Using users from Active Directory to sign in to Websites
Hi,
Is there any possibility to control which user can access websites using a user list from Active Directory? I have an OS X Server that is bound to Active Directory and Open Directory. Everything else seems to be working fine - I can browse AD users and AD groups in Server.app, I can use any AD user in Profile Manager for example, but when it comes to setting Who Can Access website it only works with OD user. I think I've tried almost everything, even nesting AD usergroup in OD usergroup and it failed.
In apache error_log it says something like this:
[Fri Mar 29 11:27:59 2013] [error] [client 10.232.43.247] mod_digest_apple: Unable to authenticate for URI "/" from user "u272086" for realm "Browse access /Library/Server/Web/Data/Sites/Default"
[Fri Mar 29 11:27:59 2013] [error] [client 10.232.43.247] mod_digest_apple: Authentication failed (details unavailable)
When I look into system.log I can see an error:
Mar 29 11:55:39 <computer_name> kernel[0]: Sandbox: sandboxd(2888) deny mach-lookup com.apple.coresymbolicationd
Mar 29 11:55:39 <computer_name> sandboxd[2888] ([2887]): rpcsvchost(2887) deny file-read-data /private/etc/krb5.conf
Please help
Best regards.
MacBook Pro, OS X Server