We have a trolley of Macbooks, dual booting between Windows XP and Mac OSX, and authenticating against AD. I understand the problem with the time needing to be synchronised between the laptop and AD/OD before it will log on, and so have set our forest root as the time source on all machines.
Now my problem - the time on the mac side has slipped by about an hour while the machines have been sat in the trolley. As they now can't authenticate, how do they pick up the correct time from the forest root server? On a windows machine I'd set the time in the BIOS and it would hold. Is there a similar function on a Mac?
I have ours sync to an external (WAN) time server, which is the same one the Windows domain syncs to. Seems to keep them rolling along!
NTP should require auth before allowing the time to update from the DC. Is there a way to point OSX to a NTP server (your DC) then schedule it to update at boot/regular intervals?
Originally Posted by clareq
The OS should update the BIOS time but remember macs dont use a BIOS they use that other one (cant remember the name) but I would presume it would be updated like a bios would.
Found a solution
I ran across this awhile back and thought it might help.
OS X Time Goes Out of Sync | ADaMac
Basically the post has you create a plist file and drop it into the LaunchDaemons folder which essentially forces OS X to update its time at startup.
Hope this helps.
That would be Intel's EFI technology, Mac OS usually stores time in EFI as UTC then applies the offset, XP usually stores the local time in the BIOS/EFI then applies the offset to get UTC but bootcamp changes this behaviour to be compatible. Changing the time zone/clock in the EFI? - Mac Forums
Originally Posted by ZeroHour
It looks from net searches that OSX (at least the older versions in true apple fashion) did not always update before the logon subsystem was loaded, there are scripts changes (KnownOsIssues < Support < NTP that force this or there is a free app here (never used it myself) Download NTP Clock Sync (formarly netTime) 1.0 Free - A small utility that forces Mac OS X to update the date and time prior to the user log in. - Softpedia
Apparently you can also set a time server via DHCP which could be a winning solution http://www.bytefusion.com/products/n...g_via_dhcp.htm
I don't think that the AD NTP server requires any authentication as we have some junk network gear (IP Cams) that can happily grab the time off ours without any authentication information. From what I read OSX does not automaticly add the AD server as a time source when it is joined to a Windows domain which may be some of the cause of these issues. Using any of the above methods should hopefully sort it for you.
Also bear in mind that it cannot sync the time until it has obtained an IP address. If this process takes longer than it does to boot the OS X Client then it will need to either sit at the log in window until it does and then syncs the clock or log in as a local admin. You will see that only when you click on the padlock in the time prefs does it then sync the time. Only happens on 10.5
I did the launchd thing on my clients and seemed to do the trick I think but had issues with the rebinds anyway. In the end I went with static IPs with DHCP under the network config and also updated to 10.6
Thank you for all your suggestions. We are at the moment changing how the machines authenticate to our wireless, so that they authenticate by mac address, which means they can use our managed wireless (which usually authenticates by domain\machinename - fine for our windows boxes, no good for macs) Hopefully they will now pick up an IP more efficiently. However, in doing this I'm logging on as local admin, which means the time synchs anyway. I can't test any of these solutions until the clock skews again.