[macdummy]

[QUOTE][u]Quote by: ingenious7[/u][p]Sounding very similar to what we have done. We have never run a Windows Domain before, but have always used Mac OS X as the file server for our users. While most of our workstations are Mac OS X, there are a number of Windows based computers.

As you would know, with users logging in to many different computers, the headache of using complicated scripts to map drives and copy folders because everything is local on the Windows computers is a real headache.

We decided to bring in Primary and Backup Domain Controllers served from Mac OS X 10.5 using Samba. Roaming Profiles have given us back a lot of control. While the initial setup may not be as friendly as Windows Server, it isn’t too hard and once you overcome the initial hurdles it runs exceptionally well, and there isn’t much of a performance loss.

To those who are missing the Group Policy stuff – look for a small and obscure program from Microsoft called System Policy Editor. This is pretty much what you will need to use to control policies based on the registry in a Samba domain environment. It takes a bit of getting used to but is fairly simple and gives you control over most Windows settings that Group Policy does. I don’t know how familiar you are with it, but if you save your output as an NTConfig.pol file and store it under /etc/netlogon you will claw back some of that control that Windows sysadmins love.

[/p][/QUOTE]

I originally wanted to use roaming profiles. However in a MacWorld session the presenter cautioned about users iTunes library and the space hog this can be. I think they also mentioned you can prevent certain things like iTunes from syncing. I think that is my next move. I experimented with this a while back but ran into some issues as our workstations are Tiger and the Server is Leopard.

Thanks for your post.

[macdummy]

[QUOTE][u]Quote by: Dave+Hagan[/u][p]Most people use Active Directory because they already have a domain controller setup for their Windows clients. But like you, I ditched our AD setup a few years ago, and setup an OpenDirectory domain for my Mac and Windows desktops. It’s working very well and is seamless between the Mac and Windows. As we have added more Windows PCs into the mix, I am considering going back to AD and doing the magic triangle or extending AD’s schema so that I can manage the WIndows clients with group policy and still have the same nice management controls like I have on our Macs.

There are many interesting documents on this site on the integration of OS X Server into Active Directory if you go that route. I would suggest you download the PDF on AD/OD integration.
[/p][/QUOTE]

Thanks so much for your post Dave. I will check out the resources. I am ver appreciative.

On the seamless functionallity with OD for the Windows and Mac systems. How do you achieve that? I know that is a wide open question, but how do you mean semaless. All our users have tons of different username and passwords to access things. One for the Windows Server, One for the Mac Server, One for their system, etc.

Thanks so much for your williness to help.

[macdummy]

[QUOTE][u]Quote by: macshome[/u][p]We have quite a few documents host here, or linked here, that should help. At a minimum I would check out JohnD’s Tips and Tricks and our own whitepapers.

It’s not all that hard to get going, it’s just different than on Windows. Mac admins adding WIndows skills often run into the same frustrations you have.

Note that you need to purchase the Promise unit through Apple to get the Apple supported config.

What sorts of things are your consultants telling you that you can’t do on the Mac?[/p][/QUOTE]

Yea, we got the Promise through Apple and it appears to be functioning well. And we now have web access to the admin controls! So the PC is out of the picture now.

I guess more than us getting the response that “you can’t do it” I am hearing that “Apple doesn’t do it that way”. Which is fine. However, if they do something different and it creates a bigger headache rather than bennefit I want to know the truth. The biggest thing is the Domain issue. Can we create a domain on the XServe? The other part is network logins instead of local user acounts. The whole idea is to get to centralized management. Right now it is all locally managed and is becoming a nightmare.

Thanks for your post, and your williness to respond with your knowledge.

[Author]

Posts