 |  |  |  |  |  |  |  |
Integrating with Active Directory
 |
I have been tasked with integrating with a new Active Directory setup here. I have many new OSX Panther systems coming in and ~100 OSX Jaguar systems that all need integrating with Active Directory.
Here are my questions:
1) How do I integrate the Panther machines? (I know Panther has the Active Directory plug-in, but I'm somewhat hazy on how to set it up)
2) How do I integrate the Jaguar machines? (Would it be easier to upgrade to 10.3 or buy 3rd party software?)
3) What other resources are available? Books, other websites, etc?
Thank you!
::: Chris :::
fair03@hotmail.com
Here are my questions:
1) How do I integrate the Panther machines? (I know Panther has the Active Directory plug-in, but I'm somewhat hazy on how to set it up)
2) How do I integrate the Jaguar machines? (Would it be easier to upgrade to 10.3 or buy 3rd party software?)
3) What other resources are available? Books, other websites, etc?
Thank you!
::: Chris :::
fair03@hotmail.com
Hello Chris,
What do you mean by Integrate? Simply access files on a server/workgroup, or server/domain? Or are you looking to host computer accounts and such with the Active Directory, and have taps into other management?
10.2 (Jaguar) and 10.3 (Panther) will connect out of the box with the SMB protocol... so you can mount file shares using username/password combinations for either workgroup or domain shares.
What other resources? What do you need to do? Please explain your conversion and spell out what your mission objectives are. For instance, if you need Citrix, it is available. VNC server so that you can remote control an OS X machine? It is available. MSN Messanger? it is available.
Look forward to your reply,
Christian
What do you mean by Integrate? Simply access files on a server/workgroup, or server/domain? Or are you looking to host computer accounts and such with the Active Directory, and have taps into other management?
10.2 (Jaguar) and 10.3 (Panther) will connect out of the box with the SMB protocol... so you can mount file shares using username/password combinations for either workgroup or domain shares.
What other resources? What do you need to do? Please explain your conversion and spell out what your mission objectives are. For instance, if you need Citrix, it is available. VNC server so that you can remote control an OS X machine? It is available. MSN Messanger? it is available.
Look forward to your reply,
Christian
Christian,
We're going to be using Active Directory for user authentication in a university lab setting. Ultimately, the users are going to need to access their user folders on the Microsoft servers as well. We have been using SMB for the time being to connect, but now we're adding user authentication in the labs, and that is where I am most confused.
I should tell you that I USED to do network admin way back, but have been out of the loop for a few years and don't really know much about the Active Directory.
I hope this helps.
Chris
We're going to be using Active Directory for user authentication in a university lab setting. Ultimately, the users are going to need to access their user folders on the Microsoft servers as well. We have been using SMB for the time being to connect, but now we're adding user authentication in the labs, and that is where I am most confused.
I should tell you that I USED to do network admin way back, but have been out of the loop for a few years and don't really know much about the Active Directory.
I hope this helps.
Chris
Hello Chris,
This will require some research on my part. I do not know if the Mac OS X will allow for total authentication from OS X. I believe that OS X uses an LDAP solution for username / passwords (that is what NIS is all about), but am not certain if AD and OS X can do the whole deal, like a Win 2000 box does.
I do know that if the user logs into the Mac OS X using the traditional style, that he/she will be able to hit APPLE-K and choose the server (or type it in), and authenticate that way. It might also be possible to do a login script for the user, but then again, this is now two logins (kinda like Novell on top of NT!). Since I have not had to do this, I am weak, and hate guessing.
I'd love to simulate this at home, but need some time. i am starting a new job this week, and need some adjustment. I would be happy to develop this over the next two weeks. Let me know a timeframe.
Christian
This will require some research on my part. I do not know if the Mac OS X will allow for total authentication from OS X. I believe that OS X uses an LDAP solution for username / passwords (that is what NIS is all about), but am not certain if AD and OS X can do the whole deal, like a Win 2000 box does.
I do know that if the user logs into the Mac OS X using the traditional style, that he/she will be able to hit APPLE-K and choose the server (or type it in), and authenticate that way. It might also be possible to do a login script for the user, but then again, this is now two logins (kinda like Novell on top of NT!). Since I have not had to do this, I am weak, and hate guessing.
I'd love to simulate this at home, but need some time. i am starting a new job this week, and need some adjustment. I would be happy to develop this over the next two weeks. Let me know a timeframe.
Christian
Christian,
A two week time frame is fine right now. I've got plenty of other things on my plate that I can handle until at least then.
