Populating OD With AD users

[dave621]

Ok this is my problem, I hope someone can help

We have 2 windows 2k3 forests, domain1 and domain2 which have a trust set up so that they can share information, which all works fine with windows machines.

But now we have osx 10.4.1 clients on the network, which we can only get to bind to one forest using the ad plugin and this all works fine and all the users from ad can logon. But now people form the other forest are asking to use the Macs and we can’t figure out how to do this. I have tried using the ldap plug-in but it seems to be broken and won’t do anything.

In the end we ended up buying a product called admit Mac which I must say it’s the most expensive piece of shit we have bought, although it did what we wanted, it caused all manner of other problems, printer scripts wont work, logoff scripts wont work, corrupts other software.

So now we are thinking of using our Mac server as a pass through for authentication and also this would give us the advantage of setting preferences on the client too.

So we turned on Open Directory and bound it to the active directory and set the ldap on the client to see the open directory, which works fine and can log on with a test OD user. But we were hopping (I know this was a long shot) that cause it was bound to ad it would automatically pass the authentication to the ad domain controller.

So my question is dose anyone know how to get the OD to be populated with ad users or how to use the Mac server as a pass through for authentication to the ad domain controller.

Or if anyone has any other ideas on using 10.4 with two forests any help would be greatly helpful.

Or if anyone knows of any fixes for the ldap plug-in so that I can connect to one forest with the ad plug-in and the other forest with the ldap plug-in.

Also have only been using apples for 2months and its been a very steep learning curve and don’t know very much about them, so if some one could provide a guide if this is possible I would be really grateful

Please feel free to email me at [email protected]

Thanks for taking the time to read this

Thanks david

[dave621]

erm there are about 7000 users in the first forest and about 1000 users in the second forest

they need to be able to log on and have the home drives mapped which are on a windows server. this all works find with the ad plugin

we have tried setting up the ldap plug in but nothing happens. so i found a guide on here which was for single user sign on and followed that for setting up ldap and let out the single user bit, but this dosnt seem to work either, i used lookupd to search for users to test it and i just get nil

if anyone could take me through setting up ldap step by step that would be great

[Author]

Posts