Home Forums OS X Server and Client Discussion Active Directory Error binding to AD (Tiger, Leopard and Leopard server), log attached

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • March 12, 2008 at 3:44 pm #371864
    Alvedon
    Participant

    Hi,

    I have serious trouble binding _any_ OSX machine to our corporate W2003 AD. I’ve heard that there are a lot of people having problems with Leopard and AD integration so right now I’m only focusing on getting one Tiger machine to bind.

    I’ve tried “everything” the last few days and still no success. I get the (in)famous “Unable to access Domain controller” after step 4/5 using the AD Plugin.

    I have verified that my client is registered in the DNS ok.

    I have set the client to sync time with one of the domain controllers.

    We have 4 DC:s in our AD. I even tried to change the hosts-file on the client to emulate that all of them (and the domains FQDN) were acutally pointing to the same ip address without it makaing any diffrence. (Changed it back since then).

    Here is the debug log (from the “killall -USR1 DirectoryService” slightly anonymized:

    [quote]
    2008-03-12 16:11:12 CET – ADPlugin: Calling CustomCall
    2008-03-12 16:11:12 CET – ADPlugin: Calling CustomCall
    2008-03-12 16:11:12 CET – ADPlugin: Calling CloseDirNode
    2008-03-12 16:12:41 CET – ADPlugin: Calling OpenDirNode
    2008-03-12 16:12:41 CET – ADPlugin: Calling CustomCall
    2008-03-12 16:12:41 CET – ADPlugin: Doing CheckServerRecords……
    2008-03-12 16:12:41 CET – ADPlugin: my.domain.com – Start checking servers for site “any”
    2008-03-12 16:12:41 CET – ADPlugin: Total Servers “any” LDAP – 4, Kerberos – 4, kPasswd – 4
    2008-03-12 16:12:42 CET – ADPlugin: Server #1 picked – “dcserver1.my.domain.com”
    2008-03-12 16:12:42 CET – ADPlugin: Server #2 picked – “dcserver2.my.domain.com”
    2008-03-12 16:12:42 CET – ADPlugin: Got rootDSE for server dcserver2.my.domain.com to determine forest
    2008-03-12 16:12:42 CET – ADPlugin: Determined Forest of my.domain.com from Domain Controller dcserver2.my.domain.com
    2008-03-12 16:12:42 CET – ADPlugin: Found Default Domain my.domain.com
    2008-03-12 16:12:42 CET – ADPlugin: Global Catalogs – Start checking servers for site “any”
    2008-03-12 16:12:42 CET – ADPlugin: Total Servers “any” LDAP – 4, Kerberos – 4, kPasswd – 4
    2008-03-12 16:12:42 CET – ADPlugin: Server #1 picked – “dcserver2.my.domain.com”
    2008-03-12 16:12:42 CET – ADPlugin: Server #2 picked – “dcserver1.my.domain.com”
    2008-03-12 16:12:42 CET – ADPlugin: Found Forest Domain GC my.domain.com
    2008-03-12 16:12:42 CET – ADPlugin: Something wrong, unable to determine domain information from Config container……
    2008-03-12 16:12:42 CET – ADPlugin: Finished CheckServerRecords……
    2008-03-12 16:12:42 CET – ADPlugin: Created KerberosClient record Generation ID 227027562
    2008-03-12 16:12:42 CET – ADPlugin: Rebuilt Kerberos File
    2008-03-12 16:12:42 CET – ADPlugin: Calling CloseDirNode
    2008-03-12 16:12:42 CET – ADPlugin: Calling OpenDirNode
    2008-03-12 16:12:42 CET – ADPlugin: Calling CustomCall
    2008-03-12 16:12:42 CET – ADPlugin: Doing CheckServerRecords……
    2008-03-12 16:12:43 CET – ADPlugin: Good credentials for [email protected]
    2008-03-12 16:12:43 CET – ADPlugin: No existing connection in connection mgr for [email protected]@my.domain.com:389
    2008-03-12 16:12:44 CET – ADPlugin: GSSAPI FAILED doing gss_unwrap: No error
    2008-03-12 16:12:44 CET – ADPlugin: Secure BIND Session FAILED with server dcserver1.my.domain.com:389
    2008-03-12 16:12:44 CET – ADPlugin: GSSAPI FAILED doing gss_unwrap: No error
