Bind to AD issues

drioux
Contributor

I know we are not the only ones who have experienced issues with the AD occasionally dropping if you use the built-in bind utility on the JSS. I was wondering what others are using that is more reliable but won't break the bank. We are a school that has about 1500+ machines, so money is always a consideration.

The machines are split between Yosemite and Mountain Lion

Thanks

7 REPLIES 7

nessts
Valued Contributor II

We wrote a perl script that runs as a launch daemon at boot and ensures binding is happy, if not it rebinds automatically for me. I believe that if you search the archives of JAMFNation you can find many binding script examples and launch daemons to run them.

bentoms
Release Candidate Programs Tester

@drioux The JSS's AD Binding leverages dsconfigad & tbh has been rock solid for me.

On the rarity I have had issues, it's AD related. So might be AD that needs to be looked at?

drioux
Contributor

Thanks

AVmcclint
Honored Contributor

We're using the built-in binding that is supposed to happen upon enrollment. It works perfectly under OSX 10.9 but it is hit or miss with 10.10. Sometimes it will bind to AD exactly as it's supposed to during enrollment. Sometimes it won't bind to AD until after 2 or 3 reboots or an indeterminate about of time has passed. Other times it absolutely will not bind on its own no matter how many reboots we do or how long we wait. In those cases I use Casper Remote to send the command to join AD and that works every time. Once a machine has joined AD (whether automatically or forced), we never have any problems with them disconnecting.

cortday
New Contributor III

Did you get this going reliably?

We have a lot of 10.8 student machines that are exhibiting these symptoms. Oddly enough though, if we take them off of our Cisco AP's and put them on a open AP with a different SSID the binding works perfectly. Then we put them back on our network again and its still broken. We have to re-bind them to fix it.....strange...

davidacland
Honored Contributor II
Honored Contributor II

@cortday This works pretty reliably for us. Only real issue we've had recently was 10.10.0-2 and crashing on startup.

It sounds like a network communication issue, either something is being blocked (global catalog possibly) or the traffic is being filtered somehow between the device, cisco ap / network and the AD domain controllers.

AVmcclint
Honored Contributor

For us, the binding delays seem to have resolved themselves. I don't know if it was from an update to 10.10.2 or 3 or 4.... or if it was a Windows server update that fixed it, but it works. All our Macs bind to AD using the built-in tools triggered via JSS policy.