Parallels Desktop 8 for Mac is lets you seamlessly run Windows and Mac applications side-by-side

Login | Register

Post new topic Reply to topic  [ 12 posts ] 

Wed Sep 07, 2011 3:27 am

Offline
Joined: Wed Sep 07, 2011 2:22 am
Posts: 7

Hi everybody.

In my lab I bound some Mac clients to a schema extended Windows Server 2008 R2 based Active Directory.

The 10.6.8 clients can be managed using computer lists, while the 10.7.1 machines ignore these settings. I had a look at /etc/openldap/schema/apple.schema on both Mac OS X 10.6.x and 10.7.x machines, and the entries for computer lists haven't changed with 10.7.

Settings for computer accounts, though, will be applied on both 10.6 and 10.7.

Has anyone experienced the same thing?

Kind regards,

André



Top Top
  Profile

Tue Oct 18, 2011 7:50 pm

Offline
Joined: Tue Oct 18, 2011 7:46 pm
Posts: 3

You need to edit the Active Directory Template located at /System/Library/Open Directory/Templates.

Specifically, find the "Computer Lists" section and remove the info key which contains the invalid Search Base. This will allow you to see AD Computer Lists.



Top Top
  Profile

Thu Oct 20, 2011 9:36 am

Offline
Joined: Wed Sep 07, 2011 2:22 am
Posts: 7

Hi Willard,

I tried that, but it didn't work for me. I rebound the machine after editing the AD template file, but still no success.

Does this work in your lab?

Kind regards and thanks a lot for your help,

André



Top Top
  Profile

Mon Oct 24, 2011 1:01 am

Offline
Site Admin
Joined: Wed May 12, 2010 7:45 pm
Posts: 179

Have you tried updating to 10.7.2? It's supposed to fix some Active Directory problems, (though people are still reporting problems).

_________________
John Rizzo
MacWindows.com



Top Top
  Profile

Mon Oct 24, 2011 4:04 am

Offline
Joined: Wed Sep 07, 2011 2:22 am
Posts: 7

Hi John,

yes, I am running 10.7.2, now. Doesn't work either.

Kind regards,

André



Top Top
  Profile

Sun Nov 27, 2011 1:02 pm

Offline
Joined: Tue Oct 18, 2011 7:46 pm
Posts: 3

We have edited the Active Directory template, specifically removing the "Search Base" key and immediately our 10.7 machines are able to see/process computer lists without any issues.

Problem is each revision update restores the template. Thus, I had to create a daemon that checks for the existence of this key and if present, runs a script to fix it.

Hopefully, apple fixes this with 10.7.3.



Top Top
  Profile

Tue Dec 06, 2011 6:27 am

Offline
Joined: Wed Sep 07, 2011 2:22 am
Posts: 7

Hello kwillard,

just to make sure I got it right:

on a 10.7.x client, which is bound to an Active Directory, you opened the file "/System/Library/OpenDirectory/Templates/Active Directory.plist" and removed this part:

<key>info</key>
<dict>
<key>Group Object Classes</key>
<string>OR</string>
<key>Object Classes</key>
<array>
<string>apple-computer-list</string>
</array>
<key>Search Base</key>
<string>cn=Mac OS X, %!</string>
</dict>

Whenever I delete this, save the file, restart the client, I even don't see computerlists in Workgroup Manager anymore.

If instead I only delete the part

<key>Search Base</key>
<string>cn=Mac OS X, %!</string>

then Workgroup Manager still sees computerlists, yet, any settings applied there still have no effect.

Have I got something wrong here?

I'd appreciate your input on this.

Kind regards,

André



Top Top
  Profile

Wed Feb 08, 2012 7:23 am

Offline
Joined: Wed Sep 07, 2011 2:22 am
Posts: 7

Still doesn't work with OS X 10.7.3.



Top Top
  Profile

Wed Feb 08, 2012 8:42 am

Offline
Joined: Tue Oct 18, 2011 7:46 pm
Posts: 3

Correct, 10.7.3 simply resets the template to default thus re-adding the "info" line under the ComputerLists key. It will need to be edited again or scripted to check whether the line exists and if so, remove it.



Top Top
  Profile

Wed Feb 08, 2012 9:58 am

Offline
Joined: Wed Sep 07, 2011 2:22 am
Posts: 7

kwillard wrote:
Correct, 10.7.3 simply resets the template to default thus re-adding the "info" line under the ComputerLists key. It will need to be edited again or scripted to check whether the line exists and if so, remove it.


Hey kwillard,

can we get in touch directly? Doesn't work for me at all, so I'd really like to understand the fix, please.



Top Top
  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum


Search for:
Jump to:  

OS X Mountain Lion Server for Dummies
By John Rizzo

Simplifies the installation, configuration, and management of Apple's OS X Server software. Support Mac and Windows clients for file sharing, email, and directory services; Install software to your iOS devices and Macs. Incorporate a Mac subnet into a Windows Active Directory domain, manage Mac and Windows clients, and configure security options, and more. Click here for more.

Serving the cross-platform community since November 15, 1997. Copyright 2010-2013 John Rizzo. All rights reserved.
Powered by phpBB