Below is the list of errors that may arise while installing the login agent in Mac machines and the solutions to resolve the error:
Connection timed out.
Possible cause: The macOS client, in which you are trying to install the login agent, is shut down or not connected to the domain network.
- Start the client and ensure that it is connected to the domain network. Check the connection by pinging the macOS client from the ADSelfService Plus server. Once you're sure there is a connection, try installing the login agent again.
- If the connection to the Mac client is fine, then check the client's integration with AD.
Possible cause: Remote Login has not been enabled.
- Open the Mac client. Go to Preferences → Sharing and check if Remote Login is enabled.
- Check if the user account provided in the ADSelfService Plus Domain Settings has Remote Login access enabled.
The network path was not found.
Possible cause: The target computer could not be contacted.
- Ensure if such a computer exists. If so, ensure that it is connected to the network.
- To check for connectivity, ping this computer from the server where ADSelfService Plus has been installed.
Logon Failure: Unknown user name or bad password
Possible cause: Incorrect username or password for the service account.
- Provide the correct credentials for the service account. Also, go to the Directory Editor in the Directory Utility and check if the Active Directory node can be connected using the user credentials provided in the ADSelfService Plus Domain Settings.
Possible cause: The service account does not have the required administrative privileges over the targeted macOS client.
Solution: Provide admin privilege to the service account by following the steps below:
- In the targeted macOS client, go to System Preferences → Users & Groups → Login Options → Edit → Open Directory Utility.
- In the Service tab, click the Administrative section.
- Select the Allow Administration by checkbox, and include the service account used to run the ADSelfService Plus server.
- Click OK.
- Verify the macOS client's integration with AD.
- Go to Directory Utility → Directory Editor → <Your Active Directory node> If the connection is successful, you will be able to see the AD objects.
- If the connection to the AD node fails, try pinging the Domain Controller (DC) from the macOS client.
- If the DC is reachable and the problem persists, unbind it and try re-binding the macOS client with AD.
Invalid service account credentials.
Possible cause: Invalid or expired service account credentials in the Domain Settings.
Solution: Update the correct service account credentials. Also, verify the macOS client's integration with AD.
Insufficient privileges to the service account.
Possible cause: The service account does not have the required root privilege to perform a remote installation of the package over the targeted macOS client.
Solution: Provide root privilege to the service account by following the steps below:
- Go to the Terminal window and execute the command sudo visudo. Then, navigate to the #User privilege specification section. In the %admin ALL=(ALL) ALL replace %admin with the username i.e., <username> ALL=(ALL) ALL.
No authentication details found for the domain.
Possible cause: Insufficient privileges for the service account in the Domain Settings of ADSelfService Plus.
Solution: Provide the domain user credentials with admin privileges.