Navigate to previous Previous TopicNext Topic Navigate to next

Troubleshooting the macOS login agent installation

Below is the list of errors that may arise while installing the login agent in Mac machines and the solutions to resolve the error:

  1. Connection timed out.

    Possible cause: The macOS client in which you are trying to install the login agent is shut down or not connected to the domain network.

    Solution:

    • Start the client and ensure that it is connected to the domain network. Check the connection by pinging the macOS client from the ADSelfService Plus server. Once you are sure there is a connection, try installing the login agent again.
    • If the connection to the Mac client is fine, then check the client's integration with AD.

  2. Connection refused.

    Possible cause: Remote Login has not been enabled.

    Solution:

    • Open the Mac client. Go to Preferences → Sharing and check if Remote Login is enabled.
    • Check if the user account provided in the ADSelfService Plus Domain Settings has Remote Login access enabled.

  3. The network path was not found.

    Possible cause: The target computer could not be contacted.

    Solution:

    • Ensure if such a computer exists. If so, ensure that it is connected to the network.
    • To check for connectivity, ping this computer from the server in which ADSelfService Plus has been installed.

  4. Logon Failure: Unknown user name or bad password

    Possible cause: Incorrect username or password for the service account.

    Solution:

    • Provide the correct credentials for the service account. Then go to the Directory Editor in the Directory Utility and check if the Active Directory node can be connected using the user credentials provided in the ADSelfService Plus Domain Settings.

  5. Permission denied.

    Possible cause: The service account does not have the required administrative privileges over the targeted macOS client.

    Solution: Provide admin privilege to the service account by following the steps below:

    • In the targeted macOS client, go to System Preferences → Users & Groups → Login Options → Edit → Open Directory Utility.
    • In the Service tab, click the Administrative section.
    • Check the Allow Administration by box, and include the service account used to run the ADSelfService Plus server.
    • Click OK.
    • Verify the macOS client's integration with AD.
      • Go to Directory Utility → Directory Editor → <Your Active Directory node>. If the connection is successful, you will be able to see the AD objects.
      • If the connection to the AD node fails, try pinging the Domain Controller (DC) from the macOS client.
      • If the DC is reachable and the problem persists, unbind it and re-binding the macOS client with AD.

  6. Invalid service account credentials.

    Possible cause: Invalid or expired service account credentials in the Domain Settings.

    Solution: Update the correct service account credentials. Also, verify the macOS client's integration with AD.

  7. Insufficient privileges to the service account.

    Possible cause: The service account does not have the required root privilege to perform a remote installation of the package over the targeted macOS client.

    Solution: Provide root privilege to the service account by following the steps below:

    • Go to the Terminal window and execute the command sudo visudo. Then, navigate to the #User privilege specification section. In the %admin ALL=(ALL) ALL replace %admin with the username i.e., <username> ALL=(ALL) ALL.

  8. No authentication details found for the domain.

    Possible cause: Insufficient privileges for the service account in the Domain Settings of ADSelfService Plus.

    Solution: Provide the domain user credentials with admin privileges.

  9. Insufficient install permissions

    Possible cause: Target computer does not have sufficient file permissions to perform the installation.

    Solution: Ensure that the service account or domain admin credentials configured in ADSelfService Plus have full disk access via SSH over the target computer. This can be done by following the steps given below.

    • To enable full disk access for SSH:
      • Navigate to System Preferences → Security and Privacy → Privacy.
      • Under Full Disk Access, check the sshd-keygen-wrapper box.
    • To enable full disk access for remote user login:
      • Navigate to System Preferences → Sharing → Remote Login.
      • Under Full Disk Access, check the Allow full disk access for remote users box for the service account configured in ADSelfService Plus.
Go to Top
Navigate to previous Previous TopicNext Topic Navigate to next

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
     
  •  
  • By clicking 'Talk to experts' you agree to processing of personal data according to the Privacy Policy.

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try onboarding

     

Copyright © 2024, ZOHO Corp. All Rights Reserved.