Binding Macs to AD

Similar Messages

• Can't bind mac to AD

  Please help! I'm having trouble binding Mac OS X 10.4.4 to AD on MS 2003 Server.
  The error I'm getting in Directory Access after I click 'Bind' is "Invalid Domain" message. But the domain is correct.
  Example settings:
  domain: cdt.doller.org
  mac name: mmac01
  Any ideas? Many thanks for your time.

  the dns settings in network configuration were not correct.

• Nexus5K vfc bind mac-address

  I thought if Nexus5K vfc interface needs to use "bind mac-address" if CNAs are not directly connected(through fip snooping).
  If so, why in my testing, I can see multiple WWN login through same vfc interface?
  N5K36# sh flogi d
  INTERFACE        VSAN    FCID           PORT NAME               NODE NAME
  fc2/1            301   0x2b0000  50:01:43:80:02:5d:19:79 50:01:43:80:02:5d:19:70
  fc2/2            1     0x2e0001  20:13:00:1e:0b:83:7e:4c 10:00:00:1e:0b:83:7e:4c
  fc2/3            201   0xe50003  20:53:00:02:ac:00:15:9d 2f:f7:00:02:ac:00:15:9d
  vfc2005          201   0xe50100  50:06:0b:00:00:c3:1a:22 50:06:0b:00:00:c3:1a:23
  vfc2005          201   0xe50200  50:06:0b:00:00:c3:1a:26 50:06:0b:00:00:c3:1a:27
  vfc2005          201   0xe50300  50:06:0b:00:00:c3:1a:1e 50:06:0b:00:00:c3:1a:1f
  interface vfc2005
    bind interface Ethernet1/5
    no shutdown

  Its possible these could be virtual pwwns coming from the server connected to e1/5? What is connected to e1/5 ?
  Vinayak

• Binding MAC 9.X workstations to Windows 2003 Active Directory

  Hello all,
  Has anyone achieved sucess with adding/binding Mac 9.X workstations to Microsoft 2003 Active Directory? We have 25 iMAC 9.2.2 workstations (we cannot upgrade to MAC OS 10.X because of hardware limitations) on a Windows 2003 SP2 network. I know that it can work with MAC OS 10.X but looking for a OS 9.X solution.
  I want to be able to apply security, printer scripts for the MAC computers using the 2003 Active Directory.
  Thanks
  17" Powerbook G4   Mac OS X (10.4.4)   2 gb ram

  You don't need to do anything in AD other than create the user you want to log onto your Mac.
  http://www.makemacwork.com/bind-to-active-directory.htm

• Binding Mac to a Windows 2000 server (Active Directory)

  I have been trying to connect various mac machines on my campus to the active directory on a windows 2000 server.and i've been getting various errors.in one lab i have some IMac10,1- mac osx ver 10.6.2 and in the other labs i have lower versions on the Mac pro.I have seen on other forums where others where able to bind the mac machine to windows 2003 server,but no one mentioned windows 2000 server. Please tell me if its possible to add these machines to a windows 2000 server platform.

  Hi,
  what is the matter? it is a difficult problem or it is impossible to do that?
  Please, if someone have any idea about this ,tell me?
  with advanced thanks.

• Binding Mac to a OD for hardened email access

  Hi All,
  Is there any way to bind any Mac to be able to access email ONLY on that Mac.This is outside the client server architecture, That is, the Mac will on be the internet and when it contacts the server, unless it is the designated machine, the mails should not download. Is this a possibility within the native features, not involving third party associates like tokens,certificates..etc?

  Ok, so I set up my old xserve as my OD Master and the new mail server as a Replica. ..bound just fine. The master has SSL turned on with "default" certificate. I tryed to log into the mailserver to get mail with macmail and it gives me "mail is not enabled for this user". Netinfo is set to local only. What am I doing wrong?

• Binding Mac OS X to Active Directory Domain

  Question 1:
  I've just binding a Mac (Windows File Service) to a W2K3 Domain controller. After that I will configure the Mac share point using W2K3 Domain's account. From Mac Workgroup Manager I can't find the Active Directory account, the opposite from W2K3 Explorer I can't adding Active Directory users or groups to Mac sharing object. Do I missed some steps for Active Directory Binding?
  Question 2:
  Why I can't unbind my Mac (Windows File Service) from W2K3 Active Directory clearly? I should using Force Unbind, after that I cannot rebinding againt to that Active Directory. Is there any missing of my Mac component or driver?

  thought I might add...
  i keep getting folders in Trash aswell named recovered, there are a couple of them. I think this may be if the machine is dropping off the network. (but not sure)
  different models   Mac OS X (10.4.8)  

• Does anyone have a terminal script that can bind Macs to AD?

