+ Post New Thread
Results 1 to 3 of 3
Mac Thread, Mac clients on Server 2008 R2 domain in Technical; We have a suite of Macintosh clients running OS X 10.5.8 Until we upgraded our Active Directory domain to Windows ...
  1. #1

    Join Date
    Dec 2007
    Location
    Derbyshire. Ish.
    Posts
    265
    Thank Post
    29
    Thanked 22 Times in 15 Posts
    Rep Power
    24

    Mac clients on Server 2008 R2 domain

    We have a suite of Macintosh clients running OS X 10.5.8

    Until we upgraded our Active Directory domain to Windows Server 2008 R2 native mode and enabled LDAP encryption between servers and clients, it worked fine.

    Now the clients won't log on to the network - try to use AD user accounts and the macs just "shake their head" at users.

    I suspect this is a LDAP encryption issue rather than something to do with the upgrade to 2008 R2 native mode itself, but as both were performed at the same time it could be either.

    Although we can log on locally to the macs and unbind them from their current domain settings, we can't seem to re-add them. Follow any instructions I can find, plus Apple's "Good Practices" pdf file, and nothing seems to work.

    Any suggestions as to setting up Macs to work with a domain where LDAP Encryption is enabled? Is it just a case of obtaining a certificate from the CA we have on our network and ticking the "Use SSL" box when binding?

    Thoughts appreciated!

  2. #2

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    It is probably down to the authentication levels being brought up very high and secure in a 2008 R2 Domain. I cannot remember where I found the info but if you google you will see many issues and niggles related to 2008 compatability with other devices using NTLM and LDAP as they tightened them all up. I know if you look on here for my posts on the Sun S7000 you will find some information on one area that I had to look at for getting my SAN to work with 2008 R2.

  3. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,466
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113
    Oddly my Macs seem to be unaffected by the changes to a R2 native domain, including leaving the defaults for the DCs security policy. There are no SSL options etc on the AD plugin, so I assume it is correctly signing the requests. Running 10.5.4 and 10.5.8.

    Local Policies/Security Options
    Domain Controllerhide
    Policy Setting
    Domain controller: LDAP server signing requirements None

    Domain Member
    Policy Setting
    Domain member: Digitally encrypt or sign secure channel data (always) Enabled

    Microsoft Network Server
    Policy Setting
    Microsoft network server: Digitally sign communications (always) Enabled
    Microsoft network server: Digitally sign communications (if client agrees) Enabled

    Are the defaults for 2008 R2 domain controllers.

SHARE:
+ Post New Thread

Similar Threads

  1. adding a server 2008 dc to a 2003 domain
    By jason2234 in forum Windows Server 2008
    Replies: 61
    Last Post: 10th May 2012, 02:00 PM
  2. Unable to add domain resources in Windows Server 2008 TSG role.
    By albertwt in forum Windows Server 2008
    Replies: 9
    Last Post: 8th September 2009, 02:16 AM
  3. My clients are not picking up time from server 2008?
    By reggiep in forum Windows Server 2008
    Replies: 4
    Last Post: 17th August 2009, 08:02 PM
  4. Adding Mac's to a Windows Server 2008 Network
    By Iain.Faulkner in forum Mac
    Replies: 4
    Last Post: 26th June 2009, 09:01 AM
  5. Replies: 5
    Last Post: 3rd November 2008, 02:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •