Windows AD Integration Issues
I've got a new iMac G5, and I'm trying to integrate it into a Win2K3 domain.
Using the "Active Directory" setting within the "Directory Access" utility, I've tried setting the AD Forest as "mycompany.com," the AD Domain as "mycompany.com," and the Computer ID as "computername-mac."
I have confirmed that the new Computer ID/host is pingable on the network, and have disabled Microsoft Network Client/Server settings within the Domain Controller Security Policy.
Still, I cannot attach this Mac to the Windows network. Any ideas why? Thanks
Using the "Active Directory" setting within the "Directory Access" utility, I've tried setting the AD Forest as "mycompany.com," the AD Domain as "mycompany.com," and the Computer ID as "computername-mac."
I have confirmed that the new Computer ID/host is pingable on the network, and have disabled Microsoft Network Client/Server settings within the Domain Controller Security Policy.
Still, I cannot attach this Mac to the Windows network. Any ideas why? Thanks
Comments
www.macenterprise.org
They have lots of good info on how to do it. I joined one to a W2K domain and a different one to a W2K3 domain without any problems.
Thoughts?
Make sure this is resolving correctly. Also make sure you turn on NTLM, Kerbrose and NTLMv2 authentification on the domain controller on. This is under the Domain Controller Security Policy under the Administrative Tools. Otherwise I believe a native Windows 2003 domain controller will only accept NTLMv2 which Panther doesn't like.
Also, can you please be a but more specific on the other settings? Where are they located exactly within the DC Security Policy?
Thanks
Second, what are your Mac OS X firewall settings? Pinging the host only tests ICMP traffic, not TCP/UDP which are needed to access AD domains; but since the Mac is initiating connections this shouldn't be a problem.
Third, you should revert any modifications you have made in Domain Controller Security Policy on the server. Windows 2003's default configuration allows Mac OS X to authenticate without any changes.
Also, take a look at these:
http://www.macwindows.com/AD.html#050404
http://www.macwindows.com/Win2003.html