Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Lion server bind to Windows AD server...

Hi,


can anybody help mi with binding Lion Servers Open Directory to Windows Active Directory?

I Have setuped Windows 2008 Server and Windows 2003 Server. On both is full working Active Directory. The clients can conect to it (win).

I would lice to have some Mac clients and will setuped Lion server an in Open Directory I have set to connect to another server. Then in Directory Utility I will set the connection to AD Server over Connect in File menu and I have only error mesage "Can't connect to the server - Directory Services may not be installed on the remote server, they may be turned off, or the URL may have been entered incorrectly." and then I try the connection over Services - Active Directory and have error mesage "Authentication server could not be contacted." too.

Can somebody help me with setting Lion Server to connect to Win Active Directory?


Thanks,


Alfista

Mac OS X (10.7.4)

Posted on Jun 13, 2012 5:14 AM

Reply
Question marked as Best reply
User profile for user: furby
furby
User level: Level 1
39 points

Posted on Jun 13, 2012 6:57 AM

Let's assume you have things setup correct and try this way:


On the Lion Server.

  1. System Preferences
  2. Users and Groups
  3. Login Options (click the lock to Authenticate)
  4. Network Account Server and click Edit...
  5. Click on the +
  6. Enter your AD domain name like apple.local or whatever it is for you.

More options should drop down, enter whichever account lets you bind to the network (you don't need the domain\username just username).


I'm at a machine that's already bound to the domain but I think there rest is fairy straight forward.

View in context
42 replies
User profile for user: Sinerg1
Sinerg1
User level: Level 1
0 points

Jul 11, 2012 6:05 AM in response to furby

Hi furby,


I managed to setup profile manager and was able to enroll devices. However I mainly plan to use this application soloey for managing iOS devices. I have enrolled an iMac for test purposes but this will be irrelevent for the moment and have enrolled an iPad.


On the profilemanger page in the browser I can see the devices, however on the ipad if I go to mydevices I see the iMac and not the iPad, it then asks me to enroll again. Are you aware of this, is it just a bug?


Also, when you create an iOS profile and you have the option to download the profile. I would imagine this is only for Mac OS rather than iOS?


Thanks.

Reply
User profile for user: furby
furby
User level: Level 1
39 points

Jul 11, 2012 7:56 AM in response to Alfista_SK

Don't worry, it'll work eventually, I almost completely gave up and just had 2 seprate directories because it was drving me mad.


Let's not worry about profile manager for now. You don't need to do those steps you're trying to do. I didn't do any of that and profile manager works fine. Can you log into the profile manager (as the Lion Server admin)?


When you're connecting to the shares with AD accounts are you just typing in name and password or domain\name and passoword?


I need more information. What is exactly happening when you try to log in as a an AD user?


On the client can you open up the Console.app in Application\Utilites and see if there are any errors in


/var/log/opendirectoryd.log

Reply
User profile for user: furby
furby
User level: Level 1
39 points

Jul 11, 2012 8:07 AM in response to Sinerg1

I don't have my iPad enrolled so let me give it a try. Excuse me for being brief, I'm just heading out.


If it asks you to enroll again it might not have worked first time. On the iPad what do you see in General -> Profiles? Should be a trust profile and remote management.


The profile payloads are for osx. ios and osx. ios only so you might have some imac setting that will copy. Also varies a little with user settings and device settings. Sure you can figure that out though.


No, you can just e-mail that file to the iPad if you want.

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 11, 2012 8:08 AM in response to furby

The profile manager is working, I can log like a admin, but only I dont understand why i can't see it. I'm not worry. :-)


I use only the name and password.


I give there a login password and then enter. After that happens only shaking the password row. Thats all. The same thing happens when I use users witch I don't give the home folder. (The permissions should be OK to the home folder on win server)


Can you tell me how can I change the home directory, so that is on the Mac server only for users that will be on macs?


I have there any error:


2012-07-11 15:10:48.532 CEST - Module: SystemCache - Misconfiguration detected in hash 'GlobalSID':

User 'atest' (/LDAPv3/lionserver.testsunteq.sk) - ID 1025 - UUID 9637C905-832E-4FFA-8612-A65326B6CDD8 - SID S-1-5-21-1043748137-2579697248-3877990931-3050

User 'appletest' (/LDAPv3/lionserver.testsunteq.sk) - ID 1025 - UUID F62B4F16-A596-4F94-BA7C-595F375DCC93 - SID S-1-5-21-1043748137-2579697248-3877990931-3050


I have found this:


https://discussions.apple.com/thread/3213001?start=0&tstart=0


but I cant find the: Inspector/Config/augmentconfiguration


in witch should I change some things that will perhaps help.

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 12, 2012 2:34 AM in response to Alfista_SK

I found this:


http://www.scribd.com/doc/84523543/34/Augmented-Records


but it's on snow leopard and I can't find many functions in lion that are described there.


I would like to ask you if you can tell me (detailed) how you have seted the permisions and home folders on your AD server, what you set in OD server after binding and was nesesery for users and what you set on client side.


I have client bined only to OD server, but now I readed that there should be the binding to AD server to... do you something abou it?

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 12, 2012 8:06 AM in response to furby

I'm here again with new test infos ...


I have tested what happens when I add second bind with AD server on client, so I can log and I have home folder on the client system not on server and the servers home folder is automaticaly mounted.

The same happens when I removed the OD server from binding and left there only AD server.


I have only one problem with all. And that's the home folder on OD server. I have checked that the Users shared folder is activated for home folder, but nothing happens. I think when I some where change the home folder from AD server to OD server, then all will work.


And by testing I found one thing. I have on mac server started file sharing for SMB and AFP, but win server can't connect to my mac server on my shared disks ... Do you now why?

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 16, 2012 4:29 AM in response to furby

I have a another question to my problem.


When I bind the two servers, is on mac needed to kerberize it that the server know that he shoul take all infos from AD server?


My latest test, that I have on client maschine seted both servers AD and OD, on AD server I have changed the home folder over network sharing to mac server and when I will log then he ask normaly for password, but than ask me again for password but now for mac sharing where is my home folder and now the same password isn't working. But when I give the password for normal share is OK.



User uploaded file

Reply
User profile for user: furby
furby
User level: Level 1
39 points

Jul 20, 2012 2:24 AM in response to Alfista_SK

Busy at work so sorry for dropping in and out of this discussion.


I have some problems getting connected to mac shares from windows, asks for passwords but doesn't connect. Not had time to figure it.



You don't need the client machine bound to the OD and the AD, it should just be bound to the active direcotry. That looks correct for the home folder. When you're logged on as an Active Directory user, can you connect to the home folder manually(via FInder Go->Connect to Server)? And can you write to it?

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 20, 2012 2:39 AM in response to furby

No problems.


I don't now why but on one Lion server I have the same problem. I have active sharing with both (AFP, SMB) and Win server can't connect.


I think I need, when I will use Apple servers services ...

When I have bound the client to the AD server all is working but I have problems to connect to network home foldes. Local are working corectly.

Reply

Lion server bind to Windows AD server...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up