User profile for user: tpires
tpires Author
User level: Level 1
5 points

AD bind losing connection every 30 days or so

Let me briefly explain our issue: Every 30 days or so, or bind to Active Directory becomes unbound and our AFP and SMB shares stop accepting logins from our Mac and PC employees since we use AD for authentication. This has happened consistently for the last 3 months.


To correct, I have to unbind the server, rebind, then reboot the entire system before it starts accepting AD logins. Simple unbinding and rebinding will not work.


Details of our environment:

  • Latest Intel Xserve running Mac OS X 10.6.6 Server. 24GB RAM
  • Connected to an Xsan on 2.2.1 and resharing via AFP and SMB. No other services are running on this server.
  • Active directory servers are Windows Server 2003
  • Our AD environment is simple, one forest, one domain. Bind has no special mappings.


TIA

Xserve, Mac OS X (10.6.6)

Posted on Jun 21, 2011 7:05 AM

Reply
3 replies
User profile for user: Andbrowny
Andbrowny
User level: Level 4
1,614 points

Jun 21, 2011 5:32 PM in response to tpires

Hi, a couple of things I'd be looking at are the machine password interval

type in terminal

dsconfigad -show

look at the bottom uner advanced Administrative.

how many days before it needs changing?

I'd change it to 0

type in terminal

dsconfigad -passinterval 0

the other thing would be seeing if a the following will work when you have the issue,


sudo killall DirectoryService

defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive"

defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"


if it does look at putting a scrip together that does an id (ADUserName) and if the return is "no such user"

then running the commands above



cheers

Reply
User profile for user: tpires
tpires Author
User level: Level 1
5 points

Jun 22, 2011 6:24 AM in response to Andbrowny

Thanks, sir.


Our password interval was at 14 days and I think it was a reasonable course of action to set it to 0, so I did. My other research into this issue seems to indicate that this may very well be the issue.


I do have a few questions about this, though. What does this property control? The user that is logged in is a local user, not an AD user so is this the root of the confusion? Does this number count down or is it static?


I have some experience with writing shell scripts and Applescripts, so I think running a launch agent that periodically check this might be prudent. Again, thanks for your help.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

AD bind losing connection every 30 days or so

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up