[dthompson]

Next step??

Dumb question here. Do all your master and replica severs have proper A and PTR records associated with them? I have found that without proper DNS working 1 forward and reverse lookup for each server in place, replication sync logs will pile up in your /var/db/authserver folder….

[dthompson]

There are no real issues with binding 10.3 to an AD server, well except that it sucks. You bind the clients to both the AD server and the OD server (make sure AD is first in your directory access list for authenticaion paths) and then reboot the workstation.

Personally though, I have never had much luck with the 10.3 AD plugin and found that Thursby’s AdmitMAC client does a MUCH better job of managing AD users and acoounts and logins.

It also goes one further and supports secure logins where as the 10.3 and the 10.4 apple provided AD plugin architecture doesn’t.

[dthompson]

The download tgz file is gone from MS’s site. Do you have a copy of it that you could send to me??

[dthompson]

With this type of setup though, you don’t necessarily need a Mac OS X Workstation to be bound to AD. It can sort of work the other way where you can bind WINXP/2000 workstations to AD and then use the trust realm off of OD Servers to authenticate them. This should then create a trust between the realms for the users:

[email protected] –> [email protected]

Basically you can move the OD Server to the top spot in the authentication mechanism and have AD workstations use OD for logins but still be managed by the native AD Directory Service. It does get convoluted though… Not quite as nice as plugging OSX Client/Server into AD Services.

[dthompson]

Have you seen this link here? It sounds to me like you are looking to create cross realm authentication.

http://www.4am-media.com/sso/#unix

[dthompson]

This is something that I am also very interested in. I have been working on getting the Xrealm authentication working via Kerberos where the PC clients are bound to the AD server,but the AD server calls on the OD server for user names and passwords.
See these links here:
http://www.4am-media.com/xrealm/

http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx

http://technet2.microsoft.com/WindowsServer/en/Library/a606a6cd-0d09-4d8e-a709-ea4f93608b5f1033.mspx

The problem is that you need to keep 2 instances of the user in the DB on both individual servers, unlike where you can point OD to AD for almost full user management.

It would be nice if there was something such as AdmitMac that worked that other way, “AdminWIN” or something like that. Hello Thursby, are you listening? I may be on to something here…

[dthompson]

Basically the entire reverse of the ODM Server into AD setup:

OD Master –> AD (Pointed to ODM for users and passwords) –> Client authentication (either Mac or PC). User AD to manage AD workstations and group policies and OD to hand down the users.

Same way as where we can use OD in the middle of AD and the Mac OS X Clients, it would be nice if you can do it reverse. This way you can migrate away from AD as the centre of the universe.

Does that make any sense??? It could be a pipe dream.

[dthompson]

How about a ** cough ** white paper on reverse integration in which OD is the top tog in the authentication chain and AD gets it’s user password and account information from OD as opposed to always being the reversal..

[dthompson]

To everyone who is having problems with their auto-replys. Are you trying to send emails to a user you have setup with an auto reply more than once? Don’t forget that the database that mail builds for this will only send you a reply once.

So if you send an email from [email protected] now, and then send one again in 30 minutes, the server will not respond to you as it has a list of emails it has responded to. The default setting is 7 days, so you will not be able to get a response from the server until at leas a week unless you have set it to a shorter defualt. I have had no problems with this setup and I followed the instructions here…

I am running 10.3.5 server as well. I have built and tested this on a clean machine, and just now installed it on my production machine with no problems….

[Author]

Posts