Windows AD Integration Issues

Posted:
in macOS edited January 2014
I've got a new iMac G5, and I'm trying to integrate it into a Win2K3 domain.



Using the "Active Directory" setting within the "Directory Access" utility, I've tried setting the AD Forest as "mycompany.com," the AD Domain as "mycompany.com," and the Computer ID as "computername-mac."



I have confirmed that the new Computer ID/host is pingable on the network, and have disabled Microsoft Network Client/Server settings within the Domain Controller Security Policy.



Still, I cannot attach this Mac to the Windows network. Any ideas why? Thanks

Comments

  • Reply 1 of 9
    chrisgchrisg Posts: 239member
    Are you a admin on the AD Domain, or at-least a user who can add computers?
  • Reply 2 of 9
    Yes I am
  • Reply 3 of 9
    Should work OK. Have you tried consulting this site:



    www.macenterprise.org



    They have lots of good info on how to do it. I joined one to a W2K domain and a different one to a W2K3 domain without any problems.
  • Reply 4 of 9
    I have been asked to ensure the DNS is set correctly, which it is. Also, I've been asked to setup reverse DNS on the DC, which I did, and still it don't work.



    Thoughts?
  • Reply 5 of 9
    first step is to go to your terminal and make sure your DNS is using FQDN resolution. Open a terminal and type: nslookup <domain> where the <domain> is the name of your Active Directory. For example: nslookup mycompany.com



    Make sure this is resolving correctly. Also make sure you turn on NTLM, Kerbrose and NTLMv2 authentification on the domain controller on. This is under the Domain Controller Security Policy under the Administrative Tools. Otherwise I believe a native Windows 2003 domain controller will only accept NTLMv2 which Panther doesn't like.
  • Reply 6 of 9
    I performed nslookup for mycompany.com and the results were OK. Then again, the is no external DNS dependencies to our internal network, so I'm not quite sure why this is important.



    Also, can you please be a but more specific on the other settings? Where are they located exactly within the DC Security Policy?



    Thanks
  • Reply 7 of 9
    Those settings need to set on the Windows 2003 domain controller, not the OS X box.
  • Reply 8 of 9
    Yes I know. I meant can you be more specific inside the DC Security Policy application in the Win2K3 box. Thanks
  • Reply 9 of 9
    First of all, are you getting an error message when you try to join the domain?



    Second, what are your Mac OS X firewall settings? Pinging the host only tests ICMP traffic, not TCP/UDP which are needed to access AD domains; but since the Mac is initiating connections this shouldn't be a problem.



    Third, you should revert any modifications you have made in Domain Controller Security Policy on the server. Windows 2003's default configuration allows Mac OS X to authenticate without any changes.



    Also, take a look at these:



    http://www.macwindows.com/AD.html#050404



    http://www.macwindows.com/Win2003.html
Sign In or Register to comment.