Major problem with ActiveDirectory

{quote:title=Andrea_RM wrote:}In other hands I don't think that M$ is eligible to determine a "standard". I don't want to advocate on it, just simply considering that the last time i followed a best practice from M$, I had to reinstall a server.

There's not any "expert" here...only peoples with more o less experience. That's all.{quote}

Interesting... Well, this is the last post I'll make about this Andrea, because a) the problem has been identified, b) there's a workaround until a patch is available. But this is supposed to be an informative helpful forum. Not a place to "meat" it out between Apple and Microsoft.

P.S. Some of us here are Active Directory experts, including myself. So I find it very presumptuous to say that none of us are experts.

Message was edited by: p_halcomb

I am unable to connect to Windows Servers/Net storage device on our AD. Unlike 10.4 I am unable to change the Domain/workgroup that I am attempting to log in to. I've tried a number of the network/share options presented on the forums here and not having much luck.

I have tried domain/user & password and get "sorry, your entered an invalid username or password" Please Try again. I get this if I use CIFS or SMB as well as if I use IP address or dns name.

p_halcomb wrote:

{quote:title=Andrea_RM wrote:}In other hands I don't think that M$ is eligible to determine a "standard". I don't want to advocate on it, just simply considering that the last time i followed a best practice from M$, I had to reinstall a server.

There's not any "expert" here...only peoples with more o less experience. That's all.{quote}

Interesting... Well, this is the last post I'll make about this Andrea, because a) the problem has been identified, b) there's a workaround until a patch is available. But this is supposed to be an informative helpful forum. Not a place to "meat" it out between Apple and Microsoft.

P.S. Some of us here are Active Directory experts, including myself. So I find it very presumptuous to say that none of us are experts.

Message was edited by: p_halcomb

This post wasn't for you...as you see i've edited the post. Was a reply to anhother post, but for some strange behaviour of the thread visual, i can't find in the tree when i log on to reply (very strange).
I can give my apologies for the incovenience, but i was replying to a person who reports a draft from Microsoft in which suggests the using of the .local dns namespace for internal use. In the same post, he named us "expert" in ironic mode.
So, the sense of the reply had to be intended as here there's not "expert that wanto to have right" but "people with experience (which make the difference between experts e newbies)".

Btw, the ".local" problems between mac&win it's an old well know issue.

edit: opss, i see the post i was referring in the third page. I wrong two times......****.
The message i wrote was "+Imho, never followed a Microsoft draft/standard. In other hands I don't think that M$ is eligible to determine a "standard". I don't want to advocate on it, just simply considering that the last time i followed a best practice from M$, I had to reinstall a server.+
+There's not any "expert" here...only peoples with more o less experience. That's all.+"

Message was edited by: Andrea_RM

Message was edited by: Andrea_RM

i got applecare in my system and I am having the same issues... how do I contact them to help me with this?

My problem lies that when i try to bind my machine, it tells me the username and password are wrong... im using Administrator account... still wont let me peg to the AD...

P: If its not too much too ask could you take a look at my thread and give me your opinion if what is happening to me is more or less what we are discussing in this thread?

http://discussions.apple.com/thread.jspa?messageID=5806343#5806343

Thanks;

K.

Just updated to 10.5.1, and was easily able to bind and authenticate.

Of note:

The status in Directory Utility states that the server is responding normally, but then states "This server is now in your authentication search policy." Which, it is.

Continuing to test, but this looks like the solution.

We updated too, and still have the same authentication errors as before, and cannot bind.

Try this:

Unbind
and then blow away the "Macintosh HD/Library/Preferences/DirectoryService" folder
Reboot
Rebind.

Thanks ... machines weren't bound, tried the rest, same result. No go.

Continuing to look at this issue, I've tried it on another mac now, and I am back to where I was. Not fun.

I'm happy to say we figured things out today. It is definitely a DNS issue. Here's what we had to do.

First off, we are in a major .edu network, use DHCP and the .edu DNS servers. Our local AD domain (us.ourschool.edu) has always shown up as the default search domain as well.

In the System Prefs / Network we had to add the EXACT IP of the AD server as a DNS server, and put local (no . in our case ie, .local) in the search domains. In Leopard this is all under the advanced / DNS tab. We did not remove any of the other entries - in fact could not, they are grayed out as they are delivered by the DHCP server.

After doing that, the machines bound to our AD just fine, although not quickly. Originally we were getting hung up at step 3, the authentication. This time it worked fine.

After that, I logged out and logged back in using my domain\username : password and voila. The slowness of the bind is not present once its done, everything was nice and speedy.

Even further, I then went back and removed those extra entries, as it seemed to slow down the whole DNS process, and I guess it doesn't matter once the machine is bound to the AD, because it still works fine.

As a side note, the new Entourage 2007 beta really likes being bound ... setting up new accts is like in Windows, it knows who you are on the domain and automatically sets everything up.

I hope this helps someone else.

oh yea, ps ... some mention has been made of the Root account .. and its true, none of this worked for my coworker until he LOGGED IN as root at least once. He had root enabled, but had never logged in to the account. He didn't have to do the bind as root, but something weird is going on so keep that in mind and give it a try first.

Message was edited by: Black MacLeod

Message was edited by: Black MacLeod

I was having the same problems described in this discussion until I moved the Mac that I wanted to bind to active directory to the same Subnet as my domain controllers.

I also manually entered the dns server as well as the search domain even though they were already acquired properly through dhcp.

It worked the first time.

Hope that helps!

Matthew Yohe wrote:
Try this:

Unbind
and then blow away the "Macintosh HD/Library/Preferences/DirectoryService" folder
Reboot
Rebind.

Yes try this, reboot and notice how now even your own server is not listed in Directory Utility, it says No Servers Configured.