Really need some help on this. I've been testing the OD/AD intergration on atest environment for a while now and everything has worked prefectly. I set up an Open Directory master on a Mac Mini and then binded the server to the test Active Directory. This allowed me to have a dual directory setup, importing users/computers to the Open Directoy from Active Directory to provide Workgroup Manager preferences. Users were able to login with their AD logins and were controlled by WGM settings.
Now I have moved on to the real network,things aren't working! I've re-installed the OS X Server software and during setup put in manual IP settings and configured the server manually not selecting any of the options. When the server loads up and I try to create an Open Directory Master I get an error message saying "There was a configuration error when configuring your server as an Open Directory master" The Mac Server binds to AD okay but it's just not letting me create an Open Directory Master.
Any ideas on what I need to do? Do I need to configure LDAP on the local macserver or something? If so, how do I do that? Really need some help on this.
Just so you know the way I set it all up on the test environment was to first create an Open Directory master and then bind the server to the Active Directoy. Stop Kerberos on the OD server and then Kerberise the OD with the AD realm.
There are usually Kerberos issues that arise if you initially set your Mac server up as an OD master or connect to the AD (or any other directory service) during the installation process.
I always install the Mac server as standalone providing DNS and router (default gateway) information during the install process. Once the server has been set up, then use the built in Active Directory plugin in Directory Utility to bind the Mac server into your Windows Server. This will kerberize the Mac. Finally, when this is complete, promote your standalone server to an Open Directory master.
If that is the process you followed then you may have a DNS issue. Ensure that the Mac server has forward and reverse lookups in your DNS and that there isn't a previous entry still listed.
I tried setting up the Mac server as a standalone but I still got the same error message when creating an Open Directory master (that's probably because DNS wasn't switched on as a service). If I start up the DNS service on the Mac server will this not conflict with the DNS in Active Directory? Also how would I then setup a static IP address for the server? At the moment I am putting this information during the server setup wizard.
As for the time settings, I am pointing that to one of our domain controllers during the server setup, so the time should be correct.
Thanks everyone for their input/advice. It turned out to be a DNS issue. Our AD server wasn't creating the forward and reserve lookups for the mac server. I created these manually and the OD master was created successfully.