Hi there.
We are doing some testing of about 40 G5 dual processor machines running OS X 10.3.8. These machines have all been imaged using a master image via Net restore. We have created all the computer accounts in our active directory, and have bound the machines to the domain. We are testing OS X server in a Directory master role. The OS X server is running 10.3.8 as with all the latest updates. Here is the issue we are encountering. We are able to login using network accounts and receiving active directory authentication for a day or two, afterwards we are no longer able to authenticate to the network. When we enter in the credentials, the screen just shakes and we have to try again. Logging in with a local machine account still works.
I took a look at Active Directory and noticed the following computer account was automatically generated CREATIVE23004
CNF:67aaa54f-5424-47c4-b370-6dad10892ff1
The original account was also present (CREATIVE23004). It looks like the equivalent of a windows SID.
I logged in again to the machine using a local account with admin priviledges. I tried to unbind the machine from the directory using the domain admin account we initially used to bind the machine. We get a message that it is an invalid user/password combo. We tried with a few other domain admin accounts and the same message popped up. The only thing left to do seems to reimage the machine again.
Funny thing is that this is only happening on machines that are using the Open directory server. We are using this server to test having a managed desktop environment for our clients.
Could the OS X server or software build (10.3.8) be an issue here?
The OS X server is an open directory master, it has a static IP and is registered in our DNS. It looks to apple server for network time. The OS X server is NOT BOUND to our AD domain. We have created local groups in the LDAP directory, and have added active directory accounts to these local groups from a bound AD machine using Workgroup manager.
We are looking for a solution to our problem seeing that I need to justify the use of two OS X servers, and can't have our production MAC clients experience authentication issues and down time.
Any help or advice would be great.
Thanks, and sorry for the lengthy post.
We are doing some testing of about 40 G5 dual processor machines running OS X 10.3.8. These machines have all been imaged using a master image via Net restore. We have created all the computer accounts in our active directory, and have bound the machines to the domain. We are testing OS X server in a Directory master role. The OS X server is running 10.3.8 as with all the latest updates. Here is the issue we are encountering. We are able to login using network accounts and receiving active directory authentication for a day or two, afterwards we are no longer able to authenticate to the network. When we enter in the credentials, the screen just shakes and we have to try again. Logging in with a local machine account still works.
I took a look at Active Directory and noticed the following computer account was automatically generated CREATIVE23004
CNF:67aaa54f-5424-47c4-b370-6dad10892ff1
The original account was also present (CREATIVE23004). It looks like the equivalent of a windows SID.
I logged in again to the machine using a local account with admin priviledges. I tried to unbind the machine from the directory using the domain admin account we initially used to bind the machine. We get a message that it is an invalid user/password combo. We tried with a few other domain admin accounts and the same message popped up. The only thing left to do seems to reimage the machine again.
Funny thing is that this is only happening on machines that are using the Open directory server. We are using this server to test having a managed desktop environment for our clients.
Could the OS X server or software build (10.3.8) be an issue here?
The OS X server is an open directory master, it has a static IP and is registered in our DNS. It looks to apple server for network time. The OS X server is NOT BOUND to our AD domain. We have created local groups in the LDAP directory, and have added active directory accounts to these local groups from a bound AD machine using Workgroup manager.
We are looking for a solution to our problem seeing that I need to justify the use of two OS X servers, and can't have our production MAC clients experience authentication issues and down time.
Any help or advice would be great.
Thanks, and sorry for the lengthy post.
