Results 1 to 12 of 12
  1. #1
    Integration with Active Directory problems

    Member Since
    Apr 02, 2008
    Posts
    6
    Integration with Active Directory problems
    I run (or help run) an Active Directory Windows Server 2003 domain and we had a user recently decide they were going to get a mac instead of their normal pc and wanted me to work on getting it setup for the domain. So far I've got it joined and I can access all the file shares after authenticating with the server. Now there is no plans to ever get a OSX server is there any way I can integrate it to where you can login with your domain user account and password and not have to reauthenticate when you logon to the shared directories? Another problem I see is that we have a 90day password expiration rule, however on the Mac if the password expires it doesn't prompt that it has expired and lets the user use the same old password until that grace period is up then locks their account. Is there any way I could make it prompt for change? BTW this is a Macbook Air with OSX 10.5 (latest version).

  2. #2
    Integration with Active Directory problems
    Chilbear's Avatar
    Member Since
    Jun 14, 2007
    Location
    Toronto
    Posts
    574
    Specs:
    2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
    I have set up an alias on the Mac desktop that, when clicked, asks me for my password as I never log and save a password over the connection. What I have alias'd is a folder so this kind of works but this is a W2000 Server. Have you enabled a Mac version of the volume to be shared to the Mac?

    Have you tried to connect using AFP rather than SMB to the shared volume to see if it reacts differently?

  3. #3
    Integration with Active Directory problems

    Member Since
    Apr 02, 2008
    Posts
    6
    I have not tried afb yet but I will. I finally got it to login correctly with a domain account instead of local, unfortunately for some really weird and odd reason it will only connect to my dummy account and not my admin domain account even though it looks pretty much the same as far as settings in active directory. The dummy account connects but still prompts for you to enter a password to connect to get your file share which then doesn't work because it's actually stored in a DFS. I heard that DFS doesn't work properly in OS X. This is extremely frustrating to get work but it's coming along better than I expected.

  4. #4
    Integration with Active Directory problems
    Chilbear's Avatar
    Member Since
    Jun 14, 2007
    Location
    Toronto
    Posts
    574
    Specs:
    2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
    Interesting afternoon here. I just finished upgrading to Leopard. I double clicked my alias and no issues to log in. Just try the AFP (Apple File Protocol) method but use the GO>Connect to Server route I find is a better method. If you try (I just did) to double click over the to the server using the Network icons - it failed. No doubt X and Windows Server are a quirky pair.

  5. #5
    Integration with Active Directory problems

    Member Since
    Mar 30, 2004
    Location
    USA
    Posts
    4,744
    Specs:
    12" Apple PowerBook G4 (1.5GHz)
    There is also a third-party product which claims better AD support than you get, out of the box, OS X.
    http://www.thursby.com/products/admitmac.html

    I get the impression that Apple's AD implementation was designed to use a Mac OS X Server to bridge the gap...which is unreasonable for most small Mac deployments.

  6. #6
    Integration with Active Directory problems

    Member Since
    Apr 02, 2008
    Posts
    6
    Yeah, I tried AFP but it still won't let me logon my domain user account only my dummy one, very strange. Still can't get it to connect to my home share but I didn't really expect it to since it's DFS. Still doesn't make any sense to me why one domain account would connect and not the other.

  7. #7
    Integration with Active Directory problems
    PerryLynch's Avatar
    Member Since
    Sep 24, 2007
    Posts
    235
    Specs:
    17" MacBook Pro 4GB
    Quote Originally Posted by technologist View Post
    There is also a third-party product which claims better AD support than you get, out of the box, OS X.
    http://www.thursby.com/products/admitmac.html

    I get the impression that Apple's AD implementation was designed to use a Mac OS X Server to bridge the gap...which is unreasonable for most small Mac deployments.
    I would agree with your impression. While I like what I've read about it, I choke on the price tag. Have you had direct experience with the Thursby products? They look like great alternatives.
    Perry M Lynch, CISSP CISA
    Mac Newbie, Security not-so-newbie

  8. #8
    Integration with Active Directory problems

    Member Since
    Apr 02, 2008
    Posts
    6
    I think I solved that problem. It seems Mac OSX doesn't like domain and local accounts named the same, even if they are switched after. I had to delete the entire account then create a brand new one named something else to get it to login. Now it works but if I can figure out how to make a users homeshare point on the server so it can be backed up like we have it for the windows machines it would be sweet.

  9. #9
    Integration with Active Directory problems
    Chilbear's Avatar
    Member Since
    Jun 14, 2007
    Location
    Toronto
    Posts
    574
    Specs:
    2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
    What did you say? Huh? How about tell us what you want to do in plainspeak rather than Windospeak. This is a classic case of a windows IT person trying to force OS X to be like Windows.

  10. #10
    Integration with Active Directory problems

    Member Since
    Apr 02, 2008
    Posts
    6
    Quote Originally Posted by Chilbear View Post
    What did you say? Huh? How about tell us what you want to do in plainspeak rather than Windospeak. This is a classic case of a windows IT person trying to force OS X to be like Windows.
    Sorry I manage a windows server setup so it's hard to change and this is only the first mac I've ever used before. Basically what I'm saying is say you name an account jsmith, local, meaning it is an account based on the hard drive of the mac. Yet on the server in active directory you have a domain account named the same thing the mac can't tell the difference between the two accounts for some reason. I can see how it can be a problem but I figured they would have fixed it by now since you have to logon with "domainname\username" instead of just "username". Thats about as simple as I can make it.

    And BTW I'm not forcing OSX to be like Windows, I'm trying to do my job and figure out how to get what the user requested working properly on the machine thats why I'm asking questions. I don't want to turn this into an OS war.

  11. #11
    Integration with Active Directory problems
    Chilbear's Avatar
    Member Since
    Jun 14, 2007
    Location
    Toronto
    Posts
    574
    Specs:
    2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
    I think we are at an impasse. When I log into my server it asks me for my password even though it knows it. The only way I can think is to always stay logged in to the shared volume. As for changing the password after 90 days - I don't know. I do it manually so maybe you have to hire a Mac AppleScript writer to do the things you wish via an auto executed script but that is way beyond me. Sorry but I think you are past my level of help. Best of Luck.

  12. #12
    Integration with Active Directory problems

    Member Since
    Apr 02, 2008
    Posts
    6
    Well it will prompt for a change of password after 90 days if you are using a domain account so thats what I think I will use. It just seems quite a bit slow using it though a domain account. I was reading that this might have something to do with LDAP, theres lots of good info on macwindows about the whole thing but I just figured there was someone here that might have went though this before and can give pointers.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Active Directory Binding problems
    By muddyfox in forum OS X - Operating System
    Replies: 1
    Last Post: 01-17-2012, 09:58 PM
  2. OS X 10.7.2 and Active Directory?
    By Tony414 in forum OS X - Operating System
    Replies: 0
    Last Post: 01-11-2012, 03:59 PM
  3. Mac integration to Active Directory
    By Davit2005 in forum OS X - Operating System
    Replies: 1
    Last Post: 07-19-2011, 01:55 PM
  4. Help with active directory
    By cfaulds in forum Internet, Networking, and Wireless
    Replies: 3
    Last Post: 03-09-2011, 12:28 PM
  5. Macs not able to log onto Active Directory through Open Directory
    By lawrencm in forum OS X - Operating System
    Replies: 0
    Last Post: 04-26-2010, 06:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •