We have some Mac Minis used by students, which are configured to authenticate the user against a central AD and store the homes on a server, from where they get mounted on login. Until two days ago, this worked pretty well. Unfortunately, while testing the Catalina update on one of these machines, I missed to check the network logon. Only after updating all machines, students started to complain that login wasn't possible anymore.
The problem: User tries to login with his network account name and password. The system freezes with a spinning wheel and a Beachball of death.
What I tried so far:
- The mounted homes reside on a MacPro (macOS 10.14.5) and are mounted via SMB/CIFS. First idea was that there is a problem with SMB. But mounting with AFP didn't get me any further.
- Quite often, when it comes to network logon problems, the solution of choice seems to be to unbind the computer and rebind it again. I also tried that, without success.
-
Next step was to dig into what is really happening when a network user presses the Enter key on the login page.
/var/log/system.log
doesn't show anything-
I tried to get some insights via log:
sudo log collect --start "2019-11-08 12:23:00" --size 1000m
gave a pretty deep view of what is going on. Reading through this logs, I found this:-
12:23:16.085134 SecurityAgent: (loginsupport) [com.apple.loginwindow:UsersExtra] Looking for user "gk784" with UID (-1) on node "/Search"
seems that the request to log me in arrived at the system 😉
-
12:23:16.099165 opendirectoryd: (SystemCache) [com.apple.opendirectoryd:systemcache.memberships] NFSv4ID not supported for user '<private>' node /Active Directory/MYDOMAIN/my-domain.de
it also knows about the AD
-
12:23:16.100765 SecurityAgent: (loginsupport) [com.apple.loginwindow:UsersExtra] A user list was generated by the search for "gk784" with UID(-1) on node "/Search": <CachedUserList 0x7fe9a9618b60: ( "<CachedUser 0x7fe9a9618850: gk784 (143850)>")>
found me
-
12:23:18.678815 authorizationhost: (loginsupport) [com.apple.HomeDirMechanism:HDM_General] -[HomeDirMechanism invoke]:432: INVOKING HOME DIR MECHANISM
12:23:18.682739 authorizationhost: (loginsupport) [com.apple.HomeDirMechanism:HDM_General] -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:]:994: name = gk784, path = /home/gk784, homeLoc = <home_dir><url>smb://srv01.some.sub.my-domain.de/home/gk784</url><path>/</path></home_dir>
Login seems to be successful, as the computer now tries to mount my home directory.
-
12:23:19.822985 NetAuthSysAgent: (loginsupport) [com.apple.NetAuthAgent:NetFS] Calling Mount
12:23:19.823037 NetAuthSysAgent: (loginsupport) [com.apple.NetAuthAgent:NetFS] URL = smb://gk784:********@srv01.some.sub.my-domain.de/home/gk784
12:23:19.823061 NetAuthSysAgent: (loginsupport) [com.apple.NetAuthAgent:NetFS] Mount point = /home/gk784
12:23:19.940074 NetAuthSysAgent: (loginsupport) [com.apple.NetAuthAgent:NetFS] CloseSession result 0
12:23:19.940341 NetAuthSysAgent: (loginsupport) [com.apple.NetAuthAgent:IPC] Reply Connect to Server status = 0
Does this mean that the mount succeeded?
-
After some more log entries the login window seems to be satisfied:
12:23:20.444742 SecurityAgent: (loginsupport) [com.apple.loginwindow:Process] loginwindow:done is being invoked
12:23:20.588776 SecurityAgent: (loginsupport) [com.apple.loginwindow:Process] Stopping the timer that makes loginwindow UI's window frontmost and forces the cursor to show
12:23:20.604644 SecurityAgent: (loginsupport) [com.apple.loginwindow:Process] loginwindow:login is being destroyed
After that there are a lot more log messages that report errors here and failures there, but they don't make any sense to me, thus I can't judge whether or not they are of relevance.
-
My problem is, that login seems to work and also mounting the home folder, but the login window won't disappear. And I don't have any idea what the reason could be, of even how to find the reason, as this system log is really full of stuff. Or is my interpretation above already incorrect? Did anyone run into the same problem? Does anyone have an idea, how to find the reason? Any help appreciated.
Best Answer
I hoping you solved this one. Just a possible solution here. Catalina system file system is now read only. Mount points are now restricted. I suspect the issue may be related to mount point problems. I have network users as well and I am having no issues with that. I did however have mount problems. All mounts must now be in
/System/Volumes/Data
So your mount point should probably be
/System/Volumes/Data/home/gk784
At this point most likely you will need to change user home folder locations. You can sym link but not to the root file system.
I would be curious to know what you did, if you did indeed solve this.