Snow Leopard AD Integration woes
Quick back story - we've been running an AD & OD integrated mac network for well over a year now, only about 30 clients for Art, running 10.5. Not perfect, but overall it all works without any major problems and it was painless to set up.
Autumn term this year, we get 50 new iMacs running 10.6. Considering we already had experiance of integrating the macs with AD we assumed it would be painless. Very wrong.
Essentially, when we bind a machine to AD, all is well. No problems adding, it appears in AD, you can log out and straight away log in as a domain user. However, shut down or restart that machine (or as I found out today, even let it go to sleep) and at least 50% of the time (probably far higher) it cannot connect to AD again - no users can log in, and directory utility reports 'Domain not responding'.
remove AD domain and re-add - it works fine
change any DNS settings - it works fine
Until next reboot.
Now we certainly arnt the only people experiancing this. A quick search reveals plenty of people suffering the same fate, with no obvious solution yet. But I assume it isnt happening to EVERYONE.
It's certainly network related - whatever it is, 10.6 obviously deals with it differently to 10.5. And its quite possibly DNS related, in that if you add the same servers manually on the client (or even remove them again afterwards) it can connect to AD (until a reboot)
One site suggested it could be something to do with the TTL value on the DC's DNS records - well its set at 3600 seconds I think, which isnt abnormally high. Doing any test on network utility brings back nothing abnormal at all, everything resolves and looks ok.
The only thing that isnt quite right, and never has been with our macs (yet has never caused a problem on 10.5) is that the PTR records dont seem to update properly - so whatever name you give a client, in ARD it appears as another computer name, and if you start terminal it appears as the wrong name. Is there something I need to set for this to work the same as a windows client would?
Of course this may well have nothing to do with it at all.
Long post sorry, but has anyone experianced the same problems, and less likely, found a solution? I'm kind of resigned to the fact we're a bit screwed unless we wait for 10.6.2 or downgrade to 10.5, but Im also hopeful someone has found a solution...