Jose Richard sent us a fix to the problem of Mac OS X Server periodically unbinding from Active Directory:
Here's a solution to permanently correct the periodically loses of AD connection. Next time you do an unbind/bind to correct the problem, after the bind step do the following:
- Run dsconfigad -enablesso after binding
- Verify the following options in /etc/smb.conf:
* workgroup = WGP [# this should be the netbios]
* name of your AD domain
* security = ads [# use "ads" for this value]
* "domain" will periodically change the computer trust account and break your binding to AD.
* netbios name = computername [# this should be the same as the computer name you used in Directory Access/Directory Utility to bind to AD]
* use spnego = yes [# this should always be "yes" -- it enables negotiation of the authentication methods]
* realm = WGP.COMPANY.COM [# This should be your AD domain in all caps: it is case sensitive!
If you’ve tried this please let us know.
July 11, 2007
Bob Nance has verified a previously reported fix for Mac OS X Server periodically unbinding from Active Directory:
As reported, this problem has beens solved with the command:
dsconfigad -enableSSO
It appears that the problem was that the Kerberos ticket getting ticket was not being renewed without the additional command. Now, it all works as it's supposed to.
If you can shed further light please let us know.
More news on the MacWindows home page.
Clarification on fix for OS X Server unbinding from AD
July 30, 2007
Sochet Ly previously reported the problem of Mac OS X Server periodically unbinding from Active Directory. Ly had success with the suggested fix from June 26, but makes a note about its implementation:
I first tried the suggestion, but not straight after rebinding it to AD: that doesn't seem to work. Now I just unbind and rebind to AD, then ran dsconfigad -enableSSO.
After nearly 3 week without have to rebind to AD, I am happy to report that running dsconfigad -enableSSO command straight after rebinding to AD did the trick. So the key thing for me is ran dsconfigad -enableSSO straight after rebinding OD-AD.
No comments:
Post a Comment