The Leopard Lockout
- July 19th, 2011
- Posted in Mac OS X . Tech Notes
- Write comment
Fixing a network account lockout on Mac OS X 10.5
Today while doing some routine network administration on an Apple network I stumbled into a vexing problem. Making a simple password changes on a network account locked out one of the Leopard clients. The solution was to reset permissions on the users home folder using the Terminal.
The network is running Snow Leopard Server, (OS X 10.6.5) with Open Directory, DNS and DHCP. The affected client workstation is running Leopard (OS X 10.5.8.) After changing the passwords of a few user accounts using Workgroup Manager, this particular Leopard user got fully locked out. Any attempt to log into his computer was rejected by the shaking login panel.
Finding solution is often a case of removing obstacles. First, rule out the obvious– a mistyped password, a damaged user account, a bad network connection, or a failed binding to Open Directory. So, my first test was to log in with my own network account. It worked perfectly. Next, I verified authentication to a share point on the file server using the affected user account. No problem there. So, other network accounts work fine, the OD binding is normal and the affected user account authenticates OK at the server. A check of the system logs on the client and server revealed nothing helpful so at this point it’s clear that something is amiss on the client, perhaps a problem parsing the home folder, a damaged .plist, incorrect file permissions or a problem in locally cached credentials.
I tried moving all the users .plist files out of ~/Library/Preferences but to no avail so I pursued the question of file permissions. I did a quick check of the home folder via the Terminal:
ls -al /Users/Kohki
Although it looked normal here with the user having read/write and proper ownership, I went ahead with a full reset of the file permissions:
sudo chmod -R 744 /Users/Kohki
And then on to the verdict– I logged out of my account and went back in as the user. It worked! The user login went without a hitch and all his preferences and data were perfectly intact.
The shortest distance between problem and solution isn’t always a straight line but in the end I reached my destination. This reveals a potential weakness in the networking functionality of Leopard and it’s wise to upgrade users to 10.6 whenever possible.
No comments yet.