Updated February 3, 2012
The description of the initial problem and its resolution is intentionally left below for informational purposes.

UPDATE:  This issue should be resolved by the OS X 10.7.3 Update

We have tested OS X 10.7.3 internally, and have had customers confirm our findings that this latest update resolves issues with ".local" domains.

OS X 10.7, Lion, and ".local" domains

Apple has recently made a significant change in how the OS handles requests for ".local" name resolution that can adversely affect Active Directory authentication and DFS resolution.

When processing a ".local" request, the Mac OS now sends a Multicast DNS (mDNS) or broadcast, then waits for that request to timeout before correctly sending the information to the DNS server.  The delay caused by this results in an authentication failure in most cases.

There is an option to change the mDNS timeout in the Mac OS, and after changing this to the lowest possible number, we've been able to successfully authenticate and verify in our test environment.  This does not require any change to your DNS (Apple's "IPv6" solution), only that a command be run on the Mac.

Here are the steps to take to test this in your environment:

 - Log in to the Mac with a local admin account
 - Launch the Terminal (in the /Applications/Utilities folder)
 - At the command prompt, enter the following lines, each followed with the "return" key:

cd /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/

sudo defaults write Info mdns_timeout -int 1

 - Enter your password when prompted
(The Terminal does not show that a password is being enterered.  Simply enter it, then hit return.)
 - Reboot

After restarting the Mac, you should be able to install and configure ADmitMac, join the domain, and connect to Windows shares.

Please Note:  This solution only works with OS X 10.7, Lion, and only affects ".local" domain login.  If you are using Mac OS X 10.6.8, Snow Leopard, please see this FAQ.  If your domain does not end in ".local", or if you have any other questions, please contact our Support Specialists at support@thursby.com

There are two causes of this error:

1. OS X 10.7, Lion, and the Firewall

In Lion, the built-in Firewall can cause ADmitMac or DAVE to report this error on installation.  This is a bug in the Firewall that has been reported to Apple.  To work around the issue, launch the System Preferences and click the Security & Privacy pane.  On the Firewall tab, stop the Firewall, then reboot the Mac.  You should then be able to install ADmitMac or DAVE.

2. Windows File Sharing

If SMB (Windows) File Sharing is active, you will need to turn it off before installing ADmitMac or DAVE.  To do so, launch the System Preferences and click the Sharing pane.  With File Sharing selected, click the Options button, then uncheck the "Share files and folders using SMB (Windows)" checkbox.  After restarting the Mac, you will be able to install ADmitMac or DAVE.