I'll look into creating a script in the meantime.
Thanks for looking into this for me! I really appreciate it.
Good luck on your new job, too.
::: Chris :::
A two week time frame is fine right now. I've got plenty of other things on my plate that I can handle until at least then.
I'll look into creating a script in the meantime.
Thanks for looking into this for me! I really appreciate it.
Good luck on your new job, too.
::: Chris :::
Hello,
I just wanted to announce that I have things in place to work on this. I am sorry I went beyond the two-week suggestion... just been tied up with things here.
Christian
I just wanted to announce that I have things in place to work on this. I am sorry I went beyond the two-week suggestion... just been tied up with things here.
Christian
Not a problem. I think we've got a workable solution outlined here, now. It's still in the testing phase, but it seems to work so far.
What we're doing is using the Active Directory plug-in in Panther (we decided to upgrade all our machines to that version). In there, the forest and domain are the same, which was a large part of my confusion. As long as you have rights to add a computer name to the domain, things should go smoothly.
To configure the AD plug-in, you have the forest and domain name be the same. You need to have a unique computer name for the domain, then bind it to the domain.
The other part I was having trouble with took care of itself somewhat. After you bind the Mac to the domain, you then have to set the "Authentication" and "Contacts" nodes. If you bound the domain correctly, the correct path should show up automatically when you search in "Custom Path".
I found that rebooting really helped with this, too (an unfortunate side effect of having to deal with a MS product...).
If it's configured correctly, it should show up with a User/Password box, in which you use your domain login.
That's all there is to it (from the Mac side of things, anyways).
I'll have to let you know how it works out once we roll it out to the rest of the users.
Thanks for all your help in checking into it, Christian. If you find any other useful bits of information, I'd love to hear about them!
Chris
What we're doing is using the Active Directory plug-in in Panther (we decided to upgrade all our machines to that version). In there, the forest and domain are the same, which was a large part of my confusion. As long as you have rights to add a computer name to the domain, things should go smoothly.
To configure the AD plug-in, you have the forest and domain name be the same. You need to have a unique computer name for the domain, then bind it to the domain.
The other part I was having trouble with took care of itself somewhat. After you bind the Mac to the domain, you then have to set the "Authentication" and "Contacts" nodes. If you bound the domain correctly, the correct path should show up automatically when you search in "Custom Path".
I found that rebooting really helped with this, too (an unfortunate side effect of having to deal with a MS product...).
If it's configured correctly, it should show up with a User/Password box, in which you use your domain login.
That's all there is to it (from the Mac side of things, anyways).
I'll have to let you know how it works out once we roll it out to the rest of the users.
Thanks for all your help in checking into it, Christian. If you find any other useful bits of information, I'd love to hear about them!
Chris
•
•
•
•
Originally Posted by mac_fair
Not a problem. I think we've got a workable solution outlined here, now. It's still in the testing phase, but it seems to work so far.
What we're doing is using the Active Directory plug-in in Panther (we decided to upgrade all our machines to that version). In there, the forest and domain are the same, which was a large part of my confusion. As long as you have rights to add a computer name to the domain, things should go smoothly.
To configure the AD plug-in, you have the forest and domain name be the same. You need to have a unique computer name for the domain, then bind it to the domain.
The other part I was having trouble with took care of itself somewhat. After you bind the Mac to the domain, you then have to set the "Authentication" and "Contacts" nodes. If you bound the domain correctly, the correct path should show up automatically when you search in "Custom Path".
I found that rebooting really helped with this, too (an unfortunate side effect of having to deal with a MS product...).
If it's configured correctly, it should show up with a User/Password box, in which you use your domain login.
That's all there is to it (from the Mac side of things, anyways).
I'll have to let you know how it works out once we roll it out to the rest of the users.
Thanks for all your help in checking into it, Christian. If you find any other useful bits of information, I'd love to hear about them!
Chris
I just found this thread and was wondering what the out come was? I have a smiliar environment and am fairly new to setting this up. Any extra information would help.
Thanks
Joe
|
Similar Threads
- News Story: Now You Can Have Linux And Active Directory Too (Linux Servers and Apache)
- e-Directory vs. Active Directory (Novell)
- os 10.x and active directory q ? (OS X)
- Active Directory (Windows NT / 2000 / XP)
Other Threads in the OS X Forum
- Previous Thread: at ease password
- Next Thread: Intergrating with Active Directory
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest OS X Posts
- Today's Posts
- Unanswered Threads
