Due to the default 14 day password renewal the Mac looks to the AD server to renew this key but if frozen this key does not get changed and in turn, though the status of AD still shows green and functional users will not be able to authenticate with an AD account. When a Mac is bound to an AD server a private unique key is created between the two. What I found online is that there is a 14 day password renewal period that is a standard 'recommended' by Microsoft in order to keep a good level of trust between client computers and Active Directory server(s).įor everyday use this is not something to worry about but in a lab setting that uses Faronics Deep Freeze the 14 day password renewal will cause issues.
For some reason they lose the ability to authenticate which would usually happens after a couple weeks of a Mac being bound to AD. If you have a suggestion or any ideas I would be happy to try.īelow are links to articles that in some way talk about this issue or similar incidents to what we are having that I have look at:įor sometime now we have had an issue with the Macs keeping bound to AD (Active Directory). I'm going to continue searching the net for fix, cause and whatever else I can find on this but so far nothing has helped.
$15K+ that is required to upgrade all intel machines to Snow Leopard. I'm in the middle of building a Mac OS X Snow Leopard 10.6.2 image to see if this will help but as we have a few hundred machines and 14 campus's in total we do not have the aprox. We though it may have been DNS due to having some duplicates in the system but this issue was cleared up a few months ago and we have not had any more issues with DNS when it comes to that.
We are running out of ideas on how to fix this and what could be causing this. Again, we are running Mac OS X Leopard 10.5.6 - 10.5.8 and this issue exists on each version of the OS.
The OD user is just a backup but it's pretty much in full use as we can not find or resolve the AD dropping issue.įrom what I have read online the issue should have been resolved with the OS X Leopard 10.5.7 update but this is in the case here. We use AD because this allows for tracking of which users log into each machine, who's in what lab, print accounting and more. With a few hundred Macs this is a problem especially where it really only works for a few weeks.Ĭurrently I have changed the campus over to a single OD user to allow students to login when AD breaks but this is not our solution that we want. The fix to resolve this as quick as possible is to basically unbind each client or dump the directory prefs. but with that being said I'm almost guaranteed that within a couple days that lab will stop working as well. What's more odd is that a lab I imaged just a couple days after the ones that stopped working has no issues at all and allows users to login.
If I have two labs I imaged one day they usually both stop working the same day. When this happens it's not just random clients but whole labs. It's green stating that it can reach the AD server but just does not allow users to login. When we look at the Directory Utility everything still looks good. The clients almost all drop the ability to allow an AD user to login.
We can have the entire building imaged, up & running with a working AD login without any issues but after so many weeks AD login stops working.
When a user goes to login they put in their user ID/Password as if they were at a PC (Windows) desktop and the user is granted access to login. All computers are sorted and placed into the proper bins. Binding is smooth and we never have an error with binding. Our AD (Active Directory) has been setup using Windows Server 2003 & Windows Server 208Īll Macs are setup to log into the clients via the AD plug'n. The computers range from iMac G5's, Mac Pro's & iMac Intel Core 2 Duo's. I have a few hundred Macs that are running anywhere between Mac OS X Leopard 10.5.6 - 10.5.8 (Most are 10.5.8 but there are a few labs that require a lower OS version due to software).