I am at a loss. Maybe someone in these forums has some experience with what I am going to describe, and/or shed some light on what could possibly be wrong.
I work in an environment that has been dual platform (Mac/Windows), for many years. The windows machines always talked to the windows servers, and the Mac gear talked to Mac servers.
This year we had a mega influx of new Mac equipment. Laptops, iMacs, iPads etc. We decided to finally have the Mac bind to AD, since it made sense for things like Internet filtering by groups, a single set of credentials for login/mail/googledocs etc. AD makes sense for a number of reasons in this environment, so I dont want to really dispute that in this post.
Here is what happened. I hired a Mac engineer to come out, look at our system (just added Casper Suite as well). Told them how we want to manage, and that we also want to bind to AD, but also provide some services on some older server OSes. The plan became to have AD binding, set up some OD servers to interact with AD, and use Casper Suite to push/pull things we needed. Seemed simple enough except we needed to add 20 or so more servers to the mix for OD purposes (which we havent done yet so the environment hasnt changed at all).
All clients are running 10.8.1. The DC servers are 2008R2. The OD server is 10.8. We bound the machines via script from casper (actually I think it is now built into the image we are using), created home shares on the windows network for users to save data, made sure OD was bound to AD. Tried logging in on the Mac with AD credentials, and everything worked great. Left for the weekend, and came back to an inability to log into the Macs. No error number, it just says that an error occurred in a window with a picture of a small house in the upper left corner.
We made sure the binding was to the full domain name, there are only 2 dc machines that handle login, and they were both running smoothly, this worked one day with every user account we tried. We made up some new users just to verify that it worked, and it did. 3 days later, absolutely nothing works. No account can log in.
We tried rebooting the OD server. Nothing. Fresh image. Nothing. Fresh install/rebind. Nothing. All of the sudden one account worked. We noticed that some accounts had a home folder created in the new area that we would be using to house home folders (I think the person making sure the home folders were created just had not finished yet). We thought...wait maybe the error is because the home folders dont yet exist for everyone. We made a few more, and a few more people could log in. Then just to rule it out, we made a new user with no home folder. That new user could log in with no issues. Suddenly, only a few of us could log in, yet nothing had been changed.
I am basically at my wits end with this issue. I want to bind, just for the sake of using AD to perform some functions that make life easier. I am wondering if it is just a huge waste of time, and energy. Can anyone think of what could cause this random issue? Even the AD expert and Mac engineer were at a loss. They combed through the AD, and the network looking for some sign of trouble, but came up with nothing. Any ideas/suggestions/comments welcome.
I work in an environment that has been dual platform (Mac/Windows), for many years. The windows machines always talked to the windows servers, and the Mac gear talked to Mac servers.
This year we had a mega influx of new Mac equipment. Laptops, iMacs, iPads etc. We decided to finally have the Mac bind to AD, since it made sense for things like Internet filtering by groups, a single set of credentials for login/mail/googledocs etc. AD makes sense for a number of reasons in this environment, so I dont want to really dispute that in this post.
Here is what happened. I hired a Mac engineer to come out, look at our system (just added Casper Suite as well). Told them how we want to manage, and that we also want to bind to AD, but also provide some services on some older server OSes. The plan became to have AD binding, set up some OD servers to interact with AD, and use Casper Suite to push/pull things we needed. Seemed simple enough except we needed to add 20 or so more servers to the mix for OD purposes (which we havent done yet so the environment hasnt changed at all).
All clients are running 10.8.1. The DC servers are 2008R2. The OD server is 10.8. We bound the machines via script from casper (actually I think it is now built into the image we are using), created home shares on the windows network for users to save data, made sure OD was bound to AD. Tried logging in on the Mac with AD credentials, and everything worked great. Left for the weekend, and came back to an inability to log into the Macs. No error number, it just says that an error occurred in a window with a picture of a small house in the upper left corner.
We made sure the binding was to the full domain name, there are only 2 dc machines that handle login, and they were both running smoothly, this worked one day with every user account we tried. We made up some new users just to verify that it worked, and it did. 3 days later, absolutely nothing works. No account can log in.
We tried rebooting the OD server. Nothing. Fresh image. Nothing. Fresh install/rebind. Nothing. All of the sudden one account worked. We noticed that some accounts had a home folder created in the new area that we would be using to house home folders (I think the person making sure the home folders were created just had not finished yet). We thought...wait maybe the error is because the home folders dont yet exist for everyone. We made a few more, and a few more people could log in. Then just to rule it out, we made a new user with no home folder. That new user could log in with no issues. Suddenly, only a few of us could log in, yet nothing had been changed.
I am basically at my wits end with this issue. I want to bind, just for the sake of using AD to perform some functions that make life easier. I am wondering if it is just a huge waste of time, and energy. Can anyone think of what could cause this random issue? Even the AD expert and Mac engineer were at a loss. They combed through the AD, and the network looking for some sign of trouble, but came up with nothing. Any ideas/suggestions/comments welcome.
