Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

5 points

AD Bind Issues

Hi Forums,

I am maintains a large school network, we have all of our users log on using mobile accounts through our AD server. In X.5 we had the regular issues that everyone seemed to have, but so far our X.6 systems seem to be far worse.

It seems every time i reboot my test systems they loose the AD server. We can;t log in with an un-cached user and when i go to check the Network Account Server, out Open Directory server is registering fine, but our AD domain says "This domain is not responding".

It seems to be the same weather we are on wireless or ethernet.. and it really is very frustrating, it is the last issue we have preventing us from rolling out our X.6 image.

Posted on Sep 28, 2009 10:24 PM

41 replies

Matt James1 Author

Level 1

5 points

Nov 18, 2009 4:43 PM in response to Peter-Erik

Peter-Erik, I have a reasonably stable connection now, I have made a few changes which seem to have bought SOME stability, changes are as follows.

1 - Upgrade to X.6.2
2 - Remove OD Binding and ONLY use AD
3 - Remove any turn off file sharing and delete any shared folders on local system (turning file sharing back on will recreate the basic folders)
4 - and then i did a safe boot and rebooted.

after doing these steps our system seem to pick up the AD about 90% of the time now, which is a massive improvement over what we had. I also experimented with adding .local to the DNS search domains (as suggested earlier from an Apple White Paper for panther i think?), but it didn't have much effect - unfortunately it seems apple is going to persist with not playing nicely with .local DNS names..

IT Admin

Level 1

0 points

Nov 19, 2009 8:23 AM in response to Matt James1

Hi Matt,

Thanks a lot for those steps, I tried it out and it seemed to bind fine with AD and when i Restart the ad binding was still there, Well but still i would give it a day or two and then will let you know if this is the perfect solution 😀

Thanks

Nov 19, 2009 11:58 PM in response to IT Admin

Thanks Matt for those steps, but that is now solution for us. We have here brand new Xserver but we went back to 10.5.8 at this time. Combination OD/AD works perfect. Software Update server works perfect. In 10.6.1 and 10.6.2 this is both not working good. Waiting for 10.6.3 at this time..............

IT Admin

Level 1

0 points

Nov 20, 2009 8:07 AM in response to Matt James1

Hi Matt ,

Thanks a lot for the solution, It worked 90% for me, Still 2-3 Mac's are still not binding.
What I did is,

1.Removed all sharing
2.Entered Safe Boot
3.Bind with AD and reboot.
4.If you have OD remove OD binding too.

Thanks alot again Matt

Nov 24, 2009 8:10 AM in response to IT Admin

I am experiencing the same issues with a 10.6 tech lab that I setup for one of my schools.m 10.6.2 server, win 2003 ad, 10.6.2 clients, NO use of .local on the ad domain (it is .main).

Disabling OD and removing sharing isn't going to work for me... I regularly use ARD and SSH access so I can't remove all sharing items. The tech class also purchased a super nice mac pro and 10.6 SL server to manage their lab with so I can't remove the OD binding.

I can setup mobile accounts and suggest a restart when students can't login. It seems like a reboot will sometimes fix the issue until it happens again. The only solution that may work on my end is to take AD out of the picture and duplicate all my users on the OD server which I REALLY want to avoid.

Matt James1 Author

Level 1

5 points

Nov 24, 2009 3:51 PM in response to RichardJSD

You don't have disable sharing permanently, if you disable it, delete all of your shares within the File Sharing preference pane, reboot in safe mode, reboot again, then re-add the share points manually they should work (at least that has been my experience)

Unfortunately I have not been able to get OD and AD working simultaneously yet, it seems the system binds to OD first, then tries to bind to AD second. I have been told if AD binds first it works fine, but I am guessing a script would have to be drafted for this to happen..

Feb 16, 2010 5:33 PM in response to Matt James1

Hi All,
after spending a couple of hours with is i think i have found a solution
under diretory utility check the search policy and make sure that the active directory is above the open directory option
i found this by binding AD first then rebooting it held then bound to OD and rebooted and they both held, still having issues with it recieving information settings to create the mobile accounts but directory utility shows both connected and green lights

hope this helps

Daniel

Feb 16, 2010 5:59 PM in response to dmaclaughlin

sorry addition to my other post, found that when you bind a machine to OD from the client it creates an account in WGM for the machine and ends the name with a $ which WGM sees as the primary machine instead and as such needs to be added to any computer groups you have to recieve settings
pain in the butt for me as i had just imported 400 machines into WGM and now am going back deleting them so that there is only 1 record for each machine
again not sure if anyone else has this problem
Daniel

Feb 24, 2010 6:38 AM in response to dmaclaughlin

Having the exact same problem here with .local domain and 10.6 macs.
Eagerly awaiting an update from Apple.
Removing the .My-domain.local from "search domains" on the NIC settings seems to resolve the issue, but this is not possible with DHCP clients as the search domain setting is inherited automatically.

FZ

Mar 24, 2010 6:32 AM in response to Father Zimfire

I found this from Apple http://support.apple.com/kb/TS3248?viewlocale=en_US
and now testing and it seems to work no with our .local domain

Mar 25, 2010 12:57 AM in response to Peter-Erik

Sorry i mean it works "now" with our .local domain

AD Bind Issues