After much work, I can bind and get OS X 10.4.7 to successfully authenticate. I ever wrote a nice little article (in process) about the different preference files and how they interact with Active Directory, Kerberos and Samba. Now to the situation that has made me very sore towards Apple.
I have a correclty bound and authenicating server one day. The next, it’s not working. I check the /etc/smb.conf file – checks out OK. I check the /Library/Preferences/edu.mit.Kerberos file – OK. /Library/Preferences/DirectoryServices/winbindd.conf – OK as well as ActiveDirectory.plist, among others, everything checks out fine.
Well low and behold, enough of the good stuff. I thought I had a working server.
I am getting a DS error: eDSCannotAccessSession error when tailing the DirectoryService app in debug mode. In that garbage, the error “Failed getting credentials at line 2687 in ADSEngine.mm” appears. In any case, the only solution I have heard from others is to unbind -> bind again. I am not going to go that route. It is completely unacceptable as far as a solution. Now looking at my conf and plist files that checked out ok before the restart and now winbindd.conf is back to its old misconfigured state (it keeps reverting to security = ‘server’ instead of ‘ads’ like it should be and keeps substituting the first part of my FQDN as the workgroup value (ie, my ad’s FQDN is AD.COMPANY.COM the domain name is COMPANY) but it keeps setting it to ‘AD’.)
Does anyone else have any suggestions to get this working? I’ve got an elegant email sitting in my Drafts folder ready to be fired off to my manager and the CIO stating we should abandon the OS X Server for what I consider definate greener pastures, the MS platform until Apple can be correctly troubeshoot and document their advanced features of OS X 10.4 without spending $695 to gain tier3 tech support.
Frustrated is beyond words and now i have easily a week of catchup work. I could have had this ready to go in half a day on the Server 2003.
.
.
Comments are closed