Currently Being ModeratedJun 13, 2012 6:57 AM (in response to Alfista_SK)
Let's assume you have things setup correct and try this way:
On the Lion Server.
- System Preferences
- Users and Groups
- Login Options (click the lock to Authenticate)
- Network Account Server and click Edit...
- Click on the +
- Enter your AD domain name like apple.local or whatever it is for you.
More options should drop down, enter whichever account lets you bind to the network (you don't need the domain\username just username).
I'm at a machine that's already bound to the domain but I think there rest is fairy straight forward.
Currently Being ModeratedJun 13, 2012 7:04 AM (in response to furby)
Thanks, but i have the same error "Unable to add server - Authentication server could not be contacted. (5200)" like when i go over Directory Utilty.
And your connection is for connecting clients to AD server, but I need to bind AD and OD Servers together.
Any other idea?
Currently Being ModeratedJun 13, 2012 7:54 AM (in response to Alfista_SK)
I think there is a little something getting lost here but let's see if we can work this out. I think I know what's going on but just to be sure.
Can you bind a mac client to the AD?
Currently Being ModeratedJun 13, 2012 8:01 AM (in response to furby)
No the same error like on the server. But I have Lion clients only so I know that I cant't connect it to Win 20089 server directly, so I try to do it over Lion server (Apples Magical Triangle).
Currently Being ModeratedJun 13, 2012 8:34 AM (in response to Alfista_SK)
Not true. You can bind to the AD (Server 2008/3) without the Lion Server.
What you can't do is mange the machines (and to a lesser extent user settings) without the Lion Server and more specifically Profile Manager. But let's not go there yet.
I thought you had another problem so this is a little trickier than I thought. If we can sort this out on a client machine we can then sort out the server.
Did you bind the Client machines to the OD? And you're using the Exact same information (domain, user, pass) when binding the windows clients and Lion clinets?
In the Network Utility app go to the Lookup tab and put in the DC does it return an IP ad FQDN? (server.domain.local)?
Currently Being ModeratedJun 14, 2012 12:42 AM (in response to furby)
I have read that with the Lion isn't possible to connect to WIn 2008 RC2 server (witch I have) while there isn't support of some NT4 protocol. But you have right, I do it while I need to manage later all users and accounts.
I have ported the DNS on the Win server with AD and tested. It looks that all is workink OK. All servers are working (win2008server, win2003server, lionserver.testsunteq.sk)
Now, I can't connect to OD server while I have seted it in OD Service to connect to annother server and so I can't start the service (I don't know why, I don't have there the start button). I thing when I connect the servers it will apair or start automaticaly.
I have posted on all servers some clients (for test), but i use for binding the admin login.
Currently Being ModeratedJun 14, 2012 5:31 AM (in response to Alfista_SK)
Yes, all my lion machines and servers are bound to our Server 2008 R2 active directory. Mercifully that's the easiest part.
Cool, good that DNS is working. This is essential as Mac systems tend to rely more heavily on it.
Your problem is how you've setup the OD. What you need to to do it destroy/break your OD, bind to the AD first. Once you've bound to the AD then create a Open Directory Master.
I'm a bit wary of posting this as it's different on 10.7 but this is the general order:
To get clients into your OD you need to then enroll them using the profile manager. If you don't need external access just start at the section "Provided the Welcome to Lion Server page loads, click on the Profile Manager service. Here, click on the Configure button.
Hopefully this is helpful. The next step would be creating Augmented Records but I don't want to get too far ahead.
Currently Being ModeratedJun 14, 2012 5:49 AM (in response to furby)
If I uderstand what I shold do is:
1. make cleen instal of Lion Server
2. then bind AD Server over Directory utility
3. Create OD Master on Lion Server
Over the profile magager I ennroll the users witch i get from AD or that witch i created in workgroup manager?
The binding AD and OD server where still working when I change the OD setings to Master?
After the change to OD Master when I add user on AD server, I see him on OD server too?
I was in it, that I need to be connected with the AD server (in OD setings "to conect to another server"), but I don't understand when I change the seting to that, why I have there the standalone OD and can start the service ...
Thanks, I go test it :-)
Currently Being ModeratedJun 15, 2012 2:11 AM (in response to Alfista_SK)
Lots's of questions there. I'll try and aswer them in order.
1. If you haven't no, you probably don't need to.
No, use Profile Manager to enroll devices, not users but let's get back to that later.
Yes, it's still bound when you change to OD master.
No, at least from my experience, you need to import users each time. I think you already know how to do this but just in case http://www.apple.com/education/resources/information-technology.html#dual-direct ory-architecture
Yes, it doesn't work if you do it in that order for some reason. I didn't feel like it was worth my time trying to figure it out but feel free to
I don't know. Are all your clients 10.7.4?
Currently Being ModeratedJun 15, 2012 5:16 AM (in response to furby)
All is on Lion 10.7.4.
I do now the cleen instal of Lion server and I would like to check that the binding AD to server should I do before I start and setup OD on server? (I do it on full clean install, there can't be the service in Server Admin Tools installed).
Currently Being ModeratedJun 21, 2012 8:32 AM (in response to Alfista_SK)
I am also having this exact same issue and followed your (furby) steps as much as possible with no luck. I just can't seem to bind to AD but will happily bind to ldap...
Our client machines happily bind to AD but the server will not. As Alfista last mentioned, it sounds like he is doing a clean install of lion and I was hoping to avoid this, do you have any alternative guidence furby?
Currently Being ModeratedJun 21, 2012 8:51 AM (in response to Sinerg1)
Same error? If you're clients can connect but not the server that would seem to be the source of the problem. Do you get a proper response when you do an nslookup for the Domain Controller?
I suspect the problem is a DNS one but that will be tricky to troubleshoot.
I actually had an idea for a workaround for Alfista_SK but I don't see why you couldn't try it as well. I'll post it when I get a moment later.