Apple OSX 10.4 Cannot connect to Windows Server 2008 SBS

I cannot join the domain from an apple osx 10.4 box. I had this apple connected to a windows 2000 SBS server. I cannot even ping the domain controller by name from the apple. I can ping the domain controller ip address. I am able to get an ip address from the server however, and all of the settings look correct.
I need to get this thing on the network and sharing files on the server.
LVL 1
fi8224Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nappy_dThere are a 1000 ways to skin the technology cat.Commented:
OK let's start slow and can you provide me some answers:

  1. Do you have a DHCP server on your network?
  2. Can you browse the internet?
  3. Do you have an internal DNS server on your network?
  4. Please post a screenshot of your network settings.
  5. What is the version of 10.4? e.g. 10.4.5 or 10.4.11?
0
Britt ThompsonSr. Systems EngineerCommented:
to ping the domain controller by name (assuming DHCP is assigning the DC as the DNS server) you need to append the domain suffix to your network settings. It's a good idea to do this within DHCP if you have access to the settings. In the section where it says "search domains" in your network settings on the mac assign your domain suffix IE. domain.lan.

Also, probably before the mac will be able to connect to server resources you typically have to change these two group policy objects on the 2008 server:

Microsoft network client: Digitally sign communications (always) set to disabled
Microsoft network server: Digitally sign communications (always) set to disabled
0
fi8224Author Commented:
It's a SBS 2008 configuration, it's doing DHCP, I can browse the Internet just fine. DNS works for everything else that I've tried. I'm not sure what exactly the version of 10.4 is but I did just do an update of 168 mb. Ok another little nuance. I can see the domain when i do an nslookup from the apple box. when i do an nslookup i can see the server, ip address and domain name. Go figure. So I'm now leaning to trying to understand what renazonse is asking me about the suffix.
I've already done the group policy changes. So that should be good. The thing I don't know about is the appending of the domain suffix. Can you be a bit more specific about this. I've never had to do this before in my 15 years of networking, so I'm not sure what exactly you are telling me to do. The domain controller is handing out Dhcp and yes the SBS server is the domain controller. How do I append the domain suffix to the network settings. I'll look up the 'search domains" now.
0
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Britt ThompsonSr. Systems EngineerCommented:
Appending the domain suffix is something that's automatically done to a PC when it joins a domain. If a pc is joined to a domain it's FQDN looks something like this: computer.domain.local and your server is server.domain.local. I'd imagine if you go to the mac and try to ping your server's FQDN server.domain.local you'll get a response. If you don't append the suffix in the network settings on a mac it flat out will not ping the server by it's short name. I always add the domain suffix into the settings within DHCP so it's pushed out automatically. A screenshot of where the setting is is attached:

System Preferences > Network > Built-In Ethernet or Airport > TCP/IP > "Search Domains" field > type in domain.local (obviously replaced with yourdomainname.local)
Picture-1.png
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Appending the domain name is easier set on your dhcp.

Are you trying to join a domain with your mac?
0
fi8224Author Commented:
I am trying to join the domain with the Mac. I've never had to do the append before on a Mac to get it to work. Sounds like it would have been easier if I did. I can connect to the server by using the "connect to"  but it's not consistant and leaves too much maintenance up to the end user. Joining the domain like I had it before on the old server would correct all that. How do I use DHCP to append the domain?
0
Britt ThompsonSr. Systems EngineerCommented:
In your DHCP management console browse to "Scope Options" > right click on "Scope Options" > select configure options > find DNS Domain Name > type in yourdomain.local > ok > go to the client and renew the DHCP lease.
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
ok to do this, you need to:

  1. go to your utilities folder
  2. open the application directory access
  3. place a check mark in the box for Active Directory
  4. click on configure for Active Directory
  5. Enter your forest name
  6. Enter your Active directory Domain name the FQDN!!
  7. Enter your computer name
  8. under user experience click the box Create mobile account
  9. Click administrative
  10. Enable preferred domain server
  11. Eter your preferred domain server name
  12. Click on bind
  13. Enter your domain credentials
Picture-195.png
0
fi8224Author Commented:
This is what  I can't do. When I try to join the domain I keep getting an invalid username and password error. So since I couldn't ping the server, I've been assuming that that is what is twisting up the configuration. That's why I was thinking that the extending the suffix might help.
0
fi8224Author Commented:
Oh, and I already had the domain option included in DHCP.
0
Britt ThompsonSr. Systems EngineerCommented:
Is this a .local domain suffix? You'll have some real trouble with it if that's the case. Apple's local Rendezvous address uses .local and this has been a major hassle in the past.
0
Britt ThompsonSr. Systems EngineerCommented:
Can you ping the FQDN of the server?
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Joining a domain in this fashion should not be a problem as long as you are entering your FQDN such as mydc.mycompany.com

Do not use the NetBIOS name mycompany.  With AD domain joining and Macs it does not work.

Also make sure that the user performing the join has AD administrative permissions.
0
fi8224Author Commented:
the domain name is "domain-int.local". And no I cannot ping the fqdn of the server. I can ping the ip address. I can even do an nslookup, because it queries the domain server as the name server and comes up with all of the correct information. I mentioned this above allso. It's the most perplexing thing.
0
Britt ThompsonSr. Systems EngineerCommented:
If you want to join the domain you'll need to disable bonjour:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

turn it back on:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Is the mac using the AD server as it's primary DNS server? Also, try creating a new network location instead of using Automatic. This may clear up any unwanted settings in the network stack.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fi8224Author Commented:
The mac is using the AD server as the DNS server. I will try creating a new network location.
Now about disabling bonjour. Can it be done just while i do the actual joining of the domain and then reenable it. Or would that be a permanent thing. And how exactly do I do this. Is this a command I enter on a run line in apple. Or in a terminal window?
An what will the repercussions be when I turn off Bonjour. I guess it won't automatically discover the network printers anymore as one thing.
0
Britt ThompsonSr. Systems EngineerCommented:
You run the commands from the terminal and there will be a bit of lost functionality, like bonjour printing or iChat, but AppleTalk will still work for printing.

I'm not sure about re-enabling it...can't hurt to try once your bound. If it doesn't work, turn it back off.
0
fi8224Author Commented:
To be exact, I first set the dhcp setting to "manual" and put in all of the same settings that the mac got from dhcp. I can't understand why that would make a difference, but I was then able to ping the domain name and the server by name.
At that point I still couldn't join the domain.
I then disabled the bonjour and "voila" I was able to join the domain.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple Networking

From novice to tech pro — start learning today.