OSX Server 10.5: Cannot access user accounts from trusted AD domain?

[venti-bold]

Good afternoon,

I’ve hit a wall in a current project and I’d greatly appreciate any help or advice on how i should proceed to resolve this situation.

Current AD domain setup, both AD domains run off windows 2003 servers.

CORPORATE.COM –(one way trust)–>  PRODUCTION.COM

I have an osx 10.5.7 server bound to PRODUCTION.COM AD server using apple’s Active Directory plugin. Authentication works well for users from PRODUCTION.COM. However, I’d like to be able to have users from CORPORATE.COM log into my server using their CORPORATE.COM credentials. I have windowsXP systems connected to PRODUCTION.COM and this works very well. However, it seems osx systems cannot find user data from CORPORATE.COM.

DNS is working, there is no firewall between both domains. User home directories is not a concern at the moment. I just need to get credentials from CORPORATE.COM to be recognised by machines in PRODUCTION.COM via the trust.

Any thoughts? Anyone?

I read a bit that I might have to monkey with kerberos files on the osx server — something about defining cacerts. Does anyone have any experience, or suggestions in this?

Best,

ventibold

[Patrick Gallagher]

The AD plugin can not authenticate in another forest. If this is just another domain in the same forest, you will need to specify the domain with the login name (ie. corporate\userid). If you do need cross domain auth, then you’ll need to look at something like ADmitMac.

[Author]

Posts