Creating computer record from the client in a DHCP environment (10.6 OD + AD)

[emil]

I’m in the process of integrating Mac OS X and Open Directory in a major Windows 2003/2008 AD environment with a “magic triangle” setup and I’ve reached a point where I need to bind the clients to the OD to get client computer records for setting printing preferences etc via MCX.

According to Arek Dreyer and Ben Greislers book on 10.6 Directory Services a trusted bind won’t work with DHCP since a trusted bind requires that both the client and server has a fixed IP, something that seems quite odd to me. What network does not use DHCP?

And since I’m dealing with a big number of clients in a huge network (segmented, no posibility of fixed IP’s) this seems to rule out a trusted bind and creating client computer records server-side is not a viable option.
This leaves me with the option of using a guest computer account, but then I won’t be able to have differing MCX’s for different groups of computers.

So… what do I do?
Can I make an authenticated bind from the client, have the trust fail when the clients connect from a different IP but the correct MCX still apply?

Any better would be greatly appreciated!

(Sorry if this seems a bit incoherent, it’s still early in the day 😉 )

[Author]

Posts