New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

OS 10.5 - Integration with Active Directory problems


Post Reply New Thread Subscribe

 
Thread Tools
narcispy

 
Member Since: Apr 02, 2008
Posts: 6
narcispy is on a distinguished road

narcispy is offline
I run (or help run) an Active Directory Windows Server 2003 domain and we had a user recently decide they were going to get a mac instead of their normal pc and wanted me to work on getting it setup for the domain. So far I've got it joined and I can access all the file shares after authenticating with the server. Now there is no plans to ever get a OSX server is there any way I can integrate it to where you can login with your domain user account and password and not have to reauthenticate when you logon to the shared directories? Another problem I see is that we have a 90day password expiration rule, however on the Mac if the password expires it doesn't prompt that it has expired and lets the user use the same old password until that grace period is up then locks their account. Is there any way I could make it prompt for change? BTW this is a Macbook Air with OSX 10.5 (latest version).
QUOTE Thanks
Chilbear

 
Chilbear's Avatar
 
Member Since: Jun 14, 2007
Location: Toronto
Posts: 574
Chilbear is on a distinguished road
Mac Specs: 2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5

Chilbear is offline
I have set up an alias on the Mac desktop that, when clicked, asks me for my password as I never log and save a password over the connection. What I have alias'd is a folder so this kind of works but this is a W2000 Server. Have you enabled a Mac version of the volume to be shared to the Mac?

Have you tried to connect using AFP rather than SMB to the shared volume to see if it reacts differently?
QUOTE Thanks
narcispy

 
Member Since: Apr 02, 2008
Posts: 6
narcispy is on a distinguished road

narcispy is offline
I have not tried afb yet but I will. I finally got it to login correctly with a domain account instead of local, unfortunately for some really weird and odd reason it will only connect to my dummy account and not my admin domain account even though it looks pretty much the same as far as settings in active directory. The dummy account connects but still prompts for you to enter a password to connect to get your file share which then doesn't work because it's actually stored in a DFS. I heard that DFS doesn't work properly in OS X. This is extremely frustrating to get work but it's coming along better than I expected.
QUOTE Thanks
Chilbear

 
Chilbear's Avatar
 
Member Since: Jun 14, 2007
Location: Toronto
Posts: 574
Chilbear is on a distinguished road
Mac Specs: 2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5

Chilbear is offline
Interesting afternoon here. I just finished upgrading to Leopard. I double clicked my alias and no issues to log in. Just try the AFP (Apple File Protocol) method but use the GO>Connect to Server route I find is a better method. If you try (I just did) to double click over the to the server using the Network icons - it failed. No doubt X and Windows Server are a quirky pair.
QUOTE Thanks
technologist

 
Member Since: Mar 30, 2004
Location: USA
Posts: 4,744
technologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond reputetechnologist has a reputation beyond repute
Mac Specs: 12" Apple PowerBook G4 (1.5GHz)

technologist is offline
There is also a third-party product which claims better AD support than you get, out of the box, OS X.
http://www.thursby.com/products/admitmac.html

I get the impression that Apple's AD implementation was designed to use a Mac OS X Server to bridge the gap...which is unreasonable for most small Mac deployments.
QUOTE Thanks
narcispy

 
Member Since: Apr 02, 2008
Posts: 6
narcispy is on a distinguished road

narcispy is offline
Yeah, I tried AFP but it still won't let me logon my domain user account only my dummy one, very strange. Still can't get it to connect to my home share but I didn't really expect it to since it's DFS. Still doesn't make any sense to me why one domain account would connect and not the other.
QUOTE Thanks
PerryLynch

 
PerryLynch's Avatar
 
Member Since: Sep 24, 2007
Posts: 235
PerryLynch has a spectacular aura about
Mac Specs: 17" MacBook Pro 4GB

PerryLynch is offline
Quote:
Originally Posted by technologist View Post
There is also a third-party product which claims better AD support than you get, out of the box, OS X.
http://www.thursby.com/products/admitmac.html

I get the impression that Apple's AD implementation was designed to use a Mac OS X Server to bridge the gap...which is unreasonable for most small Mac deployments.
I would agree with your impression. While I like what I've read about it, I choke on the price tag. Have you had direct experience with the Thursby products? They look like great alternatives.

