| MacWindows.com User forum http://www.macwindows.com/forum/ |
|
| OS X Lion seems to ignore AD computer lists http://www.macwindows.com/forum/viewtopic.php?f=2&t=835 |
Page 1 of 2 |
| Author: | aaulich [ Wed Sep 07, 2011 3:27 am ] |
| Post subject: | OS X Lion seems to ignore AD computer lists |
Hi everybody. In my lab I bound some Mac clients to a schema extended Windows Server 2008 R2 based Active Directory. The 10.6.8 clients can be managed using computer lists, while the 10.7.1 machines ignore these settings. I had a look at /etc/openldap/schema/apple.schema on both Mac OS X 10.6.x and 10.7.x machines, and the entries for computer lists haven't changed with 10.7. Settings for computer accounts, though, will be applied on both 10.6 and 10.7. Has anyone experienced the same thing? Kind regards, André |
|
| Author: | kwillard [ Tue Oct 18, 2011 7:50 pm ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
You need to edit the Active Directory Template located at /System/Library/Open Directory/Templates. Specifically, find the "Computer Lists" section and remove the info key which contains the invalid Search Base. This will allow you to see AD Computer Lists. |
|
| Author: | aaulich [ Thu Oct 20, 2011 9:36 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
Hi Willard, I tried that, but it didn't work for me. I rebound the machine after editing the AD template file, but still no success. Does this work in your lab? Kind regards and thanks a lot for your help, André |
|
| Author: | MacWindows [ Mon Oct 24, 2011 1:01 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
Have you tried updating to 10.7.2? It's supposed to fix some Active Directory problems, (though people are still reporting problems). |
|
| Author: | aaulich [ Mon Oct 24, 2011 4:04 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
Hi John, yes, I am running 10.7.2, now. Doesn't work either. Kind regards, André |
|
| Author: | kwillard [ Sun Nov 27, 2011 1:02 pm ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
We have edited the Active Directory template, specifically removing the "Search Base" key and immediately our 10.7 machines are able to see/process computer lists without any issues. Problem is each revision update restores the template. Thus, I had to create a daemon that checks for the existence of this key and if present, runs a script to fix it. Hopefully, apple fixes this with 10.7.3. |
|
| Author: | aaulich [ Tue Dec 06, 2011 6:27 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
Hello kwillard, just to make sure I got it right: on a 10.7.x client, which is bound to an Active Directory, you opened the file "/System/Library/OpenDirectory/Templates/Active Directory.plist" and removed this part: <key>info</key> <dict> <key>Group Object Classes</key> <string>OR</string> <key>Object Classes</key> <array> <string>apple-computer-list</string> </array> <key>Search Base</key> <string>cn=Mac OS X, %!</string> </dict> Whenever I delete this, save the file, restart the client, I even don't see computerlists in Workgroup Manager anymore. If instead I only delete the part <key>Search Base</key> <string>cn=Mac OS X, %!</string> then Workgroup Manager still sees computerlists, yet, any settings applied there still have no effect. Have I got something wrong here? I'd appreciate your input on this. Kind regards, André |
|
| Author: | aaulich [ Wed Feb 08, 2012 7:23 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
Still doesn't work with OS X 10.7.3. |
|
| Author: | kwillard [ Wed Feb 08, 2012 8:42 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
Correct, 10.7.3 simply resets the template to default thus re-adding the "info" line under the ComputerLists key. It will need to be edited again or scripted to check whether the line exists and if so, remove it. |
|
| Author: | aaulich [ Wed Feb 08, 2012 9:58 am ] |
| Post subject: | Re: OS X Lion seems to ignore AD computer lists |
kwillard wrote: Correct, 10.7.3 simply resets the template to default thus re-adding the "info" line under the ComputerLists key. It will need to be edited again or scripted to check whether the line exists and if so, remove it. Hey kwillard, can we get in touch directly? Doesn't work for me at all, so I'd really like to understand the fix, please. |
|
| Page 1 of 2 | All times are UTC - 8 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|