18110 Views Previous 1 2 Next 24 Replies Latest reply: Feb 25, 2010 3:48 AM by jamesloker Go to original post
Just adding that I am having a similar problem with AD binding on a Windows 2003 server. System installed on the Mac client is 10.6.2. The environment does not have an OD server.
I use DS AD binding script, and the bind performs successfully. I need to take a look at the system logs again but I recall there being a reported DNS error following the binding however.
Network account availability is intermittent when binding 13" MacBook latest model.
I have seen the above machines have a red light next to network accounts available, then after several attempts of logging in with a non-cached AD account network accounts are inexplicably available and I am able to login with an AD account.
I have also tested just unbinding and rebinding a machine manually using Directory Utility with exactly the same issue occuring. Problem seems to be more evident when attempting to authenticate over wireless, but I have seen it happen with these machines attached to Ethernet also.
Apologies that I can't provide any more info, unfortunately I can't perform any testing in the environment until Wednesday either. This is for a school environment, staff return on Wednesday and students return the following Monday, so it is getting urgent. Does anyone have any suggestions?
Our school site is supported by a single Windows AD server. It is connected to district HQ by a slow congested WAN link. There are several other Windows AD servers at HQ that replicate accounts to/from our school site on a scheduled basis.
What I have found by packet tracing is that the OS X 10.5.8 Mac Bind process chooses a Windows DC seemingly at random in which to create/update its computer account when a Mac joins the AD. Typically that means it chooses one of the slow, off site DCs for the Bind. Following Bind completion the Mac will continue to work with the chosen DC for logins if it is not rebooted.
However, after the Mac has been rebooted once or twice a different algorithm appears to come into play whereby the Mac strongly prefers to use the DC on its local subnet.
This means that if you reboot a freshly bound Mac before your local Windows DC has received a copy of its machine account via replication... your logins will fail. This typically manifests as headshake behavior or sometimes you may see messages to the effect that "The system is unable to log you on at this time." Once scheduled replication has completed and all your DCs have a consistent copy of the Mac computer account this problem usually disappears.
Hope this helps.
I have a similar problem binding Macbooks to a Small Business Server 2008 Domain.
I found that it would bind to the domain and all was well until the network was disconnected (i.e user took the Macbook home). When it was reconnected the Macbook reported that the Domain was not responding. I replicated the environment, and problem, on a test bed and found that if I turned off the Windows Firewall Domain profile on the SBS Server the Macbooks would Bind without any issues.
I have been experimenting opening up various ports to try and workout what is being blocked. I can successfully telnet to all the Ports suggested in the Apple White Paper.
Having the Fiewall turned off is not a recommended solution. If anyone has suggestions on other ports that I can try to exclude I will try it out.
****... I spent FOREVER on this issue and it keeps happening because the time is not the same in Active Directory as it is on the Mac.
Line them up and the **** thing will start syncing again.. and if you are allowing either the server or the mac to update off time servers make sure they are updating off the same server.. if the time on either machine is off by more that 7 seconds you will not bind.
Hope that helps some of you!
This problem is a strange one. I too have been experiencing problems. The newest member of my mac clan is the iMac, when i tried to install 10.6.2 and bind it to the network, i too had the problems listed about network accounts not available. I tried the rc.local fix without success and in the end couldnt login to the machine at all. It would halt on the Logging in screen trying to login as local user even after repairing permissions. My Macbook however has 10.6.2 and is from 2007/2008 and has no problems what so ever. I haven't installed on the MacMini but did experience the problems on the Macbook Air.so out of 3 computers i have tried snow leopard on, only 1 works. 10.5.8 never had an issue of logging on for me. I am currently going to try clean 10.5 install and upgrade to 10.6. Will let you know if this works. Previously were all clean 10.6 installs