Policies failing to apply

[ahunter]

Hi,

We have an apple mac server (snow leopard) providing policies to 30+ apple clients (snow leopard) we are using kanaka to integrate novell edirectory with the apples so they can login using normal username and password.

The problem is this:

Sometimes the clients allow users to login without applying any policies from WGM. This results in short docks and all sorts of other issues associated with policies not applying. We have checked our DNS records/settings and they all seem to check out properly, everything can see and contact each other.

I have been unable to source where it is failing during logon and and what stage it attempts to load the policies. We did change the search path in Directory utility to look for the policy server and apply that before looking for the username/password records on the novell server. This has still not fixed the issue.

Has anyone had issues with apple clients not picking up policies from WGM but still allowing users to logon even with an AD integration?

This could be a general issue and not a Kanaka/eDirectory integration issue although im not sure.

Any help would be greatly appreciated.

Cheers
Adam.

[ahunter]

I have a feeling this is all to do with some kind of time out that has been set by our apple engineer during the installation.

In WGM we have 4 computer groups. Any members of these groups logon to network accounts within seconds, sometimes too quick and I think this is why the policy does not apply.

Yesterday I created a new group and added my laptop into it, the logon process took about 30 seconds and the policies have not failed to apply once yet.

Could it be that he has set a time out on login so if policies are not loaded then logon anyway, or something along those lines. I'm totally confused and have tried everything!

Please help! lol

Cheers

[ahunter]

Has nobody had a similar issue with their apple network? or does anyone know what could cause policies to fail to apply one minute, then when you log out and back in they apply without any problems?

[HodgeHi]

I have never had any issues with Policies failing to apply. If they are machine based policies then they are kept on the clients. They even run when the OD isn't even there! I've had laptops that aren't on the network and the policies are still applied. But this is on 10.5.

Have you checked the console for any errors around the time when the policies fail? Would be my first port of call. You may get a hint from there with what's going on.

Also I would make sure that the binds are working correctly. I haven't used kanaka or Novell with OS X Clients (or windows ones for that matter) so am unsure if this could affect things differently with the connections to the AD/OD servers.

Sorry, I can't help any more than that.

[ahunter]

Hi,

Thanks for your response. Binds are working correctly the only error message I can find in the console log is a re-occuring KCGErrorFailure but thats about it, is this anything to do with it?

[HodgeHi]

I don't know but you could try this command to see if it brings anything up.

Code:

mcxrefresh

Use the man pages to see how it works.

[ahunter]

If I type mcxrefresh I get some error failures but I think this may be because I have not completed the command. Do I need to run it as administrator?

Thanks.

[HodgeHi]

sudo mcxrefresh -n [name of a user in the AD] -a


You will need to auth for the sudo command using a local admin account and then you will need to enter the password of the shortname that you have entered after the -n

I got a volatile home dir :O

Hope this helps.