Skip navigation
This discussion is archived

Major problem with ActiveDirectory

7097 Views 74 Replies Latest reply: Nov 30, 2007 12:36 PM by Joel Bruner1 RSS
  • Andrea_RM Calculating status...
    Currently Being Moderated
    Nov 5, 2007 2:05 PM (in response to real gonzoid)
    --mistype---

    Message was edited by: Andrea_RM
    Macbookpro 1.8 15'' + Imac 20'' core2duo, Mac OS X (10.5)
  • p_halcomb Calculating status...
    Currently Being Moderated
    Nov 5, 2007 2:21 PM (in response to Andrea_RM)
    {quote:title=Andrea_RM wrote:}In other hands I don't think that M$ is eligible to determine a "standard". I don't want to advocate on it, just simply considering that the last time i followed a best practice from M$, I had to reinstall a server.

    There's not any "expert" here...only peoples with more o less experience. That's all.{quote}

    Interesting... Well, this is the last post I'll make about this Andrea, because a) the problem has been identified, b) there's a workaround until a patch is available. But this is supposed to be an informative helpful forum. Not a place to "meat" it out between Apple and Microsoft.

    P.S. Some of us here are Active Directory experts, including myself. So I find it very presumptuous to say that none of us are experts.

    Message was edited by: p_halcomb
    MacBook, Mac OS X (10.5)
  • J.P.Kogelman Calculating status...
    Currently Being Moderated
    Nov 5, 2007 2:58 PM (in response to p_halcomb)
    I am unable to connect to Windows Servers/Net storage device on our AD. Unlike 10.4 I am unable to change the Domain/workgroup that I am attempting to log in to. I've tried a number of the network/share options presented on the forums here and not having much luck.

    I have tried domain/user & password and get "sorry, your entered an invalid username or password" Please Try again. I get this if I use CIFS or SMB as well as if I use IP address or dns name.
    Mac Pro, Mac OS X (10.5)
  • Andrea_RM Level 1 Level 1 (10 points)
    Currently Being Moderated
    Nov 5, 2007 3:26 PM (in response to p_halcomb)
    p_halcomb wrote:
    {quote:title=Andrea_RM wrote:}In other hands I don't think that M$ is eligible to determine a "standard". I don't want to advocate on it, just simply considering that the last time i followed a best practice from M$, I had to reinstall a server.

    There's not any "expert" here...only peoples with more o less experience. That's all.{quote}

    Interesting... Well, this is the last post I'll make about this Andrea, because a) the problem has been identified, b) there's a workaround until a patch is available. But this is supposed to be an informative helpful forum. Not a place to "meat" it out between Apple and Microsoft.

    P.S. Some of us here are Active Directory experts, including myself. So I find it very presumptuous to say that none of us are experts.

    Message was edited by: p_halcomb


    This post wasn't for you...as you see i've edited the post. Was a reply to anhother post, but for some strange behaviour of the thread visual, i can't find in the tree when i log on to reply (very strange).
    I can give my apologies for the incovenience, but i was replying to a person who reports a draft from Microsoft in which suggests the using of the .local dns namespace for internal use. In the same post, he named us "expert" in ironic mode.
    So, the sense of the reply had to be intended as here there's not "expert that wanto to have right" but "people with experience (which make the difference between experts e newbies)".

    Btw, the ".local" problems between mac&win it's an old well know issue.

    edit: opss, i see the post i was referring in the third page. I wrong two times......****.
    The message i wrote was "+Imho, never followed a Microsoft draft/standard. In other hands I don't think that M$ is eligible to determine a "standard". I don't want to advocate on it, just simply considering that the last time i followed a best practice from M$, I had to reinstall a server.+
    +There's not any "expert" here...only peoples with more o less experience. That's all.+"

    Message was edited by: Andrea_RM

    Message was edited by: Andrea_RM
    Macbookpro 1.8 15'' + Imac 20'' core2duo, Mac OS X (10.5)
  • Kildjean Calculating status...
    Currently Being Moderated
    Nov 9, 2007 4:12 PM (in response to William Lloyd)
    i got applecare in my system and I am having the same issues... how do I contact them to help me with this?
    PowerMac G5 Dual 2ghz, Mac OS X (10.5), 1.5gb Ram / 750gb HDD / 19" Flat
  • Kildjean Level 1 Level 1 (0 points)
    Currently Being Moderated
    Nov 9, 2007 4:14 PM (in response to sbandyk)
    My problem lies that when i try to bind my machine, it tells me the username and password are wrong... im using Administrator account... still wont let me peg to the AD...
    PowerMac G5 Dual 2ghz, Mac OS X (10.5), 1.5gb Ram / 750gb HDD / 19" Flat
  • Kildjean Level 1 Level 1 (0 points)
    Currently Being Moderated
    Nov 9, 2007 4:43 PM (in response to p_halcomb)
    P: If its not too much too ask could you take a look at my thread and give me your opinion if what is happening to me is more or less what we are discussing in this thread?

    http://discussions.apple.com/thread.jspa?messageID=5806343#5806343

    Thanks;

    K.
    PowerMac G5 Dual 2ghz, Mac OS X (10.5), 1.5gb Ram / 750gb HDD / 19" Flat
  • Matthew Yohe Calculating status...
    Currently Being Moderated
    Nov 15, 2007 1:13 PM (in response to fabryx)
    Just updated to 10.5.1, and was easily able to bind and authenticate.

