This script below will reset the Time settings to make sure you don’t have any time sync issues. As well as this it will also remove any exisiting settings and then join your client to Open Directory and Active Directory.
#!/bin/sh
#####################################
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
#
######################################Restart ntpdate
StartService ()
{
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] &&
! GetPID ntpd > /dev/null; thenCheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItemecho “Starting network time synchronization”
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
}# Remove exisiting
logger “Removing existing DS Config”if [ ! -d "/Library/Preferences/DirectoryService/ActiveDirectory" ]; then
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
fiif [ ! -d "/Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig" ]; then
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
fiif [ ! -d "/Library/Preferences/DirectoryService/SearchNode" ]; then
rm -R /Library/Preferences/DirectoryService/SearchNode*
fiif [ ! -d "/Library/Preferences/DirectoryService/ContactsNode" ]; then
rm -R /Library/Preferences/DirectoryService/ContactsNode*
fiif [ ! -d "/Library/Preferences/edu.mit.Kerberos" ]; then
rm -R /Library/Preferences/edu.mit.Kerberos
fi# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService# BInd machine to OD
dsconfigldap -v -sgme -a MACSERVERNAME # fully qualified DNS name of Macservercomputerid=`/usr/sbin/scutil –get ComputerName`
# Standard parameters
domain=”DOMAIN>COM” # fully qualified DNS name of Active Directory Domain
udn=”DOMAIN USERNAME” # username of a privileged network user
password=”PASSWORD” # password of a privileged network user
ou=”CN=Computers,DC=DOMAIN,DC=COM” # Distinguished name of container for the computer# Advanced options
alldomains=”enable” # ‘enable’ or ‘disable’ automatic multi-domain authentication
localhome=”disable” # ‘enable’ or ‘disable’ force home directory to local drive
protocol=”smb” # ‘afp’ or ‘smb’ change how home is mounted from server
mobile=”disable” # ‘enable’ or ‘disable’ mobile account support for offline logon
mobileconfirm=”disable” # ‘enable’ or ‘disable’ warn the user that a mobile acct will be created
useuncpath=”enable” # ‘enable’ or ‘disable’ use AD SMBHome attribute to determine the home dir
user_shell=”/bin/bash” # e.g., /bin/bash or “none”
preferred=”-nopreferred” # Use the specified server for all Directory lookups and authentication
# (e.g. “-nopreferred” or “-preferred ad.server.edu”)
admingroups=”" # These comma-separated AD groups may administer the machine (e.g. “” or “APPLE\mac admins”)# Login hook setting — specify the path to a login hook that you want to run instead of this script
### End of configuration
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService “Active Directory” “Active”
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
sleep 5# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u $udn -p “$password” -ou “$ou”# Configure advanced AD plugin options
if [ "$admingroups" = "" ]; then
dsconfigad -nogroups
else
dsconfigad -groups “$admingroups”
fidsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
-mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
-shell $user_shell $preferred# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp=”/Active Directory/All Domains”
else
csp=”/Active Directory/$domain”
fi
sleep 5# This works in a pinch if the above code does not
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Node Custom Path Array” -array “/Active Directory/All Domains” “/LDAPv3/FILL IN MAC SERVER LDAP k” # ‘Fill in this section with mac server
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig “Search Policy” -int 3plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
Dsconfigad -passinterval 0
sudo killall DirectoryService
Binding script on December 1st, 2009 at 12:07 am says:
[...] sure no conflicting settings. Then join your computers to Open Directory and Active Directory. | How-To-Mac PHP Code: #!/bin/sh ##################################### [...]
Kylie BattName on April 12th, 2010 at 1:14 am says:
?????? ????????. ???? ?????????, ????? ??????? ? ??????????. ?????? ?? ?????? ?????? ? ??????????? ??????. ? ??????….
This script below will reset the Time settings to make sure you don’t have any time sync issues…..
Kylie Batt on May 4th, 2010 at 12:04 pm says:
?????, ??? ???????, ??? ???????????? ?????…
This script below will reset the Time settings to make sure you don’t have any time sync issues…..