PDA

View Full Version : Setting up new network. Server03 and OSX Server 10.4, but which as primary?




mountainbiker80
Jun 12, 2008, 10:26 PM
I have inherited a LAN with an Xserve, but the Xserve is not running Open Directory as of yet. I also have Windows Server 2003 Enterprise, which hasn't been installed on any machines yet. SO, my problem is this:

I need to set up centralized authentication. Currently the Xserve is simply running as a file server, and every one of the 20 employees uses the same password to access the Xserve's shares on its attached RAID box (I know, I know...I didn't set this up, this is why I'm fixing it...). SO, do I set up Server 2003 and Active Directory as the primary Domain Controller, or do I setup Open Dir on the 10.4 Server Xserve and (is this even possible) run Server03 as a secondary Domain Controller?

The goal is to be able to easily manage the Macs and PCs on the LAN (such as OSServer controlling the Macs and Server03 controlling the settings on the PCs, etc.) Am I headed toward a dead-end or pit of despair?

My eyes are sore from Googling and not finding anything specific to the plusses and minuses of setting up a new network with either Active Directory as the primary authentication host or Open Directory from OSX Serv. I can find all sorts of info on connecting OSX S to a Server03 Active Directory network, but that's not really what I need. Since neither is set up and I have the option at this point to do either, I'd like to start off on the right foot.

Thank you SO much, in advance, for any input anyone can offer. I really need some help ASAP!



MacsRgr8
Jun 18, 2008, 04:49 PM
Well, every situation is different, and decisions in these circumstances are usually made based on experience and need....

But, in short:
It usually is easier to make an Mac OS X Server "client" of an AD domain, than an Win2K3 server "client" of an OD service.

So, mostly you'll find that a Win2K3 Server is DNS and AD PDC, and a Mac OS X Server as the AD client.
Then, you have one user database, and you can setup AFP services accordingly. Works fine.

But what if you want "real" Mac-like OD pushed settings, like a fixed Dock, synchronised Home folders etc..?
These credentials are not present in the AD "schemes" of the Windows Directory service.
If you're running Tiger, and you wnat "real" Mac schemes you *need* an OD Master.... (yes, you can try 3rd party <expensive> extra's like ADmitMac (http://www.thursby.com/products/admitmac-eval.html), but in general try to stay away from these solutions as they tend to need some tinkering around, and staying up-to-date)
In Leopard Server you can still be AD client, be OD Master and give those extra mac-like credentials, by using the new "augmented" user records. But let me advise you to look carefully at your options and wishlist you if will be using that... It's not as easy as it looks, and not everything is possible...

Sky Blue
Jun 18, 2008, 09:52 PM
Set up Windows 2003 for authentication and OS X Server as an OD Master for managed preferences.

mountainbiker80
Jun 19, 2008, 01:14 AM
Hey, ya'll, THANK YOU for your ideas. They're invaluable. I'm going to do the setup this weekend, so if anyone has any further info, I'd love to hear it.

Currently the Xserve we have is setup as an OD Master, with Windows PDC turned on (I didn't set it up like this). BUT, none of the workgroups were setup, permissions divided, or users created...get this, my predecessors set up the sharepoints and gave everyone one of the Xserve's Administrator credentials to login to them. So every employee shares 1 of the Xserve's 2 local Admin-level logins. Grrrr. (And they thought spending weeks setting up a custom firewall box was important? Go figure.)

Jiff Lemon
Jun 20, 2008, 03:35 AM
I'll ask the question no one else has....

How many clients are you dealing with and whats the ratio of Mac's to PC's?

mountainbiker80
Jun 21, 2008, 12:01 AM
I'll ask the question no one else has....

How many clients are you dealing with and whats the ratio of Mac's to PC's?

Great question...

We've got about 30 clients, with ~ 20 Macs and 10 PCs.

I've got Open Directory running right now in Standalone mode with Windows PDC services going. As of yet none of the clients (Mac or PC) are bound to Xserve. I'm kind'a hoping to be able to use the Xserve as the Master/PDC and then use Server03 Ent. as a secondary domain controller for the PCs...the primary goal being as simplistic as central authentication and being able to push updates to the Macs and PCs over LAN instead of all of them pulling from the Internet.

I haven't found much info (nor tried as of yet) to find a way to connect Active Directory (in its secondary role) to the Xserve Open Directory Master. Is it even do-able?