    Of note:

    The status in Directory Utility states that the server is responding normally, but then states "This server is now in your authentication search policy." Which, it is.

    Continuing to test, but this looks like the solution.
  • Black MacLeod Level 1 Level 1 (35 points)
    Currently Being Moderated
    Nov 15, 2007 1:29 PM (in response to Matthew Yohe)
    We updated too, and still have the same authentication errors as before, and cannot bind.
    MacBook Pro 17", Mac OS X (10.5)
  • Matthew Yohe Level 2 Level 2 (180 points)
    Currently Being Moderated
    Nov 15, 2007 1:57 PM (in response to Black MacLeod)
    Try this:

    Unbind
    and then blow away the "Macintosh HD/Library/Preferences/DirectoryService" folder
    Reboot
    Rebind.
  • Black MacLeod Level 1 Level 1 (35 points)
    Currently Being Moderated
    Nov 15, 2007 3:53 PM (in response to Matthew Yohe)
    Thanks ... machines weren't bound, tried the rest, same result. No go.
    MacBook Pro 17", Mac OS X (10.5)
  • Matthew Yohe Level 2 Level 2 (180 points)
    Currently Being Moderated
    Nov 16, 2007 3:40 PM (in response to Black MacLeod)
    Continuing to look at this issue, I've tried it on another mac now, and I am back to where I was. Not fun.
  • Black MacLeod Level 1 Level 1 (35 points)
    Currently Being Moderated
    Nov 16, 2007 4:56 PM (in response to Matthew Yohe)
    I'm happy to say we figured things out today. It is definitely a DNS issue. Here's what we had to do.

    First off, we are in a major .edu network, use DHCP and the .edu DNS servers. Our local AD domain (us.ourschool.edu) has always shown up as the default search domain as well.

    In the System Prefs / Network we had to add the EXACT IP of the AD server as a DNS server, and put local (no . in our case ie, .local) in the search domains. In Leopard this is all under the advanced / DNS tab. We did not remove any of the other entries - in fact could not, they are grayed out as they are delivered by the DHCP server.

    After doing that, the machines bound to our AD just fine, although not quickly. Originally we were getting hung up at step 3, the authentication. This time it worked fine.

    After that, I logged out and logged back in using my domain\username : password and voila. The slowness of the bind is not present once its done, everything was nice and speedy.

    Even further, I then went back and removed those extra entries, as it seemed to slow down the whole DNS process, and I guess it doesn't matter once the machine is bound to the AD, because it still works fine.

    As a side note, the new Entourage 2007 beta really likes being bound ... setting up new accts is like in Windows, it knows who you are on the domain and automatically sets everything up.

    I hope this helps someone else.

    oh yea, ps ... some mention has been made of the Root account .. and its true, none of this worked for my coworker until he LOGGED IN as root at least once. He had root enabled, but had never logged in to the account. He didn't have to do the bind as root, but something weird is going on so keep that in mind and give it a try first.

    Message was edited by: Black MacLeod

    Message was edited by: Black MacLeod
    MacBook Pro 17", Mac OS X (10.5)
  • itdoug Calculating status...
    Currently Being Moderated
    Nov 19, 2007 10:14 AM (in response to fabryx)
    I was having the same problems described in this discussion until I moved the Mac that I wanted to bind to active directory to the same Subnet as my domain controllers.

    I also manually entered the dns server as well as the search domain even though they were already acquired properly through dhcp.

    It worked the first time.

    Hope that helps!
    iMac, Mac OS X (10.5.1)
  • Joel Bruner1 Level 1 Level 1 (30 points)
    Currently Being Moderated
    Nov 30, 2007 12:36 PM (in response to Matthew Yohe)
    Matthew Yohe wrote:
    Try this:

    Unbind
    and then blow away the "Macintosh HD/Library/Preferences/DirectoryService" folder
    Reboot
    Rebind.


    Yes try this, reboot and notice how now even your own server is not listed in Directory Utility, it says No Servers Configured.
    20" iMac, Cube, 14" iBook, Pismo, Mac OS X (10.4.10)
1 2 3 4 5 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.