Matthew Yohe
Feb 13, 2008, 02:21 PM
This may help some of you out, I have posted rough and dirty info on Apple discussions:
http://discussions.apple.com/thread.jspa?threadID=1393387&tstart=0
Main points: Be sure your local time is being updated by a time server on your network, be sure that all devices are syncing with the same NTP server.
Pre add your computer you want to bind in your domain.
Key: in Directory Utility, choose to authenticate against a known server. So under the Administrative tab choose "prefer this domain server" and enter in the DNS name of a DC in your domain. Also uncheck authentication with any DC in the forest.
Now bind and click Ok.
Now in Directory Utility, click on Search Policy, and add servers in the Authentication tab by choosing Custom Path. Click the + and you should see your domain or multiple domains in your forrest listed. Add them appropriately. In some configurations, you may want to do this for "Contacts".
You can now go back into the Active Directory plugin, and choose to authenticate from any DC in the forest, and remove the selection that allows only authenticating against one server.
Sorry for the lack of deep explanation, but if you are at the point where the AD and DNS is working fine, then this should be pretty straightforward and to the point.
http://discussions.apple.com/thread.jspa?threadID=1393387&tstart=0
Main points: Be sure your local time is being updated by a time server on your network, be sure that all devices are syncing with the same NTP server.
Pre add your computer you want to bind in your domain.
Key: in Directory Utility, choose to authenticate against a known server. So under the Administrative tab choose "prefer this domain server" and enter in the DNS name of a DC in your domain. Also uncheck authentication with any DC in the forest.
Now bind and click Ok.
Now in Directory Utility, click on Search Policy, and add servers in the Authentication tab by choosing Custom Path. Click the + and you should see your domain or multiple domains in your forrest listed. Add them appropriately. In some configurations, you may want to do this for "Contacts".
You can now go back into the Active Directory plugin, and choose to authenticate from any DC in the forest, and remove the selection that allows only authenticating against one server.
Sorry for the lack of deep explanation, but if you are at the point where the AD and DNS is working fine, then this should be pretty straightforward and to the point.
