Mac OS X v10.5: Binding to Active Directory stops working
Products Affected
Mac OS X Server 10.5, Mac OS X 10.5
Symptoms
A Mac OS X 10.5 client or Server may appear to be bound to Active Directory in Directory Utility, but accessing Active Directory resources may not work or may time out. Unbinding and rebinding the computer to Active Directory also may not resolve the issue.
Resolution
Update to Mac OS X v10.5.7 or later
Update the client to Mac OS X v10.5.7 or later; update the server to Mac OS X Server v10.5.7 or later.
Check DNS consistency
If the issue persists, review this article to ensure that the issue is not related to DNS.
Re-create certain Kerberos configuration files
If the issue persists after verifying DNS consistency, certain Kerberos configuration files used by Mac OS X may need to be created again.
To remove and re-create the files, execute the Terminal commands listed below:
sudo -s
cd /var/db/dslocal/nodes/Default/config
ls -l Kerberos:*
Note: The above command lists all the Kerberos realms configured on the computer. Each Active Directory domain is represented by a separate realm file. Locate those that match your Active Directory domain(s) and remove them with the following command (the backslash before the colon is required):
rm Kerberos\:AD.DOMAIN.NAME
Once removed, enter the following command to restart DirectoryService and rebuild the Kerberos configuration files upon your next connection to Active Directory:
sudo killall DirectoryService
Additional Information
TIp: If you use anti-virus software that performs real-time scanning, configure the software so it does not scan the /var/db/dslocal/ directory path. This may help avoid issues from occurring with certain Kerberos configuration files.
Twitter
Facebook