Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • October 15, 2007 at 11:25 am in reply to: Mac users on Active Directory keep getting locked out! #370212
    vilms5000
    Participant

    The time difference *is* important for Kerberos, I believe. In our environment (using ADmitMac), where there’s a time difference of more than 4-5 mins we see problems with file shares and other file permissions. Fixing the time difference fixes that problem. Thankfully, these are few/far between.

    I was interested to see a comment about Entourage being culpable for lockouts. In Panther and earlier versions of Tiger, there was certainly an uneasy relationship between the logged-in user’s Keychain and the domain password. Later versions of Tiger (and possibly some engineering from Thursby) made the relationship stable and predictable, but early on we would see similar random lockouts.

    Is anyone using a proxy server that requires AD credentials to authenticate? We have one here and that’s a source of locked out user accounts too, particularly for Firefox users (Firefox doesn’t use the Keychain to store passwords).
    Pw

    March 27, 2007 at 10:36 am in reply to: Implementing AD – good idea? #368644
    vilms5000
    Participant

    You could integrate OD and AD, as many people contributing to this forum already have. Or you could use AD, alone, and install software on your Mac clients that gives them similar file/print access to their Windows peers, but retains a good “Mac” experience (and I am talking about commercial software, not the built-in Apple offering!).

    There are pros and cons to each path.

    You can find commercial options for AD integration of your Mac clients here…

    http://www.thursby.com/products/admitmac-eval.html
    http://www.quest.com/
    http://www.centrify.com/

    Pw

    January 4, 2007 at 11:41 am in reply to: After Binding to AD, Safari gives keychain Problem #367939
    vilms5000
    Participant

    Slightly related to this, but I’d really like to understand more about Safari’s relationship with the keychain.

    Here (we’re ADmitMac users…) we have a small wrinkle with login.keychain and Entourage2004 meaning after the first successful login of an AD user, we have to DELETE login.keychain and get Entourage’s setup process to recreate it (with the current user’s password, of course). I’ve never understood why this has to happen, as the user’s login password and Entourage password are identical.

    Getting back to Safari; we also found that the choice of proxy here renders Safari unable to be used as, once again, we can’t get it to handle domain password changes, elegantly.

    Two enduring niggles with AD and Mac OS X that I’d really like to understand more about!

    Pw

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
Copyright © 2025 AFP548. All Rights Reserved.