Home Forums OS X Server and Client Discussion Active Directory AD logons with OD shares?

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • July 28, 2005 at 10:53 am #362552
    dom9inic
    Participant

    Hi all,

    So despite my continuing frustrations with AD integration to OD, I remain ludicrously confident that it will all work out in the end.

    Now I have some semblance of the magic traingle setup working at the moment, AD-OD-MCX.

    I do have to ask though, is it possible for AD users that login to Macs and managed out of OD by MCX to access WGM created shares or automounts?

    Currently I’m testing this triangle and this is where I’m at:

    Jag 10.2.8 server as OD NetInfo master. Test AD users put into OD managed group.

    AD configured to force no local home. To mount UNC path via SMB.

    Client is 10.4.2
    When I login with my AD user that belongs to my OD managed group. Login is fine. They get a Kerberos ticket and single sign on to SMB shares works. They are managed by the OD.

    What does not happen, is the following:

    No OD automounts or shares are accessible to the AD user. They get a localhome and their Windows Network Home is no where in sight.

    We should be upgrading to Tiger Server soon, but I would like to get this working in the meantime.

    If anyone has any thoughts on my current problems that would be great.

    Cheers

    July 28, 2005 at 12:41 pm #362562
    dom9inic
    Participant

    Hi Josh,

    thanks for the response. Yes, that’s what I assumed was supposed to happen, it just does not seem to be working for us here. I have been assured that the HomeDir has been specified in the Profile at the AD server. Nevertheless, doesn’t mount for me.

    What about my question regarding AD users getting OD automounts and shares, do you know if that is possible?

    Cheers,

    August 16, 2005 at 5:34 pm #362815
    Anonymous
    Guest

    I’ve had similar things working successfully under panther. The AD account would load, and a group share from OD, as well as managed preferences would load correctly onto the AD account. However, I’m now having difficulty in getting the clients to recognize that the users are in OD groups to begin with, in Tiger.

    But in panther this was absolutely possible, if that helps you at all.

    September 7, 2005 at 6:35 am #363143
    AMSR
    Participant

    What you probably need to do is get the users in a group in OD. Then, using the “login itmes” preference in OD, mount and drag whatever volumes you want mounted on login to the login items panel in WGM and check the “mount with users name and password” box. Then, after your end users log in with their AD password, it will try to use the same name/password to mount whatever share is in that panel, if the user evaluates to be part of that group.

    As far as the home folder, there are a host of issues surrounding that. How is it specified in the UNC path field in AD? What are the permissions set as on the Windows server? (You need list access for all parent folders) Do you have SMB signing enabled on the win2k3 server?

    September 7, 2005 at 6:37 am #363144
    AMSR
    Participant

    You also mention you are using Jag server (10.2.8) as your OD master. While in theory this might work, I’m not sure you you are getting this to talk to AD (via LDAP maybe?) Also, I’m not sure the “magic triangle” was ever intended to be implemented with Jag. I’d try making my OD servers at least 10.3.9.

    September 20, 2005 at 10:47 am #363315
    Anonymous
    Guest

    Hi AMSR,

    thanks for the responses. The Jag situation will be remedied shortly with Tiger Server.

    The UNC is specified the usual way I believe, something like \server\share\home

    As I am not a Win admin it is difficult to get info out of the Win admins as they don’t think it’s a problem on their side and are not particularly willing to spend time to figure it out.

    I will follow up re List access etc.

    I will also try with a couple of clients the LoginItems Prefs, although doing this for lots of users sounds grim. Unless I script it, which would also take time as I’m no real scripter.

    I’ll let you know the results.

    Cheers again

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.