Skip to main content
Question

how to debug dsconfigad error

  • May 4, 2017
  • 5 replies
  • 46 views
Y
Forum|alt.badge.img+3
  • yrs
  • New Contributor

We are experiencing bind issues on some of our MAC's.

The following is part of a script that errors. The script ubinds (not shown here) and then attempts to rebind. The mac is able to ping the domain. I plan to clean up the System keychain and also check the mac entry on the AD side (under Computers).

/usr/sbin/dsconfigad -add $domain -alldomains $alldomains -username $udn -password foobar -computer $computerid -gid gidNumber -uid uidNumber -ou “$ou” -force -packetencrypt $packetencrypt

dsconfigad: The daemon encountered an error processing request. (10002)

    5 replies

    C
    Forum|alt.badge.img+10
    • Chuey
    • Valued Contributor
    • May 4, 2017

    What version of OS X are you experiencing this on?

    K
    Forum|alt.badge.img+6
    • KSchroeder
    • Contributor
    • May 4, 2017

    Does the computer object already exist on the domain? I would check for that. Also verify the system time matches with your domain controller; normally this will be set automatically, but always good to check.
    Also, have the Windows admins check the domain controller logs; assuming you have multiple DCs, you may want to specify a particular DC in the dsconfigad command so they can look at the System (I think) log to see why it is being rejected.

    Y
    Forum|alt.badge.img+3
    • yrs
    • Author
    • New Contributor
    • May 10, 2017

    OSX 10.12.3

    already checked for computer object on the domain - found it and deleted it
    verified system time is in sync

    i've disabled SPI:
    csrutil status
    System Integrity Protection status: disabled.

    and am trying to use dtrace or dtruss to determine whats going on behind the scenes.

    Also tried nc foo.bar.domain.cop 389 and verified network/protocol connectivity

    C
    Forum|alt.badge.img+10
    • Chuey
    • Valued Contributor
    • May 10, 2017

    @yrs The only time I've experienced this kind of issue where I was totally unable to re-bind the machine to a domain with the exact error you are getting was on OS 10.8.5 - in which I had to re-image the machine. I tried for days to get it to work and attempted everything I knew with no luck. Imaging it was a faster resolution and then I never seen it again.

    Y
    Forum|alt.badge.img+3
    • yrs
    • Author
    • New Contributor
    • May 10, 2017

    Found the problem. The hostname of the machine got incorrectly set to a garbage value. using the following i could correctly update the computer name, after that it just worked!

    scutil --set LocalHostName $login

    Thanks for all your help!

    Terms & ConditionsCookie settingsAccessibility statement