Troubleshooting the “Network accounts are unavailable” error in Mac OS X Lion
4sysops readers have spoken: there are serious integration problems between Apple Mac OS X 10.7 Lion and Active Directory Domain Services (AD DS). Specifically, we are seeing (a) sluggish binding between the Macs and AD; (b) super-slow domain logons; and (c) completely blocked domain logons.
The biggest indicator of this problem is the red dot icon and “Network accounts are unavailable” message in the Mac OS X Lion logon screen; this is shown in Figure 1.
The dreaded «Network accounts are unavailable» error in Mac OS X Lion
For what one IT professional’s opinion is worth, here is my two-fold take on why this problem exists:
- Due to GPL license restrictions (among other reasons, I’m sure), Apple scrapped Samba and re-wrote their Server Message Block (SMB) and network directory services protocol stack. Check out this Apple Insider reference for more details.
- Apple released “half-baked” SMB/directory services components in Lion that will eventually be fixed in a software update.
A couple of weeks ago I attended a lecture given by Mark Russinovich, one of the world’s leading authorities on Windows internals. He made the offhanded but simultaneously serious statement that “Apple doesn’t know how to make Windows software.” In my opinion, Mark hit the nail squarely on the head.
Hey, all this jibber-jabbering doesn’t solve the problem, does it? Let’s get to some troubleshooting strategies.
Update all software
As I mentioned previously, I strongly believe that this issue represents a code problem on Apple’s side. Therefore, please keep a rigorous eye on Apple software updates over the coming days and weeks.
Some users have seen the “Network accounts are unavailable” error disappear after updating their Windows Server 2008 domain controllers, so keep these machines up-to-date as well.
Repair permissions
This tip is a possible quick fix that I include in this article for completeness’ sake. Boot your Lion computer into Lion Recovery by restarting the Mac and holding down Command + R.
Once you arrive in Lion Recovery mode, open Disk Utility, run a permissions repair, and reboot the system in normal mode.
Rebind Macs to Active Directory
You can try unbinding the Lion computer from Active Directory and then redoing the bind. The path to the Directory Utility in Lion has changed (again):
- Open Users & Groups from System Preferences.
- Select the appropriate user and click Login Options.
- By Network Account Server, click Edit.
- From the drop-down pane, select the Active Directory Domain entry and remove the binding. Next, click Open Directory Utility.
In the Directory Utility pane, please consider the following points:
- Computer ID: This is the system’s DNS host name. We will need to synchronize this name with the computer name listed in the computer’s Sharing preference pane.
- Create mobile account at login: Users have had success with enabling this option, even if the Mac system is not a laptop.
Binding Mac OS X Lion to AD
In the Advanced Options, navigate to the Administrative pane and consider testing the following option:
Prefer this domain server: You might want to “point” the Lion workstation to a nearby domain controller, preferably a domain controller that doubles as a DNS server.
Adjust authentication search policy
In Directory Utility, navigate to the Search Policy tab and move the /ActiveDirectory/DomainName entry to the top of the search list.
Reordering the search policy
Synchronize Mac host name
From System Preferences, open the Sharing pane and set the Computer Name field to the DNS host name of the Mac system. We want to ensure that this name matches the system name in the Directory Utility exactly.
Setting the Mac Hostname
Verify DNS and system time
You already understand that the Kerberos authentication protocol is highly time sensitive. On your Lion workstation, I recommend that you open the Date & Time system preference pane, navigate to the Date & Time tab, select Set date and time automatically, and fill in the DNS host name of your Windows Server 2008 Network Time Protocol (NTP) time server.
Synchronizing the Mac’s clock with AD
Use domain name with user name
This particular troubleshooting tip is a bit of a long shot, but desperate times call for desperate measures, right?
Try logging on to the Lion workstation by using the “old school” domain\username syntax instead of supplying either just the username or the username@domain syntax.
