+ Post New Thread
Results 1 to 6 of 6
Mac Thread, Profile Manager with Active Directory - profiles not applying? in Technical; Now that I have profile manager enrolling devices, I am on to the next stage - which is getting Active ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,868
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838

    Profile Manager with Active Directory - profiles not applying?

    Now that I have profile manager enrolling devices, I am on to the next stage - which is getting Active Directory auth working too.

    I have AD auth enabled on both the server and client, and I can log in to the client with an AD username. In Profile Manager, all the AD groups are listed, and users I log in to a client with appear in the user list too. However, if I edit a profile for a group the user is a member of (eg. JSmith is a member of the DOMAIN\Students group), the settings appear on the server but don't get applied when a user in the group logs in.

    If I edit a profile for that individual user, the user disappears and a task appears in Active Tasks and just sits there.

    In the logs I'm getting:

    Code:
    Jul 10 10:03:32 8014042-apple.schools.bristolbsf.net ProfileManager[357] <Info>: Failed auth, od_user_guid=0B5E0F18-9C20-4FAF-9D39-33A657C01779, device.user.guid=118E60B4-3933-4073-8DD9-54ED7A8788FB, auth_token=[FILTERED], incoming_request=UserID0B5E0F18-9C20-4FAF-9D39-33A657C01779UDID63B8917B-E050-5E84-8AE4-F31F1F290D70MessageTypeUserAuthenticateJul 10 10:03:32 8014042-apple.schools.bristolbsf.net ProfileManager[357] <Info>: Completed in 27ms (View: 0, DB: 11) | 200 OK [https://8014042-apple.schools.bristo...device/checkin]
    Jul 10 10:03:32 8014042-apple.schools.bristolbsf.net ProfileManager[362] <Info>: Processing DeviceController#checkin (for 10.16.49.113 at 2012-07-10 10:03:32) [PUT]
    Jul 10 10:03:32 8014042-apple.schools.bristolbsf.net ProfileManager[362] <Info>: Failed auth, od_user_guid=0B5E0F18-9C20-4FAF-9D39-33A657C01779, device.user.guid=118E60B4-3933-4073-8DD9-54ED7A8788FB, auth_token=[FILTERED], incoming_request=UDID63B8917B-E050-5E84-8AE4-F31F1F290D70UserID0B5E0F18-9C20-4FAF-9D39-33A657C01779MessageTypeUserAuthenticateDigestResponseDigest username="lbrady670",realm="8014042-apple.schools.bristolbsf.net",nonce="SZg1I0k+Jp7GwAwEodNIGcWVVAPog+LPfyVXnLpstdHDDMdx",nc="00000001",cnonce="232spr/FmYPB9w8qfGo8EGxXIeyrh/k4J061Kp1d7tdwGna/",qop="auth",uri="/",response="f81d627263894a62a041c1d9f9a54d1d"
    Jul 10 10:03:32 8014042-apple.schools.bristolbsf.net ruby[362] <Error>: SCEP_HELPER: /SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-704.9/scep_helper/ScepHelperExtension.c:431 'SCEPHELPER_ValidateDigestChallenge(serverCon, outgoing_uuid, outgoing_uuidCnt, outgoing_response, outgoing_responseCnt)' = -1


  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,868
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838
    And now, 78 random accounts have populated into the user list in Server.app (ie. as if they've been imported)... Why!?

  3. #3
    Rozzer's Avatar
    Join Date
    Aug 2005
    Location
    South West
    Posts
    720
    Thank Post
    21
    Thanked 81 Times in 61 Posts
    Rep Power
    33
    Did you join your server to active directory before you setup profile manager?

    Ross

  4. #4

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,175
    Thank Post
    600
    Thanked 1,989 Times in 1,370 Posts
    Blog Entries
    19
    Rep Power
    837
    Quote Originally Posted by localzuk View Post
    And now, 78 random accounts have populated into the user list in Server.app (ie. as if they've been imported)... Why!?
    I'm not saying it's aliens... But, it's totally aliens.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,868
    Thank Post
    518
    Thanked 2,486 Times in 1,928 Posts
    Blog Entries
    24
    Rep Power
    838
    Quote Originally Posted by Rozzer View Post
    Did you join your server to active directory before you setup profile manager?

    Ross
    No. I set up Profile Manager first, then did the AD bit, thinking it made more sense to get the Apple bit working, then the bells and whistles afterwards.

  6. #6
    maark's Avatar
    Join Date
    Feb 2006
    Location
    leicester
    Posts
    474
    Thank Post
    90
    Thanked 74 Times in 66 Posts
    Rep Power
    38
    Would like to resurrect this thread instead of opening a new one - did you ever get it working?
    I have same issue:
    server running mac os x lion 10.7.5 (latest update)
    tried on a client running 10.6 and another with 10.7
    client and server are bound to active directory.
    client is linked to mac server as well - get green light indicating it is connected.
    can logon to client ok with active directory accounts but no profile settings are picked up.
    Got list of users and groups from AD on the server - however it does not show the users as being in any groups.

    tried settings in profile manager on server for individual users and groups but nothing is picked up?
    Anyone help - is there something i am missing?

SHARE:
+ Post New Thread

Similar Threads

  1. Reset User Profile in Window Active Directory
    By doombadger in forum Windows Server 2008
    Replies: 3
    Last Post: 14th May 2012, 08:20 PM
  2. intgegrating moodle with active directory homedirectories
    By Oops_my_bad in forum Virtual Learning Platforms
    Replies: 8
    Last Post: 14th February 2008, 09:46 AM
  3. Any schools use managed Active Directory and not happy?
    By Pottsey in forum Wireless Networks
    Replies: 34
    Last Post: 17th August 2007, 06:03 PM
  4. Replies: 4
    Last Post: 10th November 2006, 11:28 AM
  5. Website authentication with active directory
    By dhassen in forum Web Development
    Replies: 15
    Last Post: 6th April 2006, 01:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •