With the never ending roadblocks I encounter at work, my task this year was to utilize the new 10.5 Leopard operating system (and then some) for a local private university. I’ve used Deep Freeze for many years and it has proved to be a great asset in keeping lab machines consistent. What the Macs haven’t utilized was a way for users to log-in with their username and password. Being a predominant PC campus, Active Directory (AD) will be the choice of Mac’s Directory Service. With all the bad rap Leopard got with Active Directory not working, I luckily was able to get 10.5.4 to bind fine with AD. Glancing into Directory Utility the light was green, all is good.
I then sent out the command through Remote Desktop to freeze the machines with Deep Freeze. Moving on to other labs I noticed after 10ish days people started reporting that they could no longer log into the computers that I had initially setup. Going into Directory Services it showed a red light with the message “This server is not responding.” Grrrrrr
Unbinding the machines then rebinding the machine solved this problem but doing this every so often across the campus would be crazy.
After searching the net, I found from my PC coworkers that they had to modify the registry on the window machines to set DisablePasswordChange to 1 in order to keep the trust between the bind to AD. Keep in mind this is all because of Deep Freeze protecting the drive from modifications. I looked hard into dsconfigad on the Macs and stumbled across an attribute called -passinterval days. This basically allows you to change the amount of days the computer will trust an account password bound to AD. By default, the amount of days the passinterval was set to change was 14, explaining why my machines were no longer connecting to the Active Directory on campus. So I sent out the command to the labs that I’ve completed so far thus this should fix the issue. One problem down…..
Hopefully this will help anyone else that is stuck in the same situation as me.