Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.4: Binding to single-label Active Directory domains' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Binding to single-label Active Directory domains
Authored by: smanzo on Mar 14, '06 11:29:41AM

Okay, first off... Enabling both the Active Directory and the SMB/CIFS plugin is redundant. SMB/CIFS is for workgroups or NT4/Samba domains, not AD.

You mention giving the "correct" user credentials.... Unless these credentials are for a Domain Administrator account (OR you've specifically changed permissions on the OU structures to allow the account used Write and Delete of Computer objects), you won't be able to put the computer anywhere other than CN=Computers, DC=yourdomain. Make special note of that... the default places for Computers and Users are both Containers (CN), not Organizational Units(OU), and are designated as such in AD. THIS is the likely source of your problems.

Another side note... ANY AD user account can, by default, join up to 10 machines to the domain, as long as they are dropped into CN=Computers (or the new default if you've redirected this)

[ Reply to This | # ]
10.4: Binding to single-label Active Directory domains
Authored by: redclawx on Mar 14, '06 02:20:30PM

If you don't have the SMB/CIFS active then you won't be able to browse the network for SMB/CIFS computers, (i.e. Windows file shares.) In my environment we have three (for lack of a better term) main network paths. The only one currently supported is AD. For the Macintosh environment, browsing to Network/Delta will get you to the SMB share points for most everything on the network. The other two unsupported paths are the standard Windows SMB "Workgroup" and the AFP path.

By turning off SMB/CIFS the only item brows-able is AFP, at least with our setup.

[ Reply to This | # ]