Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attempting Active Directory Bindings in 10.4.3

What does dsconfigad -show return in Terminal?
Can you get id information for the "id [username]" command in Terminal?

On Nov 16, 2005, at 3:42 PM, John Buell wrote:

Went through these, made sure that the Active Directory search comes up
before my LDAP server (from Workgroup Manager), but I'm still only getting
the logon window to shake at me when I type in my Active Directory user name
and password.


On 11/16/05 2:18 PM, "Michael Bumbalough" <email@hidden>
wrote:


Here is what works for me:

1. Make sure that the client's DNS settings are pointing to the DNS for
the Windows Domain.
2. Configure the AD Plug-in with the FQDN of the AD domain
3. In the Advanced Options of the AD Plug-in on the User Experience tab,
check create mobile account. You can use a Windows Home Directory for a
network account, but you will have to create the Documents,Music, Movies,
and Pictures folders in it.
4. In the Advanced Options of the AD Plug-in, on the Administrative tab,
check Allow Administration By. I leave the Preferred Domain Server
unchecked because it will prevent you from logging in if that particular
DC is down. Any good AD deployment has more than one DC for that reason.
I have never been able to get the client to login when the Allow
Authentication from any domain in the forest was checked, so I clear that
one too.
5. Bind and click OK.
6. In Directory Access, Select Authentication. Change to Custom and
click add. Select the Active Directory domain you just joined.

I have had this work for me since 10.4 came out with no problems. As a
matter of fact, I sync my PowerBook to my home directory which is on a
server in an AD domain. I was having a problem with 10.4 querying the DC
too many times in a given time frame and locking my account, fortunately I
am a Windows administrator so it wasn't an issue. 10.4.3 seems to have
taken care of that problem.

Good luck.


Mike Bumbalough
Network Systems Analyst
School District of Manatee County
(941)708-8800 Ext. 1021




--
John Buell
Computer Technician
Kane County School District 129
North Aurora, Aurora and Montgomery, IL


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (Client- email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/philburk% 40mac.com

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden
References: 
 >Re: Attempting Active Directory Bindings in 10.4.3 (From: John Buell <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.