Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

OS X 10.5.5 integration with Active Directory

Posted on 2008-10-27
6
Medium Priority
?
1,712 Views
Last Modified: 2013-11-12
I'm trying to get a couple macs on my Windows AD network and I'm having a few issues.

First of all, this is what I want to have happen: When you boot up a Mac I want to see the login/password screen and allow network AD users to log into the computer.

And this is what I've done so far:

1. Enabled the Active Directory server in the Directory Utility
2. Added my AD directory server (and it's reporting that it is responding normally)
3. Within the Active Directory advanced settings:
    a. Checked "Create mobile account at login"
    b. Unchecked "Require confirmation before creating a mobile account"
    c. Unchecked "Use UNC path from AD to derive network home location"
4. Within the System Pref. Accounts:
    a. Set Automatic login to disabled
    b. Set display login window as name and password

I believe I also need to check the option that says "Allow network users to login to this computer" but it doesn't seem to be showing up. So the end result is, I can only login using my local credentials - no AD user.

WHat am I missing??? Thx!
0
Comment
Question by:graphicodyssey
  • 3
  • 2
6 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 2000 total points
ID: 22820533
I login every day with my AD credentials. I've done pretty much what you have done with the exception of creating the mobile user account and I don't specify the name and password option, but that shouldn't have anything to do with your missing field.

The option you want lives in the Accounts System Preferences and can be accessed by clicking on the Login Options button on the left side of the window. If it's there, but grayed out, click on the padlock, if it's closed, and enter in your local admin credentials, then you will be able to change those options.
0
 

Expert Comment

by:curwengroup
ID: 22857570
What hardware platform are your Mac's?
The reason i'm asking i that in the past we have had great success with Macbooks and iMac's joining Active directory, but MacBook Pro's and Mini's have always had an issue of some sort.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 22857596
I am using a fairly new Intel-based Mac Pro running 10.5.5. When I first bound my Mac to AD, it was running 10.5.3 and I've upgraded since then to 10.5.5.  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:graphicodyssey
ID: 22857602
So I walked through all the steps again this time and viola... the "Allow network users" checkbox showed up in the control panel and I was able to finally authenticate using an NT user.

I think the problem had to do with how I was connecting to the LAN. I was connected to the work LAN via a Cisco VPN client. The AD binding worked fine, but the Mac OS must need to see the AD network when booting up (and unfortunately the Cisco VPN client for Macs does not support that). When I created the binding the second time, I was at the office on the LAN so I didn't have to use the VPN client. Now that I was on the LAN once, Im able to be remote and it still works great.

Thanks everyone for your help.
0
 
LVL 1

Author Comment

by:graphicodyssey
ID: 22857605
BTW, I'm using a Mac Book Pro.
0
 
LVL 1

Author Comment

by:graphicodyssey
ID: 22857612
One other comment - that checkbox wasn't grayed out - it simple wasn't there - regardless of clicking on the padlock to change the settings. But once I connected to the network directly, it showed up fine.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question