Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Networking (Apple) Businesses Apple Hardware

Integrating Mac OS X With Active Directory 22

Eric Zelenka writes "Apple has released a new document called 'Integrating Mac OS X with Active Directory.' This document describes how you can use the information stored in Microsoft's Active Directory to authenticate Macintosh users and provide file services and home directories for them on Mac OS X Server. It is available for download from the Mac OS X Server web site." I want my Mac OS X box to self-destruct if it comes into contact with a Microsoft server; does Apple have a document for that?
This discussion has been archived. No new comments can be posted.

Integrating Mac OS X With Active Directory

Comments Filter:
  • by teridon ( 139550 ) on Thursday March 07, 2002 @04:44PM (#3127203) Homepage
    You have to contort your AD server to allow LDAP for this to work.
  • by Cire ( 96846 )

    For those that dont feel like actually looking through apples site for the article, here's a direct link to the PDF version of Integrating Mac OS X with Active Directory [apple.com] [apple.com]


    Cire

  • It seems from the instructions that you have to create custom fields in the schemato make this happen (e.g. unixid). Higher-ups are a little nervous about this because changing the schema can severely alter the AD.


    I was under the impression that if you installed Services for Unix on the box hosting the AD, these fields would be automatically added, but would you still have to create unique LDAP IDs for each user? Is there a way you can do this in bulk?

  • AD. Whatever.

    When are they going to release a lookupd agent for Novell's eDirectory?

    • This howto is all about using OS X with LDAP servers. Since eDirectory is an LDAP server, it shouldn't bee too hard to modify the instructions to work with it.
      • Yes, I know eDirectory is available via LDAP. I read the doc and it does explain how to setup authentication to any LDAPv2 enabled directory service. It even goes as far as to tell you how to do this securely over SSL by using third-party tools.

        I give Apple credit for documenting the procedure, but they lose points for not implementing LDAPv3 over SSL.
  • While this is all good and everything, we need a native, built-in solution for the opposite problem: accessing Active Directory servers (Samba, etc.) on OS X. X can do Samba, but not while Active Directories are in place (as far as I can determine.) C'mon, Apple, you're half way there!
    • How does it not work for you. I have a fully implemented AD schema. I have file sharing for Windows, Mac, and Nix running. I have samba and appleshare IP.

      OSX sees it all. I can mount SMB, mount NFS, mount AFP.

      check yer smb conf.
  • Don't worry about self destruct:
    If the OSX box is in close proximity to a microsoft server, the explosion from the microsoft server after it spontaneously combusts (tends to happen on microsoft servers) should engulf the OSX box too
    (unless apple uses some sort of fire-retardant on their imacs :) )

    pun: somehow, this sounds like flamebate
  • I must say I'm impressed with how Microsoft has made the AD evolve. There is a need in the industry, as networks increase in both size and bandwidth, for bigger and more centralized stuff so people don't have to use separate accounts for each apartment or whatever. There exist programs now for even synchonizing Oracle databases and AD, novell and AD (password on novell is unfortunately not possible to sync) and similar.

    A norwegian company named MetaMerge [metamerge.com] who has started on this big task (synchronizing databases is not that easy).

    I've seen that even Cisco is planning to support Active Directory. Wouldn't it be nice to right click on a user and just select what kind of access the user should have? E.g. "Allow only port 80, or only connections using https, or limit bandwidth of this user .. the solutions are endless".

    Of course, Microsoft did not like the full LDAP specification, so they created another layer (ADSI), but what the heck, it still works.

  • Has anyone gotten this to work without significant modifications to the Win2k server? The document prepares two scenarios -- authenticating via LDAP for access to a file server, and authenticating via LDAP for access to a client which will also mount a user's home directory.

    I want to allow authentication, but I don't want to mount a home directory -- just plop them into a 777 temporary home that will be destroyed when they log out. (It's a lab config.)

    The document doesn't go into this -- anyone have any insight?

    PS: [the following comment applies to only a subset of you] <rant> Stop mindlessly bashing Windows 2000 because you've quit thinking. Win2k is here, it's gonna be here tomorrow, and you're using up my fucking bandwidth and time making me read your useless bantering. Grow up! </rant>

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...