[cbloch]

Yes the goal was to use the OD master as a proxy to authenticate AD users. One of Apple’s XSAN engineers that helped set up and configure our system indicated to me that this was possible but perhaps he wasn’t totally clear of exactly how it works. Our problem exists primarily in the clients that are connected to the main AD DC. At seemingly random intervals, they will drop from the domain and have to be rebound. We stuck wireshark on the switch to capture the port data flow and found pre-auth request denied kerberosv5 errors and also found that the machine would go looking for other DCs in the AD tree that are not located in our building for authentication after giving such errors. We see this even on sucessful binds. The network services team has made numerous changes to the managed cisco switches and still we have similar problems. Specifying a preferred DC doesn’t seem to help either. Any suggestions?

[Author]

Posts