Printable View
Like I said is the mac computer name you are using when you join AD the same as the name that OD sees? This will cause kerberos issues! It really does ask what name you want to use when you join with the AD plugin, but not I assume if you script it.
I simply image with the test machines OD and AD plugins settings removed. I then simply image and configure them afterwards.
Yeah. Thats how i did mine. I have yet to script the AD using the dscl and dsconfigad commands. I would think that the process is the same when you script with dsconfigldap that you would specify the name of the computer in the line used to join the machine.
ie in dsconfigldap you use
dsconfigldap -v -f -a server name -n config name -c $computerid -u bind username -p bind password
So i would assume the dsconfigad would use the same method using the variable to pull in the computer name but you would need to change it at some point during the script.
You could maybe include acsv file and read the information from the fields depending on which bind you were doing. ie if it were the od you could pull in the od field into the variable and if the AD that field.
I'm not a scripter but i suppose it could be done since its what net-restore uses for his byhost settings i think.
Anyway i resolved my issue with the authenticating.
I had to re-index my slapd.
The commands are as follows if interested.
I removed the computer from the OD in WGM first.
Removed the DirectoryServices from /library/preferences/
I then ran the following commands (found on the AFP548 site):
It looks like your ldap db is corrupted.
1. Stop slapd with sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.xml
2. Wait a minute to give slapd time to stop. You can see it in the OD status pane of Server Admin
3. Re-index your ladp db with sudo slapindex -v -d 1 (I like the debug output just to see what it is doing.)
4. Start slapd backup with sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.xml
The commands are all one line.
Thanks for your help and info DMcCoy. Most valuable. I will be trying a test run of OD-AD in the new academic year i think but for now i will stick with the dual domains.
Thanks again.