Q&A Monday: Check MAC AD Authentication



I work for a School District with a very small tech department.  As we are in an educational environment, we are running a mixed environment with Mac’s and PC’s authenticating to a Windows 2003 AD servers, 9 total servers total spread out throughout 8 sites.  I have been running into problems with a few Mac’s in our Mac labs that authenticate to the AD and I was wondering if you had a Mac terminal solution to determine what domain controller authenticated a user

Rick Valbuena


Rick, first off I am really sorry that it’s taken this long to respond back to your message, and to everyone for ignoring this site, I was recently married and now my wife and I are expecting a child, so life got a little complicated and this site and my email have been neglected.

The first thing I’ve heard about adding macs to a domain, is often you find out problems you never knew you had.  Windows and Mac computers deal completely different when trying to authenticate to a domain controller and with Macs sometime it’s hard to figure out why.  I know in Leopard you can use the following command:

dscl . -read /Config/Kerberos:YOUR.REALM.EDU

This should get you the information on what domain controller your Mac systems are trying to reach.  From there you can find out if you are connecting to the right one, or if there is a problem.

If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.