Integration with Active Directory problems

Joined
Apr 2, 2008
Messages
6
Reaction score
0
Points
1
I run (or help run) an Active Directory Windows Server 2003 domain and we had a user recently decide they were going to get a mac instead of their normal pc and wanted me to work on getting it setup for the domain. So far I've got it joined and I can access all the file shares after authenticating with the server. Now there is no plans to ever get a OSX server is there any way I can integrate it to where you can login with your domain user account and password and not have to reauthenticate when you logon to the shared directories? Another problem I see is that we have a 90day password expiration rule, however on the Mac if the password expires it doesn't prompt that it has expired and lets the user use the same old password until that grace period is up then locks their account. Is there any way I could make it prompt for change? BTW this is a Macbook Air with OSX 10.5 (latest version).
 
Joined
Jun 14, 2007
Messages
574
Reaction score
4
Points
18
Location
Toronto
Your Mac's Specs
2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
I have set up an alias on the Mac desktop that, when clicked, asks me for my password as I never log and save a password over the connection. What I have alias'd is a folder so this kind of works but this is a W2000 Server. Have you enabled a Mac version of the volume to be shared to the Mac?

Have you tried to connect using AFP rather than SMB to the shared volume to see if it reacts differently?
 
OP
N
Joined
Apr 2, 2008
Messages
6
Reaction score
0
Points
1
I have not tried afb yet but I will. I finally got it to login correctly with a domain account instead of local, unfortunately for some really weird and odd reason it will only connect to my dummy account and not my admin domain account even though it looks pretty much the same as far as settings in active directory. The dummy account connects but still prompts for you to enter a password to connect to get your file share which then doesn't work because it's actually stored in a DFS. I heard that DFS doesn't work properly in OS X. This is extremely frustrating to get work but it's coming along better than I expected.
 
Joined
Jun 14, 2007
Messages
574
Reaction score
4
Points
18
Location
Toronto
Your Mac's Specs
2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
Interesting afternoon here. I just finished upgrading to Leopard. I double clicked my alias and no issues to log in. Just try the AFP (Apple File Protocol) method but use the GO>Connect to Server route I find is a better method. If you try (I just did) to double click over the to the server using the Network icons - it failed. No doubt X and Windows Server are a quirky pair.
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
There is also a third-party product which claims better AD support than you get, out of the box, OS X.
http://www.thursby.com/products/admitmac.html

I get the impression that Apple's AD implementation was designed to use a Mac OS X Server to bridge the gap...which is unreasonable for most small Mac deployments.
 
OP
N
Joined
Apr 2, 2008
Messages
6
Reaction score
0
Points
1
Yeah, I tried AFP but it still won't let me logon my domain user account only my dummy one, very strange. Still can't get it to connect to my home share but I didn't really expect it to since it's DFS. Still doesn't make any sense to me why one domain account would connect and not the other.
 
Joined
Sep 24, 2007
Messages
235
Reaction score
17
Points
18
Your Mac's Specs
17" MacBook Pro 4GB
There is also a third-party product which claims better AD support than you get, out of the box, OS X.
http://www.thursby.com/products/admitmac.html

I get the impression that Apple's AD implementation was designed to use a Mac OS X Server to bridge the gap...which is unreasonable for most small Mac deployments.

I would agree with your impression. While I like what I've read about it, I choke on the price tag. Have you had direct experience with the Thursby products? They look like great alternatives.
 
OP
N
Joined
Apr 2, 2008
Messages
6
Reaction score
0
Points
1
I think I solved that problem. It seems Mac OSX doesn't like domain and local accounts named the same, even if they are switched after. I had to delete the entire account then create a brand new one named something else to get it to login. Now it works but if I can figure out how to make a users homeshare point on the server so it can be backed up like we have it for the windows machines it would be sweet.
 
Joined
Jun 14, 2007
Messages
574
Reaction score
4
Points
18
Location
Toronto
Your Mac's Specs
2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
What did you say? Huh? How about tell us what you want to do in plainspeak rather than Windospeak. This is a classic case of a windows IT person trying to force OS X to be like Windows.
 
OP
N
Joined
Apr 2, 2008
Messages
6
Reaction score
0
Points
1
What did you say? Huh? How about tell us what you want to do in plainspeak rather than Windospeak. This is a classic case of a windows IT person trying to force OS X to be like Windows.

Sorry I manage a windows server setup so it's hard to change and this is only the first mac I've ever used before. Basically what I'm saying is say you name an account jsmith, local, meaning it is an account based on the hard drive of the mac. Yet on the server in active directory you have a domain account named the same thing the mac can't tell the difference between the two accounts for some reason. I can see how it can be a problem but I figured they would have fixed it by now since you have to logon with "domainname\username" instead of just "username". Thats about as simple as I can make it.

And BTW I'm not forcing OSX to be like Windows, I'm trying to do my job and figure out how to get what the user requested working properly on the machine thats why I'm asking questions. I don't want to turn this into an OS war.
 
Joined
Jun 14, 2007
Messages
574
Reaction score
4
Points
18
Location
Toronto
Your Mac's Specs
2xiMac24 w Parallels 6 (1x White, 1x Aluminum), iPhone 3GS with iOS5
I think we are at an impasse. When I log into my server it asks me for my password even though it knows it. The only way I can think is to always stay logged in to the shared volume. As for changing the password after 90 days - I don't know. I do it manually so maybe you have to hire a Mac AppleScript writer to do the things you wish via an auto executed script but that is way beyond me. Sorry but I think you are past my level of help. Best of Luck.
 
OP
N
Joined
Apr 2, 2008
Messages
6
Reaction score
0
Points
1
Well it will prompt for a change of password after 90 days if you are using a domain account so thats what I think I will use. It just seems quite a bit slow using it though a domain account. I was reading that this might have something to do with LDAP, theres lots of good info on macwindows about the whole thing but I just figured there was someone here that might have went though this before and can give pointers.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top