OS X server in AD Domain

[lawson]

We have an active directory domain with a Xsan being shared out through a NAS head. The nas head is bound to AD. We want to share using SMB and AFP but authenticate users with AD. What would be the easiest way to control permissions on the shares? Open directory service is currently set as “Connected to a Directory System”.

Any help is appreciated!!

Thanks!

[MDhaliwal]

So, I’m guessing this NAS head is an Xserve?

The methodology for this would be, take an Xserve and make it into an Xsan client. You can make this into an Open Directory and then bind that into your existing AD. Mount the Xsan volume R/W and use WGM to set the permissions you’d like on the shares, just not using ACLs (IIRC that’s a no-no). Think of the Xsan volume as a big disk attached to your Xserve and proceed as you normally would, just be aware of the ACLs and that small files will probably bog down the SAN a bit.

As long as the AD integration is done right, your properly bound and the AD auth node is listed above the OD node, the Xserve should accept AD authentication for your shares. This really isn’t much different than a normal AD integration.

[maccanada]

You do recall correctly, Xsan does not support ACLs so you’ll have to get it done with POSIX.

~Ian

[Author]

Posts