  Looking to use terminal to bind our Macs to AD. Is there anyone who has done this process before?
  Thanks for the help!

  Personally, we use Casper Suite and that works well especially since it's a 'set and forget' sort of thing.  But I did find this.  I've used some of these commands and this looks thorough. 
  PLEASE BE SURE TO TEST IN YOUR TEST AD ENVIRONMENT!! 
  #!/bin/sh
  ############################ AD_Bind_ARD ###########################
  # Patrick Gallagher | [email protected]
  # http://macadmincorner.com/bind-to-ad-using-apple-remote-desktop/
  # This is a script that will bind a Mac to AD from ARD.
  # Modified from Mike Bombich's ad-bind-login-tiger.sh script
  # which can be found at http://www.bombich.com/mactips/scripts.html
  # Needs to be modified for your enviornment
  computerid=`/usr/sbin/scutil --get LocalHostName`
  # Standard parameters
  domain="domain.school.edu"               # fully qualified DNS name of Active Directory Domain
  udn="username"               # username of a privileged network user
  password="password"                         # password of a privileged network user
  ou="CN=Computers,DC=domain,DC=school,DC=edu"          # Distinguished name of container for the computer
  # Advanced options
  alldomains="enable"               # 'enable' or 'disable' automatic multi-domain authentication
  localhome="enable"               # 'enable' or 'disable' force home directory to local drive
  protocol="smb"                    # 'afp' or 'smb' change how home is mounted from server
  mobile="enable"               # 'enable' or 'disable' mobile account support for offline logon
  mobileconfirm="disable"          # 'enable' or 'disable' warn the user that a mobile acct will be created
  useuncpath="disable"               # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
  user_shell="/bin/bash"          # e.g., /bin/bash or "none"
  preferred="-nopreferred"     # Use the specified server for all Directory lookups and authentication
  # (e.g. "-nopreferred" or "-preferred ad.server.edu")
  admingroups="YOURDOMAIN\domain admins"     # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\mac admins")
  # Login hook setting -- specify the path to a login hook that you want to run instead of this script
  ### End of configuration
  # Activate the AD plugin
  defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
  plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
  sleep 5
  # Bind to AD
  dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
  # Configure advanced AD plugin options
  if [ "$admingroups" = "" ]; then
  dsconfigad -nogroups
  else
  dsconfigad -groups "$admingroups"
  fi
  dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
  -mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
  -shell $user_shell $preferred
  # Restart DirectoryService (necessary to reload AD plugin activation settings)
  killall DirectoryService
  # Add the AD node to the search path
  if [ "$alldomains" = "enable" ]; then
  csp="/Active Directory/All Domains"
  else
  csp="/Active Directory/$domain"
  fi
  #dscl /Search -create / SearchPolicy CSPSearchPath
  #dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
  #dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
  #dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
  # This works in a pinch if the above code does not
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
  defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
  defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
  defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 3
  plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist

• Error binding mac os x 10.7 to server 2008 standard

  Hi guys,
  I have an issue......i have to join a MBK pro to a server and below are the details:
  I have Mac OS X 10.7.4 latest updates installed on the mbk pro and i have a windows server 2008 standard service pack 2.
  when i tried to join the domain it returns an authentication error i tried every possibilities but in vain......anyone out there tried it before?????

  You could try booting from an external USB hard drive and using a data recovery utility like Data Rescue X.  Your mileage will vary depending on the circumstances.  I would only try recovering data files and not recover the whole system.  No sense fooling with an OS when it is trivial to reinstall and know it is working.  Make an image of a freshly configured OS to aid in recovery like this.
  Retrieve your documents & preferences if you are lucky.   The data may still be there, but file names and other meta data may not be recoverable.   If file names are not recoverable, then you will have tons of files to sort through trying to make sense of what is what.  They are sorted by type, but you will be surprised at the number of such files used by the system and in temp/cache files.  I recently had a case where someone deleted a bunch of files and then emptied the Trash.  I got the files back, but with no file names.  I was unable to find a way to retrieve the file names and even asked a forensic recovery expert for any reasonably priced software to do it.
  If this is your only Apple computer and you need to make a bootable  external drive, then make sure to install OSX on the external drive and not on the internal drive you are trying to recover.

