How to bind OSX 10.4 Server to AD for client authentication...
Hello All,
I must start out by saying that I am a relative newbe to the Apple world, and while i have a basic knowledge of AD and how it works pelase do not omit any small details or assume that i will know what you are talking about!
Okay, I am a System Administrator at a medium-sized high-school (we have around 200 student workstations (PCs) and another 100 staff laptops (mix of Apple and IBM). The school has just purchased a shiny new Xserve, 12 MacPro's, and 40 MacBooks.
The idea is that we would like the users to be able to log-on to any of the Macs with their AD username and password. The catch is that for those students doing a subject such as Art or Media, they need to have a home directory on the Xserve. So if a student does not have a home directory on the Xserve, they just log on and use the computer, saving ot their NT home directory, whereas an art student comes along, puts in their own account and are presented with their home folder on their desktop.
I need somebody to walkthrough binding the Xserve to the AD server and then setting up authentication that way... i'm not sure if all of the clients need to be bound to the AD server as well... i would prefer if they didnt, but if that's what has to happen, so be it.
The logic i invisige is this: (excuse my crude diagram)
[AD Server]-------[Xserve]----
|
|
([PC Clients])
It would be great if i could just set up a user group in AD for those students who need a specific Xserve Home directory, but this could also just as easily be done on the Xserve itself.
Sorry if I am not making any sense, please ask any questions that you need to clarify anything.
Thankyou in advance,
Sam.
I must start out by saying that I am a relative newbe to the Apple world, and while i have a basic knowledge of AD and how it works pelase do not omit any small details or assume that i will know what you are talking about!
Okay, I am a System Administrator at a medium-sized high-school (we have around 200 student workstations (PCs) and another 100 staff laptops (mix of Apple and IBM). The school has just purchased a shiny new Xserve, 12 MacPro's, and 40 MacBooks.
The idea is that we would like the users to be able to log-on to any of the Macs with their AD username and password. The catch is that for those students doing a subject such as Art or Media, they need to have a home directory on the Xserve. So if a student does not have a home directory on the Xserve, they just log on and use the computer, saving ot their NT home directory, whereas an art student comes along, puts in their own account and are presented with their home folder on their desktop.
I need somebody to walkthrough binding the Xserve to the AD server and then setting up authentication that way... i'm not sure if all of the clients need to be bound to the AD server as well... i would prefer if they didnt, but if that's what has to happen, so be it.
The logic i invisige is this: (excuse my crude diagram)
[AD Server]-------[Xserve]----
|
|
([PC Clients])
It would be great if i could just set up a user group in AD for those students who need a specific Xserve Home directory, but this could also just as easily be done on the Xserve itself.
Sorry if I am not making any sense, please ask any questions that you need to clarify anything.
Thankyou in advance,
Sam.
You can setup accounts on the XServe separate from the AD domain - using the Workgroup manager on the XServe. But yes you still have to bind all the Macs to AD if you want the AD accounts to have access to those computers.
ASKER
So are you sayign that there is no way to have synchronized user accounts between the Xserve and the AD server? The idea of having to manage another password for the users is not a nice one!
Yes you have to bind the XServe server to active directory and then you have full access to active directory as well as the XServer features /blogs /jabber etc... but if you want people to be able to log in apart from the Active Directory you can also bind them only to the Open Directory from the XServer - so you can have the best of both worlds. I have my entire Active Directory structure bound to my XServer so all my domain users have immediate access to blogs and jabber - but I can also add external accounts for my consultants using the Open directory structure on the XServe. But you have to Bind the Xserve to the Active Directory Domain first.
I am sorry - I meant to say no - The XServe picks up the AD accounts dynamically - so you have the best of both worlds - Active Directory access for AD accounts as well as custom Open Directory accounts.
ASKER
maestropsm:
can you please give me a quick run-through on how to go about setting it up as you described? This sounds like almost exactly what I want...
Thanks,
Sam.
can you please give me a quick run-through on how to go about setting it up as you described? This sounds like almost exactly what I want...
Thanks,
Sam.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are using OS X 10.4 or above it works very well.