A site that had recently been re-IPed was complaining about slow logins on their PCs- it could take a user up to 15 minutes to log in.
Sites and Services was setup correctly with the proper subnet and DC assigned to the site.
We found that there was an erroneous entry in DNS which was causing the machines to use the wrong DC for authentication. The entry was found here:
Forward Lookup Zones
[our domain]
DomainDnsZones
_sites
[site name]
_tcp
There were two _ldap entries in this location. One pointing to the correct DC and one to an incorrect DC. Removing the incorrect record resolved the issue.
Note: it is a good idea to check all the Sites entries in DNS to make sure that there are not other erroneous _ldap entries
Wednesday, March 10, 2010
Friday, February 5, 2010
Computer name not appearing in DHCP lease
We were seeing a problem where some DHCP leases were not showing the computer name. None of these machines with blank lease names would show up in DNS.
It turned out that each of the machines with blank DHCP lease names were Macs and they had different sharing names than the computer names there were bound to the AD with.
The solution was to make the sharing name the same as the AD computer name. As soon as this was done and the computer was restarted the machine appeared in DNS and the DHCP lease had the proper name associated with it.
It turned out that each of the machines with blank DHCP lease names were Macs and they had different sharing names than the computer names there were bound to the AD with.
The solution was to make the sharing name the same as the AD computer name. As soon as this was done and the computer was restarted the machine appeared in DNS and the DHCP lease had the proper name associated with it.
Wednesday, December 30, 2009
Changeip command for updating IP and host names: OS X Server
If you need to update the IP address or host name on an OS X server you need to do a changeip command:
First do sudo changeip –checkhostname to see what the true host name is.
You can then change the IP and the host name in one fell swoop:
Sudo changeip - [old IP] [new IP] [old host name] [new host name]
ex: sudo changeip - 100.192.46.10 100.192.46.12 oldserver.mynetwork.com newserver.mynetwork.com
If you just want to change the IP then leave out the host name part. If you want to change only the host name you still must put the IP addresses- even if they are the same.
On the sever open a Terminal window and type “man changeip” for a good rundown of the command syntax and parameters.
Here is a link to the man page.
First do sudo changeip –checkhostname to see what the true host name is.
You can then change the IP and the host name in one fell swoop:
Sudo changeip - [old IP] [new IP] [old host name] [new host name]
ex: sudo changeip - 100.192.46.10 100.192.46.12 oldserver.mynetwork.com newserver.mynetwork.com
If you just want to change the IP then leave out the host name part. If you want to change only the host name you still must put the IP addresses- even if they are the same.
On the sever open a Terminal window and type “man changeip” for a good rundown of the command syntax and parameters.
Here is a link to the man page.
Friday, December 18, 2009
Snow Leopard: Kerberos ticket not renewing coming out of Screen Saver
We had another case opened with Apple about Kerberos ticket not renewing after typing in password coming out of screen saver in Snow Leopard. They send me this instruction on modifying a file in /etc and it looks like it is resolving the problem. If you guys have Snow Leopard machine bound to AD. Please try it out too so we can confirm it does work.
Please edit the "“system.login.screensaver” entry in the /etc/authorization file to read like this:
system.login.screensaver
class
rule
comment
(Use SecurityAgent.) The owner or any administrator can unlock the screensaver.
rule
authenticate-session-owner-or-admin
Note that the string:
The owner or any administrator can unlock the screensaver
is changed to:
(Use SecurityAgent.) The owner or any administrator can unlock the screensaver
Please edit the "“system.login.screensaver” entry in the /etc/authorization file to read like this:
Note that the string:
The owner or any administrator can unlock the screensaver
is changed to:
(Use SecurityAgent.) The owner or any administrator can unlock the screensaver
Subscribe to:
Posts (Atom)