Home › Forums › OS X Server and Client Discussion › Active Directory › OD: 10.5.6, AD: 2003
- This topic has 8 replies, 4 voices, and was last updated 16 years ago by
musox.
-
AuthorPosts
-
April 1, 2009 at 8:02 pm #375876MCSDmikeParticipant
Ok, FNG here, I will want to write an idiots guide to setting up this Golden Triangle. I will be posting Visio Jpegs to help clear up accuracy and understanding, as well as screenshots.
Assume the following:
DirectoryService:Version:Name:IP
AD:2003:ADC:192.1.1.2
OD:10.5.6:ODC:192.1.1.3ADC is the current DHCP/DNS/Fileserver/AD for the network.
ODC is configured for OD:Connect to a Directory system
ODC Directory utility has a Valid Bind for AD
Mac clients are standalone 3 user cleints which log in to the ODC on a per user basis no scripting.Goal:
AD will be the grand repository for all Users & Groups.
ODC will control computer group permissions for all client macs
Mac Clients will login via usernam & password permissions and auto mount the home volume in the AD via the UNC homepath from AD
Mac Clients will be able to be imaged and deployed with all settings ready to go.Eventual Goal:
Replace 2003 with 2008What I’ve accomplished so far:
ADC: Users & groups are production and active
ODC: bound via the Directory Utility to AD
ODC: tested bind via logging in (on the ODC) with Ad administrator user, auto mounted the home vol on desktop.
ODC: tested bind via logging in (on the ODC) with regular user: failed
ODC: Opendirectory under the AdminServices is white not green
MacClient: Not sure whether or not to bind to ODC or ADCApril 1, 2009 at 10:37 pm #375879MCSDmikeParticipantTrying to post screen grabs. i need a Mod or Admin help?
April 2, 2009 at 1:43 am #375887MCSDmikeParticipantI have posted my screen grabs to my photobucket account, however when trying to direct link it detects spam and kills my post.
the other user is a non-admin AD user. the expectation is that all users will be controlled through AD.
April 3, 2009 at 2:33 pm #375910mgb123ParticipantI appreciate you guys taking the initiative to do a how to guide. You might find it helpful to have a look at Mike Bombich’s current AD/OD integration doc as well.
April 3, 2009 at 3:25 pm #375914MCSDmikeParticipantOk going to try posting this again: these are the photos from the ODC setup. I need the next step to getting the client for the MacClient configured.
General Server info
http://i662.photobucket.com/albums/uu342/mcsdmike/Serverinfo.pngDirectory Utility:
http://i662.photobucket.com/albums/uu342/mcsdmike/DU.pngDU-UserExperiance
http://i662.photobucket.com/albums/uu342/mcsdmike/DU.pngDU-Mappings
http://i662.photobucket.com/albums/uu342/mcsdmike/DU-Mappings.pngDU-Administrative
http://i662.photobucket.com/albums/uu342/mcsdmike/DU-Administrative.pngOpenDirectory Service:
http://i662.photobucket.com/albums/uu342/mcsdmike/OD-Geninfo.pngOD-LDAP
http://i662.photobucket.com/albums/uu342/mcsdmike/OD-Geninfo.pngOD-Policy: Passwords
http://i662.photobucket.com/albums/uu342/mcsdmike/OD-Policy-Pass.pngOD-Policy: Binding
http://i662.photobucket.com/albums/uu342/mcsdmike/OD-Policy-Bind.pngOD-Policy: Authentication
http://i662.photobucket.com/albums/uu342/mcsdmike/OD-Policy-Auth.pngVisio Docs to come.
April 8, 2009 at 9:14 pm #375963MCSDmikeParticipantok, I’ve got the mac client authenticating via active directory, I haven’t been able to get the OD part of it from the mac server help???
April 9, 2009 at 1:17 am #375967musoxParticipantMCSDmike,
I’m using the AD-OD Sandbox documentation located at: https://www.afp548.com/article.php?story=20080304215842264
One thing I found when trying to bind AD is that the directions for “binder” having Computer permissions doesn’t seem to work (full updates for w2k3 R2 and 10.5.6 as of today). I had to restort to using the Administrator un/pw.
One thing I cannot remember for OSXS if the directions are correct in that ODM should be created first prior to AD Binding, or vica versa. I may be confusing Client steps…
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed