Previous 1 3 4 5 6 7 Next 98 Replies Latest reply: Sep 2, 2012 10:34 AM by Dave.Maltby Go to original post Branched to a new discussion.
  • fsck! Level 1 Level 1 (30 points)

    I haven't tried 10.7.3 yet but, I'm not holding my breath any longer.  Unless apple specifically lists fix for .local domains  not even going to bother anymore with this issue and work towards dumping .local altogether.  The centrify workaround still works for me to this day but, it does have its drawbacks.  Good bye .local, it's a brave new world.  :-(

  • Tom Cramer Level 1 Level 1 (10 points)

    Apple wrote:

     

    Improve binding and login speed for Active Directory users in a domain whose name ends in ".local"

     

    http://support.apple.com/kb/HT5048

  • cticompserv Level 1 Level 1 (5 points)

    I just installed it on a clean Lion setup, added it to the domain and, so far, it is working perfectly.  Mounting smb and afp volumes is much faster than with the Likewise plug-in.  This is good news!

     

    Will keep testing.

     

    Kent

  • LCTech Level 1 Level 1 (0 points)

    I am unable to give automatic admin rights to Domain Users or even Domain Admins. I have everything set up identical to the way it works in Snow Leopard under the Administrative tab in the Active Directory settings but no go. Anyone else?

  • cticompserv Level 1 Level 1 (5 points)

    I noticed the same thing right after I posted my previous message.

     

    Kent

  • cticompserv Level 1 Level 1 (5 points)

    You can give the user admin rights, however.

     

    It appears to work best to join the domain via the Users & Groups panel rather than through the Directory Services utility.  I can join via Directory Services but I get a yellow dot in the log-in screen that says "Some directory accounts are available."  This does not happen when I join in Users & Groups.

     

    Kent

  • cticompserv Level 1 Level 1 (5 points)

    It's still not creating mobile accounts at log-in.

     

    Kent

  • fsck! Level 1 Level 1 (30 points)

    I reverted the centify workaround (leaving the LOCAL DNS zone in place on my DNS server) and so far it seems to work, 4 days and counting.  Mobile accounts are also being created succesfully. I am not experiencing an issue granting administration privileges to domain groups - that is, I am still able to grant access to domain admins.  I do notice a delay in logon times.  Also slight delays when launching terminal (while logged on with a domain account).  None of this was present with the centrify workaround so I think there is still room for improvement.

  • cticompserv Level 1 Level 1 (5 points)

    I filed a bug report with Apple about the mobile accounts and the AD admin problems.  They claim they've not heard of either problem.

     

    If you're experiencing these problems please file a bug report.

     

    Kent

  • mwfischer Level 1 Level 1 (0 points)

    Interesting.

     

    I followed this guide and it fixed my authentication problem;

     

    http://www.macwindows.com/TIP-Lion-dot-local-AD-disable-multicast.html

     

    Bonus - I'm not in a .local domain.... I'm not asking questions but I have 100% authentication (after about 30 seconds of waiting) by disabling multicastDNS and adjusting a time out setting.

     


    Let's see what happens.

  • fsck! Level 1 Level 1 (30 points)

    that was part of the same workaround published by centrify.   I am confused though, you say you are NOT in a .local domain so why would you even have to apply this fix?  the issue AFAIK only affects .local domain clients.

  • OFSIP Level 1 Level 1 (0 points)

    Hello

    I'm on a .local domain - AD 2008 R2.

    We specified for many users (mac mini users) the same local home folder in the active directory profile - home folder - Local path : /Users/homeAD.

    it does not work any more since 10.7.

    We manage the rights with login and logout scripts.

     

    Have you a solution ?

  • mwfischer Level 1 Level 1 (0 points)

    It must be with just .local...

     

    I rebooted for messenger beta and I had login **** for a while.

     

    Had to pull machine off / back on domain a few times, permission repair, etc. 

  • Gerrit DeWitt Level 4 Level 4 (3,900 points)

    Regarding turning off ipv6, it's best not to manually edit the preferences plist, because that may be overwritten by cache later.  To properly disable ipv6, use the networksetup command or System Preferences.  For example, sudo networksetup -setv6off "Ethernet 1"

     

    You'd replace the "Ethernet 1" name with the name of your active service(s).  To get the names of the services use networksetup -listallnetworkservices

  • Gerrit DeWitt Level 4 Level 4 (3,900 points)

    You are correct that there have been reoccurring issues with .local DNS and Mac OS X before.  Unfortunately, the replacement of the DirectoryService subsystem with opendirectoryd may have reintroduced some of these Leopard era problems.  You can simply disable the Bonjour service in Mac OS X by unloading its launch daemon...

     

     

    launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Previous 1 3 4 5 6 7 Next