AD / OD on leopard

[trampoline]

I am considering using leopard server to just opull all the data from AD to the Mac Server for users and groups, my question is in Chapter 7 of the fantastic pdf Guide here (Page 34 section B) it talks of the client Authenticationg first to AD then to OD but is this just a hangover from before Leopard in the documentation, or is the AD login there for network access etc ??? since all account data will get taken from the OD login..
Also one question I have noticed the problem with KERBOS having to be disabled on the OD server in the Golden Triangle setup due to conflicts with AD and have seen this in a customers site, will this problem again rear it’s head in the setup I want (Pure OD ).
Thanks..

[trampoline]

can we not. Just use OD and pull all the details from AD ?

[peter dodge]

[QUOTE][u]Quote by: trampoline[/u][p]can we not. Just use OD and pull all the details from AD ?[/p][/QUOTE]
In order to “pull” account info from AD (such as users and groups) the OD server must be bound to AD. This means it is a client to the AD server like your client workstations and will not manage authentication for your network.

In other words, the clients still login to AD, but are bound to OD so that WGM can identify those authenticated users, groups and computers to be managed.

[trampoline]

So on the client side they would still have AD set up in Directory access as well as OD ?

[macinandy]

Are you saying you want to export the AD users out to LDIF file then import them into OD and ditch AD ?

[trampoline]

[QUOTE][u]Quote by: macinandy[/u][p]Are you saying you want to export the AD users out to LDIF file then import them into OD and ditch AD ?[/p][/QUOTE]
well it’s an option, if the ad od golden triangle continues to cause trouble

[macinandy]

Ok , think I understand you now. Yes the client would have AD and OD set in Directory Utility, AD being higher in the list on the Authentication ,and maybe Contacts, pane.

[Author]

Posts