[schilled]

Utilize the terminal with the chown -R and ditto -V comands and this will go smoothly. MacTroll was right though. The key is the shortname matching and permissions. I migrate profiles all the time on Macs. You may have some minor issues with certain program preferences that hard code in the path to the profile but this is pretty infrequent. If you are not famillar with the Unix commands in Leopard pic up the O’reilly book Unix for Mac OS X Leopard. I use it frequently since I did not start in the Mac world but find terminal and small bash scripts make my life a lot easier.

[schilled]

Carter-
I am having the same issue and I am not going to be much help. Just like you if I turn off all of the security settings and the most important one to me, Trusted Binding I can connect the computers just fine but then they are not available for customizing the settings for groups. I get the same client error:

com.apple.KerberosAutoConfig[11709] The machine is standalone
com.apple.KerberosAugoConfig[11709] Removing/Library/Preferences/edu.mit.Kerberos

If anyone has any ideas please post up.

[schilled]

We have this issue too, but ours seems to be due to DNS issues. If a user goes home and tries to log in with their AD account and they are plugged in to the internet then the computer attempts to contact AD. The computer gets a response from our DNS that the servers exist and what the IPs are, it then attempts to contact each AD server (8 of them) and waits for it to fail. Of course our AD servers are behind a firewall and so they can not be contacted from the outside of our intranet. This is a rare case because best practice is to have your internal DNS and your public DNS. People should not be able to see the address of all of our AD servers but our Computer Operations kind of pooched that set up early on.

This may not be what is going on with your set up but it is with ours. The way we got around it is to set Airport to disconnect at log out (in advanced network system preferences). I also recommend to our users to not plug in their laptops to an Ethernet connection until they log in.

[schilled]

This is a known issue. I don’t recall which forum I found more info about it on. I don’t know how widespread of an issue this is for you but if it is one user here or there you can do what I do which is use Pref Setter from versiontracker.com and manually edit the loginwindow.plist in the users Library folder. If it is the same application for all users then you can edit the plist for your user template. I do this with the program Keychain Minder (also from versiontracker) that checks the keychain due to people changing their domain passwords other than in system preferences.

I know there was a lot of info in there, does that help?

[schilled]

Do either of you still have the installer for the autoupdate package? The link is dead and this is exactly what we want to implement. Also, are you still using this and is it working well for you?

Thanks

[schilled]

Dave,
I don’t think this is a sollution but we have a similar set up but our wireless doesn’t connect to the domains. We have to have the make a mobile account for everyone on initial log in. This allows the person to authenticate with the cached credentials. This may be a problem for you though when it comes time to change passwords. We were having issues with people taking for ever to log in off campus and part of it is our DNS configuration allows for the computers to discover the domain controllers but they can not talk to them so people were getting the beach ball for 5 minutes and then they would log in. We worked around this by changing the setting in Airport Options that disconnects the wireless on log out. I know this isn’t the answer you want but it may be a temporary work around.

Doug

[schilled]

I got a response from our Apple Engineer and here is what he suggested…

[quote]
This can happen when a site’s external DNS resolves the AD domain controller, but that server isn’t actually reachable from outside their network. Directory services is trying to contact AD, until it hits its time out. But it will try to contact alternate DCs after that (if they are also in the external DNS), so the each DC on the network can extend the timout until the MacBook gives up completely.

Some customer have resolved it by changing their DNS to no longer publish the DCs externally. Others have removed the AD plugin from the search path once the user has longed in and established their cached credentials.

My recommendation is to fix DNS.[/quote]

Hope this helps. I am working with the AD and DNS admins as we speak.

[schilled]

Bump, we are having the exact same issue and we just began our faculty refresh and we are distributing MacBooks to the majority of users.

Any insight would be great.

[schilled]

You probably already figured out your sollution but what I believe we found was that once the user goes to save a document, music, or a picture it creates those folders. But I have not tested this so I may be wrong.

[schilled]

[QUOTE BY= macshome]
Unless you extend the AD schema, you need the OD domain to store the mcx in.

If they are OD users then you should just be able to apply MCX to them.[/QUOTE]

I am not sure what you meant when you said that the MCX needs to be store in? In what? Is this stored in the home directory? What if we plan on having local home directories but just management from OD? I set up groups in OD and added AD users and it wont’ pull the settings down. Any help would be great macshome.

[schilled]

Hate to say it guys but I am also in the same boat. Exactly the same situation but I just started yesterday and have been able to get both to bind and can log in perfectly but none of my OD specifications for Groups or Computers are being grabbed by the client. If either of you can figure this out please post your findings.

[schilled]

P.S. the article featured on AFP also has good explanation of how to deal with syncing the Library

Article

[schilled]

Check this post on MacOSXHints.com. Some one else ran into this problem and you can not change password from local client. Going to be a big problem for us too.

[schilled]

I don’t know how we did it or if it was working all along but the syncing is working now. The client will sync every 15 minutes. Now our issue is getting it to sync on log in and log out. Anyone now of a script to do this?

[Author]

Posts