Centrify - Securing the Cross Platform Data Center
Showing results for 
Search instead for 
Do you mean 

[Archive] The Centrify Apple Guys

10.7 and .local domain issues

10.7 and .local domain issues

By Centrify Advisor IV ‎11-09-2011 03:20 PM

Update Mar 2 2012.  This article is useful but now out of date. Enhancements in 10.7.3 and a release 5.0.2 from Centrify have improved a lot of issues with .local domains. You can see the details in this blog article. 




We've had a lot of contact with people having significant issues with their Macs joining to an AD domain ending in .local. (An example would be centrify.local). This is happening to people using the Apple plug-in or Centrify DirectControl.


  1. If the home directory is located on a SMB share, it will take a long time to login.
  2. If an Active Directory user logs in and tries to mount a SMB share folder in the Finder, it will take a long time to mount. 
  3. If the customer is using portable home directory syncing, it will be very slow.


For the Mac OS 10.7 (Lion) release, Apple changed the way a .local domain is handled by reserving it for Bonjour. When a user tries to login to a .local domain with only one level (that is, xxx.local), OS 10.7 first tries to resolve the name using multicast. It will try several times (with a default timeout of 5 seconds for each try), and if login fails it will then use standard DNS, causing the login delay and the delay in mounting SMB shares. Under these conditions, it may not be possible to ping domain.local, and therefore the adclient process will stay in disconnected mode for up to 60 seconds

This issue affects all Mac OS 10.7 users in a .local domain and is not specific to DirectControl- managed systems. Other hostnames are resolved first using multicast and then unicast. 


Here is a link to a document that we've written to address these issues. 


Workaround: Centrify DirectControl for Mac OSX 10.7 (Lion) Using .local Domain


Note that these steps make the problem better, they don't make the problem go away.


We'll update this document as the situation changes or we learn more.


About the Author