Solved

OS X 10.5.5 integration with Active Directory

Posted on 2008-10-27
6
1,701 Views
Last Modified: 2013-11-12
I'm trying to get a couple macs on my Windows AD network and I'm having a few issues.

First of all, this is what I want to have happen: When you boot up a Mac I want to see the login/password screen and allow network AD users to log into the computer.

And this is what I've done so far:

1. Enabled the Active Directory server in the Directory Utility
2. Added my AD directory server (and it's reporting that it is responding normally)
3. Within the Active Directory advanced settings:
    a. Checked "Create mobile account at login"
    b. Unchecked "Require confirmation before creating a mobile account"
    c. Unchecked "Use UNC path from AD to derive network home location"
4. Within the System Pref. Accounts:
    a. Set Automatic login to disabled
    b. Set display login window as name and password

I believe I also need to check the option that says "Allow network users to login to this computer" but it doesn't seem to be showing up. So the end result is, I can only login using my local credentials - no AD user.

WHat am I missing??? Thx!
0
Comment
Question by:graphicodyssey
  • 3
  • 2
6 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
Comment Utility
I login every day with my AD credentials. I've done pretty much what you have done with the exception of creating the mobile user account and I don't specify the name and password option, but that shouldn't have anything to do with your missing field.

The option you want lives in the Accounts System Preferences and can be accessed by clicking on the Login Options button on the left side of the window. If it's there, but grayed out, click on the padlock, if it's closed, and enter in your local admin credentials, then you will be able to change those options.
0
 

Expert Comment

by:curwengroup
Comment Utility
What hardware platform are your Mac's?
The reason i'm asking i that in the past we have had great success with Macbooks and iMac's joining Active directory, but MacBook Pro's and Mini's have always had an issue of some sort.
0
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
I am using a fairly new Intel-based Mac Pro running 10.5.5. When I first bound my Mac to AD, it was running 10.5.3 and I've upgraded since then to 10.5.5.  
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:graphicodyssey
Comment Utility
So I walked through all the steps again this time and viola... the "Allow network users" checkbox showed up in the control panel and I was able to finally authenticate using an NT user.

I think the problem had to do with how I was connecting to the LAN. I was connected to the work LAN via a Cisco VPN client. The AD binding worked fine, but the Mac OS must need to see the AD network when booting up (and unfortunately the Cisco VPN client for Macs does not support that). When I created the binding the second time, I was at the office on the LAN so I didn't have to use the VPN client. Now that I was on the LAN once, Im able to be remote and it still works great.

Thanks everyone for your help.
0
 
LVL 1

Author Comment

by:graphicodyssey
Comment Utility
BTW, I'm using a Mac Book Pro.
0
 
LVL 1

Author Comment

by:graphicodyssey
Comment Utility
One other comment - that checkbox wasn't grayed out - it simple wasn't there - regardless of clicking on the padlock to change the settings. But once I connected to the network directly, it showed up fine.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
The error "There was an error performing the update" occurred on a Mac OS X client workstation running  Symantec AntiVirus for Mac (http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_security&pvid=825_1) - the Enterprise product vers…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now