Just looking for a little help with this problem that seems to trip a lot of people up and is causing me no end of grief.
I have a number of fully patched OS X Leopard machines that are bound to my AD (Server 2003).
When on the home network, logging in seems swift and works as expected.
When users take the machines off site, login can take 5 minutes or more. The user adds correct credentials but the desktop does not appear for a very long time.
Outside the office, I have tried logging in using a local Admin account, switching off Airport and then logging in using an AD account. In this situation login is immediate again.
It all seems as if Leopard is finding a suitable wireless network, spending far too long looking for the Domain before eventually giving up and using the cached credentials instead.
I have read that disabling Bonjour on the machine will stop this problem (i have not yet tested)
http://www.macwindows.com/leopardAD.html#111607z
…but I am reluctant to use this "Solution" as I would like to be able to use Bonjour on the local network as well as having AD-bound machines.
However, is disabling Bonjour really the only answer? Is there not some time-out setting somewhere that could be amended to stop Leopard spending forever looking for home?
Any help would be very gratefully received
Thanks
Gordon
Best Answer
Please bare in mind that by default, Mac OS X Bonjour services use the .local domain for mdns resolution.
Obviously, this conflicts with the windows AD default domain of .local also as Mac OS X will not use the domain controller as it's DNS server when trying to resolve .local domains.
The simplest solution is to use the IP of the Active Directory in Directory Utility instead of the name.
To do this, go to > System Preferences > Accounts, click "Login Options" then click on "Join" next to "Network Account Server:".
In here you can open Directory Utility by clicking the "Open Directory Utility" button, then click on "Active Directory" and then the pencil icon. Here you can change your AD server to the IP of the Domain Controller instead of the name.
This should speed up the login process considerably.
Of course, the other option is to change the .local domain to something else like .internal, but this is only helpful when setting up a new domain. Infact it's mentioned in the Microsoft SBS server handbook.