Home › Forums › OS X Server and Client Discussion › Active Directory › Active Directory secondary to Open Directory?
- This topic has 6 replies, 5 voices, and was last updated 19 years ago by
pingu.
-
AuthorPosts
-
February 14, 2006 at 7:17 pm #365321carneymParticipant
I’m competing for the directory services assignment described below but have not yet spoken to the client. As you can see the client is considering making Open Directory the primary directory service and integrating Active Directory secondarily to support Exchange clients.
I’ve never seen a setup like this, or anything other than either Open Directory exclusively or OS X clients using Active Directory as the primary directory.
Can someone give me some insight on how Active Directory could be made to work in the manner the client is considering?I’m sure this isn’t what Microsoft had in mind 🙂
——————————————————-
Client is considering Apple ‘Open LDAP’ or Sun
LDAP. Will consider any Linux based open source LDAP, although Apple LDAP
is preferred for its impressive user interface.a. Install apple LDAP as primary accounts database
b. Configure Active Directory as the secondary call for accounts database
(still using Microsoft Exchange)
———————————————————-February 21, 2006 at 4:25 pm #365397dthompsonParticipantThis is something that I am also very interested in. I have been working on getting the Xrealm authentication working via Kerberos where the PC clients are bound to the AD server,but the AD server calls on the OD server for user names and passwords.
See these links here:
http://www.4am-media.com/xrealm/http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx
http://technet2.microsoft.com/WindowsServer/en/Library/a606a6cd-0d09-4d8e-a709-ea4f93608b5f1033.mspx
The problem is that you need to keep 2 instances of the user in the DB on both individual servers, unlike where you can point OD to AD for almost full user management.
It would be nice if there was something such as AdmitMac that worked that other way, “AdminWIN” or something like that. Hello Thursby, are you listening? I may be on to something here…
March 25, 2006 at 11:37 am #365821pinguParticipantHi,
Has anyone had any luck figuring out a way to do this? Is it in fact possible?
We are like carneym looking to put an Exchange server in, but we don’t want to go with a full AD implementation. We have an existing OD implementation, which works just fine. Most of our clients are Macs, with a few (horses for courses) 2K and XP machines in the mix. We just really want to be able to provide the Exchange servers with whatever it is they need from AD and the PC clients perhaps with some Group Policy, but still have all usernames, passwords etc provided by OD.
Any ideas?
Dan
April 8, 2006 at 8:36 am #365946pinguParticipantI think you’re right Josh, way to delicate for production use anyways. So we’re more than likely going to go with Kerio rather than Exchange (thank god). Pricing seems more sensible too for a smallish shop.
We’d still like to provide Group Policy to the 10 percent or so (and rising slowly) of our users who we have to have on Windows (all 2k or XP). We already have these PCs bound to OD, which seems to work okay (bar a few glitches) but having to set Policy on each machine is clumsy and a lot of work.
Any ideas?
April 18, 2006 at 9:49 am #365993pinguParticipantYeah, I think this might be a good place to start cutting our teeth. Alsothought we might give Nitrobit’s Group Policy Editor a whirl; has anybody used/tried this? How does it shape up as a solution for a smattering of Windows machines rather than trying to implement a whole AD/OD malarkey?
Otherwise, I think we may just have to ride out the wait for Samba 4…
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed