Friday, February 21, 2014

Accessing an AD with MAC OS X: Troubleshooting Binding Issues / Login Issues

- Time Configuration

The AD binding uses Kerberos for authentication, and if the MAC system clock slips beyond the five-minute tolerance, the authentication will fail and the user can´t log on. Set the Domain Controller as time source on the client, to avoid this problem!


- Confirming DNS

Check DNS Services

MACclient1:~ cadmin$ host -t SRV _ldap._tcp.YourDomain.com
_ldap._tcp.YourDomain.com has SRV record 0 100 389 DC01.YourDomain.com.

MACclient1:~ cadmin$ host -t SRV _kerberos._tcp.YourDomain.com
_kerberos._tcp.YourDomain.com has SRV record 0 100 88 DC01.YourDomain.com.

 MACclient1:~ cadmin$ host -t SRV _kpasswd._tcp.YourDomain.com
_kpasswd._tcp.YourDomain.com has SRV record 0 100 464 DC01.YourDomain.com.

MACclient1:~ cadmin$ host -t SRV _gc._tcp.YourDomain.com
_gc._tcp.YourDomain.com has SRV record 0 100 3268 DC01.YourDomain.com.


- Check Service Ports

LDAP
MACclient1:~ cadmin$ telnet DC01.YourDomain.com 389
Kerberos
MACclient1:~ cadmin$ telnet DC01.YourDomain.com 88
Kpasswd
MACclient1:~ cadmin$ telnet DC01.YourDomain.com 464
GC
MACclient1:~ cadmin$ telnet DC01.YourDomain.com 3268
DNS
MACclient1:~ cadmin$ telnet DC01.YourDomain.com 53


-
Eingestellt von
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)