Bind mac os to AD

Question

Level 1

2 points

Bind mac os to AD

Hello,

I want to bind my OSX Maverick Server to our AD. I would like our users to be able to use their habiutal AD credentials to log on profile manager.

I'm pretty sure i'm doing everything fine. From the directory utility, I select "Active Directory" and then enter our AD domain with administrator credentials. But then i click on the bind button I get an error message saying that the authentication server could not be contacted.

Is there anything I am missing to get this work?

Thank you for your assistance,

Pierre

Mac mini, OS X Server

Posted on Mar 4, 2014 1:46 PM

Reply

Answer 1

pafrock

Level 1

8 points

Jun 21, 2017 3:07 PM in response to Pierre051

Hi Pierre051,

I just want to chime in here as another option for some that may also be experiencing this. If working with AD on Windows Server you will want to match your computer name in Sharing with Domain settings in Directory Utility. Perhaps the Network settings aren't correct. Then you may have a cable that is not fully inserted into the Ethernet adapter... haha

Reply

Answer 2

Mar 4, 2014 2:17 PM in response to Pierre051

DNS and time are your two most critical pieces. If your AD domain is something.local, you will have some work to do as you are colliding with Bonjour namespace. If the DC does not have complete DNS (A, PTR, and all SRV records in place), then you will not be able to query the network for things like global catalog.

And finally, if your date and time are off by as little as 1 minute, you may fail to join the domain. Sounds like you are failing before this as you do not mention getting the authentication dialog.

Check your DNS and name space.

R-

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Reply

Answer 3

Mar 4, 2014 7:51 PM in response to Strontium90

Open Terminal.

Issue the command :

ping your-domain-name...

You should get back the IP number for one of your AD domain controllers.

If not you have DNS issues as Strontium90 suggests.

Generally, your DHCP service should be set up to provide clients with DNS server IPs = those of your AD controllers.

Reply

Answer 4

Pierre051 Author

Level 1

2 points

Mar 5, 2014 8:54 AM in response to Pierre051

Hello,

Thank you for your answers.

I actually can ping my domain name. Strontium90, everything seems to be fine for my DNS as far as I know.

I'm having problem with this osx server since day one, getting frustrated.

Reply

Answer 5

Pierre051 Author

Level 1

2 points

Mar 5, 2014 11:26 AM in response to Pierre051

In console, im doing the following :

dsconfigad -f -domain mydomain.ca -u Administrator

Getting this error message:

dsconfigad: Authentication server could not be contacted. (5200)

I can ping the domain, i can do a lookup by the network utility, but still cant bind to the domain.

Reply

Answer 6

Mar 5, 2014 11:40 AM in response to Pierre051

Here is some guidance from Apple that may help you:

http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf

Are you able to bind Windows successfully to AD in your location?

I have seen squirrely bind behavior by Mac OSX in the past (circa OSX 10.6) when the DCs were far away on a WAN connection. AD clients are expected to examine the directory and bind initially to the DC that is closest. I have found that Macs don't always use the closest DC. The initial bind creates a machine account on a single DC. This account is then replicated across all the DCs. I have expereinced inconsistent flaky behavior by Macs while replication was occuring. One remedy for this phenomena is to manually pre-define the Mac Computer account in Windows AD, wait for replication to complete and then attempt to bind the Mac.

Finally, be aware that your Mac clients will not be able to use AD credentials just becuase you've bound your Mac Server to AD. It doesn't work that way. Each Mac client must be individually bound to AD.

Reply

Answer 7

Pierre051 Author

Level 1

2 points

Mar 5, 2014 1:24 PM in response to Strontium90

Hello Strontium90,

Thanks to you, my problem is solved.

My problem was that we have 2 DNS servers in our environnement since we have an hybrid environnement (Novell and Microsoft). One DNS server on a linux machine which is our principal DNS server and one on our Microsoft machine use for Exchange.

My mac server was getting via DHCP our main DNS server which doesnt had A, PTR, and all SRV records in place. So, i changed the setting on my mac server to use the DNS server from my microsoft DC, and now i'm able to bind to it!

Thank you for your assistance, and btw sorry for my bad english, i'm french!

Pierre

Reply