![]() ![]() If you need help with isolating and fixing the problem, I suggest you contact Apple support. DNS, clock skew between client and MDC, expired or missing OD certificates, or even an expired password (if you've enable password policies in OD). There are a number of places this can fail, e.g. It does this by connecting to the MDC via LDAP with TLS using Kerberos authentication. The profile install error most likely indicates (rather unhelpfully) that the client couldn't obtain the Xsan config from the MDC. This looks like an OpenDirectory problem. This centralizes SAN membership control within Profile Manager, and reduces future confusion and future administrative overhead. All controllers must be enrolled in Device Management of the same Profile Manager.Įnroll each SAN client into Device Management of Profile Manager, and add them to the SAN client Device Group.Īpple recommends all SAN clients be in the same Device Group, and that the group be the only Device Group which contains the Xsan payload for this SAN. This enrollment is required even if Profile Manager is running on one of the Xsan metadata controllers. In Profile Manager, create a Device Group for the SAN clients.Įnroll at least one of the Xsan controllers in Device Management of Profile Manager. After adding new clients to device manager and installing the trust profile, I was able manually install the Xsan config profile successfully on new Xsan clients. I found that profile manager is required and followed these steps to get the config profile installed successfully on new xsan clients. I ran into the dreaded CPDomainPlugin: error 101 as well. I apologize for my bad English, and I hope to have been sufficiently clear. Unfortunately I can't bind computers to or both domains will be migrated to within few months, and also I have limited administrative rights on. Network users do NOT connect or create their home directories.Īt the reboot the tiny domain disappears from the Login Options but remains in the "Authentication Search policy" and "Contacts" of UD I can modify the various options of "Utility Directory (UD)", but they seem to be a cause (or at any rate a concurrent cause) of the problemĪfter the reboot I can add the "new" domain (the one in uppercase) to the "Authentication Search policy" but I CANNOT browse the "Active Directory/MYDOMAIN/All Domains" with the "directory editor" of UD, and I get a popup reporting the error "Connection to the directory server failed (2100)" In the login options of the system preferences appear two domains one in lower case and one in upper case Īt this point in the login options appears a second domain in uppercase (MYDOMAIN) with the same problems reported in the discussion that I cited previously, so summarizing. ![]() The domain in the login options appears with lowercase letters (mydomain), which is wrong in my opinion, and initially seems to work at least until I try to change any option of UD ("Create mobile account at login" and/or" Allow administration by." ) and save the changes or restart the computer. The network users connect correctly and create their Home directories.Īt reboot everything continues to work properly (or so it seems) Navigate the "Active Directory/MYDOMAIN2/All Domains" with the "directory editor" of UD I can modify the various options of "Utility Directory (UD)". ![]() The domain in the login options of the system preferences appears correctly with capital letters (MYDOMAIN2) Trying the binding on things seem to work I have "almost" the same problem reported at this link Big Sur troubles with Active Directory I state that in our company there are three different domainsĬ ( is the external address) ![]()
0 Comments
Leave a Reply. |