A while back I declared 10.5.2 Enterprise Ready. This was based on my experience with binding to Active Directory and the behavior of WGM under 10.5.0 and 10.5.1. Well, last week 10.5.3 was released with a long list of bug fixes, among which were some substantial fixes for binding to Active Directory. “Yippee!” I thought, “this will make AD authentication even better on our Macs.” Of course, I forgot rule #1 of fixing things: if it ain’t broke, don’t fix it. So, as I should have predicted, 10.5.3 broke our ability to authenticate to our Active Directory domain. On our brand new Xserve, no less. Grrrr!

Anyhow, long story short and all that, yesterday I took the Active Directory plugin (version 1.6.1) off of a 10.5.2 client, and replaced the version 1.6.2 plugin that came with 10.5.3. And it worked! Everything is fine now, on OS X Server and every Leopard client Mac that I’ve tested.

I’ve reported the problem and the workaround to Apple, but if you find that 10.5.3 has broken your ability to authenticate to AD, then by all means give this a try. Not that I’m happy with Frankenstein systems, since upgrades tend to break these hacks, but a working system is better than a non-working system. (And that’s rule #2 of fixing things.)

2 Comments Add Yours ↓

  1. Tom McNicholas #

    We had an apple rep in the other day to talk to us about XSAN and their server products, desktop upgrades, etc.

    I asked her for a roadmap, of where Apple was going with their OS and hardware… dead silence… I swear they just have a dartboard and pick topics that are interesting to people and work on it really hard for a while and then forget about it.

    Perhaps 10.5.4 will bring things back to harmony. Have you messed with InstaDMG?


  2. 2

    Well, I found another reason to be upset w/ Apple’s quality control on their server software: NetBoot on 10.5.3 doesn’t work. I wasted two days this week trying to fix it, but will call AppleCare on Monday and see if they have any better luck or ideas. (I probably should have done that first, but calling tech support is never my first impulse.)

    As for InstaDMG, I haven’t tried it yet. I’ve been pretty happy with NetRestore, so haven’t had any real reason to look elsewhere. Maybe if I get this NetBoot server working properly…

Your Comment