Lion server bind to Windows AD server...

Let's assume you have things setup correct and try this way:

On the Lion Server.

1. System Preferences
2. Users and Groups
3. Login Options (click the lock to Authenticate)
4. Network Account Server and click Edit...
5. Click on the +
6. Enter your AD domain name like apple.local or whatever it is for you.

More options should drop down, enter whichever account lets you bind to the network (you don't need the domain\username just username).

I'm at a machine that's already bound to the domain but I think there rest is fairy straight forward.

I think there is a little something getting lost here but let's see if we can work this out. I think I know what's going on but just to be sure.

Can you bind a mac client to the AD?

Not true. You can bind to the AD (Server 2008/3) without the Lion Server.

What you can't do is mange the machines (and to a lesser extent user settings) without the Lion Server and more specifically Profile Manager. But let's not go there yet.

I thought you had another problem so this is a little trickier than I thought. If we can sort this out on a client machine we can then sort out the server.

Did you bind the Client machines to the OD? And you're using the Exact same information (domain, user, pass) when binding the windows clients and Lion clinets?

In the Network Utility app go to the Lookup tab and put in the DC does it return an IP ad FQDN? (server.domain.local)?

Yes, all my lion machines and servers are bound to our Server 2008 R2 active directory. Mercifully that's the easiest part.

Cool, good that DNS is working. This is essential as Mac systems tend to rely more heavily on it.

Your problem is how you've setup the OD. What you need to to do it destroy/break your OD, bind to the AD first. Once you've bound to the AD then create a Open Directory Master.

I'm a bit wary of posting this as it's different on 10.7 but this is the general order:

http://docs.info.apple.com/article.html?path=ServerAdmin/10.6/en/odfd7c23d9.html

To get clients into your OD you need to then enroll them using the profile manager. If you don't need external access just start at the section "Provided the Welcome to Lion Server page loads, click on the Profile Manager service. Here, click on the Configure button.

"

http://krypted.com/iphone/setting-up-profile-manager-in-lion-server/

Hopefully this is helpful. The next step would be creating Augmented Records but I don't want to get too far ahead.

Lots's of questions there. I'll try and aswer them in order.

1. If you haven't no, you probably don't need to.

2. Yes

3. Yes

No, use Profile Manager to enroll devices, not users but let's get back to that later.

Yes, it's still bound when you change to OD master.

No, at least from my experience, you need to import users each time. I think you already know how to do this but just in case http://www.apple.com/education/resources/information-technology.html#dual-direct ory-architecture

Yes, it doesn't work if you do it in that order for some reason. I didn't feel like it was worth my time trying to figure it out but feel free to 😉

I don't know. Are all your clients 10.7.4?

Yes. Do it before.

I forget about if the service need to be runnign or not. Try it without first.

Hi,

I am also having this exact same issue and followed your (furby) steps as much as possible with no luck. I just can't seem to bind to AD but will happily bind to ldap...

Our client machines happily bind to AD but the server will not. As Alfista last mentioned, it sounds like he is doing a clean install of lion and I was hoping to avoid this, do you have any alternative guidence furby?

Cheers.

Same error? If you're clients can connect but not the server that would seem to be the source of the problem. Do you get a proper response when you do an nslookup for the Domain Controller?

I suspect the problem is a DNS one but that will be tricky to troubleshoot.

I actually had an idea for a workaround for Alfista_SK but I don't see why you couldn't try it as well. I'll post it when I get a moment later.

Brilliant furby!

The server was initially setup for a previous colleague who has left and has never been touched since, it was setup to LDAP at first and still currently is. The only server running was the Software Update but since I've had a play around I've configured the Profile Manager but for some reason I couldnt pull users out of LDAP.

However we do have AD also and ideally prefer to be binded to this, it just seems very strange that it doesnt want to bind.

On Server Admin;-

Available Servers (1)

> server.local

• DNS is activated
• Netboot is disabled
• Open Directory Is activated
• Software update is activated

I tried changing the Role on Open Directory as you previously mentioned but this never worked either.

Cheers.