I have an open directory master, and open directory slave both running 10.6 server, providing OD services to allow 100 mac laptops to log in. Both are also AFP file servers.
I need to bind both these servers to our Active Directory domain, in order to allow additional users on our wider AD network to access these file servers, whilst authenticating via AD (instead of using an additional OD account).
(The plan is also to gradually migrate the laptops onto AD and get rid of the OD).
My initial thoughts are that this should be as simple as binding the two servers to active directory (using directory utility), then propagating AD group ACLs to the existing file shares, alongside the OD ACLs/permissions.
My concern is that I’m missing something that may cause the macs authenticating and logging in via OD to break or stop working. Would there be any kerberos conflicts etc. that I may be overlooking?
Are there any “gotchas” that I may be missing with this, or best order to do things in?
Any thoughts/advice/tips appreciated. These are production machines and I don’t want to mess anything up.
Many thanks in advance.
.
.
Comments are closed