Another recent order arrived today ...
This will be an experiment to see how well Windows Active Directory ties to OSX Open Directory ... if all goes well our Macs and PC's will be able to authenticate to the OSX Server using their Active Directory credentials. Why? Well, for now just to access various mac shares and the XRAID where many of our media clips live ... down the road ????
Our OSX "server" hardware ...
And just to be clear - we still do not officially support Macs, but we try to help as best we can with our limited time and resources.
I don't know, Jason. It seems like you're on a slippery slope. Before we know it, you'll be blogging about clean lines and ease of use... celebrating Steve Jobs birthday...
Posted by: Corbett | August 21, 2007 at 11:21 PM
You'll know I'm in trouble when I start wearing black turtle necks and refer to myself as iJason
Posted by: Jason Powell | August 22, 2007 at 12:04 AM
Jason, we just migrated to Active Directory from Open Directory but still use OD for MCX/GPO's on our MAc's. I think Apple unofficially calls this the "magic triangle". We have had some pretty major problems with it. Anyway, if you have any questions I would love to help out.
Posted by: Ryan Clevenger | August 22, 2007 at 08:50 AM
Ryan - Installed it last night and started down the path of trying to figure out how to make it talk to AD ... then decided we prob should find some documentation to look over :-)
Yes, we'd love to hear your experience with this and get any tips that would be helpful. I'll shoot ya an email and try to get quick conf call setup.
Posted by: Jason Powell | August 22, 2007 at 09:14 AM
http://www.bombich.com/mactips/activedir.html
Posted by: Brian Marquis | August 22, 2007 at 10:11 AM
Hi Jason,
We also set up the same thing here at New Life. I found some good documentation on integrating everything on afp548.com, and we've been using it with around 10 Macs for a couple of months now, to test things. So far so good, except for a couple minor issues here and there.
It's the same "Magic Triangle" setup that Ryan mentioned above. Our users log into their Macs using their Active Directory credentials, but the Macs are also bound to Open Directory, which enforces desktop policies.
Our password policies are enforced on the Macs (including prompt to change at login), and we're also using Portable Home Directories hosted on our Windows file server to backup critical user data. Entourage, VPN & our PEAP wireless network don't recognize the AD account info, so we have to manually change those passwords when the AD account password changes, but it's working pretty well so far.
I'd also be happy to chime in if anyone needs help. It was a long & frustrating experience for me because there was no really authoritative documentation on how to set it up. The afp548.com info was most helpful, and having a CTO who can hack UNIX was also beneficial. :>)
Donnie
Posted by: Donnie Schexnayder | August 22, 2007 at 06:02 PM
Some excellent information here especially in the comments! We only have five Macs (one is a "server", just running file sharing with a SCSI external array with standard OS X) and haven't delved into any sort of Apple server products. However, I have managed to join 10.4 machines to the domain and have done this twice, it's pretty easy in 10.4 (I'm working on a blog post about it that I might get to eventually but it's easy enough to figure out with Google).
Anyway, after seeing you post it reminded me of a short podcast episode about getting X Server to work with Active Directory over here: http://castingfromtheserverroom.com/podcast/2007/episode-62-os-x-and-active-directory It's about ten minutes long and differs from their standard format but although I had no use for it, it sounds like it could be useful to you!
Posted by: David Szpunar | August 23, 2007 at 12:43 AM
Yeah.. Going through the same issues here at Kenneth Hagin Ministries. I have over 15 macs in our communications/video and then 15 in a lab. I want them to work with AD..yeah it's not been fun! I've got one Mac OS X 10.4 server. There is a church down in Ocala, FL trying to do the same.
Glad we aren't alone in this =]
I'm going to try to go to the round table event in KS. I love the internet!
Posted by: Mark Burleson | August 26, 2007 at 08:24 PM
Wait, you spent a grand on OS X Tiger server with Leopard server just around the corner? You're going to get a rude awakening when it's released...because Apple doesn't sell upgrades to their server packages, the new one costs the same as the old one. :(
Posted by: Brian Peat | August 29, 2007 at 09:16 AM
We didn't spend a grand ... 25% discount baby!
And I've already got a quote for software maintenance to the next server OS release ... cause we knew it's coming in October via our Apple Enterprise rep :-)
Posted by: Jason Powell | August 29, 2007 at 10:35 PM