50245 Views 1 2 3 4 5 Previous Next 63 Replies Latest reply: Feb 10, 2009 9:18 AM by Erik Black Go to original post
Hmm I'll have to test some things here to see if thats our problem. We do indeed have many DCs, though if this were the case wouldn't it work the second time you tried after the computer had been propagated to the other DCs? Subsequent tries on our network have still failed with rare sporadic exceptions.
I'm guessing that since it ultimately fails it must never fully put the computer in the AD.
The client tells DC A that it's adding ClientZ to AD.
DC A waits for more info while the client then does whatever it's doing.
Client then contacts DC B about addind ClientZ.
DC B has no idea what it's talking about so it fails.
DC A is left hanging so eventually it fails.
In the end there's nothing added to the domain.
That's just my guess... I really have no idea what's going on behind the scenes. But, otherwise you'd eventually see that ClientZ show up and then it would bind.
I'm trying now to see if there's a way (other than /etc/hosts) to force the client to only use one particular DC or if there's a way to view bind attempts in the logs on the domain controllers.
I dont have a machine to test this with at the moment, but what about if you specify the DC you'd like to use with the "Prefer this domain server" option in the advanced AD settings under the Administrative tab? I'll probably give it a try once I get a machine I can use to test it but do not have one right this moment.
I hope there is more room on the boat for me. I am having all the issues mentioned above and tried all the fixes with no luck.
Just for kicks I joined a 10.4 machine to the domain (made me feel better about myself) but for now I'm sitting in purgatory about whether to go back to 10.4 or sit and wait for 10.5.2 and hope it fixes the issue.
Got all the issues mentioned above.
Got the error message while trying to bind imac
I tried something else....
In directory utility instead of going in the first tab. I went in services tab and double clicked on Active Directory ( Checked box ). Filled up domainname and clicke bind. And it worked.
Open directory utility
wait for Mac search to be completed.
Went to tab Services
entered domain: mydomain.net.inside
Prompted for login: Administrator
Password: my 17 long password.
And when go back to 1st tab Directory Services, everything is cool.
Hope this help and this is not too late
The only thing that has worked for me consistently is to add the computer name to the Active Directory, wait a half hour for it to replicate to all of the domain controllers and then bind the computers.
Doing this has worked for pretty much every computer.
Odds are this will be fixed in 10.5.2 and we all this will be cleared up... I hope.
Hey Jason thanks your method worked for me. Currently running 10.5.1. ( I will do a clean install and re-test on 10.5) Binding the computer to our domain initially threw me an error code 14120, eDSPermissionError. I ignored it and tried again which resulted in success.
After the machine was bound via directory utility I then went to the services tab (you have to activate show advanced settings to view this) selected > show advanced options > then select the Administrative tab. I checked "Prefer this domain server" and inputted the ip address for our DC. I also tested the setup by inputting the dns of the server and that worked as well. Thanks again
Ok here is another update hopefully the final one. I am able to bind and login consistently now on 10.5.1. Binding doesn't seem to be the major issue at hand, logging into the network accounts seems to be the principal issue. Ok here is my solution:
[Im assuming that the reader knows how to bind the machine / or has the machine bound]
(before you begin Select "show advanced settings" in the directory utility)
In directory utility under search policy I clicked the + sign and added the specific domain I am currently in. By default the search path is set to All Domains. Selecting the domain I am in resolved the issue for me. After multiple reboots and different test accounts logging in was still possible.
As a test I also unchecked "prefer this domain server" located in the services tab > show advanced options > then select the Administrative tab. After a reboot the settings from the search policy tab still held up. Hope this helps.
I am happy to announce that I tried what someone suggested in another post which worked:
1. I did a fresh install of Leopard. Updated to 10.5.1
2. I added the computer name I was planning on using into AD first.
3. In leopard, I added the IP of our main domain controller instead of letting the OS choose (Prefer this domain controller)
4. I unchecked allow authentication from any domain controller in the forest
5. I added our domain to the directory servers page
6. Was able to bind to the domain no problem after all of this
1. In AD: during the creation of a new computer in AD, did you check the box "This is a managed computer?" If so what is the sample "Computer's unique ID (GUID/UUID) did you set? -If any?
2. In Leopard System Prefs/Sharing: Did you have the Local Hostname be the same as the computer name you just added in AD? -Also did you enabel "Use dynamic global hostname"
3. In Directory Utility/Computer ID: Is that the same as the computer name you just added in AD as well?