Unable to bind fresh install of Lion to Win2003 AD

Discussion in 'macOS' started by evilsurfincow, Jul 21, 2011.

  1. evilsurfincow macrumors newbie

    Jul 20, 2011

    Since Lion was released, I'm unable to bind a fresh install to Windows 2003 Active Directory. Keep getting "Unable to add server" Authentication server could not be contacted. (5200). (When clicking the Join button off the Users System Preferences screen)

    I had previously had this problems every once in a while with SL installs, but could go into Directory Utility and add with out problem. But with Lion, I am unable able to do it via the Join button, Directory utility or via the CLI.

    I have no problems with Mac's I've upgraded from SL to Lion retaining their domain membership, its only new ones. The troubleshooting information for SL does not seem to work for Lion as the logging options that were available for the DirectoryService dont exist (or I can't find) in Lion.

    Anyone else having this problem?
  2. piccolodiavolo, Jul 21, 2011
    Last edited: Jul 21, 2011

    piccolodiavolo macrumors newbie

    Jun 28, 2011
    dsconfigad -flags

    Hi we do have several Mac's (Snow Leopard and Lion) bound to our windows 2008 R2 domain and works pretty good.

    Pls. be aware that you might need to change the way OS x is communicating with the active directory domain. From windows 2003 onwards LDAP signing and some other things need be adjusted to get it working.

    We have had to change 2 essential things on OS X to bind the mac clients successfully.

    Pls. open terminal.app and execute as sudo:

    1) dsconfigad -packetsign require
    2) dsconfigad -packetencrypt require

    after that pls. go to system preferences, users & groups, login options, click on edit on the right Network Account Server.

    On the next window, click on Open Directory Utility and edit Active Directory according to your windows domain configuration using windows domain admin account + credentials ;o)

    Hope all is clear!


  3. evilsurfincow thread starter macrumors newbie

    Jul 20, 2011
    Hi, thanks for the tip. When I try it I get: dsconfigad: No operation specified nor update requested.

    This was done on a fresh install of Lion. Am I missing some steps before this or is this it?

  4. evilsurfincow thread starter macrumors newbie

    Jul 20, 2011
    Hmm.. ok I tried it again adding it to the rest of the commands to join via the CLI and it actually worked!.. So I unbound.. ran it again, and it worked... Added the line to my config script (which is how I normally bind) and got an authentication error (5002 I believe)... Re-ran the script, and I'm back to the Authentication server could not be contacted.. Even when re-running the same command that had worked previously...

    Reinstalled Lion.. still unable to contact Authentication server....
  5. stealthboy macrumors member


    Mar 2, 2004
    Northern VA
    I'm having this same issue - "Authentication server could not be contacted. (5200)". Used to work just fine, now it's been two days of frustration.

    I can ping the server just fine from a terminal, so it can in fact be contacted. I want to know what the *real* error is!
  6. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Mar 5, 2009
    AD Binding is completely FUBAR in Lion. I am having issue with Dev 10.7.2 as well. I can't believe this was released without AD being fixed! Its been broken since the beginning.
  7. Sinergi macrumors newbie

    May 8, 2011

    I was wondering if anyone managed to solve this issue?

    Am currently getting the same problem with 10.7.4!

Share This Page