AD Bind issue

[PRicho]

Trying to bind Cloned iMacs and MacMini's to AD keep failing! they bind to AD fine but a handful of them loose it on a reboot, network status on the logon screen says "some network accounts are available" which is OD. Directory Utility shows the AD Domain cant be found. Pinging the domain works fine and if i goto the network settings and amend the search domain (retype whats already there), then go back to directory utility its appears as connected, which points to a network issue? but only on certain machines

Because they were cloned, i've ran the these below commands to reset the KDC to stop duplicated machine names.

sudo rm -fr /var/db/krb5kdc
sudo /usr/libexec/configureLocalKDC

Is there anything else that should be done Post Image other then the above that could prevent communication to AD?!

cheers

[DMcCoy]

10.6.x?

[PRicho]

Yep sorry forgot to mention.

Update:

After abit more flapping this morning it definitely seems to be a Image related problem. I've been working on 1 Mac trying to get it stay connected after a reboot, only after turning all the other machines off would it then connect. Strange how it only effects the AD bind not the OD. The machines register individually in our DNS and all bind to AD independently with no conflicts.

[sted]

is it worth trying them with the mac and pcs names different (i usually do something like imac01 and imac001) but ive yet to try 10.6

[sammya]

You could try using Deploy Studio to get the image onto a machine.

This can either be run across a network if you have an apple server or from an external drive if not.

Deploystudio runs a cleanup script after imaging. Not sure off the contents at the moment, I'm writing this on my phone, but it goes a bit further than just deleting and recreating the KDC.

Hopefully this will sort out the AD binding issue.

Sammy

[HodgeHi]

I have the same issue on some macbooks running 10.5.8. No solution though. Sorry

[PRicho]

is it worth trying them with the mac and pcs names different (i usually do something like imac01 and imac001) but ive yet to try 10.6

Tried that! our Pc names are rooms specific but i even tried the hand on the keyboard random Naming convention.

You could try using Deploy Studio to get the image onto a machine.

This can either be run across a network if you have an apple server or from an external drive if not.

Deploystudio runs a cleanup script after imaging. Not sure off the contents at the moment, I'm writing this on my phone, but it goes a bit further than just deleting and recreating the KDC.

Hopefully this will sort out the AD binding issue.

Sammy

I'll look into this, be worth checking the script out.

I have the same issue on some macbooks running 10.5.8. No solution though. Sorry

Was this macbook part of an image too?

The room needed to be finished for today so the machines are bound to the new OD server and we have scrapped the AD side for now :/

[HodgeHi]

AD network 2008?

I also found this:
Mac OS X: Cannot authenticate when Active Directory includes Windows 2008 Servers

[PRicho]

Boo! no 2008 Servers here unfortunetly.

[BootManager]

try this thread, no solutions yet...
mac will not log on

[BootManager]

another (old) thread on AD binding problems...
Snow Leopard AD Integration woes

today I rebuilt my Windows DNS and also played around with some DHCP settings. Also in Active directory I found that our domain it was flagged/running as "Windows 2000 Mixed" so I upgraded to "Windows 2003" (a simple click of a button - but one where there is no going back). Obviously quite a few changes and I'm currently monitoring the situation.

I'll let you know what the outcome was in due course.