MCSE Active Directory Question

  • Thread starter Thread starter Scott
  • Start date Start date
S

Scott

I am in no way an Apple kind of guy, however I have a client that
needs to have a mac OS X Panther machine setup on their network. I
have them running WIndows 2003 Server with Active Directory. What are
the exact steps (Since I am Apple Ignorant) on the MAC workstation do
I have to do to let them login using their Active Directory
credentials on the MAC and access shares on the WIN2003 server?

I already have the ability logged into the mac LOCALLY to access the
share...so I can see the server on the network...I guess the bottom
line question is, how to I make the MAC a part of the Domain?
 
I am in no way an Apple kind of guy, however I have a client that
needs to have a mac OS X Panther machine setup on their network. I
have them running WIndows 2003 Server with Active Directory. What are
the exact steps (Since I am Apple Ignorant) on the MAC workstation do
I have to do to let them login using their Active Directory
credentials on the MAC and access shares on the WIN2003 server?

I already have the ability logged into the mac LOCALLY to access the
share...so I can see the server on the network...I guess the bottom
line question is, how to I make the MAC a part of the Domain?
Click to expand...

Hi Scott!

It is possible to configure a Mac OS X system to authenticate a user using
AD to allow him to log on locally to a Mac, but there are a variety of ways
to do this. Some are simple and some are complex.

Since you are only trying to configure one Mac, I'd suggest using Thursby's
ADmitMac (http://www.thursby.com/products/admitmac.html). It costs about
$120.00, but this is worth the price compared to the time you'd spend
researching and experimenting with the various solutions, some of which
require AD schema modifications or are just poorly documented.

Hope this helps! bill
 
William said:
Hi Scott!

It is possible to configure a Mac OS X system to authenticate a user
using AD to allow him to log on locally to a Mac, but there are a
variety of ways to do this. Some are simple and some are complex.

Since you are only trying to configure one Mac, I'd suggest using
Thursby's ADmitMac (http://www.thursby.com/products/admitmac.html).
It costs about $120.00, but this is worth the price compared to the
time you'd spend researching and experimenting with the various
solutions, some of which require AD schema modifications or are just
poorly documented.

Hope this helps! bill
Click to expand...

I apologize for hijacking this thread, but could you provide links to info
on how to do this without using third-party software? I know 2K Server and
OS X pretty well, but have very little experience with 2K3 Server and I'm
going into a situation where the client wants to integrate around 10 OS 10.3
machines into the existing 2K3 domain (without having to setup dedicated
MacShares).

Thanks!
 
Bill,
I saw your recommendation of Admitmac in a post to someone else and gave it
a try.
Our VP of Imaging here loves it. He can now see everything on the Windows
network and I didn't have to experiment with security settings on the live
server.
They had a download and a 30 day trial. My licenses are already ordered.

Thanks,

Chris
 
Bill,
I saw your recommendation of Admitmac in a post to someone else and gave it
a try.
Our VP of Imaging here loves it. He can now see everything on the Windows
network and I didn't have to experiment with security settings on the live
server.
They had a download and a 30 day trial. My licenses are already ordered.
Click to expand...

Hi Chris!

Glad to hear it's working for you!

Incidentally, some of the Thursby folks hang out in this and a few other
groups, so I can tell you they're pretty in touch with Mac & Windows
networking. They'll be glad to see your post.

bill
 
Bill,
What are the ways to connect the MAC OS X to a Windows
2000 domain? I have a hundred or so MAC OS X machines,
and that product would get too expensive. I have seen a
couple of Apple articles, and modified
the /etc/resolver/local file to include the IP address of
the DNS server for our AD, and that did not work. What
other things are there that need to be done?

Thanks,
TC

-----Original Message-----
Domain?

Hi Scott!

It is possible to configure a Mac OS X system to authenticate a user using
AD to allow him to log on locally to a Mac, but there are a variety of ways
to do this. Some are simple and some are complex.

Since you are only trying to configure one Mac, I'd suggest using Thursby's
ADmitMac
Click to expand...
(http://www.thursby.com/products/admitmac.html). It costs
about
 
I think you would be better off changing your DNS server addresses in the
preference pane. Just changing the resolver file doesn't let anything know
that your network configuration has changed. The DirectoryService process
needs to know when DNS settings change to pick them up and use them. I've
even had trouble where changing the DNS settings in the panel didn't take
effect because running software was caching the old list. I'd make the
changes via the network preference pane, then reboot.

ADmitMac does not require as much attention to DNS setup because it doesn't
require reverse DNS entries for all your domain controllers. Apple's
plug-in does require a reverse entry for your domain controllers (you might
get away with forcing the plug-in to connect to one server, and only set up
reverse DNS for that server).

As far as our pricing, you really should check the web site www.admitmac.com
to see what your per seat price is. Pricing includes excellent support from
people that know about Active Directory - you just won't get that kind of
support from Apple. We feel that ADmitMac is cost effective when you
consider the total cost of integrating Macs into AD. The good news for
customers is that they have a choice.

(e-mail address removed) at (e-mail address removed)
wrote on 3/8/04 2:59 PM:
 
Bill,
What are the ways to connect the MAC OS X to a Windows
2000 domain? I have a hundred or so MAC OS X machines,
and that product would get too expensive. I have seen a
couple of Apple articles, and modified
the /etc/resolver/local file to include the IP address of
the DNS server for our AD, and that did not work. What
other things are there that need to be done?
Click to expand...

Hi TC!

I did a search at Apple's homepage using "Active Directory" and found a few
results that I would recommend. The first two results were PDFs with good
details for integrating Macs with AD.

Another good resource is macosxlabs.org and if you're interested in Kerberos
authentication check out
http://web.mit.edu/macdev/KfM/Common/Documentation/faq-osx.html

Hope this helps! bill
 
Bill,
I got it to authenticate finally. I have a .LOCAL A.D.
domain, so I had to edit the LOCAL file to include the
DNS server, and also change the port to 53. I then had to
change SMB to the A.D. Domain name, then I could bind the
A.D. applett to the domain/forest. I then had to change
the authentication tab to include the A.D. domain, and it
works fine. The only thing I have NOT been able to do, is
to mount the users home folder on the desktop. According
to the Apple site, it should read the A.D. user
properties, and if there is a home directory specified,
it should mount it. I am not having any luck there.

Thanks,
TC
 
Back
Top