Mac Thread, Mac clients on Server 2008 R2 domain in Technical; We have a suite of Macintosh clients running OS X 10.5.8
Until we upgraded our Active Directory domain to Windows ...
29th September 2009, 01:40 PM #1
Mac clients on Server 2008 R2 domain
We have a suite of Macintosh clients running OS X 10.5.8
Until we upgraded our Active Directory domain to Windows Server 2008 R2 native mode and enabled LDAP encryption between servers and clients, it worked fine.
Now the clients won't log on to the network - try to use AD user accounts and the macs just "shake their head" at users.
I suspect this is a LDAP encryption issue rather than something to do with the upgrade to 2008 R2 native mode itself, but as both were performed at the same time it could be either.
Although we can log on locally to the macs and unbind them from their current domain settings, we can't seem to re-add them. Follow any instructions I can find, plus Apple's "Good Practices" pdf file, and nothing seems to work.
Any suggestions as to setting up Macs to work with a domain where LDAP Encryption is enabled? Is it just a case of obtaining a certificate from the CA we have on our network and ticking the "Use SSL" box when binding?
IDG Tech News
29th September 2009, 02:38 PM #2
It is probably down to the authentication levels being brought up very high and secure in a 2008 R2 Domain. I cannot remember where I found the info but if you google you will see many issues and niggles related to 2008 compatability with other devices using NTLM and LDAP as they tightened them all up. I know if you look on here for my posts on the Sun S7000 you will find some information on one area that I had to look at for getting my SAN to work with 2008 R2.
29th September 2009, 02:44 PM #3
Oddly my Macs seem to be unaffected by the changes to a R2 native domain, including leaving the defaults for the DCs security policy. There are no SSL options etc on the AD plugin, so I assume it is correctly signing the requests. Running 10.5.4 and 10.5.8.
Local Policies/Security Options
Domain controller: LDAP server signing requirements None
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Microsoft Network Server
Microsoft network server: Digitally sign communications (always) Enabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled
Are the defaults for 2008 R2 domain controllers.
By jason2234 in forum Windows Server 2008
Last Post: 10th May 2012, 03:00 PM
By albertwt in forum Windows Server 2008
Last Post: 8th September 2009, 03:16 AM
By reggiep in forum Windows Server 2008
Last Post: 17th August 2009, 09:02 PM
By Iain.Faulkner in forum Mac
Last Post: 26th June 2009, 10:01 AM
Last Post: 3rd November 2008, 03:11 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread