Fixing network user login problems on a Mac correctly bound to an AD or OD domain
In Mac OS X 10.6.x, it’s possible to set the login window to not allow network users to log into the computer, even when the Mac itself is correctly bound to the your Active Directory or Open Directory domain.
If you run across a machine that is correctly bound to your domain, but not allowing logins from network accounts, see below the jump for how to check if the login window has been set to not allow logins by network users.
1. Log in with your local administrator account. This should be a local user on the machine, so logins with this account should work OK.
2. Once logged in, open System Preferences.
3. In System Preferences, click on Accounts.
4. Once the window opens, unlock the settings by clicking on the lock in the bottom left corner of the window.
5. Once unlocked, click on Login Options.
6. If the login window is set to not allow network users, the Allow network users to log in at login window setting will be unchecked.
7. If unchecked, check the box next to Allow network users to log in at login window.
8. Next, click the Options… button next to the Allow network users to log in at login window setting and verify that the All network users option is selected. (If you need to set this for only certain network users, you can do this here by selecting Only these network users:).
9. Once you’ve verified that the All network users option is selected, click the Done button.
10. Quit out of System Preferences
11. Check to make sure the user can now log in.