Setting up AD integration

[hjuutilainen]

We are currently building a system for our macs to get authentication and home folders from AD. I haven’t done this before so bare with me while ask some very basic questions…

We are currently using two separate systems where our pc’s use AD or eDirectory and our macs use an old XServe (10.2) to get their authentication and home folders. This system works perfectly but we really need to get things integrated. So I’ve started to investigate the possibilities of AD integration. I have a test machine which authenticates perfectly to our existing Active Directory but I wouldn’t like to lose the control I had with XServe.

I read the AD/OD white paper and that’s pretty much what I want to do. We will purchase a new XServe for management and connect it to our large SAN with fibre. This SAN holds user home folders. So basically clients are bound to existing AD to get authentication and to the new XServe OD to get management information. The same XServe is bound to AD and holds the home folders. Clients will get the home folder address (afp) from AD which points to our XServe which was bound to AD. Can I do it like this? Or am I missing something important here?

Thanks in advance!

[tdassel]

Hello,

with 10.4. you should get this to work. We couldn#t do it with 10.3. but with 10.4.3. Apple seems to have done a lot regarding AD integration.
It still depends on you AD though. We still have some issues ( read here ) Link to thread
and the home folders seem to be a constant case of trouble for a lot of users on this board.
Our AD is huge ( 50.000+ users ) and several sub domains, but we made it work, so in your case I would be pretty confident, that you can work it out.

Greetings

Thomas

[hjuutilainen]

Thanks for your replies!

Our AD is also quite big (10,000+ users) but there are only about 400 users (1-2 different OU’s) that will be using the system we are building. I’m not sure how many home folders the SAN will have. Propably quite many… We just had a meeting about this and we are still unsure whether we are going to use AD or eDir. I told the other administrators that setting-up and configuration are more simple with AD but the problem is that most of those 400 users are currently authenticated using eDir and have their home folders in Novell. So eDir has the correct information about the 400 users home folders (we have quite a few servers here…). We have the same user base on both eDir and AD and the only thing that differs between those two is home folder location.

Is it possible to get authentication from AD, management from OD and then mount the required network shares and home folder with ie. login hooks? I would really love to use AD for authentication only and not retrieve the home folder location there. This way we wouldn’t have to change anything in AD and we could easily mount multiple different network shares depending on the group of a user. If we decide to use eDir after all, is the “magic triangle” setup possible with eDirectory?

So many questions… Thanks again!

[Author]

Posts