last piece of the puzzle single sign on

[jscott]

I have succesfully integrated OD with AD and now can’t get single sign on working. Sorry this is so long but I wanted to make sure you had all info.

Here’s an overview of my setup. Xserve 10.4.2 bound to AD. Client accounts pulled into OD groups with Workgroup Manager. Clients are bound to AD and OD and managed prefs are working great. All clients are setup to use local system as home location… no network home directories.

I have single sign on to all Windows servers and other network resources except for the Xserve. When I connect to that I’m asked for usename and password. It does accept my AD username ad password.

I have AFP service set to Standard authentication. My sys admin said we aren’t using Kerberos. Could this be the problem?

When I set authentication to Kerberos I get an error on the client side that says “The user authentication method required by this server can’t be found.”

Thanks,
JS

[jscott]

[QUOTE BY= MacTroll] Have you clicked the “Join Kerberos Realm” button in the OD settings in Server Admin?[/QUOTE]

I don’t see that button anywhere. Its set to Open Directory Master and the only Kerberos button says “Add Kerberos Record…” but when I click that and read what it wants it doesn’t seem like the right place to be.

[jscott]

[QUOTE BY= macshome]If you still get the MIT style join then you can run the AD join with sudo dsconfigad -enablesso.[/QUOTE]

This worked! I now have SSO for my users. So did I just miss where to do this in the GUI or does it not exist?

Thanks guys,
JS

[Author]

Posts