- Jamf Nation Community
- Products
- Jamf Pro
- AD Binding 10.8.3 Casper 8.71
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2013 11:21 AM
I have been having this issue with binding my computers to AD via Casper Imaging and I wanted to see if there was a solve. I have been looking at the discussion board, but it seems that I havent been able to find the problem. First, this is what I am trying to do:
Using Casper Imaging:
- I have a base image that I am using that has a Wifi Profile installed in the Admin account. It is a System level profile. We are using Radius and have it set to install a certificate from AD and stores a randomly generated wifi password in the keychain
- I have a configuration setup in Casper Admin to install the image and bind the machine to AD.
- Casper imaging is on its own network segment and all of the machines are connected via ethernet to image.
The problem:
- The computer doesn't bind to AD at imaging time - I have gone into the logs and I get the following error:
"An error occurred binding to Active Directory: dsconfigad: The plugin encountered an error processing request (10001)."
- Also, the wireless profile doesnt seem to store the certificate (Which I am assuming because the machine isn't getting bound to the domain at imaging.)
Things I have tried:
- I have tried deleting the AD information from Casper Admin and re adding it.
- The credentials are correct
- I tried adding a script to bind to AD, but it leaves the AD Admin password vulnerable.
Final Thoughts:
- I think the Wifi profile isn't working because of the binding
- I will not be doing the imaging when we roll this out to the masses of our company, so it needs to be done in a way that the admin password will not be given out to the Techs that will be re-imaging.
Does anyone have any ideas or things I could try to get my machines bound to the domain during imaging?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2013 11:27 AM
Try to simplify the problem and just get the binding to work first if your wireless profiles requires machines to be on AD.
If you have a computer off the domain and set up your binding in a policy with a manual trigger, and run manual trigger from terminal - does the binding work? Delete the computer account from AD before trying it if it exists already just so you're starting clean.
We have post image script that checks/sets date and time and runs a manual trigger to bind to domain, then the same script runs the profiles command to install the wireless profile after that (the mobileconfig file is installed at image time). I prefer for wireless to install manually versus depend on JAMF. Then the same script deletes the mobile config file from the temp location.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2013 11:27 AM
Try to simplify the problem and just get the binding to work first if your wireless profiles requires machines to be on AD.
If you have a computer off the domain and set up your binding in a policy with a manual trigger, and run manual trigger from terminal - does the binding work? Delete the computer account from AD before trying it if it exists already just so you're starting clean.
We have post image script that checks/sets date and time and runs a manual trigger to bind to domain, then the same script runs the profiles command to install the wireless profile after that (the mobileconfig file is installed at image time). I prefer for wireless to install manually versus depend on JAMF. Then the same script deletes the mobile config file from the temp location.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2013 11:32 AM
Try Centrify Express its free and it works for us when we have issues with AD bind
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-19-2013 11:47 AM
I found the problem and in finding the problem realized how important it is to take a break from problems every once in a while!
CasperSally: Thanks! Your manual trigger idea helped!
I forgot to enter the OU and DC information on my directory bind and it looks like the 10001 error means that AD cannot find that information and will not bind to the domain!
Thanks for your quick replies!