Reinstall Mac OS X Lion
Obviously, OS reinstallation is a worst-case scenario. However, some users have found that performing a clean reinstallation of Mac OS X Lion cleared up the problem.
Conclusion
I hope that you were able to find success with your Mac OS X Lion/Active Directory integration issues by applying one or more of these troubleshooting techniques. Please leave feedback in the comments portion of this post so that the 4Sysops community can benefit from your experience.
Network accounts are unavailable — Mac — Sierra
I have a Mac that I’ve tried binding to our domain, but when I try and sign in with a new AD account it says «Network accounts are unavailable» with a red dot next the box to enter the username.
I’ve tried unbinding and binding again through System Preferences and through the terminal with absolutely no luck.
The weird things is I can sign in with my account with no issues and I’ve never signed into this Mac before. The only differences between my account and the ones I’m trying to sign into is I’m a domain admin.
It would probably be beneficial to note that this Mac was on our domain before with a different name. I unbinded it and added with a new name. AD can see the Mac with the new name. Maybe this a SSID issue?
This has been extremely frustrating, so any help would be greatly appreciated.
Wi-fi login Network Accounts are Unavailable
I work support and mainly work with PCs so my mac experience is limited. Right now one of the mac laptops we support is not utilizing the wifi at the user login screen and displaying «Network accounts are unavailable.» I can login with the local admin and the wifi automatically connects as it should then, but I can’t seem to jiggle anything loose to restore the wifi connection at login screen. I would appreciate any help or advice on how to restore this functionality as all of the laptop users need to be connected to the wifi for their domain accounts to be granted access on the laptop.
Что означает network accounts are unavailable
Reddit and its partners use cookies and similar technologies to provide you with a better experience.
By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising.
By rejecting non-essential cookies, Reddit may still use certain cookies to ensure the proper functionality of our platform.
For more information, please see our Cookie Notice and our Privacy Policy .
Get the Reddit app
A subreddit for all things related to the administration of Apple devices.
I have been dealing with this elusive issue and I was hoping someone here has had experience with this or can help think outside the box.
We are in an Enterprise/College environment and have one machine in the Mac lab that keeps displaying "network accounts are Unavailable" at the login screen; no network accounts are able to log in. I have done unbind/bind numerous times. At first, this would work for about a week then went right back to it. Now it's been failing within 24hrs. So it's a band-aid; I'm looking for the trigger.
Things we have looked at: the Host Name is correct in the 3 places that matter. the name does not conflict with any other machine name. the cable running to the port is fine and has been swapped. the cable through the wall to the switch tested well. Port Security is not being tripped. (I want to note that we noticed a very coincidental down-up-down-up on the switch interface, spanning for about 1-2hrs right around the time when this was happening and began to fail). When I log in with local admin account, I have a good IP and can ping/visit all network resources — it's like the login/authentication agent in the OS can't communicate with the DomainController — which I would imagine to be a loss of trust, hence the unbind/bind — but it keeps happening and I can't wrap my head around why.
EDIT: Update. So it's been about a week. What I've done is replace the machine. It's been holding. I am inclined to say it was the NIC. The only other thing that's changed is certain account-types were told to not use the machine (Students, it being an instructor machine). This leaves the possibility that Zymology mentioned as a possibility but NIC seems more likely at this point. I still have to get a solid image on the one that's been having problems.
The reason I'm still not sure about the NIC is because I have a completely different machine now doing the same thing. I suppose it's possible that 1/15 of our macs is hardware-defective.
I'll update in a couple of weeks in case anyone's more interested, because the only real test is time. I'm re-deploying the 2 that have been having problems, with fresh images. I'm also going to try to follow Zymology's DeepFreeze rabbit hole. Thanks for the brainstorming everyone.
EDIT2: Resolution/afterthoughts. The issue is resolved with a clean upgrade/re-image to El Capitan for this machine. Thanks to everyone for suggestions — I did try every single suggestion here to no avail, in case I didn't respond I just wanted to say that. Godspeed to any future techs who get stuck with this one.