Thread-topic: Attempting Active Directory Bindings in 10.4.3
User-agent: Microsoft-Entourage/11.2.1.051004
Dsconfigad -show results in:
You are bound to Active Directory:
Active Directory Forest = domain.net
Active Directory Domain = domain.net
Computer Account = mac-jbuell
Advanced Options - User Experience
Create mobile account at login = Disabled
Require confirmation = Enabled
Force home to startup disk = Disabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb:
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = domain\domain admins,domain\enterprise
admins
Authentication from any domain = Enabled
Advanced Options - Static maps
None
MAC-JBUELL:~ buelljd$ id jbuell
uid=834315997(jbuell) gid=1972167813(D129\domain users)
groups=1972167813(domain\domain users), 1025(adusers), 81(appserveradm),
1227302558(domain\domain_technicians), 353220042(domain\admin_users),
1623269779(domain\sophosadministrator), 1419159470(domain\domain admins),
267633726(domain\administrators), 79(appserverusr),
852718252(domain\wh_techs), 80(admin)
Note that buelljd is my local Mac's admin account, and jbuell is my AD
domain account.
On 11/16/05 3:20 PM, "Phillip Burk" <email@hidden> wrote:
> What does dsconfigad -show return in Terminal?
> Can you get id information for the "id [username]" command in Terminal?
>
> On Nov 16, 2005, at 3:42 PM, John Buell wrote:
>
>> Went through these, made sure that the Active Directory search
>> comes up
>> before my LDAP server (from Workgroup Manager), but I'm still only
>> getting
>> the logon window to shake at me when I type in my Active Directory
>> user name
>> and password.
>>
>>
>> On 11/16/05 2:18 PM, "Michael Bumbalough"
>> <email@hidden>
>> wrote:
>>
>>
>>> Here is what works for me:
>>>
>>> 1. Make sure that the client's DNS settings are pointing to the
>>> DNS for
>>> the Windows Domain.
>>> 2. Configure the AD Plug-in with the FQDN of the AD domain
>>> 3. In the Advanced Options of the AD Plug-in on the User
>>> Experience tab,
>>> check create mobile account. You can use a Windows Home Directory
>>> for a
>>> network account, but you will have to create the Documents,Music,
>>> Movies,
>>> and Pictures folders in it.
>>> 4. In the Advanced Options of the AD Plug-in, on the
>>> Administrative tab,
>>> check Allow Administration By. I leave the Preferred Domain Server
>>> unchecked because it will prevent you from logging in if that
>>> particular
>>> DC is down. Any good AD deployment has more than one DC for that
>>> reason.
>>> I have never been able to get the client to login when the Allow
>>> Authentication from any domain in the forest was checked, so I
>>> clear that
>>> one too.
>>> 5. Bind and click OK.
>>> 6. In Directory Access, Select Authentication. Change to Custom and
>>> click add. Select the Active Directory domain you just joined.
>>>
>>> I have had this work for me since 10.4 came out with no problems.
>>> As a
>>> matter of fact, I sync my PowerBook to my home directory which is
>>> on a
>>> server in an AD domain. I was having a problem with 10.4 querying
>>> the DC
>>> too many times in a given time frame and locking my account,
>>> fortunately I
>>> am a Windows administrator so it wasn't an issue. 10.4.3 seems to
>>> have
>>> taken care of that problem.
>>>
>>> Good luck.
>>>
>>>
>>> Mike Bumbalough
>>> Network Systems Analyst
>>> School District of Manatee County
>>> (941)708-8800 Ext. 1021
>>>
>>>
>>>
>>
>> --
>> John Buell
>> Computer Technician
>> Kane County School District 129
>> North Aurora, Aurora and Montgomery, IL
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Client-management mailing list (Client-
>> email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> http://lists.apple.com/mailman/options/client-management/philburk%
>> 40mac.com
>>
>> This email sent to email@hidden
>>
>
>
--
John Buell
Computer Technician
Kane County School District 129
North Aurora, Aurora and Montgomery, IL
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
