Skip navigation

Lion server bind to Windows AD server...

12805 Views 42 Replies Latest reply: Jul 23, 2012 5:49 AM by Alfista_SK RSS
1 2 3 Previous Next
Alfista_SK Level 1 Level 1 (0 points)
Currently Being Moderated
Jun 13, 2012 5:14 AM



can anybody help mi with binding Lion Servers Open Directory to Windows Active Directory?

I Have setuped Windows 2008 Server and Windows 2003 Server. On both is full working Active Directory. The clients can conect to it (win).

I would lice to have some Mac clients and will setuped Lion server an in Open Directory I have set to connect to another server. Then in Directory Utility I will set the connection to AD Server over Connect in File menu and I have only error mesage "Can't connect to the server - Directory Services may not be installed on the remote server, they may be turned off, or the URL may have been entered incorrectly." and then I try the connection over Services - Active Directory and have error mesage "Authentication server could not be contacted." too.

Can somebody help me with setting Lion Server to connect to Win Active Directory?





Mac OS X (10.7.4)
  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 13, 2012 6:57 AM (in response to Alfista_SK)

    Let's assume you have things setup correct and try this way:


    On the Lion Server.

    1. System Preferences
    2. Users and Groups
    3. Login Options (click the lock to Authenticate)
    4. Network Account Server and click Edit...
    5. Click on the +
    6. Enter your AD domain name like apple.local or whatever it is for you.

    More options should drop down, enter whichever account lets you bind to the network (you don't need the domain\username just username).


    I'm at a machine that's already bound to the domain but I think there rest is fairy straight forward.

  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 13, 2012 7:54 AM (in response to Alfista_SK)

    I think there is a little something getting lost here  but let's see if we can work this out. I think I know what's going on but just to be sure.


    Can you bind a mac client to the AD?

  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 13, 2012 8:34 AM (in response to Alfista_SK)

    Not true. You can bind to the AD (Server 2008/3) without the Lion Server.


    What you can't do is mange the machines (and to a lesser extent user settings) without the Lion Server and more specifically Profile Manager. But let's not go there yet.


    I thought you had another problem so this is a little trickier than I thought. If we can sort this out on a client machine we can then sort out the server.



    Did you bind the Client machines to the OD? And you're using the Exact same information (domain, user, pass) when binding the windows clients and Lion clinets?


    In the Network Utility app go to the Lookup tab and put in the DC does it return an IP ad FQDN? (server.domain.local)?

  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 14, 2012 5:31 AM (in response to Alfista_SK)

    Yes, all my lion machines and servers are bound to our Server 2008 R2 active directory. Mercifully that's the easiest part.


    Cool, good that DNS is working. This is essential as Mac systems tend to rely more heavily on it.


    Your problem is how you've setup the OD. What you need to to do it destroy/break your OD, bind to the AD first. Once you've bound to the AD then create a Open Directory Master.


    I'm a bit wary of posting this as it's different on 10.7 but this is the general order:


    To get clients into your OD you need to then enroll them using the profile manager. If you don't need external access just start at the section "Provided the Welcome to Lion Server page loads, click on the Profile Manager service. Here, click on the Configure button.



    Hopefully this is helpful. The next step would be creating Augmented Records but I don't want to get too far ahead.

  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 15, 2012 2:11 AM (in response to Alfista_SK)

    Lots's of questions there. I'll try and aswer them in order.


    1. If you haven't no, you probably don't need to.

    2. Yes

    3. Yes


    No, use Profile Manager to enroll devices, not users but let's get back to that later.


    Yes, it's still bound when you change to OD master.


    No, at least from my experience, you need to import users each time. I think you already know how to do this but just in case ory-architecture



    Yes, it doesn't work if you do it in that order for some reason. I didn't feel like it was worth my time trying to figure it out but feel free to


    I don't know. Are all your clients 10.7.4?

  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 15, 2012 6:07 AM (in response to Alfista_SK)

    Yes. Do it before.


    I forget about if the service need to be runnign or not. Try it without first.

  • Sinerg1 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 21, 2012 8:32 AM (in response to Alfista_SK)



    I am also having this exact same issue and followed your (furby) steps as much as possible with no luck.  I just can't seem to bind to AD but will happily bind to ldap...


    Our client machines happily bind to AD but the server will not.  As Alfista last mentioned, it sounds like he is doing a clean install of lion and I was hoping to avoid this, do you have any alternative guidence furby?



  • furby Level 1 Level 1 (25 points)
    Currently Being Moderated
    Jun 21, 2012 8:51 AM (in response to Sinerg1)

    Same error? If you're clients can connect but not the server that would seem to be the source of the problem. Do you get a proper response when you do an nslookup for the Domain Controller?


    I suspect the problem is a DNS one but that will be tricky to troubleshoot.


    I actually had an idea for a workaround for Alfista_SK but I don't see why you couldn't try it as well. I'll post it when I get a moment later.

1 2 3 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (1)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.