My organization is ready to leverage AD authentication for the Mac. I’ve done this before on 10.4 at other places without much trouble, so I’m quite familiar with the process (at least from the Mac side).
Our problem is that the 10.3 and 10.4 Macs cannot bind to AD, but a 10.5.x Mac did bind sucessfully with no special accomodations. The bind process is failing at the 5th step. I enabled the Directory Service debug verbose logging, and here are a few of the lines where I’m seeing failure, I just don’t know how to interpret it. It’s a small organization with a vanilla implementaion of AD.
2009-03-05 13:07:05 EST – ADPlugin: Calling CustomCall
2009-03-05 13:07:05 EST – ADPlugin: Good credentials for [email protected]
2009-03-05 13:07:05 EST – ADPlugin: No existing connection in connection mgr for [email protected]@pnco.com:389
2009-03-05 13:07:05 EST – ADPlugin: GSSAPI FAILED doing gss_init_sec_context: Server not found in Kerberos database
2009-03-05 13:07:05 EST – ADPlugin: Secure BIND Session FAILED with server dns03.hbg.pnco.com:389
2009-03-05 13:07:06 EST – ADPlugin: GSSAPI FAILED doing gss_init_sec_context: Server not found in Kerberos database
2009-03-05 13:07:06 EST – ADPlugin: Secure BIND Session FAILED with server dns02.vdc.pnco.com:389
2009-03-05 13:07:06 EST – Client: Directory Access, PID: 1013, API: dsDoPlugInCustomCall(), Active Directory Used : DAR : Node Ref = 16777794 : Request Code = 85 : Result code = -14006
2009-03-05 13:07:06 EST – Plug-in call “dsDoPlugInCustomCall()” failed with error = -14006.
2009-03-05 13:07:06 EST – Port: 0 Call: dsDoPlugInCustomCall() == -14006
2009-03-05 13:07:06 EST – ADPlugin: Calling CloseDirNode
I suspected a DNS problem so I populated the Macs network prefs with our search domain and DNS server IP’s, but that made no difference. What stumps me is that the Leopard Mac bound without a hitch.
Anyone?
thanks,
Darrin
.
.
Comments are closed