AFP548

AD and OD integration problems

alternapop
I've been following the instructions from bombich.com for integrating AD and OD... http://www.bombich.com/mactips/activedir.html i keep running into a couple snags. i've included the errors below and hope someone can provide some feedback as to what these errors mean, if they are important and how to correct them if so. (???) sorry if this is confusing and too long. OD Master and my test client are both at 10.4.10 ----- when i initially create the Open Directory Master, if i have ssl enabled and set to use my self assigned cert, running this command [code]sudo sso_util remove -k -a diradmin -p password[/code] ...in the Terminal returns this error: [code]Cannot get the realm name from the directory failed to update directory error is 2[/code] my realm is set to org_name.edu if i don't have ssl and my cert set when i create the master, it seems to work. if ssl is on but set to use "custom config" then it seems to work. also, enabling ssl on the client causes OD to fail on the client. i'm guessing whatever ssl problem i'm having on the server is the same causing the clients to fail when enabled. ----- i can successfully sign in on a client mac that authenticates to our campus AD server. (client successfully bound to AD) i can successfully manage the Mac client's prefs with OD. checking the box for "Enable directory binding" under Open Directory > Policy > Binding > seems to cause Mac preference management to fail. why is this? part of the documentation refers to being able to mount a fileshare without having to authenticate again, using kerberos... i can't get this to work. either it gives an error or asks to authenticate. probably related to the above problems. so what is going on here with kerberos and ssl? what might i be missing or doing wrong? ---- errors following bombich instructions: page VII-25 A.4. [code]sudo dsconfigad -enableSSO[/code] gives error: [code]"Unable to configure service http error = 2 Unable to configure service HTTP error = 2 Cleaning up Settings changed successfully; [/code]
Exit mobile version