Author Topic: macOS Yosemite and above joined to AD but cannot login  (Read 1172 times)

cloggs

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
macOS Yosemite and above joined to AD but cannot login
« on: February 21, 2019, 01:16:44 pm »
Hi,

I've successfully joined macOS clients (Yosemite and above) to the Zentyal 6.0 server.  I used the custom mappings "uidNumber" and "gidNumber", but everything else was left at default.

In the Directory Manager and can see the users and groups listed. I can use "kinit <username>" with the password from the Terminal and successfully authenticate and receive a Kerberos ticket. So, at the very least, I can verify the connection the server on some level.

However....I cannot login from the login screen on the Mac. No errors, it's as if the password was typed wrong when it wasn't.

System Preferences is set to allow network users to login, I've tried undoing and rejoining, I've tried not using user ID and group ID mappings, to no avail.

There are instructions that detail authenticating using LDAP, but I get the feeling these are no longer relevant on newer macOS installations/Zentyal versions as you cannot add the LDAP server in the Directory Utility (it complains that the server you are trying to add is an Active Directory server and aborts).

Nothing special was set up on the Zentyal side, just generic user accounts that are members of the "domain users" group. Maybe I'm missing something there. Or maybe I need to do something extra on the Mac side, such as change something in /etc/pam.d, just not sure what.

Has anyone had this issue and resolved it?

Thanks!