Re: Getting MacBook Pro to authenticate with AD (SBS environment)
- From: William Smith <mecklists@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 06 Dec 2006 22:08:03 -0600
In article <O4jdU7PGHHA.1252@xxxxxxxxxxxxxxxxxxxx>,
"Helen Mooc" <hmooc@xxxxxxxxxx> wrote:
Good evening!
Just wondering if any of you geniuses have been able to get MacBook Pro to
authenticate with SBS server and still able to log in after taking the
notebook off of the network. For the life of me, I can't seem to get that to
work. I have contacted Apple Support but they have no clue what I am talking
about (meaning getting the laptop to authenticate with AD). They told me to
create another account called the "username" and give local admin rights to
it. That is not what I want. I know how to do that but I want to be able to
set up this laptop where the user is able to log into the network and if she
decide to take the laptop home to work that she will be able to log in
locally.
Hi Helen!
I think I understand your problem and everything you're doing sounds
fine. If your user's problem is that she can log in quickly while
connected to the network but off the network the login takes a long time
then the issue is that your Mac is trying to connect to a domain
controller that isn't available. It's a documented bug.
I've found that while connected to your company network (probably via
Ethernet cable) be sure that wireless networking is turned off.
Shutdown, move off the network and then she'll probably be able to log
in normally. If necessary, enable wireless networking after logging in.
Basically, make sure that no network connection is active while trying
to log in away from the AD network.
The following is an excerpt from the MacEnterprise mailing list around
mid-November and was posted by Jeremy Reichman:
If this is happening when the computer is in range of a wireless network or
connected to another wired network -- either of which is not your
organization's network -- then it has been discussed on the list this summer
and fall. It might have been easy to miss the threads, even in the archives..
It seems to happen when Active Directory domain controllers are
visible/resolvable (i.e. scutil -r may show them as "Reachable") but not
otherwise responding to traffic.
In those threads and subsequent conversations, a few distinct ideas I recall
came up:
* Remove Active Directory from the Authentication path in Directory
Access, but make sure you are using only Mobile accounts (the accounts must
be cached since you will no longer be communicating with Active Directory)
* Reduce the four timeouts in the ActiveDirectory.plist from 200 to some
smaller number, so that failover to mobile accounts occurs more quickly when
domain controllers are not available
* Split DNS to make your domain controllers not be visible from outside
your own network.
Hope this helps! bill
--
William M. Smith
(Microsoft Interop MVP - Mac/Windows)
.
- Follow-Ups:
- Re: Getting MacBook Pro to authenticate with AD (SBS environment)
- From: Helen Mooc
- Re: Getting MacBook Pro to authenticate with AD (SBS environment)
- References:
- Getting MacBook Pro to authenticate with AD (SBS environment)
- From: Helen Mooc
- Getting MacBook Pro to authenticate with AD (SBS environment)
- Prev by Date: Getting MacBook Pro to authenticate with AD (SBS environment)
- Next by Date: Re: Getting MacBook Pro to authenticate with AD (SBS environment)
- Previous by thread: Getting MacBook Pro to authenticate with AD (SBS environment)
- Next by thread: Re: Getting MacBook Pro to authenticate with AD (SBS environment)
- Index(es):
Relevant Pages
|
