Posted on 07-11-2013 10:36 AM
I have a very uncomplicated workflow setup in Casper Imaging: it basically binds the computer, names the computer and updates the inventory. Everything in this workflow works fine, but the binding which does not work at all.
I started out today running JSS 8.64 (out of date I know, but it's summer) and I was not able to get any of our Macs to bind to the server. I have since updated to 8.71, created a new Netboot image that is up to date (OS 10.7.5) and has Casper imaging 8.71 running on it which has had no impact. I still can not bind. I attempted to add the bindToLDAP.sh script to the workflow but that didn't work either. I changed the priority to 1 for the bind through JSS and tried the same with the script.
I am at the end of what I know and I am looking for help. If any of you have had similar situations and know a way out, I would appreciate it.
Thanks,
Dan
Solved! Go to Solution.
Posted on 07-15-2013 04:39 AM
I did end up creating a support case on this. Basically the gist of which was that there have been some issues with enrolling and binding via imaging. So I talked with the rep for a while and he gave me some decent suggestions.
I would like to start with saying that we already had these computers imaged. We found that thunderbolt imaging was a lot quicker than Casper Imaging or Deploy Studio.
To enroll and bind, I first set up a QuickAdd package and made a quick script based on our phone conversation:
#!/bin/sh
dsconfigldap -v -a phs-replica.perkins.k12.oh.us <<EOF
y
EOF
I added the script in as a policy to be run on "any" and set it for a smart group called "unnamed" (which is the name that our image gave to all of the computers). Then I sent the QuickAdd package to the computers using ARD and told it to restart after. So the QuickAdd package enrolls them, and then as it is rebooting, the script binds them. Everything else that was in the original deployment workflow is now going out via policy.
We had to get something going because we are running out of days to mess with these and have a lot of other projects that need to be completed before the school year begins again. This may not be the best work around, but it's working well for us. If you have time to research it a bit more and find a better solution, please post it.
Thanks,
Dan
Posted on 07-12-2013 04:13 AM
Update: I tried to create a new config profile with just the bind in it and another with just the bind script in it. Neither of these worked to bind the computers. I also forgot to mention that I created a new directory binding in the Casper Admin panel and that didn't work either.
I am really starting to think I am going to have to bind all of these by hand. Does anyone have any suggestions?
Posted on 07-12-2013 06:29 AM
A new twist: When we are running these through imaging, they are also not being enrolled like they are supposed to. And, yes, I did check to make sure that the box that says "Ensure that computers imaged with this configuration are enrolled" is checked and that the username and password are correct. I am starting to think that I am going to need to find a new solution for running a work flow on these. This is very frustrating and disappointing...
Posted on 07-12-2013 07:41 AM
Is the computer getting named correctly? A problem I've run into and people have been seeing is an issue with the naming of the computer. If it's ending up with the name localhost (ie, no name), it won't be able to bind.
I don't offer this as necessarily the solution, but have a look at this thread for workarounds/testing: https://jamfnation.jamfsoftware.com/discussion.html?id=5078#respond
It's a huge thread. You may want to go to the bottom of it for the latest info.
Posted on 07-12-2013 11:26 AM
I am having the same problem. Mine won't bind or enroll and I double checked to make sure it is named properly. I can get it to join AD, but not OD or enroll in JSS.
Posted on 07-12-2013 11:50 AM
Also, OS X keeps a separate host name, computer name and bonjour name. It may not be clear right away that the name OD needs is set. From the thread I linked above, you can download a package (http://home.comcast.net/~Nw_systems/Ivy_ACOE_OSX10.8_Patch.pkg), set its priority to 2, and include in a test configuration to see if the issue gets resolved.
Also: time sync OK?
Other than that, I'm afraid you'll have to wait for someone else to respond, or contact your JAMF rep. My experience with them has been pretty great. JAMFNation > My Account > My Support > My Account Team.
Good luck!
Posted on 07-15-2013 04:39 AM
I did end up creating a support case on this. Basically the gist of which was that there have been some issues with enrolling and binding via imaging. So I talked with the rep for a while and he gave me some decent suggestions.
I would like to start with saying that we already had these computers imaged. We found that thunderbolt imaging was a lot quicker than Casper Imaging or Deploy Studio.
To enroll and bind, I first set up a QuickAdd package and made a quick script based on our phone conversation:
#!/bin/sh
dsconfigldap -v -a phs-replica.perkins.k12.oh.us <<EOF
y
EOF
I added the script in as a policy to be run on "any" and set it for a smart group called "unnamed" (which is the name that our image gave to all of the computers). Then I sent the QuickAdd package to the computers using ARD and told it to restart after. So the QuickAdd package enrolls them, and then as it is rebooting, the script binds them. Everything else that was in the original deployment workflow is now going out via policy.
We had to get something going because we are running out of days to mess with these and have a lot of other projects that need to be completed before the school year begins again. This may not be the best work around, but it's working well for us. If you have time to research it a bit more and find a better solution, please post it.
Thanks,
Dan
Posted on 08-25-2014 03:19 PM
Your script example above does seem to work well for binding. Quick and simple. Thanks....
#!/bin/sh
dsconfigldap -v -a your_od_server.example.com <<EOF
y
EOF