I am trying to add some MacBook computers to our network and make them follow the same guidelines than the windows computers, with also the same features...
Here is the hardware list :
- 1 Mac Mini server with OSX server to apply policies
- windows computers
- an Windows Active Directory
- a Bluecoat proxy
I binded them to the Active Directory to let any user login on a Apple machine with the same credentials.
This is working.
However, our Proxy is asking for authentication (security policies) for any user who wants to access the internet.
The proxy is connected to the Active Directory and use it as the central place for identity.
We are currently using (in windows computer) an automatic proxy configuration using an URL. This url redirect the computer to the good proxy depending on his URL.
I would like to do the same with the Apple computers but when I access the web, on any browser, I got the Authentication popup that ask for AD credentials.
The problem is, I do not want user to have to enter their credentials, as they are the same than the one they use to login already (AD credentials).
If I let this, then, they will store the credentials in the keychain and as the AD ask for change of password every 60 days, the computer would use the old credentials automatically to access internet (dashboard widget, notifications center...) and then multiple authentication with wrong password would lock the AD account.
Same problem if I wanted to use the HTTP/HTTPS configuration for proxy in the System preferences instead of automatic proxy, I would have to save a password which would be wrong after 60 days.
On windows, computers use automatically the AD credentials for the proxy. There is no need to enter credentials to browse internet.
I am sure, I misconfigured something in the AD binding or I miss something in the configuration of the macbooks.
Does anyone has an idea ?