OD / AD / Magic Triangle configuration in Snow Leopard Server

10-11  Source: Network gathering  Views:0 

Advertisement
Hi:
I'm working on training / setting up a magic triangle. I've been able to perform the necessary binding of my 10.6.4 Server to the AD, Set up OD as an OD Master connected to AD and finally, binding a client 10.6.4 Mac to both AD and OD. FYI - I'm using the Apple Training Series: Macs OS X Directory Services v10.6 as my guide.
I'm running into issues which are based upon how I connect / authenticate. I tried the 4 scenarios listed below with different results. The first scenario is the way to view/administer the directories according to the training guide. I tried the other 3 scenarios just to see what might happen:
1 - local mac - run WGM and View Directories: Result: Can authenticate to AD directories, but can't authenticate to the OD directory on the OS X server.
2 - local mac - run WGM and Authenticate to OS X Server: Result: Can authenticate to OD directory on the Server, but cannot authenticate to AD directories as AD Administrator
3 - from the OS X Server - run WGM and Authenticate to OS X Server: Result: Automatically authenticate to OD directory on the Server, but cannot authenticate to AD directories as AD Administrator
4 - from the OS X Server - run WGM and View Directories Result: Automatically authenticate to OD directory on the Server, but cannot authenticate to AD directories as AD Administrator
Earlier today, while using #2 scenario, I was able to see the contents of the Active Directory and could even add computers/users to the groups I had created on the server's ldap directory and successfully tested attributes on the users/computers I assigned to the respective groups. This evening though, I can no longer see users/computers in the AD and the users I added to the OD groups have lost their connections - when I look at Members, each listing name initially shows loading then changes to not found. (The ID for each still appears though).
Any ideas? I've completely reset the server configuration for OD and its binding to the Active Directoy a couple of times now, but still can't get it working. I have the sense I've missed some detail here.
Thanks!
It sounds like you lose the AD connection intermittently from at least the server.
You are using the "AD" DNS?
Reverse lookup of the OS X server name works (OS X server name added to forward zone and IP added to reverse zone for your LAN in "AD" DNS)?
In SA, OD, Kerberos is not running (should use AD kerberos realm)?
Anything in logs about this (DirectoryService)?
Related articles