Unable to bind OSX 10.9 to Active Directory 2008

Question

I am struggling to bind OSX 10.9 to a 2008 r2 Active Directory. I can join the domain fine when I boot into Windows from the same machine. From OSX I can find the domain controller successfully and have verified consistency of Active Directory service records (using dig -t SRV _service._tcp.fqdn.example.com to check _ldap, _kerberos, _kpasswd or _gc) but I cannot bind to the domain. I am attempting to join a small network with only one DC.

I receive the message: "Authentication Sever could not be contacted. (5200)"

This is the case whatever method I attempt to use (Join from the Users and Groups pref pane, Bind from the Open Directory utility, using dsconfigad from terminal).

I don't think it is a problem with system time as the time on the client and DC are the same.

Any other suggestions as to the problem or direction as to what to look out for in the log files?

score 0 · Answer 1 · answered Feb 08 '17 at 07:17

This seem to be an issue with Kerberos, you may check your firewall on the windows machine.

You can run this commands to check whats wrong from the OSX side

kinit Administrator@EXAMPLE.ORG

You can also make a trust between OSX Server and Windows AD https://it.uoregon.edu/Magic-Triangle-setup

score 0 · Answer 2 · answered Nov 05 '18 at 20:10

0

You can try to use the following software instead, it's free and it works:

PowerBroker Open Project link

PBIS_Mac_OS_X_Administration_Guide Page **9

Download pbis-open for Mac

answered Nov 05 '18 at 20:10

Dmitriy Kupch

451
2
6

Adam, have you tried the solution I purposed above? – Dmitriy Kupch Nov 07 '18 at 20:33

Unable to bind OSX 10.9 to Active Directory 2008

2 Answers2