You are correct; if you had a local account called Administrator, then the id command would always succeed. I didn't anticipate there being a local account with the same name...
I have since come up with an improved method of detecting when the system is ready to accept network logins, rather than just waiting 30 seconds. It seems the Mac OS login window has the ability to display the status of its connection to network login servers, showing either a red or a green light (or orange if you have multiple connections and not all are available yet). If your Mac clients are bound to an Open Directory server (i.e. a Mac server) as well as Active Directory, you can set this option using Workgroup Manager in Preferences > Login Window for individual computer accounts or a group of them. If you don't use Open Directory, you can specify this manually on each client using a command (the last one below). Then you can just tell your users to wait until the light goes green before trying to log in.
Now for more detailed instructions for creating the StartupItem, including the modification to the login window:
nano /Library/StartupItems/FixADAuth/FixADAuth (enter script from above)
nano /Library/StartupItems/FixADAuth/StartupParameters.plist (enter PList from above)
chmod 755 /Library/StartupItems/FixADAuth/FixADAuth
defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus (not needed if you can set this via OD)
Turns out if you're running as root the owner/group permissions will be correct on creation so you don't need to use chown, and only the script itself will need to be chmodded to allow execution.
These .local issues are generally resolved in 10.6.4 where we have them installed, be careful with mDNSResponder as its now rolled in with DNS.
First thing I tried was installing the latest updates, including 10.6.4. Didn't help very much... :/
Thanks, Eph. We experience a similar issue, but have an actual domain. Logging in generally works fine for most of our users, but maybe twice a week I get a user who cannot login. Upon logging in under a locadmin account, the domain status reports as 'not responding'. I then have to simply rebind.
Would pointing your script at our domain and setting it to run at login likely resolve this issue?
If I don't see a response, I'll certainly be testing it. Thanks again for the work.
That's the idea of it, so yeah, I'd should work in that scenario =]
Hi Eph, your script looks good, shame snow leopard didnt get it right! Anyway, Im a little confused about the nano bit, i can make a directory and chmod it etc but im confused whats next?
nano is a text editor. You can use it to create the two files (FixADAuthand StartupParameters.plist) using the contents given above.
Mac OS X v10.6: Active Directory binding lost on network transition (.local domain)
This has sorted it out for me. I increased the value to 10 as a couple of systems are hanging off very poor desktop switches. The fix has to be re-applied after every service pack as the file this refers to is replaced by 10.6.4 back to 2!
Didn't work for us, that's why I wrote the script :/
Hi Eph, your script doesnt work for me, any more suggestions from anyone? I was thinking of forcing a unbind and then bind at logon?
As a follow-up, I haven't seen the issue plague any of our machines since implementing this script. Obviously not sure whether no users have lost their connection with the domain, or whether the script is doing it's job. But given the duration since implementation, it's quite possible that it's resolving the problem.
Maybe its just me, could someone give me a more detailed walkthrough of what exactly I have to do with this script please? Im a bit of a twonk when it comes to macs. And Im not sure im doing everything correctly! Thanks
And me please - if this one.
Originally Posted by mbrunt
I'm taking it back. Had the issue occur this morning with a user. No indications of why, as usual. Just unbound and rebound to the domain.
I had the same issue where I'd get the "Domain not responding" error. I tried both Ephelyon's and Apple's script (separately) and both worked a treat.