I started having this error recently after the server working fine for 2 years,
I had to unbind the server and rejoin AD and after doing that i just could not kerberize, but my users still could authenticate with AD
The only drawback is after a while the authentication stops working so I have to go through the whole process of unbinding and joining AD
so once my users start screaming
I have to
Set Windows to Role: Domain Member
Go to Open directory and bind to the domain, which does fine, once I go back to Open Directory setup I have the option to Join Kerberos but get the same error as you
As a workaround I go back to Open Directory Access and under Authentication I make sure thet teh serach path is Custom and includes /Active Directory/All Domains or /Active Directory/”your domain name”
this will make the os x server to check with domain controller for authentication, at lest that’s how I see this
Once I save this and go back to Open Directory I no longer have the option to Join Kerberos, though my users now can authenticate with AD
If anyone knows what is going on please help so I don’t have to go through the pain again, not that I’m lazy but cannot stand annoying users screaming on my back.
Thanks
nik
Recent Comments