Connecting 10.4 Mac to Active Directory for logins

We have a Windows network running with around 20 Windows Desktop/Servers. We have a Windows Server 2000 machine running Active Directory. We just got a Mac running 10.4. I can browse the network and connect to network shares etc. However what i really want to do is use the active directory for logging into the mac. Basically i just want users to use the same username password combo on the mac as they would on the rest of the network.

How can i do this? I tried a few things and searched around the internet. But everything i find either doesn't work or i don't understand. I am a complete Mac networking novice. Help!
alex_wareingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Irwin SantosComputer Integration SpecialistCommented:
This is what you need
http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=windows2000sfm

You need to get the UAM for 10.1x+ download and install.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
alex_wareingAuthor Commented:
Ok so i downloaded it, now what? I don't know what to do?
Irwin SantosComputer Integration SpecialistCommented:
How about installing it?
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

alex_wareingAuthor Commented:
Yeah, ok i managed to install it. However after install the documentation doesn't seem to suggest what to do next. Is there a system preference somewhere, where do i update the settings etc?
Irwin SantosComputer Integration SpecialistCommented:
CHOOSER.. then go to network, look for  your server...select and logon
bthomasianCommented:
Here is how you do it:

From the Finder use the key-cobo "Open Apple - Shift - U"

This opens the Utilities folder, look for "Directory Access" and open it

NOTE: You may need to authenticate to proceed

Double click "Active Directory"

"Bind" the Mac system to your Domain

Login with usernames, passwords, Authenticate yourself click OK, Apply, Accept, whatever the case maybe, I forget, reboot and when your back up, you should see the "Other" login option

Login using a Domain user and your set! You can even setup Mobile accounts this way, like you would do on a PC with Offline Files, good luck and have fun!
strungCommented:
You will also find a wealth of information about using Active Directory with Macs here:  http://macwindows.com/AD.html

and also see the links down the right hand side of this page: http://macwindows.com
alex_wareingAuthor Commented:
bthomasian - ok thanks for your help so far. I managed to bind the mac to the active directory. But after that i don't see the options for usernames, passwords. I have rebooted a few times but i still don't see the other option at login. i just see the username and password boxes, shutdown, restart etc. but no other button. domain usernames won't login only locla accounts will.
thanks
bthomasianCommented:
Hi Alex,

A few things to confirm, when you're in Directory Access and you configure the Active Directory option, you will see listed the Active Directory Forest, then the Active Directory Domain, then the Computer ID. These three fields will be filled in. Then you can drill down with the arrow for "Show Advanced Options"

My options that I have checked off under the "User Experiance" tab are:

Create mobile account at login
Require confirnation before creating a mobile account
[Force local home directory on startup disk is checked but greyed out]
Use UNC path for Active Directory to derive network home location
Network protocol used will be "smb:"
Default user shell: "/bin/bash"

My options that I have checked off under the "Administrative" tab are:

Allow administration by: DOMAIN\domain admins
                                    DOMAIN\enterprise admins
Allow authentication from any domain in forest

Fingers crossed after you apply the settings and reboot you will infact see the "Other..." login option below your local user logins, the icon will look like a shadow of a man with a blue background and network light nodes behind him.
alex_wareingAuthor Commented:
I have set everything up in the Directory Access panel as you suggested. It all seems to apply ok, but after i rebbot there is no 'other' option. All i see is the local users
alex_wareingAuthor Commented:
Ok i did a little research. Take a look here:
http://www.osxfaq.com/Tutorials/Root_User_Creation/7.jpg (page is here: http://www.osxfaq.com/Tutorials/Root_User_Creation/index.ws)

There is an option on that screen show '"other user" in list for network users'. However on my version of OS X (10.4 Tiger) that option is not there?
bthomasianCommented:
What version of MacOS 10.4.x are you running? Is it at least version 10.4.2? There were Active Directory fix's in 10.4.2 and this is why I am asking... http://docs.info.apple.com/article.html?artnum=301722

Your right that the Login Preferances have dissapeared in MacOS Tiger, I have setup around 13 Mac's for my organisation in the steps I provided above and have consistantly been offered up the "Other" option to login... in fact, here is my cheat cheat I go by from start to finish when setting up a new Mac for Active Directory.

New Mac Setup Procedures
********************
IMPORTANT NOTE: Update MacOS Tiger to 10.4.2 before proceeding:

open “Directory Access” in “Applications:Utilities” folder
enable “Active Directory” then configure
Active Directory Configuration
DOMAIN: "YOUR DOMAIN"
Computer ID: usersInitials-Tag#
“Bind” this computer to the Active Directory Server
show the “Advanced Options”
check “Create Mobile account on login”
logoff and then log back in as the user (choose “Other...”)
click the “Sync Home Icon”
select the “Sync Preferances”
set to syncronise: “Automatically”
set ONLY the “Desktop” to sync as the Documents folder Microsoft Data files
select to “Show status on the menu bar”
add the script as a startup item “HomeSyncNow”

Hope this helps Alex!
alex_wareingAuthor Commented:
This is exactly how i have done it so far. Its just after i check “Create Mobile account on login”, then i restart but theres no "Other" option
bthomasianCommented:
What was the MacOS version that you are running? Click on the Apple and then "About This Mac"

The version will be listed right under the Apple Logo and the "Mac OS X" text.

I wonder if you attempted to bind before the update to 10.4.2, if so, you may have to unbind it, reboot and rebind again.
bthomasianCommented:
UPDATE: 10.4.6 was released yesterday!

Unbind the system from the Active Directory Server
Reboot the system
Run the Apple Update to get 10.4.6 that has some other fix's that are relavent from what I read in the patch notes
Reboot the system
Try binding it to the Active Directory Server again

Best of Luck!
ryanhuntCommented:
To present the user with a username/password screen instead of a list of users at the login screen do this :

Apple -> System Preferences -> Accounts -> Login Options (After clicking the Padlock) and ensure that 'Display Login Window as:' is 'Name and Password'


Also ensure that in Directory Access that you've configured Active Directory to be an Authentication Method:

Applications -> Utilities -> Directory Access.app

Make sure Active Directory is actually Ticked
and in the 'Authentication' tab, you can see /Active Directory/your domain. If you don't click on Automatic and change it to 'Custom Path' and then click Add and select Active Directory.

Ryan.
bthomasianCommented:
Hey,

I just ran into this exact same problem, took a while to duplicate it, I happened to by accident. The internal batter in the Mac Laptop I had died and so the time was off. I didn't get the "Other..." option until the time was the same as that of the AD server. Check your date and time, reboot and try it again! Make sure to get the updates as mentioned before as well!

Ben-
alex_wareingAuthor Commented:
Venabili - I am still intressted in this question, however i am yet to find a solution
bthomasianCommented:
Hi Alex,

Have you tried all my suggestions? I have setup sever Mac's on Active Directory and the only hitch's I've ran into I've indicated above. Have you synced the time between the Mac and the AD server? Did you update the OS as there were fixes there? Have you made sure your login name isn't the same as a local account already created on the Mac?

Let me know were you are hung-up currently!
VenabiliCommented:
Any update here?
bthomasianCommented:
I'm monitoring this post as well for updates... let me know!
alex_wareingAuthor Commented:
Ok i've been advised that this question has been abandoned. Its not been abandoned its just our network engineers haven't had time to test the solutions offered above. As soon as they do i will post a reply or accept an answer
bthomasianCommented:
No problem from me Alex, when you have any updates, I'm monitoring this in case!
VenabiliCommented:
Any news here? It had been more than 3 months
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple Networking

From novice to tech pro — start learning today.