Wednesday, April 23, 2014

Problems Joining OS X Mavericks to an Active Directory Domain

When joining a mac to an Active Directory domain, you might see this error:

Unable to add server. Node name wasn't found. (2000)
 One of the things that confuses people is that it asks for a clientid. This should be the computer name you want to use on the domain for the mac. Don't try to use your username or "domain admins" or anything like that.

 The other is the "server" field. If you were using LDAP for directory service, you would put in one of the LDAP servers. If you're using Active Directoy, put in the fully qualified domain name of your AD domain.

In this case, the time was too far out of sync on the Mac. Because AD uses Kerberos, the client machine's time must be within a few minutes of the same time as the domain controllers. By default in AD, this is five minutes. The time requirement is necessary as kerberos uses it as an anti-replay control.

1 comment:

Unknown said...

Why iMac Macbook production before Maverick Osx no internet recovery
Here an answer