[QUOTE BY= hetjan] Can I bind a server to AD so that the server and the Mac OS clients authenticate the username and password to the AD server while information such as home directory, print quota etc. are in OpenDirectory?
Are there any other variations on this theme that I can use? Any published examples?
A.[/QUOTE]
The clients can not use the authentication search path of the server, so each client would need to be configured to search AD for authentication information (either from the AD Plugin or LDAPv3 Plugin).
Using the AD Plugin, some of the attribute values for the user are automatically generated (either from data within AD or some default value the AD Plugin uses if no value from AD is available).
Using the LDAPv3 Plugin, you could statically map the attributes to a variable with something like #/Users/$sAMAccountName$.
If you are using OD to manage client computers without the need to enforce authorization access to those computers, there isn’t really a demand to bind the OD server to AD (unless you want to manage the server with your AD account). The only benefit binding the OD server to AD is to allow you to use AD for authorization, such as login restrictions for particular users (by adding them to an OD group) or using AD for authentication for services hosted on the OD server.
.
.
Comments are closed