Re: [ActiveDir] Mixed network PC and Mac -> AD or XServe

[Robbie Foust]

I'm currently involved in migrating a network from Netware to AD/OS X 
Server.  The problem with running Windows servers in a Mac invironment 
is that Microsoft has no plans to support the latest AFP version, which 
kinda sucks for various reasons. (auto reconnect, etc)

Best way I can come up with is to use AD as the authenticator (and for 
group policy support of Windows clients), and use OS X Server as the 
file server.  The trick is to be able to apply policies to OS X users 
through open directory.  There's supposed to be a way to use AD as the 
primary LDAP directory and pull additional attributes from another 
"local" directory but haven't quite figured it out yet.  Samba can be 
configured to use Kerberos, but it's not the default.

Macs can't really be managed from AD like Windows can.  Same goes in the 
other direction too.  So ya kinda need both (AD and OD).  In my 
scenario, I'm shooting for single sign-on using Kerberos.  To make it 
even more complicated, I would really like to authenticate from a MIT 
Kerberos realm, but Samba doesn't have support for that yet.

Documentation is very limited with it comes down to the fine details, 
unfortunately.

Robbie Foust
OIT - Systems and Core Services
Duke University
Noah Eiger wrote:

Hello:

I need some advice about file service, directory management, and user
authentication in a mixed Windows/Mac environment. 

I have a magazine client with approximately 70 users: half Macs, half
Windows. As you might expect, the Macs are the art department and editorial;
the PCs are business, advertising, etc. All workstations will either be
running OSX (most recent) or WinXP Pro. Currently, there is no NOS, and file
service is handled by a mixture of WinNT, Win2k, and AppleShare 9x.
My initial thought was to just let AD handle everything and spend the effort
on getting the Macs to play nice with the Windows servers. Exchange is
likely. However, the in-house IT guy wants to explore Apple's server
offerings.
So, the questions are: 
-          Is the speed and quality of the Windows servers sufficient for
Mac clients (many handling large image or graphics files)?
-          Is AD "managing" of Macs and Mac users sufficient? 
-          If there is a reason to deploy an Apple server, can it be managed
by AD? That is, can it play like a Windows member server?
-          Finally, is there any reason to entertain running the whole shop
under the Apple server and Open Directory?

Many thanks.

----------------------------------------------------------------------------
--
Noah M. Eiger
EIS Consulting for
PRBO Conservation Science
510-717-5742
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
 

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/