kalvillo
asked on
Binding problems in Mac OSX
Hi.
I have a Windows 2003 environment... in my lan, i have two MacOSx boxes (one with Leopard, the other with the previous OS... I think is Tiger).
Until yesterday, all my Macs were working flawless, but for some unknown reason, the Tiger Mac lost the binding with Active Directory yesterday and all connection with my server (Server01).
If i try to connect to a Server01 share (smb://server01/share), Mac returns me an error telling me that "the login and password were incorrect", but the connection never asks me for any login information... i tried erasing all the entries in my keychain, but up to now, it has been useless; if i try to access to my server using Finder/Network, my server doesn't appear.
Now, when i try to bind this computer to Active Directory (my active directory name is server01.mydomain.com), the process freezes in the 5th step and after a lot of time, it tells me that "an unknown error was detected".
If I ping my server, it answers me, so i think it's not a network problem.
What can i do?
Thank you
(By the way, i'm not a Mac OS expert, so if you can answer me a procedure step by step, it would be appreciated)
I have a Windows 2003 environment... in my lan, i have two MacOSx boxes (one with Leopard, the other with the previous OS... I think is Tiger).
Until yesterday, all my Macs were working flawless, but for some unknown reason, the Tiger Mac lost the binding with Active Directory yesterday and all connection with my server (Server01).
If i try to connect to a Server01 share (smb://server01/share), Mac returns me an error telling me that "the login and password were incorrect", but the connection never asks me for any login information... i tried erasing all the entries in my keychain, but up to now, it has been useless; if i try to access to my server using Finder/Network, my server doesn't appear.
Now, when i try to bind this computer to Active Directory (my active directory name is server01.mydomain.com), the process freezes in the 5th step and after a lot of time, it tells me that "an unknown error was detected".
If I ping my server, it answers me, so i think it's not a network problem.
What can i do?
Thank you
(By the way, i'm not a Mac OS expert, so if you can answer me a procedure step by step, it would be appreciated)
Known problem on the Leopard server, only solution right now is to stop and start the AFP/SMB file server. Fixed in 10.5.2 I am told.
True, but Kalvillo says his problem is binding a Tiger Mac to a Windows 2003 server, unless I misread the initial post.
Check the system time on the OSX box. If it is more than 5 mins out from the domain controller, you'll lose access.
ASKER
I checked the system time... that's not the problem.
strung> apparently, your solution is what i need, but the procedure that you shared with me is not very clear... do you have a more specific procedure?
strung> apparently, your solution is what i need, but the procedure that you shared with me is not very clear... do you have a more specific procedure?
I don't, I am afraid.
On your Mac client machine, try setting aside
/etc/krb5.conf
/Library/Preferences/edu.m
and if it exists,
/etc/krb5.keytab
and if it exists,
/Users/<yourusernamehere>/
and then re-binding the client.
You might also want to read
http://web.mit.edu/macdev/KfM/Common/Documentation/preferences-osx.html
/etc/krb5.conf
/Library/Preferences/edu.m
and if it exists,
/etc/krb5.keytab
and if it exists,
/Users/<yourusernamehere>/
and then re-binding the client.
You might also want to read
http://web.mit.edu/macdev/KfM/Common/Documentation/preferences-osx.html
Before you delete your Kerberos preferences have your tried this...
go in to /System/Library/Core Services ad launch the Kerberos Application.
Click on new and acquire a new kerberos ticket for your AD domain.
go in to /System/Library/Core Services ad launch the Kerberos Application.
Click on new and acquire a new kerberos ticket for your AD domain.
A good thing to try, but my point was to *set aside* those files not delete them.
A bad file or one with incorrect info could still prevent getting a new/proper ticket, so the step of putting aside the files may still be necessary.
A bad file or one with incorrect info could still prevent getting a new/proper ticket, so the step of putting aside the files may still be necessary.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's more likely to be a Tiger problem than a server problem. Tiger broke a lot of things that worked perfectly well in Panther (10.3). If no one can come up with a fix, one solution could be to put Panther on it.
Well, Tiger fixed alot of things that never worked right or easily or reliably in Panther ;)
*Especially* Active Directory binding. In a big way.
First, try deleting the computer account for the Mac OS X Client machine (and/or the server if you can't bind it still), then unbind via the Directory Access tool (yes, still "unbind"), and then rebind via that tool.
On the client, you might also want to try (in the Terminal):
dscacheutil -flushcache
and try rebinding.
Also, DNS is critical here. If you've done a fresh install of 10.4 (with all updates) and can't bind a client to your AD, then it's really quite probably *not* a Mac OS X issue.
Are you putting anything in the "search domain" field in System Preferences > Network > Built-In Ethernet (or, whatever name is assigned to the LAN port) ?
What's the name of the server you're trying to bind to ?
Can you resolve its FQDN from Mac OS X via: dig fqdn.youradserver.com
and
dig -x ip.address.ofserver
If clients are also bound to your OD Master (OS X Server) you might want to see
http://docs.info.apple.com/article.html?artnum=300765
*Especially* Active Directory binding. In a big way.
First, try deleting the computer account for the Mac OS X Client machine (and/or the server if you can't bind it still), then unbind via the Directory Access tool (yes, still "unbind"), and then rebind via that tool.
On the client, you might also want to try (in the Terminal):
dscacheutil -flushcache
and try rebinding.
Also, DNS is critical here. If you've done a fresh install of 10.4 (with all updates) and can't bind a client to your AD, then it's really quite probably *not* a Mac OS X issue.
Are you putting anything in the "search domain" field in System Preferences > Network > Built-In Ethernet (or, whatever name is assigned to the LAN port) ?
What's the name of the server you're trying to bind to ?
Can you resolve its FQDN from Mac OS X via: dig fqdn.youradserver.com
and
dig -x ip.address.ofserver
If clients are also bound to your OD Master (OS X Server) you might want to see
http://docs.info.apple.com/article.html?artnum=300765
http://macwindows.com/ADinstruct.html#101707b
or more generally:
http://macwindows.com/AD.html