Can't join OS X (10.6.6) to AD domain...
I'm trying to join a OS X server to my 2008 AD domain but I'm having some issues...
I have enabled the Active Directory utility on the mac and then I've double-clicked it and filled in the domain and even given it a 'preferred' DC to contact. Then I've given it the enterprise admin account and click bind, but when I do that I get:
"unable to access domain controller. This computer is unable to access the domain controller for an unknown reason"
DNS is working well on the Mac and I can ping the domain controller by IP and FQDN, and vice versa.
I don't see anything in the log about this either.
Can anyone tell me how to get past this so that I can take advantage of AD groups and users on the Mac server?
I have enabled the Active Directory utility on the mac and then I've double-clicked it and filled in the domain and even given it a 'preferred' DC to contact. Then I've given it the enterprise admin account and click bind, but when I do that I get:
"unable to access domain controller. This computer is unable to access the domain controller for an unknown reason"
DNS is working well on the Mac and I can ping the domain controller by IP and FQDN, and vice versa.
I don't see anything in the log about this either.
Can anyone tell me how to get past this so that I can take advantage of AD groups and users on the Mac server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
orbistechnology
Just for clarification, on your Mac, is your DNS set to be the domain controller - and *only* the domain controller?
Have you tried:
Not specifying a DC
Binding into another CN or OU
Not specifying a DC
Binding into another CN or OU
have you tried the short domain name and the FQDN for the domain ? try not specifying a specific DC, whats in the OSX logs when you try to join (use console viewer).
ASKER
tried it with:
-domain and domain.com
-with and without specifying the DC
-it only uses the 1st and 2nd DC for DNS
-same results when binding to another OU
-domain and domain.com
-with and without specifying the DC
-it only uses the 1st and 2nd DC for DNS
-same results when binding to another OU
and there is nothing in either the AD event log, or the directory log under OSX for the time the join is taking place ?
Are the clocks in sync ?
Can you repair permissions on the mac server and try again?
Can you repair permissions on the mac server and try again?
Good point baxter. Clocks must not be out of sync by more than 5 minutes or Kerberos will break.
ASKER
sorry for the delay. Clock is in sync to the second.
ASKER
never could find an answer to this one.