just a guess. left login keychain in new default user account Keychain folder?

As Larry said, has there been a new package that has installed a login keychain in the user templates?

No login keychain left there, good idea though. I am pretty sure this is related to the User Template folder, it seems to get it's permissions changed or something so it screws up any new accounts home folder permissions. Just a theory. I am not sure how to set it back to what it should be (the User Template folder). I am pretty green at this so...



I found something that works, but it is a pain. I replaced the user template folder with one from a clean machine. Then I repair permissions. Then I have to delete the users folders and when you login it creates a new one and seems to work...for now.



Not sure why it is corrupting (seems to happen randomly).

I am having a similar issue. I have added an iMac running OS 10.6.8 to our domain. The user has a homes folder mapped through active directory using the home folder : connect in the profile settings. The user can log into their mac and the homes folder is mapped correctly but when he tries to save a file it says that "the operation cannot be completed because you don't have the necessary permissions"



Any suggestions?

Reply


Terms & ConditionsCookie settings