Jamf Nation Community

Matt · ‎07-15-2011

Is anyone else noticing anything funky happening since 10.6.8 was installed?

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Matt · ‎07-20-2011

Basically, what I had to do was the following:

Uncheck Allow Authentication from any domain in forest
In Search Policies, removed All Domains and added my domain

As soon as I did this it worked like a champ. Problem is you can't customize this using the JAMF AD Binder so I am writing a script.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

View solution in original post

tanderson · ‎07-25-2011

Apple has just released Mac OS X 10.6.8 Supplemental Update:

The Mac OS X 10.6.8 Supplemental Update is recommended for all users running Mac OS X Snow Leopard 10.6.8 and resolves issues with:

• Transferring personal data, settings, and compatible applications from a Mac running Mac OS X Snow Leopard to a new Mac running Mac OS X Lion • Certain network printers that pause print jobs immediately and fail to complete • System audio that stops working when using HDMI or optical audio out

SHA1 -ebe26444b06d50fe94d69191f7dee49aaa8689ce

For detailed information on this update, please visit this website: http://support.apple.com/kb/HT4561.

For information on the security content of this update, please visit: http://support.apple.com/kb/HT1222.

Tom

View solution in original post

Matt · ‎07-25-2011

I knew I wasn't crazy!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

View solution in original post

RobertHammen · ‎07-15-2011

Nope, only "widespread" issues I'm aware of are the printer issues, and the hwmond issues on Xserve. Otherwise, it's fine in the couple of places I help manage...

ToriAnneke · ‎07-18-2011

Happy Monday!!!

10.6.8 feels like 7.6.1

:P

--
Pat Camporeale
"You don't need to be a mechanic to drive a car."

Matt · ‎07-18-2011

Ever since 10.6.8 we have machines that lose AD binding after reboot. It says Network Not Available but when you login it shows the connection as green. You unbind rebind it works until you reboot.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

jafuller · ‎07-18-2011

Similar here. Only have it on a couple of machines. It seems intermittent though. Perhaps we don't reboot often.
--
James Fuller | Starbucks Coffee Company | Technology Application Services | application developer II
E: jafuller at starbucks.com<mailto:jafuller at starbucks.com> | V: 206.318.7153 | F: 206.318.0155

Technology does not drive change -- it enables change.

Matt · ‎07-18-2011

We shutdown all systems at night. This start with 10.6.8 and I can't find any relief for this.
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

nessts · ‎07-18-2011

have you tried setting the pass interval as discussed last week?

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

ImAMacGuy · ‎07-18-2011

Can't say we have that here, most all of our systems have it installed
already, but I am unaware of any binding issues.

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"

Matt · ‎07-18-2011

I have unfortunately this machine is freshly imaged.
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Report Inappropriate Content · ‎07-18-2011

I've seen a few machines have AD login trouble if they were bound after
10.6.8 was installed / applied during imaging.

No trouble with any machines that were bound and *then* upgraded to 10.6.8.

-p

Matt · ‎07-18-2011

Exactly! I think you are on to something.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

talkingmoose · ‎07-18-2011

Rarely, but it has happened, I'll get a call from a user who can't log in to AD on one machine but is fine elsewhere. The machine seems to create a local user account with the same name as the AD account. Most of the time the machine has crashed while the user is logged in.

You'll notice something is wrong when you log in as a different user but still see the first user's AD account appear in the Accounts System Preferences pane. Deleting this ghost account resolves the problem.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

Matt · ‎07-18-2011

We use Mobile Accounts too
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Report Inappropriate Content · ‎07-18-2011

I've been watching this thread with interest as I am currently updating the core OS of our images to 10.6.8. It's interesting that you mention that the local user account showing in the prefs pane. On my setup, all accounts are mobile accounts (Create mobile account at login in the AD plugin). I always see every user who logs in under the accounts prefs.

One similar login issue I did see with 10.6.8 was a user was *not* visible in System Prefs even though they had logged in many times. I went in via dscl and Deleted the user from /Local/Default/Users, which resolved the issue and I didn't pursue it further.

I have been creating the caper dmg from the latest thunderbolt Macbook media and applying the 10.6.8 Combo uptate to that (offline) volume. I end up with a non-booted dmg that I run through Casper NetInstall Creator 3.2. That forms the core. After that everything is all packages and OS updates which get applied at or after imaging. Most existing machines are still at 10.6.6. Hopefully there isn't some obscure issue with the update.

- Aaron

Walter · ‎07-19-2011

I seem to remember in the 10.6.8 release notes that there were changes "in preparation for Lion". In the developer forums, there are reports of issues with Lion and AD. I wonder if some of the "preparation for Lion" mucked up AD in Snow Leopard.
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

Matt · ‎07-19-2011

Whatever it is, Mac are losing bindings more and more everyday and my GM of Lion still won't connect to AD.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Matt · ‎07-19-2011

The issue is getting serious now. Machines are dropping AD like flies. None of the tips given in these threads are helping. 10.6.8 broke something. We unbind and rebind and it works until you reboot. Not good!

