Please help, I need a basic walkthough of getting managed AD users working!

[Anonymous]

I hope somebody can help, Im going mad here. I lot of people are relying on me getting managed AD users the macs here, but I jsut keep running into problems, even though I have read up on just about everything I can!

I have fudged together some sort of half working setup, here is what I have done.

xserve setup as OD Master.
Clients bound to both AD and OD
Changed the KerberosClient Recordname on the xserve.
Installed Admin Tools on a client and logged in locally. I then use WM to connect to 127.0.0.1 using local username. I then can browse the OD LDAP and create a usergroup and setup preffs. I can then fill the groups with AD users from the pull out usr/groups draw.

As I say, this works, but its not great. For a start, I need to authenticate 3 times in WM, once when loading it using local user, then with OD username, then with a AD username! Also WM tends to crash a lot doing this, or sometimes come up with essages saying it cant browse one of the domains, or sometimes just doesnt show any AD users. Always it is very slow when trying to do anything with AD.

The next problem I: have is setting up a disc quota for the user groups. I cant do this in AD as the homes on on the xraid, and I cant do it in WM as it doesnt have the right mappings.

Im I doing all this right?

I really am a beginer and Im so lost!

[topcat]

Sounds good about adding AD groups to an OD group, that would be great, just what Im after! Do you have any knowledge on when this may be done, will it be in the 10.4.3 or not until 10.5?

As for connected to my OD in WM and dragging AD users accross, I am unable to do that as teh server is not bound to AD, so cannot see any users.
I have been using a special client machine to do the user moves as I had read in a numbert of places not to bind the server to AD. Should it be bound?
Thanks for all your help!

[topcat]

yes i have, I would not have got this far if it wasnt for your whitepaper.
I thought I was right not binding the server to AD, but your previous reply suggested that the server was bound, I didnt think you ment to do it on a client.
So thats how we have it setup, just like in the whitepaper. xserve in not bound, its just a normal OD master with some OD groups in. A client is bound to both AD and OD. logged in on client using 127.0.0.1 and local username/pass. Loaded WM and connect to xserve. Then can browse the AD too and drag AD users to the OD groups. Im sure that is right. It works, its just long winded and crashes WM a lot.

Our xserve is running 10.4, so it would be nice to bind it to AD, but after trying it, it doesnt seem to work. I think I will stick to not binding it. Thanks again. If it wasnt for this site, I would be v stuck!

[topcat]

i tried again binding the xserve to AD, and it was v v fast browsing ad users in WM, v nice compared to the magic triangle way that takes around 40 seconds to find each ad user. The trouble is, after binding the xserve to AD, no logins worked from the clients. The OD accounts didnt work, and although the AD accounts logged in, they didnt see the server so had no preffs set.
So for the moment, it looks like binding the server to AD isnt a great thing to do!

[lancepr]

you ever get this working?
I posted a similar problem, found some more people with the same errors after changing my search strings, but no fixes for the “magic” triangle

[lancepr]

Should I set the tiger server as the prefered DC in the AD control panel?
Another question, when I make my Tiger server an OD master what domain should I put it in?
If my base AD domain is widget.domain.com
When I went to create my OD it defaulted to OSX1.widget.domain.com, should I make my OD master part of the same domain as my AD or should this work.
I can browse the AD and OD and add AD users to my OD but none of my settings are getting pulled by the Mac clients.

[Author]

Posts