CNET también está disponible en español.

Ir a español

Don't show this again

Computers

Users unable to log in after updating OS X

After installing an update to OS X, one rare but possible problem might be that the directory services can become corrupted, removing account credentials, and preventing you from logging in.

Updating OS X can sometimes result in odd errors if the installation goes awry, which is one of the reasons we both recommend performing maintenance routines and backing up as part of preparing for an OS X update, and also recommend installing using the Combo updater when booted to Safe Mode.

One problem people have reported as a result of the latest OS X update is the system refusing to allow them to log in. When they enter their passwords, the system will give an error and leave them stuck at the log-in screen. If this happens, it appears to affect all user accounts and not just one.

There are several approaches to managing this issue:

  1. Restore a backup and try again

    Hopefully you either have a Time Machine backup or a clone of your drive that you can use to restore your system as it was before the update. Once you do this, be sure to run a full general maintenance routine on your system, and then download the Combo updater for the version of OS X you are trying to install. The Combo updater will contain all changes to OS X since its initial version release, and will therefore replace all files that have been updated with fresh ones. This step may help fix any corrupt files on your drive that could be contributing to the error.

    With the Combo updater downloaded, reboot the system into Safe Mode by holding the Shift key at start-up, log in, and then run the previously downloaded updater.

  2. Reset user passwords

    Reset Password Utility
    The reset password utility will allow you to change the passwords for all recognized user accounts on the selected hard drive. Joe Aimonetti

    Another option you can try is to reset the passwords for users on the system. To do this, you will need your OS X installation DVD or the gray restoration DVDs that came with your computer (provided they are the same version of OS X your system is currently running).

    Insert the boot disc and restart the system with the "C" key held down so it boots off the optical drive.

    Once the installer loads, choose your language and then from the "Utilities" menu choose "Reset Password" and the password-resetting utility should load. In this utility, select your hard drive and choose the desired username from the drop-down menu. Enter a new password for the user along with a password hint, and click the "Save" button.

    After this step is completed, reboot the system and try logging into the account again.

    If the password reset utility only shows one user account as being available, reset the password for that account and then log into it. From here first check the /Macintosh HD/Users/ folder to ensure that each account's home directory is still intact, and then use the Accounts system preferences to recreate each lost account. If the short names are the same as an existing home folder, the system will prompt you to associate the existing folder with the new account, and the user should then be restored to the system.

  3. Reset passwords without an installation DVD

    If you do not have an installation DVD, you can reset passwords by creating a new administrative user account on the system and then logging into that account to manage the other accounts on the system.

    To do this, reboot the system with the Command-S keys held down, which will boot into Single User mode. Single User mode is a root-level terminal mode that will allow you to modify core system components without the restrictions of a normal user account, so be careful.

    When the system loads and presents the command prompt, you can run the following commands sequentially to create a new administrator account (replace "USERNAME" and "FULL USERNAME" with the proper short and long names for the account, respectively):

    /sbin/mount -uw /
    sudo dscl . -create /Users/USERNAME
    sudo dscl . -create /Users/USERNAME UserShell /bin/bash
    sudo dscl . -create /Users/USERNAME RealName "FULL USERNAME"
    sudo dscl . -create /Users/USERNAME UniqueID 603
    sudo dscl . -create /Users/USERNAME PrimaryGroupID 80
    sudo dscl . -create /Users/USERNAME NFSHomeDirectory /Local/Users/USERNAME
    sudo dscl . -passwd /Users/USERNAME PASSWORD
    sudo dscl . -append /Groups/admin GroupMembership USERNAME
    shutdown -r now

    Once these commands have been run, you should be able to log into the new administrative user account, and from here be able to manage your other accounts using the OS X "Accounts" system preferences as mentioned above.

    NOTE: The use of "UniqueID" being set to 603 will prevent any conflicts with current user ID numbers. User accounts start at 501, so using a number close to this (i.e., 502, 503, etc.) may result in conflicts. Starting in the 600 or 700 ranges should work just fine.

  4. Perform a reinstallation of OS X

    Another option is to reinstall OS X. In Snow Leopard by default the system will perform an archive and install method of reinstalling, which will preserve as much of the current installation as possible (user accounts, data, applications, and settings) and reinstall the underlying OS X software.

    To do this, instead of running any utilities after booting to the OS X installation DVD, just continue with the installation following the onscreen instructions. After this is done, be sure to fully update your installation to the latest version of OS X using either Software Update or a downloaded Combo updater.

  5. Server users

    Some people running OS X server have had this problem, and have found that by using Apple's server administration utilities on another system they could fix the issue by re-enabling log-in for the affected accounts.

  6. Restore directory service backups

    One Apple Discussion user "llude" wrote quick instructions for restoring the backed-up directory services database created by the OS X 10.6.5 updater as a potential fix for this issue. Here are those instructions, which will require you to boot into Single User mode and run a number of terminal commands:

    1. Start the computer in Single-User Mode, by holding down Command+S as it boots up. You end up in a terminal as the root user.

    2. As suggested on the screen, do the following to check and mount your filesystem:

      /sbin/fsck -fy
      /sbin/mount -uw /

    3. Find out which accounts have been deleted (here I assume 'username' is one of them):

      defaults read /Library/Preferences/com.apple.preferences.accounts

    4. Convince yourself that the user data is still safe:

      ls /Users/username

    5. I noticed that the 10.6.5 update made backups of the Directory Services and shadow passwords in /private/var/db as the xar archives 'dslocal-backup.xar' and 'shadow-backup.xar', respectively. If you also have these files, you are in luck! Restore the settings for each deleted user, as well as all shadow passwords, as follows:

      cd /private/var/db
      xar -xf dslocal-backup.xar dslocal/nodes/Default/users/username.plist
      xar -xf shadow-backup.xar

    6. For good measure, remove the record of deleted users (not sure if this is necessary, but seemed like a good idea at the time):

      rm /Library/Preferences/com.apple.preferences.accounts

    7. Restart the computer:

      shutdown -r now



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.