If it's not a DNS issue causing the problem, check the time. Kerberos defaults to only allowing a 5 minute difference between the domain controller and any machines bound to Active Directory. If the difference is more than 5 minutes, the computer will not be authenticated. I've noticed that it can be extra picky, even if you have the machine set in the same time zone as you are. Make sure you're using the city closest to your location.
Thoughts, tips, tricks, and fixes for the IT person in you. I am an MCSE and support a wide variety of IT-related items at my job, including: Windows OS's, Exchange, Terminal Services, .NET, IIS, OS X, Microsoft Office, printers, phones, Linux, Adobe Creative Suites, and plenty of other hardware and software. Hopefully some of the solutions I find throughout the workday are useful to you as well
Wednesday, January 21, 2009
Can't bind OS X 10.4 to active directory
I had problems with binding an OS X 10.4 laptop to our Active Directory. It looked like it would be fine, and then once it got to step 5 of 5 it would stall. The only option I had was to force quit and restart. I tried creating the computer account manually in AD and then joining it, but it would still stall at step 5. It turned out that I had multiple entries for a few domain controllers in my DNS, and that was why it was having issues. As soon as I deleted the extra entries, Directory Access was able to find the correct IP address to use and the laptop was able to bind without any issues. The webpage I found that pointed me in that direction is here. I only wish I had thought of it back when I initially was binding Macs to AD because I ran into it all the time and really had no clue how to fix it. Eventually it would somehow work for me and I just left it alone after that.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment