[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Connecting 10.4 Mac to Active Directory for logins

Posted on 2006-03-27
27
Medium Priority
?
409 Views
Last Modified: 2013-11-13
We have a Windows network running with around 20 Windows Desktop/Servers. We have a Windows Server 2000 machine running Active Directory. We just got a Mac running 10.4. I can browse the network and connect to network shares etc. However what i really want to do is use the active directory for logging into the mac. Basically i just want users to use the same username password combo on the mac as they would on the rest of the network.

How can i do this? I tried a few things and searched around the internet. But everything i find either doesn't work or i don't understand. I am a complete Mac networking novice. Help!
0
Comment
Question by:alex_wareing
  • 9
  • 8
  • 3
  • +3
24 Comments
 
LVL 30

Accepted Solution

by:
Irwin Santos earned 500 total points
ID: 16305838
This is what you need
http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=windows2000sfm

You need to get the UAM for 10.1x+ download and install.
0
 

Author Comment

by:alex_wareing
ID: 16306504
Ok so i downloaded it, now what? I don't know what to do?
0
 
LVL 30

Expert Comment

by:Irwin Santos
ID: 16307065
How about installing it?
0
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

 

Author Comment

by:alex_wareing
ID: 16307103
Yeah, ok i managed to install it. However after install the documentation doesn't seem to suggest what to do next. Is there a system preference somewhere, where do i update the settings etc?
0
 
LVL 30

Expert Comment

by:Irwin Santos
ID: 16307341
CHOOSER.. then go to network, look for  your server...select and logon
0
 
LVL 4

Assisted Solution

by:bthomasian
bthomasian earned 500 total points
ID: 16315474
Here is how you do it:

From the Finder use the key-cobo "Open Apple - Shift - U"

This opens the Utilities folder, look for "Directory Access" and open it

NOTE: You may need to authenticate to proceed

Double click "Active Directory"

"Bind" the Mac system to your Domain

Login with usernames, passwords, Authenticate yourself click OK, Apply, Accept, whatever the case maybe, I forget, reboot and when your back up, you should see the "Other" login option

Login using a Domain user and your set! You can even setup Mobile accounts this way, like you would do on a PC with Offline Files, good luck and have fun!
0
 
LVL 53

Assisted Solution

by:strung
strung earned 500 total points
ID: 16322096
You will also find a wealth of information about using Active Directory with Macs here:  http://macwindows.com/AD.html

and also see the links down the right hand side of this page: http://macwindows.com
0
 

Author Comment

by:alex_wareing
ID: 16335706
bthomasian - ok thanks for your help so far. I managed to bind the mac to the active directory. But after that i don't see the options for usernames, passwords. I have rebooted a few times but i still don't see the other option at login. i just see the username and password boxes, shutdown, restart etc. but no other button. domain usernames won't login only locla accounts will.
thanks
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16338197
Hi Alex,

A few things to confirm, when you're in Directory Access and you configure the Active Directory option, you will see listed the Active Directory Forest, then the Active Directory Domain, then the Computer ID. These three fields will be filled in. Then you can drill down with the arrow for "Show Advanced Options"

My options that I have checked off under the "User Experiance" tab are:

Create mobile account at login
Require confirnation before creating a mobile account
[Force local home directory on startup disk is checked but greyed out]
Use UNC path for Active Directory to derive network home location
Network protocol used will be "smb:"
Default user shell: "/bin/bash"

My options that I have checked off under the "Administrative" tab are:

Allow administration by: DOMAIN\domain admins
                                    DOMAIN\enterprise admins
Allow authentication from any domain in forest

Fingers crossed after you apply the settings and reboot you will infact see the "Other..." login option below your local user logins, the icon will look like a shadow of a man with a blue background and network light nodes behind him.
0
 

Author Comment

by:alex_wareing
ID: 16338358
I have set everything up in the Directory Access panel as you suggested. It all seems to apply ok, but after i rebbot there is no 'other' option. All i see is the local users
0
 

Author Comment

by:alex_wareing
ID: 16338372
Ok i did a little research. Take a look here:
http://www.osxfaq.com/Tutorials/Root_User_Creation/7.jpg (page is here: http://www.osxfaq.com/Tutorials/Root_User_Creation/index.ws)

There is an option on that screen show '"other user" in list for network users'. However on my version of OS X (10.4 Tiger) that option is not there?
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16345122
What version of MacOS 10.4.x are you running? Is it at least version 10.4.2? There were Active Directory fix's in 10.4.2 and this is why I am asking... http://docs.info.apple.com/article.html?artnum=301722

Your right that the Login Preferances have dissapeared in MacOS Tiger, I have setup around 13 Mac's for my organisation in the steps I provided above and have consistantly been offered up the "Other" option to login... in fact, here is my cheat cheat I go by from start to finish when setting up a new Mac for Active Directory.

New Mac Setup Procedures
********************
IMPORTANT NOTE: Update MacOS Tiger to 10.4.2 before proceeding:

open “Directory Access” in “Applications:Utilities” folder
enable “Active Directory” then configure
Active Directory Configuration
DOMAIN: "YOUR DOMAIN"
Computer ID: usersInitials-Tag#
“Bind” this computer to the Active Directory Server
show the “Advanced Options”
check “Create Mobile account on login”
logoff and then log back in as the user (choose “Other...”)
click the “Sync Home Icon”
select the “Sync Preferances”
set to syncronise: “Automatically”
set ONLY the “Desktop” to sync as the Documents folder Microsoft Data files
select to “Show status on the menu bar”
add the script as a startup item “HomeSyncNow”

Hope this helps Alex!
0
 

Author Comment

by:alex_wareing
ID: 16345528
This is exactly how i have done it so far. Its just after i check “Create Mobile account on login”, then i restart but theres no "Other" option
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16345682
What was the MacOS version that you are running? Click on the Apple and then "About This Mac"

The version will be listed right under the Apple Logo and the "Mac OS X" text.

I wonder if you attempted to bind before the update to 10.4.2, if so, you may have to unbind it, reboot and rebind again.
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16383169
UPDATE: 10.4.6 was released yesterday!

Unbind the system from the Active Directory Server
Reboot the system
Run the Apple Update to get 10.4.6 that has some other fix's that are relavent from what I read in the patch notes
Reboot the system
Try binding it to the Active Directory Server again

Best of Luck!
0
 
LVL 3

Assisted Solution

by:ryanhunt
ryanhunt earned 500 total points
ID: 16443315
To present the user with a username/password screen instead of a list of users at the login screen do this :

Apple -> System Preferences -> Accounts -> Login Options (After clicking the Padlock) and ensure that 'Display Login Window as:' is 'Name and Password'


Also ensure that in Directory Access that you've configured Active Directory to be an Authentication Method:

Applications -> Utilities -> Directory Access.app

Make sure Active Directory is actually Ticked
and in the 'Authentication' tab, you can see /Active Directory/your domain. If you don't click on Automatic and change it to 'Custom Path' and then click Add and select Active Directory.

Ryan.
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16540635
Hey,

I just ran into this exact same problem, took a while to duplicate it, I happened to by accident. The internal batter in the Mac Laptop I had died and so the time was off. I didn't get the "Other..." option until the time was the same as that of the AD server. Check your date and time, reboot and try it again! Make sure to get the updates as mentioned before as well!

Ben-
0
 

Author Comment

by:alex_wareing
ID: 16704339
Venabili - I am still intressted in this question, however i am yet to find a solution
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16710466
Hi Alex,

Have you tried all my suggestions? I have setup sever Mac's on Active Directory and the only hitch's I've ran into I've indicated above. Have you synced the time between the Mac and the AD server? Did you update the OS as there were fixes there? Have you made sure your login name isn't the same as a local account already created on the Mac?

Let me know were you are hung-up currently!
0
 
LVL 20

Expert Comment

by:Venabili
ID: 16828690
Any update here?
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 16830223
I'm monitoring this post as well for updates... let me know!
0
 

Author Comment

by:alex_wareing
ID: 16973587
Ok i've been advised that this question has been abandoned. Its not been abandoned its just our network engineers haven't had time to test the solutions offered above. As soon as they do i will post a reply or accept an answer
0
 
LVL 4

Expert Comment

by:bthomasian
ID: 17005244
No problem from me Alex, when you have any updates, I'm monitoring this in case!
0
 
LVL 20

Expert Comment

by:Venabili
ID: 17663023
Any news here? It had been more than 3 months
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
While there are many new features for iOS 11, these are the five that can improve your digital lifestyle.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question