Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
so i have the following:
Lion server running 10.7.2
Windows Server 2008r2 (managing DNS, DHCP, AD...)
i want to be able to use my Active Directory username/passwords for authentication on client computers. i also want to be able to restrict some features like Users & Groups and be able to host printers on this server.
how do i go about doing that?
Mac Pro, Mac OS X (10.7.2), Server
Bind your Mac systems to AD. That simple act will likely give you 90% of what you are looking for. You do this through System Preferences > Accounts > Login Options (or alternately throught Directory Utility or dsconfigad).
Now this will give you authentication and authorization from the AD domain plus group memberships and single sign on to Kerberos services (file services, Exchange, etc). Binding to AD will not allow you to do group policy. If you are looking to do managed client, then you have a number of options.
They include AD Schema Mod (only do this if you absolutely must), 3rd party tools like Centrify (as they give you Windows tools to manage Macs), or OS X Server and the use of the "magic triangle."
The triangle is the binding of Mac workstations to both AD and OS X Server. All authentication and authorization comes from AD and then management comes from OD using native Apple tools. This way you don't annoy anyone in the AD team by asking them to modify the environment.
This is a wise choice to bind the systems. If makes Macs first class citizens (well, almost).
When i try change the préferences of one computer or one users of AD
I would like to know how to separate administrators Mac to Windows administrators.
Example: An administrator can manage that mac macs
Administrator can manage that windows pc
so if you dont want to change your schema, the only other way to go around it is to export all of the AD users and import them into your OD. essentially creating 2 different profiles for 1 user.
No no , it's not that, no need export users
the magic triangle is here for that ....
I have created a group in OD called MacAdmins and then added AD users whom I want to have admin access. works well.
Beandip408
Tell me i tell you my domain is end .labo and not local for the Windows domain, but my open directory is end with .local, ensure me that no problem ??
Thanks
Well, my AD and OD use the same domain name(domain.local)
.local is what the service bonjour uses. its best not to have a windows domain end in .local if you are using OD
So I have read, but we have three large sites and our Network Manager refuses to change it. I have to say, that I have not noticed any problems during the past 3 years we have been integrating macs. We use the golden triangle method with SL servers.
I am now looking into ML and profile manager so I hope this .local issue doesn't rear its head.
how do i manage my mac clients with active directory on a lion osx server?
