PowerBroker (PBIS) Open on 10.11

jonscott
New Contributor

We bind Macs to AD using BeyondTrust's PBIS Open -- mostly for messy technical reasons, but it seems to be a requirement at the moment.

Is anyone binding 10.11.4 to AD successfully using the latest stable release of pbis open? This release has worked well on 10.10, but causing trouble on a fresh install of 10.11.4. I'm still digging into it, and maybe missing something simple, but at the moment after binding (successful) during imaging -- or binding manually in the console (successful) + logout -- all local & network accounts are locked out of all access (console/ssh).

Always on the lookout for alternatives, is anyone doing cross-forest AD authentication with another product? I've used ADmitMac & Centrify in the past, along with Apple's plugin of course, but the last I looked into it, pbis was the only product with this functionality.

5 REPLIES 5

jonscott
New Contributor

In case anyone's interested, pbis 8.5 (supposedly) supporting 10.11 is out now. Haven't tested it yet. I think there's at least one other Nation member using the product!

Centrify does do cross-forest auth too, but not with the free version.

We have since wrangled a deal to avoid the cross-forest issue, and should have a full-blown alternative within a year.

cesposito
New Contributor

duplicate post - edited because you can't delete

cesposito
New Contributor

duplicate post - edited because you can't delete

cesposito
New Contributor

We have done some testing with PBIS 8.5 and 8.5.1 and neither seem to work in our environment with 10.11 or macOS Sierra. The test machines we used had a fresh install of macOS and nothing else. Power Broker would install without any errors, but it failed to join the Macs to our domain in both operating systems. One of my colleagues at a neighboring college experienced the same issues I did, so it doesn't have to do with our instance of AD, which I was afraid it might. I was unable to resolve the issue with their support team, so we are now evaluating Centrify Express as an alternative solution.

We only need the cross-forrest authentication piece, so it's basic functionality works for us. We have a support agreement with Beyond Trust, so I will be continuing to try and troubleshoot the issues with Power Broker and will report back if I have any success.

cesposito
New Contributor

Haha, I posted this at the JNUC with a spotty internet connection and it looks like it posted 3 times. Sorry for clogging up the thread.