RE: [ActiveDir] Macs, LDAP Source

[Brian Desmond]

So aside from 10.3 any other ideas? OS X seats are more expensive than what I pay for a Windows seat w/ MSO2003, Exchange CAL, etc.   Thanks.   --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org   v - 773.534.0034 x135 f - 773.534.8101   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, October 14, 2004 9:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Macs, LDAP Source   10.3 added a new AD-aware client side user auth protocol. I’m not expert, but I have set it up. The fact that I set it up in about 5 mins is a sign that it isn’t hard to use. http://www.apple.com/macosx/features/security/   I’d give it a try. 10.3.3 I think is the latest. ~Eric     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Thursday, October 14, 2004 9:18 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Macs, LDAP Source   My asst managed to get OS X 10.2.SomeInt to authenticate to the AD here. I typed in my username and password and it was just as fast as logging in from an nt class box.  Aside from the various implementation issues on the mac side, I have this dilemma:   The Mac’s are not actually AD aware – they just need an LDAP source. I could buy this cool program called ADmitMac which creates domain accounts for the Macs and emulates an NT box as far as user mgmt goes on the Mac. Cool, but, the quote was nearly as much as I paid for the OS X licenses. So, anyway, the mac needs a explicit dns hostname for ldap. I could give it one DC, but, if hat DC goes down, all my macs are F’ed. So, what I did is setup a round-robin with all the DCs in the site the macs are located in.   I’m not totally satisfied with this workaround. It just seems sort of half-ass to me. It requires a certain degree of management, and if one of the DCs is down, a portion for the macs will need to be rebooted until they receive a referral from the DNS server in an order which includes a working DC first. Whilst I am not totally happy 100% with this solution, I don’t have a better idea – anybody? I remember hearing about NLB for LDAP, which I think might do the trick, I’ve never used MS NLB – does it apply to this situation?   Thanks.   --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org   v - 773.534.0034 x135 f - 773.534.8101