Help

Using Casper Binding with AD - Help!

davidwhite
New Contributor

Posted on ‎02-12-2015 08:23 AM

Hello all,

My company and I are brand new to Casper and I've been testing different functions of the suite to see what we can utilize. I'm trying to get the built-in AD binding feature to work but it keeps saying the policy has failed when I attempt to test it through Self-Service.

Does anyone have some screenshots of how things should be setup / configured in the Bindings page? I feel that I'm missing some basic syntax or some little tweak that needs to be made but I can't find any examples of what it SHOULD be so I feel like I'm running in Circles.

Thank you in advance for any help!

David

0 Kudos
Reply
4 REPLIES 4

pat_best
Contributor III

Posted on ‎02-12-2015 08:39 AM

Do you have any log information? The binding information is fairly straight forward. The places to get stuck would be the account you are using for the binding does not have appropriate permissions to do the binding or if you are placing a computer into an OU outside of the generic computer OU, it may need permissions to access that OU. Our only gotcha so far is the mapping of the network home folder has been a pill for us and I haven't spent time to straighten that out.

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎02-12-2015 08:46 AM

As @pat.best mentions, definitely check the account and OU you're binding with/to.
One way to troubleshoot this is it manually bind one Mac, using the same account for binding you've set up in the bind config, and binding into the same OU as in your config. If you run into problems doing it manually with Directory Utility.app, then it won't work in an automated way either.
If it does work manually, it should also work when using the configuration with the same settings.

Something else; as I often forget myself when doing troubleshooting around binding, time sync problems can also plague you. Make sure the Macs are being pointed to a time server, preferably one that is internal, prior to any binding attempt. If the time drifts to ~5 minutes off or more, binding won't succeed, no matter the settings you're using.

0 Kudos
Reply

jconte
Contributor II

Posted on ‎02-12-2015 09:09 AM

We resolved our issues by doing a manual bind as suggested above. Once we got the manual bind working we created service accounts with the same binding access in AD to avoid password change and lockout issues, which helps us across all of the AD interaction with the JSS.

On the administration tab of the binding section we also listed our LDAP server by it's FQDN so the JSS knows exactly where to go for the information.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎02-12-2015 11:11 PM

@davidwhite, we bind via Casper.

As @mm22770 mentioned, the macs time is important.

The Casper binding leverages "dsconfigad", so many be you could test with that & see if some settings are being missed?

0 Kudos
Reply