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Matt · ‎07-19-2011

Let me add that the mobile home folders are disappearing. 10.6.8 seems to be broken.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

talkingmoose · ‎07-19-2011

Anything interesting in your DirectoryServiceError.log or
On 7/19/11 2:53 PM, "Matthew Lee" <Matt.Lee at fox.com> wrote:
DirectoryServiceServer.log? These should be available in the Console.

I've got quite a few folks on 10.6.8 who are bound to AD. Pretty much all
of them were bound at 10.6.8 and not updated to 10.6.8 while bound. Not
sure if we're running Windows 2008 or R2.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

bentoms · ‎07-19-2011

Hi Matt,

When you rebind, do the macs find their existing computer object?

Do you move these objects outside of computers?

Are you see Kerberos preauthentication errors in the logs?

Try unbinding, deleting computer account from ad... Wait for ad to replicate or force. Then rejoin leaving the computer object in the computers OU.

Regards,

Ben.

Matt · ‎07-19-2011

Awww don't make me contact our account admins!!! I have no AD access unfortunately. The objects are current objects, not moved, no Kerberos errors.

Looks like the same issue we have with Lion. Computer gives me a green light and then shakes its head at me.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

bentoms · ‎07-19-2011

Well you can wait for replication (maybe 30 mins).

Regards,

Ben.

hasaanh · ‎07-19-2011

I’m curious if there’s a correlation with the issues your seeing and the following article, the article symptoms read “If network access is interrupted, a Mac OS X v10.6 client may not be able to reconnect to an Active Directory domain”:

http://support.apple.com/kb/ts3248

--
Hasaan Herrington
Technical Support II
Information Technology
Anchorage School District
1602 Hillcrest Drive, Anchorage, Alaska, 99517.
Help Desk: (907) 742-4615

Matt · ‎07-19-2011

Perhaps but Im thinking this is the same issue people are having with Lion.

Has anyone found a way to bind Lion to AD?

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

bentoms · ‎07-19-2011

The normal way works for me.

Regards,

Ben.

Matt · ‎07-19-2011

Damn, I can't get it to do anything. It green lights me in the OS and redlights me at the Loginwindow.

Do you by any chance have reverse DNS set up properly in your environment?

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

bentoms · ‎07-19-2011

Yes. (for the most part).

Domain is also not .local

Domain resolves to ip's of 20 dc's. All of which will then resolve to fqdn's. (There are a couple of orphan records though).

Set preferred dc as local with fqdn of server. Unticked all domains. No OD.

Regards,

Ben.

nessts · ‎07-19-2011

works for me in one domain/customer, and not another. so it is very likely a configuration difference between the two domains.

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

Matt · ‎07-19-2011

We don't manage AD or anything like that but our reverse DNS is not setup. What happened is they just figured Macs work the same :rolleyes:

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Matt · ‎07-20-2011

's password:
[2011/07/20 09:08:34, 0, pid=3333] /SourceCache/samba/samba-235.7/samba/source/libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password @FFE.FOXEG.COM failed: Client not found in Kerberos database

Thats the error message I got when I ran net ads dns register.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Matt · ‎07-20-2011

I found the solution I think!!!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Walter · ‎07-20-2011

Can you share?
--
Walter Rowe, Team Lead
System Hosting Services
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301.975-2885

Matt · ‎07-20-2011

Basically, what I had to do was the following:

Uncheck Allow Authentication from any domain in forest
In Search Policies, removed All Domains and added my domain

As soon as I did this it worked like a champ. Problem is you can't customize this using the JAMF AD Binder so I am writing a script.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

tanderson · ‎07-25-2011

Apple has just released Mac OS X 10.6.8 Supplemental Update:

The Mac OS X 10.6.8 Supplemental Update is recommended for all users running Mac OS X Snow Leopard 10.6.8 and resolves issues with:

• Transferring personal data, settings, and compatible applications from a Mac running Mac OS X Snow Leopard to a new Mac running Mac OS X Lion • Certain network printers that pause print jobs immediately and fail to complete • System audio that stops working when using HDMI or optical audio out

SHA1 -ebe26444b06d50fe94d69191f7dee49aaa8689ce

For detailed information on this update, please visit this website: http://support.apple.com/kb/HT4561.

For information on the security content of this update, please visit: http://support.apple.com/kb/HT1222.

Tom

Matt · ‎07-25-2011

I knew I wasn't crazy!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

Jamf Nation Community

10.6.8 Funkyness?