AD/OD Integration

[Waragainstsleep]

I work for a small IT company, and we have a set of windows servers and an Xserve G5 running our network.
The Windows machines provide our email and shared calendars (one of them is an Exchange Server) but they are mainly there for us to practise troubleshooting, upgrading, maintenance etc before we make changes or repairs to our customers machines. The exchange server is running the AD and is the PDC, the other two don’t really matter.
The Xserve is attached to a 3rd party RAID array, and is running Tiger Server.
My boss asked me to try and setup some other services, as the Xserve was only running afp. It wasn’t joined to the AD either. It had a few local accounts for those of us who needed to access the RAID, but these had similar or identical names to our AD accounts, which provide us all email.
The main service I want to get running is Software Update, but I know my boss also plans to setup network home folders on the RAID at some point.
I found the article on this site about AD/OD integration and decided that the model it describes would give me everything I want, so I figured I’d follow it through and see how I got on.

I recquisitioned an old G4 PowerMac with a Sonnet upgrade to be my new OD Master and software update server.

The PowerMac is now also running Tiger server.
I joined the Xserve to the AD domain, and followed the instructions to test the edu.mit.kerberos file, and this is where I ran into difficulty. The article says: if the ‘kinit’ command takes your password without response, then the file is valid.
This didn’t happen for me. I then realised that I wasn’t sure I was using the right password. (Only need it for email, and that was setup months ago – the RAID is accessed via a separate account on the Xserve) I logged into the exchange server and changed my password. It now worked as predicted.
I then setup the SMB service for the Home folders, but when I finished modding the smb.conf file, the Windows role had changed under Server Admin from standalone todomain member. The article says this shouldn’t happen, but I just put it down to the fact I was using Tiger and not Panther Server.

Anywaqy, I setup the OD Master, then setup an admi client to sort out the users and groups, but no matter how much I try, it won’t add AD users to OD groups. I get the green circle with the plus sign, but the Group members box stays empty.

What am I doing wrong?

[Zeheeba]

Hey There,

You wrote:
“I then setup the SMB service for the Home folders, but when I finished modding the smb.conf file, the Windows role had changed under Server Admin from standalone todomain member. The article says this shouldn’t happen, but I just put it down to the fact I was using Tiger and not Panther Server.”

You are correct. You shouldn’t need to hand edit the smb.conf file in Tiger as you needed to in panther to have the SMB service show as a Domain member. Apple did this all for us with Tiger. If there are some settings that need to be changed by hand, I haven’t seen them yet.

I didn’t quite follow your description of how you are trying to add AD users to local groups on the OSX server, but you can do this buy launching WGM, making sure you are looking at your local directory and not AD via the drop down menu under the “Admin” , and hit the “New Group” button. Name the group and give it the ID you want. To add AD users, click the the plus button next the member list to open the users/groups drawer. At the top of the drawer, make sure you select your AD from the drop down list. This should populate the list. Once the list is done loading, simply drag users from the drawer to the members pane. This should add them to the local group.

Hope this helps.

Regards,
Z

[Waragainstsleep]

Hi Z, thanks for your reply, I appreciate the help.

OK. I was original using two WGM windows, one authenticated to AD, one to OD on a client with both directory services listed under its search path in Directory access.
On trying to drag users from the AD list into the OD group members window, the cursor would get the green + button, and the border of the members list went bold black, but on releasing the mouse button, no users from AD would add to the group. I tried to do it using just the one WGM window and the drawer as you suggested, but the AD would not appear on the menu at the top of the drawer.

Any idea why?

[Author]

Posts