Read all of the posts in this thread:
**Active Directory Authentication How To**
It's the sticky at the top of the Forum.
Antonio Rocco (ACSA)
We are trying to implement a mac mini server to control desktop, docking, preferences etc.
Seems to be working fine however, oftenly the MACs take up to 10 minutes to turn the login box status icon from red to orange to green on startup.
only when it's green can a student login and authenticate with AD
Really confused as to why they are doing this.
They have a 1gb lan connection to both mac and 2008 r2 servers
In DNS Manager i have 2 entries for each of my 4 x domain controllers, one A record points to it's static ip address for the network(10.*.*.*), the other points towards its local ip for the SAN unit setup we have (192.*.*.*) - could this be the problem? I have ordered the the name server record to put the 10.*.*.* IP first in it's list but it keeps defaulting back to the 192 san unit address to be first in it's list. Could this be the problem or am i chasing a rabbit hole to nowhere??
Thanks i have gone through the guide but still having the same problem, I think it's a DNS issue with my windows server as when i open up Directory Utility the open directory connection is constantly green but the active directory connection alternates from green to red.
Can you point me in the direction as to what i should be checking for this to be constantly green?
I have this set to default via WGM so that users see the status when the computer is at the login screen and for us it will go green within 30 secs after startup. Which version of OS X 10.x are you running on the client computers?
I found this fix posted by ephylon in another thread which i'm going to try in the morning, it's my last hope as i've been working this since last thursday and can't afford to spend anymore time on it as people are getting quite miffed about not being able to use these shiny non windows devices :
create the following directory as root:
Then chown it to root:wheel and chmod it to 755. These must also be the owner/permissions on the two files it will contain, below:
Contents of our /Library/StartupItems/FixADAuth/FixADAuth:
date > /var/log/FixADAuth.log
while [ $AuthSuccess != 1 ]
id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local; n=$(($n+1))
echo Authentication successful: $AuthSuccess >> /var/log/FixADAuth.log
echo Operation count: $n >> /var/log/FixADAuth.log
date >> /var/log/FixADAuth.log
Contents of our /Library/StartupItems/FixADAuth/StartupParameters.plist:
Description = "Fixes Active Directory authentication issue";
Uses = ("Disks");
Obviously you'll need to change "middlewich.local" to your own domain name (and the network interface name if your connection is wireless). The script checks to see if it can see the user "Administrator" on the domain, as he's a fairly common bloke, but if you've renamed yours for security reasons then pick another one. I've also included some logging functionality for debug purposes, so you can verify how well the script is working if you need to and time it in your environment before telling the users how long to wait. The /var/log/FixADAuth.log file will contain the date/time the process started, the success variable set to 1 (just to verify), how many DNS operations were required to fix the problem, and the date/time it ended. For us the time difference is normally about +30-40 seconds with around 120-180 operations taking place. Once you're happy with the script, you can strip it down to its bare functionality if you like, like so for us:
while [ $AuthSuccess != 1 ]
id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local
There are currently 1 users browsing this thread. (0 members and 1 guests)