    2008-03-12 16:12:44 CET – ADPlugin: Secure BIND Session FAILED with server dcserver2.my.domain.com:389
    2008-03-12 16:12:44 CET – ADPlugin: my.domain.com – Start checking servers for site “any”
    2008-03-12 16:12:44 CET – ADPlugin: Total Servers “any” LDAP – 4, Kerberos – 4, kPasswd – 4
    2008-03-12 16:12:44 CET – ADPlugin: Server #1 picked – “dcserver2.my.domain.com”
    2008-03-12 16:12:44 CET – ADPlugin: Server #2 picked – “dcserver1.my.domain.com”
    2008-03-12 16:12:45 CET – ADPlugin: Got rootDSE for server dcserver1.my.domain.com to determine forest
    2008-03-12 16:12:45 CET – ADPlugin: Determined Forest of my.domain.com from Domain Controller dcserver1.my.domain.com
    2008-03-12 16:12:45 CET – ADPlugin: Found Default Domain my.domain.com
    2008-03-12 16:12:45 CET – ADPlugin: Global Catalogs – Start checking servers for site “any”
    2008-03-12 16:12:45 CET – ADPlugin: Total Servers “any” LDAP – 4, Kerberos – 4, kPasswd – 4
    2008-03-12 16:12:45 CET – ADPlugin: Server #1 picked – “dcserver1.my.domain.com”
    2008-03-12 16:12:45 CET – ADPlugin: Server #2 picked – “dcserver3.my.domain.com”
    2008-03-12 16:12:45 CET – ADPlugin: Found Forest Domain GC my.domain.com
    2008-03-12 16:12:45 CET – ADPlugin: Good credentials for [email protected]
    2008-03-12 16:12:45 CET – ADPlugin: No existing connection in connection mgr for [email protected]@my.domain.com:389
    2008-03-12 16:12:45 CET – ADPlugin: Finished CheckServerRecords……
    2008-03-12 16:12:45 CET – ADPlugin: Created KerberosClient record Generation ID 227027565
    2008-03-12 16:12:45 CET – ADPlugin: Rebuilt Kerberos File
    2008-03-12 16:12:45 CET – ADPlugin: Closing All Connections – Connection Manager
    2008-03-12 16:12:45 CET – ADPlugin: Closing All Connections – Connection Manager Completed
    2008-03-12 16:12:45 CET – ADPlugin: Calling CloseDirNode
    2008-03-12 16:12:45 CET – ADPlugin: Calling OpenDirNode
    2008-03-12 16:12:45 CET – ADPlugin: Calling CustomCall
    2008-03-12 16:12:45 CET – ADPlugin: Verify called for [email protected]
    2008-03-12 16:12:45 CET – ADPlugin: Verify successful for [email protected]
    2008-03-12 16:12:45 CET – ADPlugin: Calling CloseDirNode
    2008-03-12 16:12:45 CET – ADPlugin: Calling OpenDirNode
    2008-03-12 16:12:45 CET – ADPlugin: Calling CustomCall
    2008-03-12 16:12:45 CET – ADPlugin: Good credentials for [email protected]
    2008-03-12 16:12:45 CET – ADPlugin: No existing connection in connection mgr for [email protected]@my.domain.com:389
    2008-03-12 16:12:45 CET – ADPlugin: GSSAPI FAILED doing gss_unwrap: No error
    2008-03-12 16:12:45 CET – ADPlugin: Secure BIND Session FAILED with server dcserver2.my.domain.com:389
    2008-03-12 16:12:46 CET – ADPlugin: GSSAPI FAILED doing gss_unwrap: No error
    2008-03-12 16:12:46 CET – ADPlugin: Secure BIND Session FAILED with server dcserver1.my.domain.com:389
    2008-03-12 16:12:46 CET – ADPlugin: Calling CloseDirNode

    [/quote]

    If anyone has any idea where I should start looking I would be most grateful!

    Best regards,
    Daniel, Sweden

    March 29, 2008 at 8:00 am #372037
    inkswamp
    Participant

    The one thing that jumps out at me that might be worth further investigation is this line:

    [email protected]@my.domain.com:389”

    Should it be idenfying this user as user@domain@domain? Interestingly, this occurs right before the lines that appear to be a series of failures in the log. Is the “[email protected]” the network admin account you’re using to bind the machine? Any idea why it’s showing up with two domains like that?

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.