I am struggling to bind OSX 10.9 to a 2008 r2 Active Directory. I can join the domain fine when I boot into Windows from the same machine. From OSX I can find the domain controller successfully and have verified consistency of Active Directory service records (using dig -t SRV _service._tcp.fqdn.example.com to check _ldap, _kerberos, _kpasswd or _gc) but I cannot bind to the domain. I am attempting to join a small network with only one DC.
I receive the message:
"Authentication Sever could not be contacted. (5200)"
This is the case whatever method I attempt to use (Join from the Users and Groups pref pane, Bind from the Open Directory utility, using dsconfigad from terminal).
I don't think it is a problem with system time as the time on the client and DC are the same.
Any other suggestions as to the problem or direction as to what to look out for in the log files?
Best Answer
This seem to be an issue with Kerberos, you may check your firewall on the windows machine.
You can run this commands to check whats wrong from the OSX side
You can also make a trust between OSX Server and Windows AD https://it.uoregon.edu/Magic-Triangle-setup