1 2 3 Previous Next 42 Replies Latest reply: Jul 23, 2012 5:49 AM by Alfista_SK Go to original post
  • 15. Re: Lion server bind to Windows AD server...
    Sinerg1 Level 1 Level 1 (0 points)

    Brilliant furby!

     

    The server was initially setup for a previous colleague who has left and has never been touched since, it was setup to LDAP at first and still currently is.  The only server running was the Software Update but since I've had a play around I've configured the Profile Manager but for some reason I couldnt pull users out of LDAP. 

     

    However we do have AD also and ideally prefer to be binded to this, it just seems very strange that it doesnt want to bind.

     

    On Server Admin;-

    Available Servers (1)

    > server.local

    • DNS is activated
    • Netboot is disabled
    • Open Directory Is activated
    • Software update is activated

     

    I tried changing the Role on Open Directory as you previously mentioned but this never worked either.

     

    Cheers.

  • 16. Re: Lion server bind to Windows AD server...
    Alfista_SK Level 1 Level 1 (0 points)

    Hi,

     

    still no work, still the same error can't connect to the AD server.

    I don't know where can by the problem ...

  • 17. Re: Lion server bind to Windows AD server...
    furby Level 1 Level 1 (25 points)

    Just want to say I feel both your pain, this stuff still drives me to despair.

     

    Could you be a bit more specific about what you mean by:

    Sinerg1 wrote:I couldnt pull users out of LDAP.

     

     

     

    if you've got profile manager setup this should be easy and Alfist_SK if you don't, the link I put before was pretty good and what I used.

     

    Now,

     

    1.On the machine you want to bind login and go to the devices page .

     

    http://servername.domain.whatever/mydevices.

     

    2. Go to the profiles tab and install the Trust Profile for youdomain.

    3. Then click on Devices tab and click on Enroll.

    Screen Shot 2012-06-22 at 10.15.35.png

    4. Install the profile.

    If this works you should see it listed under devices in your profile manager. (http://servername.domain.whatever/profilemanager

     

    5 Click on the devices and the go it edit

    Screen Shot 2012-06-22 at 10.14.06.png

    6.Go to the Mac OSX payload section and the Directory.

    7. Fill in the info with whatever details are right for you.

    Screen Shot 2012-06-22 at 10.13.51.png

    8. Click Ok and then Save...

     

    The settings should push out, you will see the progress in the active tasks. If not, on the profie page there is an option to Download.

     

    Restart the machine and see if it's bound.

     

    I'm sort of glossing over the root of these problems but if either of you want to give this a try as workaround then we could get to tacklig them.

  • 18. Re: Lion server bind to Windows AD server...
    Sinerg1 Level 1 Level 1 (0 points)

    Hey,

     

    ill be without internet for a week so ill post once i return as I think im a step before profile manager.  Although i configured it and I can enroll devices, its more of the user authentication i wish to aquire.

     

    Cheers

  • 19. Re: Lion server bind to Windows AD server...
    furby Level 1 Level 1 (25 points)

    I'll be curious how you get on, will be interesting if it works.

     

    I found doing it the other way around AD first and then OD worked, but there's multiples way to get to that stage so you're not really a step before. Yes, I also use my AD for authentication (and it is in fact the only part that seems to be reliable), that's where I'm hopefully guiding you toward.

     

    I put the whole process down, albeit a bit succinct, but go from step 5 and create that directory payload.

     

    I should really write/video this all down at some point.

  • 20. Re: Lion server bind to Windows AD server...
    Alfista_SK Level 1 Level 1 (0 points)

    Hi Furby,

     

    I thing by me is another biger problem. It's in the Win 2008 server istallation.

     

    I try your way again and on the beging by binding i have this error "The daemon encountered an error processing request." and it's only when i give there a IP address. When i give the domain name is still the same error.

     

    Have you installed your Win server? Can you help me with installing Win 2008 server? I don't know much about Win servers :-(

  • 21. Re: Lion server bind to Windows AD server...
    Sinerg1 Level 1 Level 1 (0 points)

    Hi Furby,

     

    So I installed the certificate on the iPad and now tried to enroll the device.  It asked to install the Device Enrollment cert, clicking on install, a pop up appears to say "Unverified Profile, The authenticity of "Device Enrollment"... etc INSTALL NOW. 

     

    After clicking on INSTALL NOW it twirls for a bit and then I get a message saying "A network error has occured. Could not connect to the server."

     

    Any idea what this is?

  • 22. Re: Lion server bind to Windows AD server...
    furby Level 1 Level 1 (25 points)

    Now, you're really asking. Though that's more my level of expertise I don't think this is the forum for that discussion. There are plenty of great guides to installing Win Server out there which I'm sure you can find.

     

    @Sinerg1I thought you were trying to enroll your server? Are you using the local network (wifi)? Can you check your DNS server for the IP of the Lion server, does it have the correct entry (or possibly multuple entries?). On the lion server does the Windows DNS server show up in the Network preferences?