• Static binds, MAC vs Client ID?

  On the SG300 & 500 I always seem to have issue with devices that have reserved IPs.  It seems if I enter its MAC in the reservations table for some devices it won't receive the assigned IP until I remove the MAC and use a Client ID instead but on other devices if Use a client id in the table it won't recieve the proper IP until I remove the clent id and enter its MAC.  When using dumber devices that only allow a MAC in their reservation tables it always used to work but on these switches it seems to be a crap shoot.  Why?

  Hey Vini, please see-
  https://supportforums.cisco.com/thread/2217882
  https://supportforums.cisco.com/thread/2253559
  -Tom
  Please mark answered for helpful posts
  http://blogs.cisco.com/smallbusiness/

• IP-MAC Binding for WLC-5508

  Hello!
  I am having problem in configuring wlc 5508, in a security option i applied mac-filtering and it works fine.
  Now I need to configure ip-mac address binding, i tried both with gui and cli method but it is not working. While configuring mac-filtering on gui there is a option to define ip address, after defining xx.xx.xx.xx ip address for device xx it is not peaking particular ip from the pool.  
  mac-filtering is still working with out issue.
  Also tried with cli.....
  Looking through the configuration guide i tried every possible ways but couldn't get any resolution.
  mac-binding, mac-filtering is enable,
  What will be the possible causes of this?
  does it support mac-ip binding in its local database?
  I would be thankful in your any suggestions and advises!  
  Nikhil

  Thanks for reply David,
  Currently user are authenticate from mac address and we want IP-MAC base authentication in cisco 5508 controller.
  we are facing some problem that in stead of ip-mac pair only mac address is authenticate.
  can u guide me that how can i authenticate IP-MAC pair in cisco 5508 controller?
  or Is this possible on Cisco 5508 controller as it is showing ip address field in GUI option?
  i am waiting your reply.

• MAC Filter Binded to a Particular Username

  Hi,
  I have a specific requirement to bind MAC address of a particular user to the username (Using EAP-FAST with ACS 4.2). The user should be authenticated only if he is using the particular client adapter (MAC address) with correct username.
  I have one 2125 WLC with 1130 APs.
  Thanks.

  This discussion area is for apple routers actually.. and although it gives lots of problems it doesn't tend to not appear at all..
  You are posting in the wrong area.. since this is a laptop error or more likely a purely Yosemite issue..
  So lets see what we can do.. Not all wireless is created equal.
  Beetel (ADSL2 + Router)
  Please set the wireless in this router to a different name, short, no spaces and pure alphanumeric.... set to a fixed wireless channel eg.. 8 or 9 for 2.4ghz and turn off all wireless security. Especially you must not hide the wireless.. this is just a test to run for a couple of minutes.. then you can change the name and security back again.. it is to prove compatibility. This reduces the wireless to its lowest common denominator and if it cannot connect on these settings it never will.
  Reboot the Mac and scan for wireless again.. no luck I would say the Mac wireless is simply unable to connect to the particular wireless chip type in the Beetel.. The solution is to plug an Apple router into the beetel and use it in bridge mode.. and create a wireless network.. then the Mac will have less (cannot say No issues).

• Binding to Active Directory - strongauthrequired

  I am trying to bind a 10.4.3 machine to a Windows 2000 Active Directory, but experiencing problems.
  The Active Directory plugin hits step 5 then displays "Unable to access domain controller: This computer is unable to access the domain controller for an unknown reason".
  A look at the contents of ./Library/Preferences/edu.mit.Kerberos shows that the machine has got the correct Domain Controllers for the domain (all be them rather odd choices, on sites that are some distance away).
  I've captured the traffic using TCPDump and analysed on a WinXP box using Ethereal, and it seems that the Bind request is being answered by:
  'Bind Result, StrongAuthRequired'
  with further info in the packet:
  'The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v893'
  I've analysed the traffic of an XP machine binding as well, and it seems that at exactly the same point it receives a 'bind success' packet. The only obvious difference I can see is that the OS X box shows the SASL mechanism as GSSAPI, and the XP machine shows it as GSS-SPNEGO.
  They are both using port 389 (which certainly doesn't imply the use of SSL).
  I've investigated the frequently mentioned 'Digitally sign client communication' Domain Security Policy settings, and haev replicating them in my test network (which has been tested with default settings and the machine binds successfully), and that still results in a successful bind so I'm not convinced they are related.
  If anyone else has any other suggests they'd be greatly appreciated!
  iBook   Mac OS X (10.4.3)  

