judsoncollege
asked on
Integrating OSX into Active Directory
We are trying to bind a Mac using OSX to Active Directory. Most of our Macs have no problem, but there is one that is not being cooperative. The one place that I think I am having the problem is in "Directory Access". Under Authentication and also under Contacts we have the following listed:
/NetInfo/DefaultLocalNode
/LDAPv3/10.100.0.60
The one option that we cannot add that all of the other Macs have is the following:
/Active Directory/All Domains
I think if we can add that we should be all set. However, if I click the "Add" button the only option I have to add is:
/BSD/local
Any thoughts how I can get /Active Directory/All Domains as an option?
Thanks for the help.
/NetInfo/DefaultLocalNode
/LDAPv3/10.100.0.60
The one option that we cannot add that all of the other Macs have is the following:
/Active Directory/All Domains
I think if we can add that we should be all set. However, if I click the "Add" button the only option I have to add is:
/BSD/local
Any thoughts how I can get /Active Directory/All Domains as an option?
Thanks for the help.
ASKER
I tried deleting the profile and adding things back in, but still nothing. For some reason I still don't see /Active Directory/All Domains under Authentication and also under Contacts. It still seems to me that if I could see that then I could bind the computer.
Is that true?
Is that true?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are running OSX 10.4.3 I will check the rest of this out and see what I can see, but it just seems odd that we didn't have to do any of this other stuff for all of our other Mac's. Even this one use to work. It was bound at one time, but wouldn't authenticate. When I unbound it and tried to rebind it wouldn't work.
I'l let you know what I find out.
Greg
I'l let you know what I find out.
Greg
ASKER
Mazaraat,
It looks like the solution was a little easier than I thought. It ended up being the time on the Mac. I didn't realize that the drop down box for the time server allowed you to type your own time server into that box. Looks like the apple time server was off by about 5 minutes from the Navy time server, shich is what we go by. When the time dropped out far enough the Mac's must have been unbound from the domain. We couldn't bind them again until the time on the Mac's got sync'd back up t within 5 minutes of our time server. We entered out time server address into each of the Macs and it seems to be working fine.
I will go ahead and award you the points for being so helpful.
Thanks for your time.
It looks like the solution was a little easier than I thought. It ended up being the time on the Mac. I didn't realize that the drop down box for the time server allowed you to type your own time server into that box. Looks like the apple time server was off by about 5 minutes from the Navy time server, shich is what we go by. When the time dropped out far enough the Mac's must have been unbound from the domain. We couldn't bind them again until the time on the Mac's got sync'd back up t within 5 minutes of our time server. We entered out time server address into each of the Macs and it seems to be working fine.
I will go ahead and award you the points for being so helpful.
Thanks for your time.
Thanks...I have seen that same problem with windows servers when I was troubleshooting a replication problem....sometimes its the small things that get us.
In 10.4.x, I activated Active Directory in Directory Access, with my Exchange Domain and my Mac's name.
Then I went into System Preferences > Network > (my server's connection method) > TCP/IP > and added the IP address of my DNS server and the name of my domain, that I was able to get in with SMB://your server or NAS's IP address here
-Vic
Then I went into System Preferences > Network > (my server's connection method) > TCP/IP > and added the IP address of my DNS server and the name of my domain, that I was able to get in with SMB://your server or NAS's IP address here
-Vic
http://www.bombich.com/mactips/activedir.html
Make sure to create a NEW entry in the directory services:
Configure Directory Services to look to the AD server for authentication information
Open the Directory Access application located in the Utilities folder.
Click on "LDAPv3" and click on "Configure". You may need to click on the lock in the lower left corner first to allow changes.
Uncheck the "Use DHCP supplied LDAP server" checkbox and click on the disclosure triangle next to "Show Options".
Create a new configuration by clicking on the "New..." button and provide the appropriate information, for example [Screenshot]:
name: Active Directory
server name: ad.apple.com
LDAP mappings: Active Directory
Search base suffix: dc=apple,dc=com
Click on the "Edit..." button to edit the configuration
Set the timeouts to 10 seconds each
Click on the check box to use authentication and provide the distinguished name and password that you obtained from your Network Administrator. For example:
Distinguished Name: cn=apple test,cn=users,dc=apple,dc=
Password: testapple
If you require access to the global catalog or SSL support, check the appropriate boxes and indicate the custom port required. [Screenshot]