Active Directory, Lion and .local domains

+1, .local domain integration broken in my office also.

Mega fail.

Same issue here with SBS 2008 and a .local domain. I upgraded to Lion and all appeared ok. However I couldn't connect to any SMB share in the office. I unbound from the domain and now it simply will not rebind. I am getting unknown error code (1) I'm getting Unable to add server unknown error code... etc when I try to bind.
Snow Leopard would bind fast; within seconds and Lion seems to take about four minutes for each step of the bind, "getting information about active directory... checking credentials... checking for previous...

Same problems, so frustrating. Upgraded to Lion and couldn't login as AD user, logon screen just states "network users are unavailable". I ended up unbinding and rebinding the machine to the domain and was able to have marginal luck with logging into the workstation. Today I finally changed my AD password because it was about to expire. I can no longer log into my workstation. I logged back in as a local user and did the whole unbind, rebind thing. This time I am having no luck and cannot get back in. This feature worked perfectly in Leopard and Snow Leopard. I am copying all the files from the network users directory to a local user as root and will then change permissions to see if I can at least work as a local user. Not what I would expect from Apple with an OS upgrade. I wish I stayed on Snow Leopard.

Supposedly, 10.7.2 fixes this issue. A poster in a different thread believed it was expected to be released on or before 1 Sept. As it's now the 9th, and it's still not available...

in any event, I've got a brand spanking new MBA (yea!... not!), that I can't join to our domain because it shipped with Lion 10.7.1.

I know I can simply wait it out, as long as I don't want to use my computer... OR I could maybe downgrade? to Snow Leopard, seeing as that seems to be solid. Of course, with an MBA, doing OS Loads to anything other than whats in the recovery partition (I know.. Windoze parlance...) is not so simple. Also, even doing a reload to a factory image requires Internet access... Whats THAT about?

I've been primarily a Windows and *nix Admin for the last couple decades, avoiding Apples because of the weird proprietary stuff they pull. our executive team has had a big gulp of the apple cool-aid and since I have to support them, I thought I'd spend some time getting more fluent in the OSX/IOS world. Frankly, this is a great example of why I've stayed away. How can you ignore the ability to interoperate with the 8000 lb gorilla in the enterprise network world?? As I'm using 10.7.1, this means that Apple has left this critical (IMHO) issue unfixed/unaddressed for TWO releases (.0 and .1) and is slow and silent on whether or not it will be fixed in 10.7.2.

Sad... very Sad!

Guess I'll go back to my Linux/windows world and tell our executive team that Apple apparently does not care enough about enterprise environments to get this fixed in a timely issue. I really hate to have to downgrade our executive team (most with MBPs) back to snow leopard... This ***!

Has anyone actually tested this issue against the 10.7.2 beta? I don't have access to it.

this is for 10.3 but may still be relevant, I don't know, havent tried it just came across it on my Google searches:

http://support.apple.com/kb/HT2385

or this:

http://blog.scottlowe.org/2006/01/04/mac-os-x-and-local-domains/

First, I do want to say that, though the effort is appreciated, the posts from stallamaris5 are very old and have absolutely nothing to do with the current issues Lion has with ".local" domains.

Most importantly, though:

My admittedly brief testing shows that Apple has yet to fix the problem in 10.7.2. I think the first developer seed actually had the problem fixed, but subsequent seeds wouldn't allow network login at all. The release build, 11C74, does not have any fix for this presumptively huge bug.

I'll keep trying to see what I come up with, but it just seems that Apple has abandoned AD customers in Lion.

I'm having the same issue. New computer, upgraded to 10.7.2, started with fresh bind. Users & Groups shows a green dot. Log in window shows a red dot.

Why does Apple break AD logins with every new release? Its 2011, this shouldn't be that difficult, especially when it was working before.

Ugh, so frustrating.

You guys will want to check this out as well:

http://support.apple.com/kb/TS4041

I also had to do this when 10.6 came out.

http://support.apple.com/kb/ts3248

Still does not fix the issue.

Wow is this frustating.

I can add nothing but complaints

REALLY Frustrating, especially when you work with a large directory (800+ users in a school environment) which includes exchange 2007 + and Sharepoint. Having exchange and sharepoint in your environment rules out renaming your domain. Why would apple break something that was working in Snow Leopard? ".local" domains are MS best practice and now im sure ALOT of people will have this problem...
Only thing I can think of is creating a new domain and migrating everything across, which is a very big pain!

Big fail on apples part....

I have been using this workaround for a month now and it sucessfully corrects the issue

http://www.centrify.com/downloads/public/centrify-directcontrol-for-mac-local-do main-workaround.pdf

It was provided by Centrify, which is a vendor of an AD plugin, BUT, you do not need to run their plugin. This is simply a fix for the .local problem plaguing Lion. The workaround will involve changes at the client level and a minor change to your DNS servers.

For a brief test results review of the workaround refer to this:

https://discussions.apple.com/thread/3198558?answerId=16701295022#16701295022

If you have those many clients though, perhaps you should consider a 3rd party plugin like Centrify itself or Likewise. AD integration wasn't 100% functional in SnowLeopard either, though not as problematic as with Lion, granted...