Skip navigation

how do i manage my mac clients with active directory on a lion osx server?

3547 Views 23 Replies Latest reply: Oct 8, 2012 3:40 AM by Mr.Do RSS
1 2 Previous Next
Beandip408 Calculating status...
Currently Being Moderated
Dec 2, 2011 2:50 PM

so i have the following:

 

Lion server running 10.7.2

Windows Server 2008r2 (managing DNS, DHCP, AD...)

 

i want to be able to use my Active Directory username/passwords for authentication on client computers. i also want to be able to restrict some features like Users & Groups and be able to host printers on this server.

 

how do i go about doing that?

Mac Pro, Mac OS X (10.7.2), Server
  • Strontium90 Level 4 Level 4 (2,895 points)

    Bind your Mac systems to AD.  That simple act will likely give you 90% of what you are looking for.  You do this through System Preferences > Accounts > Login Options (or alternately throught Directory Utility or dsconfigad). 

     

    Now this will give you authentication and authorization from the AD domain plus group memberships and single sign on to Kerberos services (file services, Exchange, etc).  Binding to AD will not allow you to do group policy.  If you are looking to do managed client, then you have a number of options. 

     

    They include AD Schema Mod (only do this if you absolutely must), 3rd party tools like Centrify (as they give you Windows tools to manage Macs), or OS X Server and the use of the "magic triangle." 

     

    The triangle is the binding of Mac workstations to both AD and OS X Server.  All authentication and authorization comes from AD and then management comes from OD using native Apple tools.  This way you don't annoy anyone in the AD team by asking them to modify the environment. 

     

    This is a wise choice to bind the systems.  If makes Macs first class citizens (well, almost).

  • Malik-O Calculating status...

    Hi hello

     

    I am interessed by your solution for resolved this error

     

    An invailid attribute type was provided.

    (com.apple.OpenDirectory:4200)

     

    you write you have used your AD users and put them in local groups and set permission on those groups

     

    Please can you explain me step by step what you have do in your AD

     

    Thanks for reply

     

     


  • Malik-O Level 1 Level 1 (0 points)

    2008 R2

     

    Thanks you for you fast reply

  • Malik-O Level 1 Level 1 (0 points)

    oh no , what 's that, how i can do that ?

     

    And tell me i have make a magic triangle, and my lion server when i am in the applications Admin Serveur in the section Open Directory is very very very long

     

    I want know if i don't need disable DNS service in the Lion server, i have DNS in the 2008 server ?

     

     

    Hi please maybe you have email address ?

     

    Thanks

  • Malik-O Level 1 Level 1 (0 points)

    Thanks for your reply,

     

    but me i don't want extended schema, it's for that i have do a magic triangle

     

    have you already create a magic triangle without extended schema ?

  • Malik-O Level 1 Level 1 (0 points)

    no is in labo , i know is not good domain end in .local

  • Malik-O Level 1 Level 1 (0 points)

    Good thanks you for that, but now i blocked in the error

     

    An invailid attribute type was provided.

    (com.apple.OpenDirectory:4200)

     

    please step by step for for resolved this problem

     

     

    And please maybe you have write some documentation ?

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.