I am trying to come up with a script for binding my 10.4 machines to Active Directory, and I'm having no luck. It seems that when I use "dsconfigad" the machines are not actually bound, even though the script reports success. I can verify this by doing a "dscl localhost", where I find that there isn't a node for "Active Directory", and lookups fail. When I bind from the GUI using Directory Access, dscl immediately shows the "Active Directory" node, and lookups work properly.
Here is my script, which is a hodgepodge of Bombich & Bartosh's, plus a bit of MacTroll (the last line where I add the search path).
#!/bin/sh ## Get configd warmed up so it can populate our computerid with the existing computer name this early. /usr/sbin/scutil --get ComputerName > /dev/null /bin/sleep 5 ##### Fill in the AD plugin info here ##### ## Use the next line if you want to use the existing computer name for the AD name. computerid=`/usr/sbin/scutil --get ComputerName` ## Other required AD plugin variables. #forest="butler.edu" domain="butler.edu" id="acunning" password="12345" ## Optional AD plugin options. Just leave them commented out to not set them. ## Note that ou will default to CN=Computers if not specified. I almost always specify a preferredserver. #ou="CN=Computers" #preferred="dc.foo.com" alldomains="enable" #uidattribute="msSFU30UidNumber" #caching="enable or disable" mobile="disable" mobileconfirm="enable" localhome="enable" useuncpath="enable" protocol="smb" shell="/bin/bash" groups="BUTLER\domain admins,BUTLER\user services" ##### End AD plugin variables. ##### ##### Do the AD Bind ##### ## Edit this dsconfigad command with the options you are using. I find binding goes smoother if you prefer a DC. ## If you need to add an OU do it here as so -ou $ou. It will default to CN=Computers without the argument passed. ## Remember if you log the actual bind you will put the binduser's password in the log!!!! /usr/sbin/dsconfigad -f -a $computerid -domain $domain -u $id -p $password ## If you set any advanced options un-comment the following lines and add the ones you used. Sometimes they don't take during the bind. /usr/sbin/dsconfigad -alldomains $alldomains -mobile $mobile -mobileconfirm $mobileconfirm -localhome $localhome -useuncpath $useuncpath -protocol $protocol -shell $shell -groups "$groups" ##### End AD Bind ##### ##### Add Search Paths ##### sleep 5 dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
Does anything look out of place with this? Would a reboot help? Maybe 10.4 breaks some part of this?
Anyone who is successfully binding to AD in 10.4 using a script, please help!
--Andyinindy