Home Forums OS X Server and Client Discussion Open Directory Use a corporate KDC? Can I?

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 26, 2004 at 2:42 pm #357868
    AllanMarcus
    Participant

    anyone know if it’s possible to make my Panther server use my corporate KDC instead of the Panther KDC?

    Here’s my goal:

    1) Panther server used to serve up netboot image to diskless Macs.
    2) The image authenticates using kerberos, against our corporate KDC.
    3) NIS (on a Sun) is used to locate home directory (I have this working).
    4) Home directories are stored on a NetApps file server (I have this working).

    So, my last too issues are getting our corporate KDC integrate, and getting NetBoot to work. I can use the corporate KDC without the Panther server if I set up the Kerberos files manually on the client, but then I don’t get any of the client management features of the Panther server; it would just be used as a netboot server.

    Any help would be greatly appreciate.

    Thanks,

    Allan Marcus
    Los Alamos National Laboratory
    505-667-9531
    [email protected]

    April 27, 2004 at 6:50 pm #357882
    AllanMarcus
    Participant

    I would like to get the advantages of the great mac OS Panther Server client management features in additional to all the other things I’m doing. If I understand you right, all I need to do is great groups on the Panther server’s OD and add the short names (monikers) of the people to the right groups. I can then use the WorkGroup manager to manage preferences and such. On the client boot image, I jsut define the LDAP server in Directory Access, and add it to the authentication path. Since there is no actual account for the user on the Panther server, the Panther server is ignored for authentication purposed. Did I get that right?

    I try it today or tomorrow and let you know if it all worked.

    Thanks,

    Allan

    April 27, 2004 at 6:59 pm #357883
    AllanMarcus
    Participant

    I forgot to mention that groups are managed in a central LDAP server, and that we have a script to update the NIS domain from the central LDAP server!

    I’m going to first try to manage groups with the Panther server, as outlined above. If (NO – WHEN) I get that working, I will create the same group on the central LDAP server and use the same group IDs in the Panther server, but I’ll remove the names from the Panther server. Hopefully, this will work.

    -Authorization managed by corporate KDC – using CryptoCards.
    -Groups managed by corporate LDAP.
    -Home directory path managed by departmental NIS Domain.
    -Client machine groups managed by corporate LDAP to NIS Domain scripts.
    -NetBoot managed by Panther server.
    -Client desktop managed by Panther server.

    Wow, if this works, i will be impressed with Apple. So far, I’ve done virtually no coding or config file set up, other than the kerberos files an getting the login window and screen saver to use the CryptoCard password for the corporate KDC.

    -Allan[/list]

    April 27, 2004 at 7:07 pm #357884
    AllanMarcus
    Participant

    OK, maybe a dumb question, but how do I add a shortname to group if the person doesn’t have an account on the Panther server?

    Thanks

    Allan

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.