Bind Windows 7 to Snow Leopard Server

You’ll all find the answers here:

http://www.macwindows.com/Win7-cant-join-OSX-Server-PDC.html

http://support.apple.com/kb/TS3235

http://technet.microsoft.com/en-us/library/ee681706(WS.10).aspx

Well that about wraps it up for OD for me. Looks like we will be moving to AD. Can't see there being anything anytime soon and doubt it would be in 10.7 Server, if Apple even bother to release it.

This is a real bummer for sure. It is going to be a real pain managing all my Windows 7 clients as stand alone systems. Too bad Samba4 is taking so long to finish. The writing was on the wall with Windows 2000 Server and AD. The fact that 10 years later we are still using PDC emulation instead of emulating an AD Domain controller is kind of sad.

I believe that newer versions of Samba - 3.3.7 and 3.4 - support Windows 7 domain join, the problem seems to be that OS X runs a modified Samba 3.0.23 and that does not support Windows 7:

http://wiki.samba.org/index.php/Windows7

I believe that the ball is in Apple's court here, but perhaps the tech note is their way of saying that they have no intention of moving to a newer Samba release? Anyone know what version of Samba is in 10.6.3?

We have been toying with the idea of setting up a VM of Ubuntu or similar to bind to OD and then provide Samba based PDC using the latest version of Samba.

Not sure if this would work, just an idea of something to try.

Alternative may be install a newer version of Samba on the OS X box. I sure this won't work with Serveradmin and I suspect it might break something.

Has anyone done this ? There appears to be only old docs around.

I do wonder if the next service pack for Windows 7 will break it anyway, which leaves you with AD.

Hello All,

Just upgraded to 10.6.3 - sadly the output of smbd -V says

Version 3.0.28a-apple

So it doesn't like Apple plan to support Windows 7 anytime soon.

Neil

Still no solution for me...

Haha, yes, Apple seems to make war, not love.
Still no Flash for iPhone, no Adobe Flash-Compiler anymore...ipad which is certainly not a replacement for anything but yet another little, far too expensive toy we must have...not with me...

Adobe, i recommend stopping the development of Creative Suite. Private users for Apple, huge corporations, license contracts and the big money back to M$ :-D

Cheers to everybody

Yes, but as we have seen time and time again … there is method in their madness/wars.

unfortunately, you're abso **inglutely and freaking doubtlessly **** right 😟

I could cry...

Long live HTML5 and all who sail in her … (until HTML6 comes along that is!)

I have a possible solution for some. It doesn't exactly BIND the Windows 7 machine, but at least you can have users authenticate against your OD servers instead of having OD bound to an AD server.

Step one: Download and install pGina 2.x ( http://sourceforge.net/projects/pgina/files/)
Step two: Download the LDAPAuth plugin from same location
Step three: configure pgina with the appropriate ldap settings for your environment. ( http://www.pgina.org/?page_id=6)

Users can now log in.

Thanks for the procedure!

I was able to get my Windows 7 client to authenticate against my Mac OS X 10.5.8 Server, and wanted to provide some additional details for others about LDAP settings. I am using pGina-2.0 Build 109 and version 1.5.3 of the LDAPauth Plus plugin for pGina, both of which I downloaded from Sourceforge ( http://sourceforge.net/projects/pgina/files/).

After installing pGina, I extracted the ldapauth_plus.dll file from the ldapauth_plus.zip file. I then moved this DLL file to the C:\Program Files\pGina\plugins directory. Once the DLL was moved to the appropriate directory, I started the Configure pGina program from the Start Menu. In this program, I selected Plugin from the tree menu on the left, and then clicked the Browse button on the right-hand side of the dialog box to browse and select the ldapauth_plus.dll file that I just moved to the plugins directory.

Once the LDAPauth plugin file has been selected, I clicked on the Configure button in the pGina configuration program, which brings up the LDAPauth configuration dialog box.

There are three LDAP Methods to choose from - Search Mode, MultiMap Mode, and Map Mode - and I chose Map Mode, which is the simplest of the options. If you leave the 'Port' field empty, LDAPauth will use the default LDAP port of 389. I left the 'Admin User' and 'Admin Pass' fields empty.

The correct settings to use for the 'PrePend' and 'Append' fields weren't immediately obvious to me, but I was able to figure out the correct settings for my environment using the LDAPManager Cocoa application ( http://ldapmanager.sourceforge.net/) and a Linux tutorial for LDAP Authentication with Windows 2000 ( http://www.yolinux.com/TUTORIALS/LDAP_Authentication.html#WINDOWS).

For the 'PrePend' field, use the value:

uid=

The value to use for the 'Append' field will depend on how you have configured Open Directory. Start the Server Admin program (and keep in mind that these steps might be slightly different for 10.6.x than for 10.5.8), browse to your server in tree-view on the left, and select the Open Directory service from the list of services running on your server. In the right-hand pane, click on the Settings icon, and then the LDAP tab. There should be a field that says 'Search Base', with a value that looks something like this:

dc=mydomain,dc=com

In pGina's LDAPauth configuration dialog box, the 'Append' field for this example should be:

cn=users,dc=mydomain,dc=com

and, in general:

cn=users,[String from_Search_BaseField]

This is Fantastic! Works like a dream (on 10.6 as well). Thank you

Charman, thanks for the detailed configuration report. I followed your method to the letter and am still getting the error.

First question, do I need to make the registry changes from the first page of this thread before doing these steps?

Are there any other fields in the Map Mode configuration that must be filled in? Like the LDAP Server? Should I enter our admin user name and password? Should there be a user name after the "uid=" in the PrePend field? As in, "uid=administrator" as an example? Any need to reboot after making changes?

Also, when I try to join the domain, there are two fields to enter credentials of a user from that domain. I assume I am to use the pGina field. I actually tried both, and still got the error.

Hope you are on here today and can help me out. 🙂