Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to set up Active Directory' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to set up Active Directory
Authored by: Durandal on Nov 14, '03 07:20:33PM
I can't say that this hint is incredibly helpful. It left out the fact that you have to add the AD authentication path in the Authentication tab of Directory Access, otherwise you won't be able to authenticate users against the AD domain.

Also, we're currently fighting with trying to get Panther to play nicely on our AD domain at school. It doesn't respect the assigned administrator groups in the plug-in setup. To make an AD user and admin, you have to log in with that user, log out, log back in as the local admin and then assign the administrator privileges to that user in the Accounts preference pane. You can also add that particular user to the admin group in NetInfo. But for some reason, even though the proper AD groups show up in the admin group in AD, members of those groups are not automatically granted administrator privileges on the machine, like they should be.

The other headache is home directories. Upon logging in with an AD user the first time, Panther will ask if you want to create a local home folder for the user. If you say yes, a local home is created for the user and the user's network home share (if specified in AD) is mounted. If you choose to keep the user remote, no local home is created, and the network share path is not mounted, nor is it used as the home directory, the way it should be.

So basically, Apple has given us nothing new in terms of ActiveDirectory support. I could do everything that I can do in Panther with Jaguar's LDAP plug-in to interact with ActiveDirectory. With the LDAP plug-in, administrator groups were not recognized, which is something we thought would change with Panther. And Apple's support has been nonexistent. For god's sake, we want to implement this plug-in on an enterprise scale, and they're blowing us off. Are they just stupid?

---
Damien Sorresso

[ Reply to This | # ]

How to set up Active Directory
Authored by: tipster on Nov 14, '03 10:05:19PM

It's unfair to suggest it's given us nothing new that you couldn't do under LDAP under Jaguar.

The fact that you can bind to the AD domain is a huge step forward -- this isn't just about getting people to log onto a Mac, but about Mac's *participating* in the Active Directory.

Jaguar's AD support, using Samba 3, also gives users the ability to move around the windows domain as an authenticated user. They don't need to re-enter their username/password everytime they want to access a server they have permission to. This is also a huge step forward.

Caching the users logon is also a godsend, and I don't believe Jaguar gave you that ability. Laptop users really benefit from this, with one sign on -- whether they're on the network or not.



[ Reply to This | # ]
How to set up Active Directory
Authored by: ktappe on May 04, '04 02:32:09PM
Can you say what to add to the Authentication Path to get this tip to work? I've tried adding a "/LDAPv3/(domain)" path but that still doesn't let me authenticate. Is there an "/AD" or similar prefix I should be putting in there?

[ Reply to This | # ]