[Fed-Talk] AD issues - Schema Change?
[Fed-Talk] AD issues - Schema Change?
- Subject: [Fed-Talk] AD issues - Schema Change?
- From: Jason Bracy <email@hidden>
- Date: Mon, 7 Apr 2008 22:14:51 -0400
OK, we've had a strange issue pop up all of a sudden. Last Friday my MacBook Pro running 10.5.2 suddenly stopped receiving a Kerberos ticket. When I went into the terminal and did an "id" on a network name it gave me a "User does not exist" error. So figuring that my bind had somehow been lost (as happens occasionally!) I unbound and tried to rebind whereupon I received a message to the effect that the Domain Controller cannot be used for an unknown reason. Looking in AD Users and Computers I found the names of the controllers near me and was able to ping them with no problem.
About 10 minutes later I had a few users tell me that they could not access one of our 10.4.11 Servers and then more users who couldn't access another. So far out of our 10 Tiger Servers all but 2 cannot authenticate to AD. The Tiger machines seem to be bound - I've unbound and rebound a few of them, but none will receive any results from an "id" command, so I know that the bind didn't take.
I downloaded the evaluation copy of AdmitMac, and it seemed to bind, but still won't give me a Kerberos ticket so I'm not sure what's going on. When I send an id command with AdmitMac installed I only receive our OD server groups listed not any AD groups, so I'm assuming that the bind was not 100%
If anyone has any thoughts I'd appreciate it. Tomorrow I'm going to rebuild my machine and see what happens. I don't want to rebuild our servers unless that's my only option. We have a SAN, so I can't upgrade everything to 10.5 yet! I'm thinking that Corporate IT has somehow changed the AD schema and it is no longer Mac friendly, but I can't confirm that yet.
Thanks,
Jason
Jason Bracy | SAIC System Administrator | Corporate Creative Services | phone: 703.676.6145 | mobile: 703.585.1284
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden