OD binded to AD or just AD?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by tahoskier, Mar 2, 2012.

  1. macrumors newbie

    Joined:
    Jun 19, 2008
    #1
    I'm new to networking MACs so I apologize for the noobie questions. We have an existing AD network. Until recently we had two MACs binded to AD. We recently added 10 more. I have 8 macs that will be used for iOS development. We purchased a MAC mini server running Lion Server. I would like to setup a common storage repository for coding. While I'm at it I would like to create a Time Machine backup for all the MACs. We have setup our Open Directory environment and if I were to create a user in OD, I can log a client in as that user. If I import AD users in OD, I cannot login to a client with any of the imported AD users. Also the OD user that was setup cannot login to the client unless it is on the network. It doesn't create a local profile on the client.

    So questions that I have are:

    Is this the right setup, OD binded to AD on the server? And client binded to OD? If so, how do I setup a local profile for the user on the client.

    How can I log into the client as an AD member.

    If I binded the client to AD then I can log in as an AD user. There is also a setting to create an offline profile for the AD user.

    I would really like to use some of the management that OD has to offer but I do need to log in as an AD user.
     
  2. macrumors G4

    Joined:
    Jul 17, 2002
    Location:
    USA
    #2
    It's Mac, not MAC. Mac is short for Macintosh, Apple's current line of laptop and desktop computers. MAC is an acronym for Media Access Control, the hardware address of network devices. There is a huge difference between the two. The two terms are sometimes used in the same sentence. For example: Every Mac has a MAC address.
     
  3. thread starter macrumors newbie

    Joined:
    Jun 19, 2008
    #3
    Sorry.
     
  4. macrumors regular

    Joined:
    Sep 24, 2011
    #4
    I was never able to get that working. We just bind the clients to AD, works much better than the golden triangle of death. Look into the Casper suite if you want to manage your MACs :)rolleyes: ) over the network. It works great. Only having 8 MACs :)rolleyes: ) you can easily create local accounts for the 8 users on the Mini Server to access shares.
     
  5. macrumors 6502

    Joined:
    Mar 27, 2004
    Location:
    Ozark, Missouri
    #5
    That really doesn't help anyone nor does it provide anything substantive towards answering the poster's question.
     
  6. macrumors newbie

    Joined:
    Jan 26, 2012
    Location:
    Michigan
    #6
    We bind our Lion Server and the Mac workstations to AD. This lets us log in as AD users and create a local user. Binding the Lion Server also lets us assign permissions to AFP shares as well as our Time Machine server to certain AD users.

    We don't have anyone too versed in OD so this seemed like the best option for now. My suggestion in your situation would be to just use AD and assign permissions through the Server App.

    Hope this helps a little.
     
  7. macrumors 68030

    Yebubbleman

    Joined:
    May 20, 2010
    Location:
    Los Angeles, CA
    #7
    While this is true, it's still a good distinction to make that may help the poster avoid further unintended confusion.
     
  8. macrumors 68030

    Mattie Num Nums

    Joined:
    Mar 5, 2009
    Location:
    USA
    #8
    You may be over complicating things by doing an AD/OD replication. What does your environment look like in general? How many PC's, what Exchange version, etc. Exchange and AD can do almost everything you need without the headaches of managing an AD/OD situation.
     
  9. macrumors newbie

    Joined:
    Aug 13, 2012
    #9
    Hello there,could I kindly ask something?
    Do your macs connect to the lion server (via network account server settings) and then able to access home folders of windows users, that appear say in workgroup manager as it's binded to active directory?
     
  10. macrumors newbie

    Joined:
    Jan 26, 2012
    Location:
    Michigan
    #10
    We aren't using network home folders for Windows or Macs. We can log in as a network user on any of our Macs but it creates a local home folder. We then use Time Machine Server to back up the Macs (and therefore the home folders).

    All of our users have a SMB share on the network (and our Macs can access those) as well as an AFP share on the Lion Server for a select group of people to access.
     
  11. macrumors newbie

    Joined:
    Jul 26, 2012
    #11
    I am responsible for thousands of computers for a school district. I am luckily in a position to also be responsible for Active Directory. I modified the Active Directory schema to support mac computers 3 years ago, and it is awesome. It took several weeks of testing, but I eventually put it into my production AD.

    I used to run Open Directory from 10.2 up to 10.5, and it is very unstable. My OD database would get corrupt several times a semester and would have to completely rebuild it. If there is anything of major dependance on a directory system, do NOT use OD.

    I've modified the schema on a 2003 server, and when I upgraded my AD 2008 r2 it migrated without any issues. Very reliable.

    Apple has released a white paper here.
    http://www.seminars.apple.com/contactme/pdf/L407117A_ADSchema_wp_FF.pdf
     
  12. macrumors 6502a

    Truffy

    Joined:
    May 9, 2005
    Location:
    somewhere outside your window...
    #12
    The past particple of bind is bound, not binded.
     
  13. macrumors newbie

    Joined:
    Jul 2, 2007
    Location:
    Indiana
    #13
    'cbot' and 'devorebo' have two answers you should seriously consider. For your environment I'd recommend the simpler solution of setting your Lion Server up as just a Mac file server for your Time Machine etc. No need to run an OD on your server.

    First create the machine account in AD for your server then also setup forward and reverse DNS for the servers static IP. Lion doesn't do DDNS right in many AD environments and your Mac probably turned on it's own DNS server because of that. DNS is critical and should be run outside your Mac unless you want your Mac to run all your DNS but that's getting complicated.

    Now rebuild the server. Because you have OD running and possibly some other things like DNS you want to just start clean, it's faster. Don't let it do any kind of auto setup of OD or binding to AD just enter the proper IP and DNS name.

    Now get updates etc. Then bind your server to OD. Use the Server App not Directory Access. Look under the Manage menu for the option to join a domain. I forget exactly what it says. This assistant will walk you through the binding process and get your server connected to your AD so that users can user their AD credentials to connect to the server. No need to import users form the AD.

    Now you can set setup share points and add users from your OD to those shares. If you also bind your Macs to AD you can get single sing on because everything is now using Kerberos for authentication.

    You can even turn on the Profile Manager and use it as a Mobile Device Management system for your iOS devices. It will let you use users use AD credentials to login to the service and manager their devices or your Admins can do it.
     
  14. macrumors 68030

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #14
    Every Mac has a MAC address. should be in quotes sayeth the grammar police police.

    ----------

    Most people I know say boundeded, binderlated, bindederated or bow-wow-eye-en-ded.
     

Share This Page