AD and OD Binding Fails on some clients

[jkonrad]

I’m at a real loss here. Any help would be appreciated. I’ve followed the AD/OD tutorial and it works flawlessly on many clients. However on some clients it fails.

I do not know why. Both working and nonworking clients have the exact settings in Directory Access for AD and OD (except different computer accounts in AD for binding). Both have the same edu.kerberos.mit files. Both have the same settings in Network Settings (except unique IP addresses). Both return success when using kinit. Both can login to local accounts.

The failure appears during login. The student enters their credencials and it accepts, than hangs with the progress bar. (Must be after AD).

Any help. I’m just a teacher/tech guy and I’m holing up the school year!!

[jkonrad]

Sorry to keep posting more of the problem, but I’m just hoping to trigger a useful thought out there.

I’ve now checked the system clocks, the ethernet cords, the ethernet switches. I’ve deleted all the files from /Library/Preferences/DirectoryAccess and then recreated them by setting up AD and OD. I’ve even zapped the PRAM! All clients work with AD only in the authentication tab, but when I enable or add OD to the authentication half the computer lab fails.

The computers that fail will still loging to local accounts or accoutns I setup on the OD master, but stop working with AD accounts.

I’ve held up the school year in the computer classes making them just use local logins for now, but I need this to work. It should and I just don’t know why it is not. Even if you don’t know the answer is there anything I can try? Like when I use the kerberos GUI from MIT it shows an old kerberos server in the favourites. Where is this preference file? Maybe that’s it but I don’t know where to find that.

[Anonymous]

you may want to check the /library/preferences/edu.mit.Kerberos

…for additional, unwanted kerberos domains.

Also note the line that goes something like ‘…..delete the next two lines if you don’t want the file over written’

Also, make sure you don’t have users with the same user names, but different passwords in the OD domain

[jkonrad]

Thanks for the help. The edu.mit.kerberos file are identical on each of the clients. It is properly created by the AD plugin and works if AD is the only authentication method.

I’ve finally given up. If I clone a working machine over a non working machine and then change the settings it still works. I hate not knowing why something doesn’t work, and now i have to clone about 30 machines, but hey it works. Thanks for all the people who read this and tired.

Jon

[Author]

Posts