Mac Thread, Bindings to active directory stop working? in Technical; Hi All,
Despite the fact that we have had macs running in our school for the whole school year I ...
12th May 2009, 10:12 AM #1
Bindings to active directory stop working?
Despite the fact that we have had macs running in our school for the whole school year I can still not claim that they have worked they way I wanted them to.
Firstly they were local log on, then they were added to active directory THEN i went on a mac course and set up a mac server so that I could control the user experience while still letting users authenticate to active directory.
My problem is that when I bind the workstations to both open and active directory the machines tend to lose the active directory and will not let users log on.
It doesn't happen straight away. But when it does I have to remove the active directory binding and then add it again. The machine may work then for a day a week or more but then it will lose it again? there are 30 machines and every day I have resorted to logging in to them as a test user and then fixing the broken ones. this is time consuming and stupid!
Does anyone have any ideas?
Oh yeh I'm on 10.5.6.
IDG Tech News
12th May 2009, 10:23 AM #2
glad you started this thread.... same boat
12th May 2009, 10:58 AM #3
It's always nice to know you are not the only one!
Last edited by reggiep; 12th May 2009 at 11:01 AM.
12th May 2009, 11:41 AM #4
Server and clients both 10.5? 10.4 will corrupt the AD settings on a regular basis.
Are you synchronising the time on the machines to the DC? When the stop working do a "sudo dsconfigad -show" to see if the domain name is still correct (this becoming part of the ldap oid was the issue on 10.4).
12th May 2009, 11:43 AM #5
I recall DMcCoy having a hilarious time with these sorts of issues. I'll try and find his threads.
12th May 2009, 11:49 AM #6
I'm not sure hilarious is the word. 3 years of Apple hell? That's probably a better description!
Originally Posted by Geoff
Up to 12 of 25 screens replaced now
12th May 2009, 11:57 AM #7
Have you moved AD plugin to be positioned ABOVE the OD plugin the SearchPolicy list (Go > Utilities > Directory Utility) on your clients?
Also, bear in mind that on boot, it takes a few minutes for the AD plugin to connect, so will refuse to login for up to 2 minutes - despite presenting you with a login box, the system still isn't completely ready to connect basically.
12th May 2009, 12:17 PM #8
I fired up terminal and typed the above.
Originally Posted by DMcCoy
My domain is correct but the computer account is not!!
When I go to sys prefs/sharing I see that the computer name is iMac-u40-011 but below that it says "computers can access this computer by going to iMac-u40-70.local"
And at the terminal it gives that name too.
Could this be the problem?
12th May 2009, 12:18 PM #9
Yep done that.
Originally Posted by Marci
12th May 2009, 05:40 PM #10
You can't bind to both. We bind to AD, but then add in our OD server to the LDAP list but do not bind. This allows logins via AD and management via OD/MCX. This set up (with 10.4 and 10.5 clients) works fine. Management is off a 10.5 server.
There was a big fat bug in the 10.5.4 AD plug in which caused bindings to be lost whenever the machine felt like it, but using version 1.6.3 which went in to 10.5 works much more reliably.
12th May 2009, 07:26 PM #11
You can bind to both, it's perfectly fine with 10.5. With 10.4 it would just get upset unless you sorted out the kerberos records manually to stop it getting confused. Not that our OD contains any users anyway!
Originally Posted by iSteve
12th May 2009, 07:38 PM #12
did a lot of swearing today but managed to get all the machines binded to the AD. all working now Dam mac's
By steveo2000 in forum Mac
Last Post: 6th April 2009, 11:26 PM
By MrPstv in forum Windows Server 2000/2003
Last Post: 26th March 2009, 08:26 PM
By Neville in forum Windows
Last Post: 25th June 2008, 04:24 PM
Last Post: 31st January 2008, 01:17 PM
Last Post: 9th June 2006, 05:37 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)