Perry M Lynch, CISSP CISA
Mac Newbie, Security not-so-newbie
QUOTE Thanks
narcispy

 
Member Since: Apr 02, 2008
Posts: 6
narcispy is on a distinguished road

narcispy is offline
I think I solved that problem. It seems Mac OSX doesn't like domain and local accounts named the same, even if they are switched after. I had to delete the entire account then create a brand new one named something else to get it to login. Now it works but if I can figure out how to make a users homeshare point on the server so it can be backed up like we have it for the windows machines it would be sweet.
QUOTE Thanks
Chilbear

 
Chilbear's Avatar
 
Member Since: Jun 14, 2007
Location: Toronto
Posts: 574
Chilbear is on a distinguished road
Mac Specs: 2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5

Chilbear is offline
What did you say? Huh? How about tell us what you want to do in plainspeak rather than Windospeak. This is a classic case of a windows IT person trying to force OS X to be like Windows.
QUOTE Thanks
narcispy

 
Member Since: Apr 02, 2008
Posts: 6
narcispy is on a distinguished road

narcispy is offline
Quote:
Originally Posted by Chilbear View Post
What did you say? Huh? How about tell us what you want to do in plainspeak rather than Windospeak. This is a classic case of a windows IT person trying to force OS X to be like Windows.
Sorry I manage a windows server setup so it's hard to change and this is only the first mac I've ever used before. Basically what I'm saying is say you name an account jsmith, local, meaning it is an account based on the hard drive of the mac. Yet on the server in active directory you have a domain account named the same thing the mac can't tell the difference between the two accounts for some reason. I can see how it can be a problem but I figured they would have fixed it by now since you have to logon with "domainname\username" instead of just "username". Thats about as simple as I can make it.

And BTW I'm not forcing OSX to be like Windows, I'm trying to do my job and figure out how to get what the user requested working properly on the machine thats why I'm asking questions. I don't want to turn this into an OS war.
QUOTE Thanks
Chilbear

 
Chilbear's Avatar
 
Member Since: Jun 14, 2007
Location: Toronto
Posts: 574
Chilbear is on a distinguished road
Mac Specs: 2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5

Chilbear is offline
I think we are at an impasse. When I log into my server it asks me for my password even though it knows it. The only way I can think is to always stay logged in to the shared volume. As for changing the password after 90 days - I don't know. I do it manually so maybe you have to hire a Mac AppleScript writer to do the things you wish via an auto executed script but that is way beyond me. Sorry but I think you are past my level of help. Best of Luck.
QUOTE Thanks
narcispy

 
Member Since: Apr 02, 2008
Posts: 6
narcispy is on a distinguished road

narcispy is offline
Well it will prompt for a change of password after 90 days if you are using a domain account so thats what I think I will use. It just seems quite a bit slow using it though a domain account. I was reading that this might have something to do with LDAP, theres lots of good info on macwindows about the whole thing but I just figured there was someone here that might have went though this before and can give pointers.
QUOTE Thanks

Post Reply New Thread Subscribe


« Automatically turn of Mac at Certain Time | Can not connect to WPA2/AES network »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Active Directory in Macs walmartconnect Internet, Networking, and Wireless 1 11-06-2006 04:50 PM
iPod Podcast Directory Dialtone iPod Hardware and Accessories 2 06-29-2006 08:17 PM
Mac / OSX / RDP connection problems R1Budha OS X - Apps and Games 1 05-12-2006 05:47 AM
Active Directory Permissions osumarty OS X - Operating System 3 02-28-2006 09:47 PM
Home directory and filevault Joolz34 Switcher Hangout 15 08-31-2005 05:43 PM

All times are GMT -4. The time now is 07:59 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?