Lion server bind to Windows AD server...

Just want to say I feel both your pain, this stuff still drives me to despair.

Could you be a bit more specific about what you mean by:

Sinerg1 wrote:I couldnt pull users out of LDAP.

if you've got profile manager setup this should be easy and Alfist_SK if you don't, the link I put before was pretty good and what I used.

Now,

1.On the machine you want to bind login and go to the devices page .

http://servername.domain.whatever/mydevices.

2. Go to the profiles tab and install the Trust Profile for youdomain.

3. Then click on Devices tab and click on Enroll.

4. Install the profile.

If this works you should see it listed under devices in your profile manager. (http://servername.domain.whatever/profilemanager

5 Click on the devices and the go it edit

6.Go to the Mac OSX payload section and the Directory.

7. Fill in the info with whatever details are right for you.

8. Click Ok and then Save...

The settings should push out, you will see the progress in the active tasks. If not, on the profie page there is an option to Download.

Restart the machine and see if it's bound.

I'm sort of glossing over the root of these problems but if either of you want to give this a try as workaround then we could get to tacklig them.

Hey,

ill be without internet for a week so ill post once i return as I think im a step before profile manager. Although i configured it and I can enroll devices, its more of the user authentication i wish to aquire.

Cheers

I'll be curious how you get on, will be interesting if it works.

I found doing it the other way around AD first and then OD worked, but there's multiples way to get to that stage so you're not really a step before. Yes, I also use my AD for authentication (and it is in fact the only part that seems to be reliable), that's where I'm hopefully guiding you toward.

I put the whole process down, albeit a bit succinct, but go from step 5 and create that directory payload.

I should really write/video this all down at some point.

Hi Furby,

So I installed the certificate on the iPad and now tried to enroll the device. It asked to install the Device Enrollment cert, clicking on install, a pop up appears to say "Unverified Profile, The authenticity of "Device Enrollment"... etc INSTALL NOW.

After clicking on INSTALL NOW it twirls for a bit and then I get a message saying "A network error has occured. Could not connect to the server."

Any idea what this is?

Now, you're really asking. Though that's more my level of expertise I don't think this is the forum for that discussion. There are plenty of great guides to installing Win Server out there which I'm sure you can find.

@Sinerg1I thought you were trying to enroll your server? Are you using the local network (wifi)? Can you check your DNS server for the IP of the Lion server, does it have the correct entry (or possibly multuple entries?). On the lion server does the Windows DNS server show up in the Network preferences?

You could always do it manually with the http://support.apple.com/kb/DL1465 iPhone configuration utility.

In the Profile Manger, click on the little PLUS symbol on the bottom left to create a new enrolment profile and then download it.

Glad you got it fugured out. If you do need more help with windows I'm sure we could sort something out.

No idea why Directory Utility didn't work, it's all a bit of a dark art getting this to work.

Now, I'll confess right off that I've never really got the user account stuff to work properly so maybe I'm not the best person to answer this. But,

The "Show All Records' Tab is greyed out for me also but I'm not sure that you need it anyway. So I say don't worry about that. You also don't actually need an augmented record to be able to log in.

When you say you can't log in, what actually happens? Does one of the boxes turn blue? Does it go to log in and just flash grey/white?

When you startup the client machine do you get the Network Account message?

I susupect it's just a permissions issue on the Windows. Give an account Full permissions on the windows Profile folder and give it a try.

The permissions on the users Home Folder. I don't have it set for this user but that folder. Make sure the account has the correct share and security permissions.

That's ok with the green dot. You don't see it at the login screen, the red dot just dissapears when the machine is ready to be logged in (can take a few minutes so be patient). You should be able to log in with the mac client. When you restart the machine do you get the red dot?

You don't need to do the Integrating Mac OX Lion Server Profile manager with... steps. Just use the server admin account when accessing the My Devices page. I currently just manage the Devices from Profile Manager rather than users/groups becasue well, I have no idea how to make it work for AD groups 😟

Strange. As long as you're logging into the AD it shoudln't make a difference if they are augmented or not.

Go to the Local Directory

Groups

View..Show System Records

I don't know if you need to give users permission to access the profile manager as well.