  We've now got to the bottom of this problem, it's due to a particular policy which demands all clients sign their LDAP communications.
  This setting doesn't appear in the Windows Domain Policy unless you're using a 2003 MMC snap-in, which certainly added to the time it took me to diagnose the problem (Apple's phone support simply said "we don't support the AD module").
  Incase anyone else has the same issue, the registry key in question is:
  HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
  When the key exists and is set to '2' (I'm unsure what '1' would do at present) OS X clients will received the following sequence of packets when binding:
  Mac: Bind Request
  Domain: SASLBindinprogress
  Mac: ACK
  Domain: SASLBindinprogress
  Mac: ACK
  Domain: Bind Result = Fail; StrongAuthRequired
  I'd be interested to hear the official line on this, as it appears that we are now in a situation where we need to reduce our domain security level if we want Macs to be able to bind.
  iBook   Mac OS X (10.4.3)  

• Mac in a Windows domain

  Hi
  How do i bind mac to a windows domain?
  I would appreciate it, if you provide me the steps.

  Hi, see if this site can help, very good step by steps if they have what you're looking for...
  http://www.ifelix.co.uk/tech/

• AP 2700 - 2 MAC addresses - problem with joining to the WLC

  Hi,
  I had a problem with joining my new AP 2700 to the controller. I've found workaround but I would like to ask you if you know if this behavior is a some kind of bug or maybe feature :)
  I have DHCP server which assigns IP address base on the binding MAC address with the IP address. Without binding, IP won't be assigned so I added MAC address from the AP sticker (MAC and SN number is on the sticker at the back of each AP) to the DHCP, connected AP to the switch port which was configured exactly the same way like other ports on this switch where older AP are working fine and.... nothing. IP address was not assigned. There was no DHCP request in the DHCP server logs.
  During the investigation I've found that AP present 2 MAC addresses on the switch interface:
  switch#sh mac address-table interface fa1/1
  Mac Address Table
  Vlan Mac Address Type Ports
  11 58f3.54c1.2cb3 DYNAMIC Fa1/1
  11 58f3.54c1.2cb4 DYNAMIC Fa1/1
  The first one (58f3.54c1.2cb3) is a "sticker" MAC address but the second one (58f3.54c1.2cb4) is something new. Looking in to the DHCP logs I've found log that this second MAC address (58f3.54c1.2cb4) tried to get IP address but it was not possible because this MAC was not binding with any IP address so DHCP server refuse. I added this second MAC (58f3.54c1.2cb4) to the DHCP server, AP get IP address, join to the WLC, download software, reboot and ... this MAC address disappear.
  switch#sh mac address-table interface fa1/1
  Mac Address Table
  Vlan Mac Address Type Ports
  11 58f3.54c1.2cb3 DYNAMIC Fa1/1
  Software I had on the AP before joining to the WLC was:
  Version :
  Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1)
  now I have (after downloaded from the WLC)
  Version :
  Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
  Do anyone know what happen?

  (WLC1) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.95.16
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC1
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. Disabled
  IP Address....................................... 10.10.10.10
  Last Reset....................................... Software reset
  System Up Time................................... 25 days 2 hrs 53 mins 5 secs
  System Timezone Location.........................
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... US - United States
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +44 C
  External Temperature............................. +22 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Disabled
  Number of WLANs.................................. 6
  Number of Active Clients......................... 25
  Burned-in MAC Address............................ XX:XX:XX:XX:XX:XX
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Present, OK
  Maximum number of APs supported.................. 25
  (WLC1) >show time
  Time............................................. Thu Apr 9 13:51:00 2015
  Timezone delta................................... 0:0
  Timezone location................................
  NTP Servers
  NTP Polling Interval......................... 3600
  Index NTP Key Index NTP Server NTP Msg Auth Status
  1 0 10.10.10.11 AUTH DISABLED
  It's look like AP doesn't allow for console login or commands it just only show activity. After rebooting the WLC I get information:
  Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1)