I could do everything that I can do in Panther with Jaguar's LDAP plug-in to interact with ActiveDirectory. So basically, Apple has given us nothing new in terms of ActiveDirectory support. If you choose to keep the user remote, no local home is created, and the network share path is not mounted, nor is it used as the home directory, the way it should be. If you say yes, a local home is created for the user and the user's network home share (if specified in AD) is mounted. Upon logging in with an AD user the first time, Panther will ask if you want to create a local home folder for the user. But for some reason, even though the proper AD groups show up in the admin group in AD, members of those groups are not automatically granted administrator privileges on the machine, like they should be. You can also add that particular user to the admin group in NetInfo. To make an AD user and admin, you have to log in with that user, log out, log back in as the local admin and then assign the administrator privileges to that user in the Accounts preference pane. It doesn't respect the assigned administrator groups in the plug-in setup. It left out the fact that you have to add the AD authentication path in the Authentication tab of Directory Access, otherwise you won't be able to authenticate users against the AD domain.Īlso, we're currently fighting with trying to get Panther to play nicely on our AD domain at school.
I can't say that this hint is incredibly helpful. Allow administration by: you can put an AD group name here and anyone in that group is added to the local admin group in netinfo.Select OK, quit Directory Access, reboot.Map a UID: If you don't know what this is leave it alone.If you have more than one domain controller, you can specify the one you want to use: .net.Turn on multiple domains if users need to access multiple domains.Turn on the account cache if the computer will be used offline.The format is just: usernamepassword Advanced Settings:
#OS X SERVER ACTIVE DIRECTORY PASSWORD#
When you click on Bind., you have to enter a username and password that has rights to add computers. I found this also speeds up authentication in some cases. ComputerID: mycomputerYou can make the forest the same as the domain if your users don't need to access resources outside the domain.Here's what the plug-in configuration looks like in Directory Access (located in /Applications -> Utilities): This assumes you have a working AD tree, properly configured DNS, and an account that can add computer objects to AD.
#OS X SERVER ACTIVE DIRECTORY HOW TO#
I've seen a lot of people asking how to setup Active Directory (AD), so I thought I'd post my setup which works.