     

    You could always do it manually with the http://support.apple.com/kb/DL1465 iPhone configuration utility.

    In the Profile Manger, click on the little PLUS symbol on the bottom left to create a new enrolment profile and then download it.

  • 23. Re: Lion server bind to Windows AD server...
    Alfista_SK Level 1 Level 1 (0 points)

    Hi Furby,

     

    sorry but i search over web about 2 mounts for resolving this problem on both sides, but nothing help. I found only more errors on win server when I try to find the problems but no sollution.

    If you will we can comunicate over mail or something others.

     

    But I have a question to binding two mac with OD. I have one like a master and other Standalone. It's Ok or both should be masters? While on the standalone I don't see the users from master.

     

    Thanks.

  • 24. Re: Lion server bind to Windows AD server...
    Alfista_SK Level 1 Level 1 (0 points)

    Hi,

     

    I have know resolved the problem and I have bind the WIn AD and Apples OD.

    But know I have another problem. I would like to get users from AD to the OD witch will work on Mac's.

    I have added it over New Augmented User Records, but I can't activate in preferencer Show All Record that I can edit it. And the second and biger problem is that when i will log on client mac like a augmented user, I can't. It's the same when i give the user name for any posibble user from AD witch isn't augmented on Mac.

     

    Please can you help me how can I add users from AD to OD that I can log with it on client mac.

     

    And I need to tell you that I wasn't able to bind server over Directory Utility, but in Preferences/Users yes. I don't know why ....

  • 25. Re: Lion server bind to Windows AD server...
    furby Level 1 Level 1 (25 points)

    Glad you got it fugured out. If you do need more help with windows I'm sure we could sort something out.

    No idea why Directory Utility didn't work, it's all a bit of a dark art getting this to work.

     

    Now, I'll confess right off that I've never really got the user account stuff to work properly so maybe I'm not the best person to answer this. But,

     

    The "Show All Records' Tab is greyed out for me also but I'm not sure that you need it anyway. So I say don't worry about that. You also don't actually need an augmented record to be able to log in.

     

    When you say you can't log in, what actually happens? Does one of the boxes turn blue? Does it go to log in and just flash grey/white?

     

    When you startup the client machine do you get the Network Account message?

    Screen Shot 2012-07-11 at 10.10.45.png

     

    I susupect it's just a permissions issue on the Windows. Give an account Full permissions on the windows Profile folder and give it a try.

  • 26. Re: Lion server bind to Windows AD server...
    Alfista_SK Level 1 Level 1 (0 points)

    Hi,

     

    OK what I need to do that I can manage the users witch will connect from mac compters?

    I try to configure "Setting Up Profile Manager" and "Integrating Lion Server's Profile Manager with AD" how you described on krypted.com but I was stoped by Integrating in point that I don't have com.apple.access_ groups.

     

    When I'm in login window on client mac so I don't have there the dot witch should be gree. But when I check the connection in preferences/users thera are OK (green). I'm connected to my OD Lion server. Is it OK?

     

    The permissions should I change on Win 2003 Server in Users and  Groups or where?

  • 27. Re: Lion server bind to Windows AD server...
    furby Level 1 Level 1 (25 points)

    The permissions on the users Home Folder. I don't have it set for this user but that folder. Make sure the account has the correct share and security permissions.

     

    Capture.PNG

     

     

    That's ok with the green dot. You don't see it at the login screen, the red dot just dissapears when the machine is ready to be logged in (can take a few minutes so be patient). You should be able to log in with the mac client. When you restart the machine do you get the red dot?

     

    You don't need to do the Integrating Mac OX Lion Server Profile manager with... steps. Just use the server admin account when accessing the My Devices page. I currently just manage the Devices from Profile Manager rather than users/groups becasue well, I have no idea how to make it work for AD groups

  • 28. Re: Lion server bind to Windows AD server...
    Alfista_SK Level 1 Level 1 (0 points)

    I have set the permissions on the users home folder on Win server like it was in the Apple education video that you send me, some messages before. I have set the home folder to conect and permission are full for every ony.

     

    Ok the restart I will chceck, but I have tested other posibilities. When I have augmented users on server they are possible to conect on server (over sharing) and the others not.

     

    OK but I read in your articles that is possible, so I would like to know it and test it. So please can you tell me why can't I see the all groups in workgroup manager that you describe it in the article? I have all empty there, only admin in users is there.

  • 29. Re: Lion server bind to Windows AD server...
    furby Level 1 Level 1 (25 points)

    Strange. As long as you're logging into the AD it shoudln't make a difference if they are augmented or not.

    Go to the Local Directory

    Groups

    View..Show System Records

    group.png

     

    I don't know if you need to give users permission to access the profile manager as well.

    Screen Shot 2012-07-11 at 12.39.17 copy.png