Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Insufficient privileges error when binding to A.D.

Brian,


Two things I have done to make AD plugin work is:

1) ensure that DNS info is available

make a file called "vfs.local" in the /etc/resolver/ with DNS servers listed.

If your network has a special naming system use that, i.e. "servername.vfs.local"

2) Use dsconfigad command

Join on the command line with dsconfigad and specify a preferred domain controller.

Helped us out here, YMMV



:)

Mat X

Senior Technician, IS & Telephony

http://www.vfs.com <http://www.vfs.com/>

VFS. Creative. Disciplined. Focused.




On Jan 24, 2005, at 6:13 PM, Brian Cave wrote:

We just recently rolled out Active Directory with kerberos to our PC users (98% of our systems, NT through XP OSes) and all is finally well there. Now I get my turn to join the few Macs we have to A.D. and I keep getting this error every time I try and bind my machine to our Win2003 Active Directory domain server. This did not happen when we originally ran A.D. tests against my system in our test lab (surprise surprise). Everything worked perfectly there.

I have Googled for information about this error and have tried the following without any luck:
1. Create machine entry first then bind as well as try without such an entry
2. Made my account a member of the Domain Admins and can successfully bind my Win2K Virtual PC partition (virtual network adaptor being used on separate IP address) but can't bind the Mac (local admin on the Mac).
3. Deleted mcx cache in NetInfo Manager and restarted many times.
4. Modified my A.D. account so that it has direct authority to manage machine entries.
5. Tried different machine names.
6. Tried both wireless and via wired ethernet connections (AirPort off).

Setup is two A.D. servers (main and backup) with the main also performing DNS and licensing roles (possibly other related roles). Mac is a PowerBook G4 running OS 10.3.7 (current patches) with AirPort Extreme. All systems are in the same subnet and can talk to each other. DNS is working as best I can tell.

I have turned on DirectoryServices debug mode and found a reference to failing to connect to LDAP server error 81 (or sometimes 32). I am using the A.D. plug-in, not LDAP. This error is at the very end of the process after many successful authentication log entries with the same server which makes little sense either.

From some searching others have experienced this with 10.3.3 through 10.3.5 but I have tried all their suggestions without any luck (hence the above list). I am completely stumped. Anyone else run into this and found a solution?

Thanks in advance,

Brian Cave,  Interface Analyst
Information Services,  La Porte Hospital
Office: (219) 325-5436  <mailto:email@hidden>

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden
References: 
 >Insufficient privileges error when binding to A.D. (From: Brian Cave <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.