Here is what works for me:
1. Make sure that the client's DNS settings are pointing to the DNS for
the Windows Domain.
2. Configure the AD Plug-in with the FQDN of the AD domain
3. In the Advanced Options of the AD Plug-in on the User Experience tab,
check create mobile account. You can use a Windows Home Directory for a
network account, but you will have to create the Documents,Music, Movies,
and Pictures folders in it.
4. In the Advanced Options of the AD Plug-in, on the Administrative tab,
check Allow Administration By. I leave the Preferred Domain Server
unchecked because it will prevent you from logging in if that particular
DC is down. Any good AD deployment has more than one DC for that reason.
I have never been able to get the client to login when the Allow
Authentication from any domain in the forest was checked, so I clear that
one too.
5. Bind and click OK.
6. In Directory Access, Select Authentication. Change to Custom and
click add. Select the Active Directory domain you just joined.
I have had this work for me since 10.4 came out with no problems. As a
matter of fact, I sync my PowerBook to my home directory which is on a
server in an AD domain. I was having a problem with 10.4 querying the DC
too many times in a given time frame and locking my account, fortunately I
am a Windows administrator so it wasn't an issue. 10.4.3 seems to have
taken care of that problem.
Good luck.
Mike Bumbalough
Network Systems Analyst
School District of Manatee County
(941)708-8800 Ext. 1021
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
