Home Forums OS X Server and Client Discussion Active Directory AD users password authing off of OD – how?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • July 1, 2004 at 1:02 am #358375
    cormierjohn
    Participant

    I want my users, existing both in Open Directory and Active Directory
    (via a custom sync process), to log in to Windows machines that are part of the Active Directory domain with their username in AD (and OD), but have the password authentication to be re-directed to Password Server. This would give us the flexibility to have our users in AD groups, giving them group policy permissions and the like, but only having to use one password whether they were logging into a Mac or a PC. I know the opposite is possible, (having common usernames but password authenticating off of AD), however I have 20 times more site-based OS X servers acting as replicas then I have AD servers.

    I’ve been told that this is possible by setting some attribute in AD on the user record to point to the password server. Does anyone know what attribute to use and what the syntax of that attribute is?

    July 1, 2004 at 10:50 am #358389
    cormierjohn
    Participant

    I have machines that are managed by AD, and I want users to be able to log in to the login window of Windows, but authenticate off of OD. I would use pGina, however I need to have certain users in certain groups, like Debuggers, Power Users, etc., and because of the lab environment I’m managing, I can’t just put these users in local machine groups in a PDC type setup, all the while maintaining my ability to push group policies through AD to the machine.

    They need to be in OD as well because I need to have a replica structure that extends to many sites that do not have the greatest network connection. For several reasons we have chosen OD as our distributed and replicated directory structure for our ~70 sites. The sites that are network-stability-deprived do not have PCs that need user authentication in that matter but they do need reliable OD authentication.

    July 10, 2004 at 2:34 pm #358455
    cormierjohn
    Participant

    Joel, thank you for the pointer.

    For the benefit of others, a book that is useful for this is available at this link:
    http://www.microsoft.com/mspress/books/index/5867.asp

    A good kbase article is: http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx

    I’ll post back anything else that I can find out about this, and also pictures of my cuts and bruises as I try to stumble through this process. 🙂

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.