+ Post New Thread
Results 1 to 8 of 8
Mac Thread, Users cannot change AD passwords from Macs in Technical; Strange problem...dont know if this is something general or something wrong in our setup. All our macs are bound to ...
  1. #1

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Users cannot change AD passwords from Macs

    Strange problem...dont know if this is something general or something wrong in our setup.

    All our macs are bound to AD. Log on fine, but when a password expires, or we set it to change on next logon in AD, it wont let a user change it when they log onto a Mac. It brings up all the right boxes, says you need to change your password, but whatever you write and confirm, the box just shakes.
    Log onto a Windows box and its fine.

    I will look into it more, more than likely some error is being logged on the client, but just wondered if anyone else has come across this?

  2. Thanks to sidewinder from:

    t3HW41ru5 (3rd October 2011)

  3. #2
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,439
    Thank Post
    10
    Thanked 490 Times in 430 Posts
    Rep Power
    111
    Password changes are quite broken on 10.5 and completely broken on 10.4

    No idea how 10.6 is doing. Rebooting the client after the change can help.

  4. Thanks to DMcCoy from:

    t3HW41ru5 (3rd October 2011)

  5. #3

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49
    Ah well thats sort of good news then, at least we're not doing anything wrong!

    Running 10.5 here

  6. Thanks to sidewinder from:

    t3HW41ru5 (3rd October 2011)

  7. #4

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,725
    Thank Post
    3,248
    Thanked 1,049 Times in 971 Posts
    Rep Power
    364
    If you use key chain minder 1.3 for tiger:

    AFP548 - Keychain Minder 1.3

    key chain minder 1.5 ppc / intel binary :

    AFP548 - Keychain Minder 1.5

    as per the 2nd last post here

    Change a Mac User's AD Password from OS X? - Topic Powered by Social Strata

    I run about 60 AD connected Macs and I haven't been able to get password change to work reliably with 10.3.9.
    Tiger clients work well, but I've pretty much given up on the 10.3 clients and we're updating them to 10.4. AD integration functionality is a big reason for this.

    Keychain Minder is great for making sure that AD and Keychain passwords stay in sync. Put it in StartUp Items.
    does that help at all - obviously you need to make it a startup item

    I also saw mentions of going into system preferences --> user account pane to change the password , not sure if that makes any difference but obviously if you have changed there password before they login and set it to automatically change password at logon not sure how you would fix that aside from obviously logging into a pc and changing the password and going from there.

    For Snow Leopard I have found the below ( also per pdf attached )

    Sync the keychain passphrase with the login account password in Snow Leopard | Jaharmi?s Irreality
    Attached Files Attached Files
    Last edited by mac_shinobi; 23rd February 2010 at 01:46 PM.

  8. Thanks to mac_shinobi from:

    t3HW41ru5 (3rd October 2011)

  9. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,439
    Thank Post
    10
    Thanked 490 Times in 430 Posts
    Rep Power
    111
    The password change happens before log-on so is unaffected by the keychain. It's the AD directory client that is broken.

  10. Thanks to DMcCoy from:

    t3HW41ru5 (3rd October 2011)

  11. #6

    Join Date
    Jul 2010
    Posts
    7
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi all

    Sorry to reopen an old thread (I know it's frowned upon) but I am having the same problems here with the macs at my school. We are running 10.6.2 and I've just had one class login perfectly, no problem at all, then the next class all of them got a message telling them to change their passwords and giving them a change password option. When they tried to change the password, the box just shakes.

    I'm wondering has this issue been addressed in Snow Leopard or is it still broken as this will affect (and break) our whole networking "golden triangle" model, pretty much making the macs unpredictable and almost useless. No one wants to use a classroom if one day students can log in and then next they can't.

    Does anyone have any ideas how to fix this or 3rd party programs to fix the AD directory client that is broken (as DMcCoy said above) ?

    This is rather urgent :-/

    Thank you very much

    Jaime

  12. Thanks to jaimeklein from:

    t3HW41ru5 (3rd October 2011)

  13. #7

    Join Date
    Oct 2011
    Location
    Boulder
    Posts
    2
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hey All,

    Like Jamie Klein, sorry to open up an old thread, but I'm in the same boat. I am running majority Mac environment, all with OSX 10.6 I get the same problem as sidewinder, and I am completely lost as to what to do. The only thing my searches have brought up regarding this issue is its some sort of Kerberos error involving time, but I've seen a lot of those errors before, and they usually throw an actual error. This just makes the box shake and refuses to accept the password change.

    The Macs will login fine as long as I do not say "Force User to Change Password". However, the moment I check that in AD, and I try to login on the mac, it takes me to the right screen to change the password, but it does let me actually change it, the screen just shakes.

    Bit desperate here so anything anyone may know about this would be a huge help and the person would have my eternal gratitude.

    Thanks!

  14. #8

    Join Date
    Oct 2011
    Location
    Boulder
    Posts
    2
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Jamie,

    Right after I posted this, I got an answer from one of the SysAdmins in our office. It turns out my searches telling me Time Sync was to blame proved to be correct. The issue was that the Windows Server was off by 4 minutes from time.windows.com. Since time.apple.com and time.windows.com actually pull from the same source, it should be the same. I had done some tests on my local machine to see about this error, but nothing I did seemed to change the time on my local machine. I asked one of our SysAdmin's here in the office to look into it with me, and they were able to resync the windows server using commands found here:

    ht*p://social.technet.microsoft.com/Forums/en-US/winservergen/thread/96278628-03a1-4b3d-90d9-2208a65a1210/

    You will need to have Command Prompt running in Administrator to pull this off. Once I resynced the time, it allowed users to change their passwords fine. This answer may not apply to everyone, but figured I'd try to offer what I can. Thanks!

SHARE:
+ Post New Thread

Similar Threads

  1. Allowing teachers to change students passwords
    By bart21 in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 21st December 2009, 07:04 AM
  2. Replies: 6
    Last Post: 8th September 2009, 05:59 PM
  3. (Bulk) Change user passwords using csv
    By PEO in forum Windows Server 2008
    Replies: 2
    Last Post: 3rd June 2009, 12:50 PM
  4. Bulk Change Local Administrator Passwords.
    By Nij.UK in forum Windows
    Replies: 14
    Last Post: 15th June 2007, 01:45 PM
  5. Allowing staff to change kids passwords
    By Simcfc73 in forum How do you do....it?
    Replies: 28
    Last Post: 21st August 2006, 07:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •