Help

Any JSS solutions to Yosemite and .local resolution issue?

Clarke
New Contributor

Posted on ‎12-12-2014 10:25 AM

Unfortunately we have a .local domain and seeing issues with Yosemite and name resolution. We also do not image our Macs, they are configured with image provided.

My investigation have led to the command "discoveryutil mdnsactivedirectory yes" allowing Active Directory to take precedence.

This needs to happen before the logon screen and the likely solution at the moment is to create a launchd plist to handle this, but this is both a little out of my comfort zone and could cause issues with future Apple updates.

Running an Execute Command policy at start up via the JSS is a possibility but this means enrolling new devices would be a particularly annoying process.

Anyone with any advice or suggestions?

Thanks

0 Kudos
3 REPLIES 3

jhbush
Valued Contributor II

Posted on ‎12-12-2014 05:53 PM

@Clarke][/url this is one I use. Set perms to 644

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.your.company.local</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/sbin/discoveryutil</string>
        <string>activedirectory</string>
        <string>yes</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>ServiceDescription</key>
    <string>.local discoveryd fix</string>
</dict>
</plist>
0 Kudos

Damien
New Contributor

Posted on ‎12-14-2014 03:22 PM

Are you setting anything else? Previously in our .local environments we have had to;

set dsconfig –set passinterval 0 remove /Active Directory/domainname from Search Policy ( Directory Utility )
add domain.local to search paths ( Network Settings )
lower IPMonitor.bundle mdns_timeout to 1

Are there any downsides to setting "discoveryutil mdnsactivedirectory yes" that you have come across?

0 Kudos

Clarke
New Contributor

Posted on ‎01-06-2015 06:42 AM

@jhbush1973 Thank you. That seems to work. Still need to carry out some extensive testing but seems to be ok so far.

@d4mo1337 We do set the search paths with our domain, but we don't need to remove the domain from Search Policy. I haven't come across any downsides yet but I'm still struggling through a large reconfig & retraining job so not tested as fully as I would like.

0 Kudos