+ Post New Thread
Results 1 to 8 of 8
Mac Thread, Policies failing to apply in Technical; Hi, We have an apple mac server (snow leopard) providing policies to 30+ apple clients (snow leopard) we are using ...
  1. #1

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Policies failing to apply

    Hi,

    We have an apple mac server (snow leopard) providing policies to 30+ apple clients (snow leopard) we are using kanaka to integrate novell edirectory with the apples so they can login using normal username and password.

    The problem is this:

    Sometimes the clients allow users to login without applying any policies from WGM. This results in short docks and all sorts of other issues associated with policies not applying. We have checked our DNS records/settings and they all seem to check out properly, everything can see and contact each other.

    I have been unable to source where it is failing during logon and and what stage it attempts to load the policies. We did change the search path in Directory utility to look for the policy server and apply that before looking for the username/password records on the novell server. This has still not fixed the issue.

    Has anyone had issues with apple clients not picking up policies from WGM but still allowing users to logon even with an AD integration?

    This could be a general issue and not a Kanaka/eDirectory integration issue although im not sure.

    Any help would be greatly appreciated.

    Cheers
    Adam.

  2. #2

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    I have a feeling this is all to do with some kind of time out that has been set by our apple engineer during the installation.

    In WGM we have 4 computer groups. Any members of these groups logon to network accounts within seconds, sometimes too quick and I think this is why the policy does not apply.

    Yesterday I created a new group and added my laptop into it, the logon process took about 30 seconds and the policies have not failed to apply once yet.

    Could it be that he has set a time out on login so if policies are not loaded then logon anyway, or something along those lines. I'm totally confused and have tried everything!

    Please help! lol

    Cheers

  3. #3

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Has nobody had a similar issue with their apple network? or does anyone know what could cause policies to fail to apply one minute, then when you log out and back in they apply without any problems?

  4. #4

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    I have never had any issues with Policies failing to apply. If they are machine based policies then they are kept on the clients. They even run when the OD isn't even there! I've had laptops that aren't on the network and the policies are still applied. But this is on 10.5.

    Have you checked the console for any errors around the time when the policies fail? Would be my first port of call. You may get a hint from there with what's going on.

    Also I would make sure that the binds are working correctly. I haven't used kanaka or Novell with OS X Clients (or windows ones for that matter) so am unsure if this could affect things differently with the connections to the AD/OD servers.

    Sorry, I can't help any more than that.

  5. #5

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Hi,

    Thanks for your response. Binds are working correctly the only error message I can find in the console log is a re-occuring KCGErrorFailure but thats about it, is this anything to do with it?

  6. #6

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    I don't know but you could try this command to see if it brings anything up.

    Code:
    mcxrefresh
    Use the man pages to see how it works.

  7. #7

    Join Date
    Dec 2007
    Posts
    140
    Thank Post
    12
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    If I type mcxrefresh I get some error failures but I think this may be because I have not completed the command. Do I need to run it as administrator?

    Thanks.

  8. #8

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    sudo mcxrefresh -n [name of a user in the AD] -a


    You will need to auth for the sudo command using a local admin account and then you will need to enter the password of the shortname that you have entered after the -n

    I got a volatile home dir :O

    Hope this helps.

SHARE:
+ Post New Thread

Similar Threads

  1. What are the general group policies a primary school would apply?
    By mrstephenw in forum Windows Server 2000/2003
    Replies: 23
    Last Post: 12th February 2010, 08:54 AM
  2. Why wont my GPO apply
    By Mr_M_Cox in forum Windows
    Replies: 2
    Last Post: 10th September 2008, 04:01 PM
  3. Cannot get group policy to apply
    By flexyjerkov in forum Windows
    Replies: 18
    Last Post: 8th March 2007, 03:42 PM
  4. Apply a filter
    By 20RickY06 in forum Web Development
    Replies: 0
    Last Post: 19th September 2006, 08:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •