Mac OS X 10.8 not binding to Windows domain
I have five iMacs with OSX 10.8.5. Two of the iMacs are binding to Windows domain server (2012) successfully. But I can’t bind remaining three iMac machines, and it is showing authentication error 5202, 5200 error and some times it shows 2000 error. It is able to access windows share using domain user ID.
There is no issue when binding any Windows OS version (XP/7/8) to the domain.
I have checked the following things:
- Verify the time of iMacs with Windows server
- DNS resolution
Please suggest a solution.
windows macos active-directory
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
asked Mar 16 '14 at 18:14
user308211
31114
add a comment |
I have five iMacs with OSX 10.8.5. Two of the iMacs are binding to Windows domain server (2012) successfully. But I can’t bind remaining three iMac machines, and it is showing authentication error 5202, 5200 error and some times it shows 2000 error. It is able to access windows share using domain user ID.
There is no issue when binding any Windows OS version (XP/7/8) to the domain.
I have checked the following things:
- Verify the time of iMacs with Windows server
- DNS resolution
Please suggest a solution.
windows macos active-directory
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
asked Mar 16 '14 at 18:14
user308211
31114
add a comment |
I have five iMacs with OSX 10.8.5. Two of the iMacs are binding to Windows domain server (2012) successfully. But I can’t bind remaining three iMac machines, and it is showing authentication error 5202, 5200 error and some times it shows 2000 error. It is able to access windows share using domain user ID.
There is no issue when binding any Windows OS version (XP/7/8) to the domain.
I have checked the following things:
- Verify the time of iMacs with Windows server
- DNS resolution
Please suggest a solution.
windows macos active-directory
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
asked Mar 16 '14 at 18:14
user308211
31114
I have five iMacs with OSX 10.8.5. Two of the iMacs are binding to Windows domain server (2012) successfully. But I can’t bind remaining three iMac machines, and it is showing authentication error 5202, 5200 error and some times it shows 2000 error. It is able to access windows share using domain user ID.
There is no issue when binding any Windows OS version (XP/7/8) to the domain.
I have checked the following things:
- Verify the time of iMacs with Windows server
- DNS resolution
Please suggest a solution.
windows macos active-directory
windows macos active-directory
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
asked Mar 16 '14 at 18:14
user308211
31114
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
asked Mar 16 '14 at 18:14
user308211
31114
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
edited Mar 12 '15 at 5:06
JakeGould
31k1093137
31k1093137
asked Mar 16 '14 at 18:14
user308211
31114
asked Mar 16 '14 at 18:14
user308211
31114
asked Mar 16 '14 at 18:14
user308211
31114
31114
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Are you using 10.0.8 or 10.8? Hopefully the latter. Here's where I'd start
- Try running
dsconfigad -showand make sure that the computer account matches what you see in ADU&C on your Windows Server. If your Mac had spaces in the name (e.g., My Cool Mac), your AD server might not be interpreting it correctly. Also make sure your advanced Administrative options are not in conflict - I've experienced issues on Macs when the 3 different computer names are out of sync. Run
scutiland make sure that HostName, ComputerName and LocalHostName are all in sync. You can use the --set option to modify them. - Make sure that the accounts joining to the domain have enough rights to join to the OU you've specified and that the user's AD group has access to login to the mac from the network. You can do this from the Directory Utility.
HTH
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option ofdsconfigadto remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.
– SaxDaddy
Mar 19 '14 at 18:20
add a comment |
We had this error:
dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)
and in the /var/log/opendirectoryd.log
...
2016-03-10 11:08:30.210484 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_get_init_creds: KRB-ERROR -1765328378/Client (XXXX@YYYY.COM) unknown
2016-03-10 11:08:30.210505 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - password verify for XXXX@YYYY.COM failed with error -1765328378 - 'Client (XXXX@YYYY.COM) unknown'
2016-03-10 11:08:30.210574 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential server error' (5202)
...
joining a machine running 10.11.x that had been unbound from the domain. Nothing would allow it to bind - using either OpenDirectory or dsconfigad
The fix was deleting the following:
/var/db/dslocal/nodes/Default/config/
/etc/krb5.keytab
/Library/Preferences/OpenDirectory
This issue affected two machines which have now been able to successfully bind.
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
answered Mar 11 '16 at 10:31
James Blackburn
1012
2
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f729776%2fmac-os-x-10-8-not-binding-to-windows-domain%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Are you using 10.0.8 or 10.8? Hopefully the latter. Here's where I'd start
- Try running
dsconfigad -showand make sure that the computer account matches what you see in ADU&C on your Windows Server. If your Mac had spaces in the name (e.g., My Cool Mac), your AD server might not be interpreting it correctly. Also make sure your advanced Administrative options are not in conflict - I've experienced issues on Macs when the 3 different computer names are out of sync. Run
scutiland make sure that HostName, ComputerName and LocalHostName are all in sync. You can use the --set option to modify them. - Make sure that the accounts joining to the domain have enough rights to join to the OU you've specified and that the user's AD group has access to login to the mac from the network. You can do this from the Directory Utility.
HTH
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option ofdsconfigadto remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.
– SaxDaddy
Mar 19 '14 at 18:20
add a comment |
Are you using 10.0.8 or 10.8? Hopefully the latter. Here's where I'd start
- Try running
dsconfigad -showand make sure that the computer account matches what you see in ADU&C on your Windows Server. If your Mac had spaces in the name (e.g., My Cool Mac), your AD server might not be interpreting it correctly. Also make sure your advanced Administrative options are not in conflict - I've experienced issues on Macs when the 3 different computer names are out of sync. Run
scutiland make sure that HostName, ComputerName and LocalHostName are all in sync. You can use the --set option to modify them. - Make sure that the accounts joining to the domain have enough rights to join to the OU you've specified and that the user's AD group has access to login to the mac from the network. You can do this from the Directory Utility.
HTH
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option ofdsconfigadto remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.
– SaxDaddy
Mar 19 '14 at 18:20
add a comment |
Are you using 10.0.8 or 10.8? Hopefully the latter. Here's where I'd start
- Try running
dsconfigad -showand make sure that the computer account matches what you see in ADU&C on your Windows Server. If your Mac had spaces in the name (e.g., My Cool Mac), your AD server might not be interpreting it correctly. Also make sure your advanced Administrative options are not in conflict - I've experienced issues on Macs when the 3 different computer names are out of sync. Run
scutiland make sure that HostName, ComputerName and LocalHostName are all in sync. You can use the --set option to modify them. - Make sure that the accounts joining to the domain have enough rights to join to the OU you've specified and that the user's AD group has access to login to the mac from the network. You can do this from the Directory Utility.
HTH
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
Are you using 10.0.8 or 10.8? Hopefully the latter. Here's where I'd start
- Try running
dsconfigad -showand make sure that the computer account matches what you see in ADU&C on your Windows Server. If your Mac had spaces in the name (e.g., My Cool Mac), your AD server might not be interpreting it correctly. Also make sure your advanced Administrative options are not in conflict - I've experienced issues on Macs when the 3 different computer names are out of sync. Run
scutiland make sure that HostName, ComputerName and LocalHostName are all in sync. You can use the --set option to modify them. - Make sure that the accounts joining to the domain have enough rights to join to the OU you've specified and that the user's AD group has access to login to the mac from the network. You can do this from the Directory Utility.
HTH
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
answered Mar 17 '14 at 19:44
SaxDaddy
2,8961216
2,8961216
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option ofdsconfigadto remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.
– SaxDaddy
Mar 19 '14 at 18:20
add a comment |
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option ofdsconfigadto remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.
– SaxDaddy
Mar 19 '14 at 18:20
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
I can't add imac machines to windows domain.The dsconfigad -show,for Mac that was already added to domain.
– user308211
Mar 19 '14 at 7:22
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option of
dsconfigad to remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.– SaxDaddy
Mar 19 '14 at 18:20
In my experiences, joining OSX to AD is not as forgiving as joining a Windows box (go figure). Try using the -force option of
dsconfigad to remove it from the domain. Then try adding it back to AD without the -force option. If that fails, try again WITH force. One of these should work. GL.– SaxDaddy
Mar 19 '14 at 18:20
add a comment |
We had this error:
dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)
and in the /var/log/opendirectoryd.log
...
2016-03-10 11:08:30.210484 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_get_init_creds: KRB-ERROR -1765328378/Client (XXXX@YYYY.COM) unknown
2016-03-10 11:08:30.210505 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - password verify for XXXX@YYYY.COM failed with error -1765328378 - 'Client (XXXX@YYYY.COM) unknown'
2016-03-10 11:08:30.210574 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential server error' (5202)
...
joining a machine running 10.11.x that had been unbound from the domain. Nothing would allow it to bind - using either OpenDirectory or dsconfigad
The fix was deleting the following:
/var/db/dslocal/nodes/Default/config/
/etc/krb5.keytab
/Library/Preferences/OpenDirectory
This issue affected two machines which have now been able to successfully bind.
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
answered Mar 11 '16 at 10:31
James Blackburn
1012
2
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
add a comment |
We had this error:
dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)
and in the /var/log/opendirectoryd.log
...
2016-03-10 11:08:30.210484 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_get_init_creds: KRB-ERROR -1765328378/Client (XXXX@YYYY.COM) unknown
2016-03-10 11:08:30.210505 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - password verify for XXXX@YYYY.COM failed with error -1765328378 - 'Client (XXXX@YYYY.COM) unknown'
2016-03-10 11:08:30.210574 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential server error' (5202)
...
joining a machine running 10.11.x that had been unbound from the domain. Nothing would allow it to bind - using either OpenDirectory or dsconfigad
The fix was deleting the following:
/var/db/dslocal/nodes/Default/config/
/etc/krb5.keytab
/Library/Preferences/OpenDirectory
This issue affected two machines which have now been able to successfully bind.
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
answered Mar 11 '16 at 10:31
James Blackburn
1012
2
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
add a comment |
We had this error:
dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)
and in the /var/log/opendirectoryd.log
...
2016-03-10 11:08:30.210484 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_get_init_creds: KRB-ERROR -1765328378/Client (XXXX@YYYY.COM) unknown
2016-03-10 11:08:30.210505 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - password verify for XXXX@YYYY.COM failed with error -1765328378 - 'Client (XXXX@YYYY.COM) unknown'
2016-03-10 11:08:30.210574 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential server error' (5202)
...
joining a machine running 10.11.x that had been unbound from the domain. Nothing would allow it to bind - using either OpenDirectory or dsconfigad
The fix was deleting the following:
/var/db/dslocal/nodes/Default/config/
/etc/krb5.keytab
/Library/Preferences/OpenDirectory
This issue affected two machines which have now been able to successfully bind.
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
answered Mar 11 '16 at 10:31
James Blackburn
1012
We had this error:
dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)
and in the /var/log/opendirectoryd.log
...
2016-03-10 11:08:30.210484 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - krb5.dylib - krb5_get_init_creds: KRB-ERROR -1765328378/Client (XXXX@YYYY.COM) unknown
2016-03-10 11:08:30.210505 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - password verify for XXXX@YYYY.COM failed with error -1765328378 - 'Client (XXXX@YYYY.COM) unknown'
2016-03-10 11:08:30.210574 GMT - AID: 0x0000000000000000 - 1280.6968, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential server error' (5202)
...
joining a machine running 10.11.x that had been unbound from the domain. Nothing would allow it to bind - using either OpenDirectory or dsconfigad
The fix was deleting the following:
/var/db/dslocal/nodes/Default/config/
/etc/krb5.keytab
/Library/Preferences/OpenDirectory
This issue affected two machines which have now been able to successfully bind.
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
answered Mar 11 '16 at 10:31
James Blackburn
1012
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
edited Mar 12 '16 at 12:29
DavidPostill♦
103k25223257
103k25223257
answered Mar 11 '16 at 10:31
James Blackburn
1012
answered Mar 11 '16 at 10:31
James Blackburn
1012
answered Mar 11 '16 at 10:31
James Blackburn
1012
1012
2
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
add a comment |
2
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
2
2
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
beware: we followed these steps and the machine will no longer boot.
– Shaun Wilson
Apr 21 '17 at 22:22
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f729776%2fmac-os-x-10-8-not-binding-to-windows-domain%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
