+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
Mac Thread, Macs often refuse authentiaction against AD in Technical; We have 20 iMacs in our music department and we used Directory services to set up AD authentication with our ...
  1. #1

    Join Date
    Jan 2007
    Location
    Leicestershire
    Posts
    60
    Thank Post
    0
    Thanked 9 Times in 4 Posts
    Rep Power
    17

    Macs often refuse authentiaction against AD

    We have 20 iMacs in our music department and we used Directory services to set up AD authentication with our Windows 2003 server. Authentication works, but every couple of days it decides not to work and we need to go back in to Directory Services, unbin from the AD server and rebind and then it works fine for another few days. It is driving our head of music mad!

    Anyone else had this? Anyone know a solution? We will throw money at an Apple server if this is going to fix it but the when the authentication works it is fine and users log on correctly and everything is locked down just like it is on Windows clients.

    We use Ranger on our network - if that makles any difference.

    Thanks in advance for any help you guys can offer . . .

  2. #2

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35
    I haven't experienced that problem myself so i don't know what the solution is. Maybe you could post the system.log from an affected mac for us to look at.
    I can tell you that buying an OSX server won't hold the problem in any way as it is still the client machines that communicate with your AD servers.

    Matt

  3. #3

    Join Date
    Jan 2007
    Location
    Leicestershire
    Posts
    60
    Thank Post
    0
    Thanked 9 Times in 4 Posts
    Rep Power
    17
    Thanks, saundersmatt, I will grab the relevant part of the system log as soon as the problem next occurs.

  4. #4
    Rozzer's Avatar
    Join Date
    Aug 2005
    Location
    South West
    Posts
    720
    Thank Post
    21
    Thanked 81 Times in 61 Posts
    Rep Power
    33
    I would log in locally when you cannot log in and check that the time is correct. I have had problems before with the clock being 1 hour fast.

    By the way what version of OS 10 do you use?

    Ross

  5. #5

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18
    You're probably aware of this, but just making sure, with regards to authentication not taking place. Do ensure that the system time on the Mac's is exactly the same as the OS X Server and Windows Domain Controllers. Otherwise authentication fails; a security feature part of Mac OS X I believe.

    You'd be surprised how long it took me to work out why every now and then a Mac or two would stop authenticating!
    I posted this a while ago on another thread http://edugeek.net/forums/showthread.php?p=120952.

    You could possibly be having the same issue. Perhaps running your own NTP server might help?

  6. #6

    Join Date
    Jan 2007
    Location
    Leicestershire
    Posts
    60
    Thank Post
    0
    Thanked 9 Times in 4 Posts
    Rep Power
    17
    Thanks, guys, it could well be the time settings. I will check in the morning and if the time has drifted will set up time syncing with the server.

    Fingers crossed that you've hit the nail on the head!

    I will report back.

  7. #7

    Join Date
    Jan 2007
    Location
    Leicestershire
    Posts
    60
    Thank Post
    0
    Thanked 9 Times in 4 Posts
    Rep Power
    17
    Unfortunately it wasn't a clock issue. The time on the Macs and on the servers is in perfect synch

    I tried logging onto a Mac today, which wouldn't log me on. I logged on locally and tried accessing a logfile. Which logfile should I be looking at? System.log? There didn't appear to be anything in it of any relevance to AD authentication.

  8. #8

    Join Date
    Jan 2007
    Location
    Leicestershire
    Posts
    60
    Thank Post
    0
    Thanked 9 Times in 4 Posts
    Rep Power
    17
    I now have a system.log file which shows us trying to log in as an AD user. Some of the messages are a bit cryptic so if anyone can shed any light on the problem I'd be most grateful.

    The logfile is available by clicking here

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Try putting DirectoryServices in debug mode with a "killall -USR1 DirectoryService", then tail the log with, "tail -f /Library/Logs/ DirectoryService/DirectoryService.debug.log | grep ADPlug" and watch it while you bind. Make sure you reboot or killall DirectoryService again so you don't grow a giant log file.

  10. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,439
    Thank Post
    10
    Thanked 489 Times in 429 Posts
    Rep Power
    111
    I've spent many hours sat in front of the AD debug logs, and its never been very helpful

    What sort of "unable to login" are you getting? The shaking screen or the AFP or SMB share is unavailable message?

    If it happens at boot then it can be because the DS plugin takes a while to start up.

  11. #11

    Join Date
    Jan 2007
    Location
    Leicestershire
    Posts
    60
    Thank Post
    0
    Thanked 9 Times in 4 Posts
    Rep Power
    17
    We get the shaking screen time after time. If we log in to the local machine and unbind, then rebind, we can subsequently log in successfully with an AD username/password. The first attempt after rebinding always results in an smb error - a message telling us that we are attempting to login to an smb volume. The second time always works fine. Things will remain fine for several days, then we are back to square one.

  12. #12

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Can you log in locally and then log out and log back in as a network user straight after?

  13. #13

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35
    Quote Originally Posted by scgf View Post
    We get the shaking screen time after time. If we log in to the local machine and unbind, then rebind, we can subsequently log in successfully with an AD username/password. The first attempt after rebinding always results in an smb error - a message telling us that we are attempting to login to an smb volume. The second time always works fine. Things will remain fine for several days, then we are back to square one.
    To solve that:

    sudo nano /etc/hostconfig

    and change automount from -auto- to -no- (or equivalent, can't remember off hand if it's no or disabled)

  14. #14

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35
    Jan 23 10:51:05 MC-MU1-04 DirectoryService[44]: Active Directory: Could not determine closest Domain Controller from Site information in directory
    The above error from your log.

    When you bind to AD. Try defining the server. I know it's possible but once again can't remember off hand. If you're stuck give me a shout and i'll have a look on a mac on monday.

    Matt

  15. #15
    Rozzer's Avatar
    Join Date
    Aug 2005
    Location
    South West
    Posts
    720
    Thank Post
    21
    Thanked 81 Times in 61 Posts
    Rep Power
    33
    Jan 23 10:56:52 MC-MU1-04 /System/Library/CoreServices/mcxd.app/Contents/MacOS/mcxd: DSOpenNode(): dsOpenDirNode("/Active Directory/All Domains") == -14002
    That looks to be your error.

    Just a few questions. Have you binded your mac server to Active directory? Did you add a kerberos realm as well if you added the mac server to AD?

    Also try the auto mount fix that fixed a lot of problems for me. You may also wanna try the easy fix is to rebind the workstation to AD.

    Ross

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 77
    Last Post: 12th October 2007, 12:25 PM
  2. Replies: 14
    Last Post: 26th June 2007, 06:29 PM
  3. Firefox on Macs
    By Osprey in forum Mac
    Replies: 13
    Last Post: 13th June 2007, 06:02 PM
  4. Macs in Cumbria??
    By SteveT in forum Mac
    Replies: 5
    Last Post: 20th March 2007, 09:41 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •