I've seen a few questions on this but no answers that make sense to me. I have a 10.4.2 Server and a 10.3.9 client. I'd like to do the following:
1. Have the Mac client log in to the 10.4 server at boot time using a valid AD username and password. Home directories don't matter to me much at this point; I just don't want to have to manage local login accounts on each Mac or for people to have a different password to log into their Mac than they do for the AD domain.
2. Set permissions/ACLs on the AFP sharepoints on the 10.4 server using the AD users and AD groups.
3. When the Mac client logs in at boot time, if they try to connect to the 10.4 Server AFP sharepoint, they don't need to enter a username or password again because the AD user that they logged in with at boot time is the same user which is allowing them onto the 10.4 AFP service.
This would get me single sign on, as well as a single set of users to manage.
I have tried setting up my 10.4 Server both as Connected to Directory System, and Open Directory Master. I've been able to get users to connect to the AFP sharepoint via their AD username and password, but never been able to get them to log in at boot time with their AD username and password. Any suggestions?
By the way, I am only using a 10.3 client because it was handy. If this is made easier by getting 10.4 clients, please let me know. I thought that the key was in the 10.4 Server, because of all the hoopla that was made about the AD integration working better in Tiger.
Craig