[nakima731]

An update – I have posted this as a bug – and am working with our Sales Engineer. (primarily b/c if this isn’t fixed they will be missing out on a few sales….)

The Wiki server will resolve an OD user in a nested OD group (an OD group w/in an OD group), but not an AD user in an AD group w/in an OD group. But does resolve an AD user inside a wiki enabled OD group.

I’ll post if / when this gets acknowledged / resolved.

[nakima731]

Well – it sounds like you are looking for information on “[url=https://www.afp548.com/xrealm/]Configuring Cross-Realm Authentication between Mac OS X Server’s Open Directory and Active Directory[/url]”.

However, you will be sorely disappointed by the fact that “When using a Mac OS X Wiki Server that is bound to Active Directory, some configuration may be required in order to allow users to authenticate using their Active Directory credentials. This is required because, by default, the wiki server uses CRAM-MD5 authentication, which is not supported by the Active Directory plugin.” see: [url=http://support.apple.com/kb/TS1619]Enabling wiki access for Active Directory or third-party LDAP server users[/url]

[nakima731]

resurrecting an old post, I know. I hate the implication that there is not an acknowledgment that this is an issue.

Enabling wiki access for Active Directory or third-party LDAP server users
http://support.apple.com/kb/TS1619

Known issue – has to do with the authentication method that the wiki/blog server uses.

[nakima731]

[QUOTE][u]Quote by: SpeedDemon[/u][p]The fixed width problem was only a small part of problems with the teams server. And yes, I know how to edit the CSS layouts to change the the appearance, but there should be a simple setting in the preferences to adjust these kinds of things.

I clearly more upset with the fact that it pretty much has to be used IN SAFARI. Only about 1% of the users I administer use Safari with most using IE7, and pretty much the rest using Firefox. The Wiki works in neither of the two MAJORITY BROWSERS.[/p][/QUOTE]

Actually – the login prompt issue is solely with Firefox 3 BETA. Use the production Firefox browser, Mac, PC, Linux, the login prompt works fine.

Layout / editing in IE7, yeap it’s a bit off. But that’s cuz IE7 is a POS itself unless it is browsing an ASP, .NET, IIS site.

[nakima731]

That said – nested groups do work in Panther (later versions) and Leopard.

[nakima731]

I can affirm that it is possible that the machine account of the OS X (Tiger and Leopard) system may not have rights to read the group membership of the AD group.

In a not-too-customized AD implementation, this should *not* be an issue. It is rare that AD admins would get into the level of permissions detail that would interfere with computer accounts reading the properties of Users and Groups. As it happens, I live under such an implementation.

To check this you need a)the computer account name in AD of the OS X client; b) the name of the AD Group in question and c) a user login that has rights to read the properties of Group.

On a windows machine, log in and open Active Directory Users and Computers.
Search for the Group name, right click on it and select properties.
Select the Security Tab
Click the Advanced Button
Select the Effective Permissions Tab
Click the Select button
Click the Object Types button
Check the box next to Computers
Enter the name of the computer account
Click Ok

in the (long) list of properties the computer account needs either:

List Contents
Read All Properties
Read Permissions

or (if Read All Properties is unchecked)

List Contents
Read Permissions
Read gidNumber
Read groupType
Read Members
Read memberUID

[Author]

Posts