Macs and Ubuntu randomly loosing trust with Active Directory
We have approx 60 Macs (mix of emac, imacs, minimacs) and a G5 Xserve all running Leopard (or Leopard Server in the case of the Xserve). All desktop machines are binded (?!) to Open Directory on the Xserve and Active Directory on the multiple Windows Server 2k3 domain controllers.
Every week since binding them to AD we get 3 or 4 desktop macs which appear to have lost their trust with Active Directory. We get the green 'everythings cool' light on both the OD and AD connection in Directory Utility yet we cannot login with any domain user. If we unbind the problematic mac, delete the object from AD and rebind it, systems are all go again. There is no obvious pattern, no specific machines that keep loosing trust, no specific models and we've checked the time which is spot on.
We also have an Ubuntu 8.04 file server running samba which in turn authenticates with AD using Likewise open (setup to authenticate a month ago). Interestingly, no one could access the shares this morning so after taking a closer look I found using the 'ls -l' command in the terminal, that the usually assigned group 'domain^users' has been replaced with a gid number. Logging in directly to the server using a network account also failed. This looked rather familiar so after unbinding the server, deleting its AD account and then rebinding it all systems were go again and the gids upon running 'ls -l' had turned back into 'domain^users'. Not really what you want for a file server!
If it makes any difference, all the macs and the ubuntu machine are on static ips.
After originally thinking that it must be a Mac issue somewhere, I'm now leaning towards it being Server 2003 not liking something. Does anyone have any ideas, pointers or similar experiences?
check out other posts on this topic
the time-out-of-sync thing will cause problems but lets assume that everyone who manages a network keeps their computers in sync. It was a known problem to do with BST but Apple patched that soon after boot camp was released, years ago.
check the other posts on this topic, its a big issue thats been discussed before, no fix yet tho.