+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
Mac Thread, 10.5 AD Binding in Technical; I thought it was the local computer name. I still receive the same error as in my last post...
  1. #16

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    I thought it was the local computer name. I still receive the same error as in my last post

  2. #17

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Just another quick note if I change the domain name I typed in to st-ambrose or st-ambrose.local, it says could not contact domain.

  3. #18
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,424
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Quote Originally Posted by ahunter View Post
    Just another quick note if I change the domain name I typed in to st-ambrose or st-ambrose.local, it says could not contact domain.
    I was only checking as os x uses .local for bonjour so you have to make some changes to join a domain ending in .local.

    See if a lookup of your domain name in the network utility (with all/any information selected) returns the correct domain controllers.

  4. #19

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    I can confirm lookup of the domain does return a result for both our DC's.

  5. #20
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    i thought that was no longer an issue.

    also anyone know if that problem exists where the system starts up to fast for the network? we have machines in our LRC that i put a 10 second wait command in 1 of the startup scripts, but i cant remember doing that for our latest image.

    anyway, done a bit of googling this morning try adding your AD servers to /etc/hosts

    here's the link: http://www.macwindows.com/leopard.html#102907i
    (its a bit further down around Feb time)
    Last edited by gaz350; 17th March 2008 at 09:40 AM.

  6. #21

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Sadly I have tried that and still receive the same error

  7. #22
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    firewall is turned off right?

  8. #23

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    It is set to accept all incoming requests. Im not sure if its a simple on/off button like it is on tiger unless I'm missing something.

  9. #24
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    starting to get desperate

  10. #25

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    ditto, I read somewhere that the error I get can be caused if you have multiple DC's as its not "clever" enough to pick one. Doesn't appear to be a solution for it though.

  11. #26
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    we have multiple DC's works fine. Only thing i can think of is something in your domain is setup in a non-standard way.

  12. #27

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Hmm, could be, the only confusing part is our tiger clients will bind/unbind to their hearts content. I would just put tiger on this iMac but 10.4 doesn't have the right drivers for the new iMacs

  13. #28

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Quote Originally Posted by ahunter View Post
    Hmm, could be, the only confusing part is our tiger clients will bind/unbind to their hearts content. I would just put tiger on this iMac but 10.4 doesn't have the right drivers for the new iMacs
    Really sorry you are having problems with this. Have you got the constitution to try one more thing? If you have, try this:

    1. Reinstall one of your iMacs and DON'T install the 10.5.2 update. Only update to 10.5.1 if you can.

    2. Add the computer name you will be using for the iMac into ADUC on your Windows Server before binding.

    3. In Directory Utility you get the option of "Prefer this Domain Controller"- use that option and put your Windows Server IP address in there. Don't let Leopard decide which DC to choose (this will help if you have a multiple DC site).

    4. Uncheck "Allow Authentication for any Domain Controller"

    5. In the "Directory Servers" screen add your domain controllers

    6. Bind and test

    Do a "dsconfigad -show" if it doesn't work and post the results back here if you have the time.

    Remember- don't update to the 10.5.2 release yet. If it binds you might want to check that after the update it still works. I really think that this has something to do with particular domain setups, but haven't seen much of a pattern yet because most people haven't the time or inclination to actually post chunk loads of configuration settings etc.

    Another thing to check is that if you enter an A and PTR record for your Mac before binding whether it then works. This would indicate something DNS related on your domain that Tiger ignored but that Leopard is more fussy about. Also remember that with Leopard Open Directory is now integrated into the client as well as server product- NETINFO has been deprecated. They worked differently at local level and when binding to AD!

    Hope that helps,

    Paul

  14. #29

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Hi,

    Still no joy I'm afraid. When I try to add the directory servers I can add our apple server but it will not let me add anything related to our domain controllers or 03 domain. It just says eDSCannotAccessSession, I cannot seem to find anything on the net which resembles the problems we are having.

    Starting to get a bit desperate now.

  15. #30

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Quote Originally Posted by kingswood View Post
    Really sorry you are having problems with this. Have you got the constitution to try one more thing? If you have, try this:

    1. Reinstall one of your iMacs and DON'T install the 10.5.2 update. Only update to 10.5.1 if you can.

    2. Add the computer name you will be using for the iMac into ADUC on your Windows Server before binding.

    3. In Directory Utility you get the option of "Prefer this Domain Controller"- use that option and put your Windows Server IP address in there. Don't let Leopard decide which DC to choose (this will help if you have a multiple DC site).

    4. Uncheck "Allow Authentication for any Domain Controller"

    5. In the "Directory Servers" screen add your domain controllers

    6. Bind and test

    Do a "dsconfigad -show" if it doesn't work and post the results back here if you have the time.

    Remember- don't update to the 10.5.2 release yet. If it binds you might want to check that after the update it still works. I really think that this has something to do with particular domain setups, but haven't seen much of a pattern yet because most people haven't the time or inclination to actually post chunk loads of configuration settings etc.

    Another thing to check is that if you enter an A and PTR record for your Mac before binding whether it then works. This would indicate something DNS related on your domain that Tiger ignored but that Leopard is more fussy about. Also remember that with Leopard Open Directory is now integrated into the client as well as server product- NETINFO has been deprecated. They worked differently at local level and when binding to AD!

    Hope that helps,

    Paul
    As requested here are the dsconfigad results:

    Last login: Mon Apr 21 10:05:45 on console
    rm-918a33376752:~ localadmin$ dsconfigad -show

    You are not bound to Active Directory:

    Advanced Options - User Experience
    Create mobile account at login = Disabled
    Require confirmation = Enabled
    Force home to startup disk = Enabled
    Use Windows UNC path for home = Enabled
    Network protocol to be used = smb:
    Default user Shell = /bin/bash

    Advanced Options - Mappings
    Mapping UID to attribute = not set
    Mapping user GID to attribute = not set
    Mapping group GID to attribute = not set

    Advanced Options - Administrative
    Preferred Domain controller = not set
    Allowed admin groups = not set
    Authentication from any domain = Enabled
    Packet signing = allow
    Packet encryption = allow

    Advanced Options - Static maps
    None
    rm-918a33376752:~ localadmin$

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 7
    Last Post: 31st January 2008, 12:17 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •