Home Forums OS X Server and Client Discussion Active Directory 10.3.3, AD plugin, granting admin control

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • March 18, 2004 at 6:49 am #357629
    mdporter
    Participant

    So I am using 10.3.3 with the new AD plugin, and am able to authenticate against our AD server. My mac appears in the computers OU. The basic part works.

    However, I cannot get AD accounts to have local admin rights on panther. This is currently a showstopper for me, because people need admin rights to their machines. I’ve added groups, but they are being ignored.

    I’ve been looking for docs and tweaks but have found nothing useful. unfortunately I missed the macosxlabs.org presentation yesterday and it looks as if it’ll take a few weeks to be posted.

    So, the questions are:

    1- will the ad plugin support granting admin rights?

    2- is single sign on with windows 2000 servers supported?

    3- is kerberos being used at this point? Will I be able to change a windows account password?

    All this is working for me using admitmac. I’d rather save the company some money and not deploy that if possible. Thanks for any answers!

    March 22, 2004 at 5:19 pm #357662
    sketch
    Participant

    if you only have a select group of pople that NEED admin rights, create and AD group of just those users, then give that group admin rights, so the Mac doesn’t have to load ALL the users in your AD.
    Or if your system’s going to be used pretty much by 1 person, manually add that person to the local admin group in netinfo.

    March 22, 2004 at 5:22 pm #357663
    sketch
    Participant

    [quote:f9275d702a=”MacTroll”]
    FWIW: smb homes are fully supported now

    man dsconfigad for more info.

    Joel[/quote:f9275d702a]

    Unless you use M$ Dfs

    March 25, 2004 at 4:38 pm #357677
    Anonymous
    Participant

    does dsconfigad give local admin rights.
    hey joel got my ccna last week.

    March 28, 2004 at 6:35 am #357686
    leaklime
    Participant

    Check out this webcast for more info:

    http://www.macosxlabs.org/webcasts/2004-03-16_ActiveDirectory/index.html

    March 31, 2004 at 7:55 pm #357703
    mdporter
    Participant

    Sketch,

    I found the netinfo trick on my own yesterday, glad to see others know about it. Being able to add just one or two people with local admin rights is alot easier in my environment that adding groups.

    Next question… single sign on on panther client, to windows 2000 servers running services for macintoshand connecting through AFP. Is this possible? I checked out the AD webcast and it wasn’t mentioned.

    April 1, 2004 at 2:58 pm #357711
    sketch
    Participant

    There are 2 AFP over IP server products on the market that either provide kerberos support or will be providing it. One is MacServerIP and the other is ExtremeZ IP. But of course they cost $$$$

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.