• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 557
  • Last Modified:

macs logging on to domain on wireless failing

Hi all -

I have a set of 20 macbooks that are joined to my windows active directory domain. The problem is that they intermittently cannot log in with their AD credentials. I can't see any pattern as far as which users can/cannot log in, sometimes it works for a user and sometimes it doesn't. If I plug in to an ethernet cable, any user can log in though, so I figure it's a problem with the wireless.

Any ideas on how to fix this??
Thanks!
0
SJATechsupport
Asked:
SJATechsupport
  • 13
  • 11
1 Solution
 
AquatoneCommented:
Are the user's computers set to create a mobile account for their use when they do log in?
0
 
SJATechsupportAuthor Commented:
no, I've read that causes a lot of problems so I didn't set them up that way
0
 
jhyieslaCommented:
I've not had any issues at all using the mobile accounts. But if they truly can't see AD, then although using the mobile accounts would allow them to get to their desktop, they still might not be able to connect to AD.

If it always works when wired, then you may be right in that the wireless may be an issue. The first thing I would do is check for interference; a motor of some kind, cordless phones in the old wireless range, or other competing wireless devices from someone next door.   It that all checks out, you may want to look at changing wireless devices. It would cost something, but if you're not using Airport Extremes go get one. We used to use a very costly "enterprise" class wireless AP and kept having issues with it. I moved to Airports and the problems just disappeared.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
SJATechsupportAuthor Commented:
I highly doubt that the problem is related to the wireless. I've done extensive site surveys and our access points are all placed so as to cause the least amount of interference (~20% overlap) and all access points are functioning properly.
A mobile account wouldn't help with the users that are logging on for the first time though, right??
0
 
jhyieslaCommented:
Right... and as I said above, if the wireless is flakey, even getting to the desktop most likely wouldn't get them to AD.  If you have the funds try an airport...seriously they are top notch...although other AP's and routers should work OK...and the airports will work with non-Apple devices.
0
 
SJATechsupportAuthor Commented:
What I'm saying though is that the wireless ISN'T flaky. and I don't have the money for an airport (or the ~7 of them that i would need to provide enough coverage for all of the places that the MB's might be used).. :\
0
 
jhyieslaCommented:
Your original post does state that the only common potential problem seems to be the wireless; which is why I am centering on that.

Here are a couple of other things to think about, although these would be global to the MBP and not specific for wireless. What version of OS X are you running and is it fully patched?  Second, even in Lion, Apple has not really fully addressed the AD integration issues with Kerberos. I've actually moved to a third party AD binder which seems to work wonderfully.

There are three main products that do this: ADmitMac, Centrify, and Likewise. They all have evaluation versions to try for free. Since you don't use the mobile accounts you may not have this issue, but with the first two, when installed, they wanted to drop the user's home folder in their own specific spot, which for me was an issue. Likewise didn't do that; it left that folder alone and just bound the Mac to AD. If you have a Mac you can test this on, it might be something worth trying. Although if it is the wireless, it might still not make a difference.
0
 
SJATechsupportAuthor Commented:
Trying ADmitMac now. seems to work for the test account I created - aside from the fact that it's merging the local users folders with the network shares and creating a 'documents', 'downloads', 'music', etc.. folders in the users network share. but i might be able to figure out a way around that
0
 
jhyieslaCommented:
That was the one thing that I didn't like about ADmitMac and Centrify; they both seemed to want to screw with the already established directory structure of the home folder on the Mac, where Likewise seemed to be more willing to leave it be.  But I was doing a single machine so my experience may not be typical.
0
 
SJATechsupportAuthor Commented:
don't have the money for ADmitMac, Likewise Open has a free version - have you had success with that?
0
 
jhyieslaCommented:
That's the one I ended up using. It was pretty simple to put in, didn't screw with my folders, at least on the one Mac that I see it on, and the cost was right.
0
 
SJATechsupportAuthor Commented:
did it still map network shares though? i can't see where it has, if so
0
 
jhyieslaCommented:
What version of OS X are you running?  I just got an alert for an update to 10.7.1 and one of the fixes is some supposed improvement for wireless connections.
0
 
SJATechsupportAuthor Commented:
running 10.6.4
0
 
jhyieslaCommented:
You might try upgrading to 10.6.8, but I don't know of any specific wireless issues with 10.6.4 that 10.6.8 fixed.
0
 
SJATechsupportAuthor Commented:
well it seems like these utilities have fixed the connection problem (i am going to have some users try this test machine to verify), but I can't see where Likewise Open has mapped the network share like ADmitMac did...
0
 
SJATechsupportAuthor Commented:
doesn't look like it's making the connection to the server on login.. hm
0
 
jhyieslaCommented:
If you didn't, you might try unbinding LW, remove the Mac account from ADUC, let it replicate and then try starting over again with LW, or whichever one you're using now.
0
 
SJATechsupportAuthor Commented:
Unbound the mac from the domain, deleted the computer account in AD UC on the server, rejoined the domain with LW, still no mapping of the home drive... I don't think that's what LW is meant to do, unfortunately.
LW has fixed my login problem, but now I have no way of mapping users network drives automatically, and I can't have users manually making their network shares...
0
 
jhyieslaCommented:
Now that you're connecting OK, try going into the Directory utility where you would set up built-in Mac AD joining; don't join it there, but see if you can set the advanced binding option that you want.
0
 
SJATechsupportAuthor Commented:
It's set up to use the UNC path from AD to get the home location, but it's trying to get me to bind it to the domain, which would screw things up with LW, right?
0
 
jhyieslaCommented:
Probably... not sure where to go from here.  I don't mess with my home dir with AD... I have a home folder that lives on the Mac and that's pretty much it.  Could be that the free version isn't beefy enough.
0
 
SJATechsupportAuthor Commented:
That's likely what it is. I might be able to make different scripts for different classes of users that will mount the home drives and place them on the root of each mac... not pretty, but would work.... Thanks for your help!
0
 
SJATechsupportAuthor Commented:
I actually found a solution that worked better than using a third party software.
If you run this command in terminal
sudo /usr/libexec/PlistBuddy -c 'Set :mdns_timeout 5' /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist

Open in new window

and reboot the computer, there is no longer a problem!
0
 
jhyieslaCommented:
Cool, thanx
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 13
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now