Yes, I agree, 10.3 is much easier, although in a 2k3 environment you will have problems mounting home drives on a 2k3 server because the mac samba client only use plain text passwords (whereas 2k3 disallows this by default). You can either allow it, which i wouldnt suggest, or mount your home drives on a machine other than 2k3. There is some speculation that 10.3.6 has some improvements in the way samba authenticates, but it is has not been confirmed yet. 10.3.6 is supposed to be out sometime within the next 30 days, if i remember correctly. If you do figure out how to mount home drives on a 2k3 file server with kerberos please let us know.
________________________________ From: [EMAIL PROTECTED] on behalf of Depp, Dennis M. Sent: Fri 10/15/2004 7:23 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Macs, LDAP Source Brian, You might want to look at upgrading to 10.3. Apple has improved on the AD info for 10.3. I've played with it a bit, but not enough to know if the fault tolerance is there or not. Denny > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond > Sent: Thursday, October 14, 2004 10:18 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Macs, LDAP Source > > My asst managed to get OS X 10.2.SomeInt to authenticate to > the AD here. I typed in my username and password and it was > just as fast as logging in from an nt class box. Aside from > the various implementation issues on the mac side, I have > this dilemma: > > > > The Mac's are not actually AD aware - they just need an LDAP > source. I could buy this cool program called ADmitMac which > creates domain accounts for the Macs and emulates an NT box > as far as user mgmt goes on the Mac. Cool, but, the quote was > nearly as much as I paid for the OS X licenses. So, anyway, > the mac needs a explicit dns hostname for ldap. I could give > it one DC, but, if hat DC goes down, all my macs are F'ed. > So, what I did is setup a round-robin with all the DCs in the > site the macs are located in. > > > > I'm not totally satisfied with this workaround. It just seems > sort of half-ass to me. It requires a certain degree of > management, and if one of the DCs is down, a portion for the > macs will need to be rebooted until they receive a referral > from the DNS server in an order which includes a working DC > first. Whilst I am not totally happy 100% with this solution, > I don't have a better idea - anybody? I remember hearing > about NLB for LDAP, which I think might do the trick, I've > never used MS NLB - does it apply to this situation? > > > > Thanks. > > > > --Brian Desmond > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > Payton on the web! www.wpcp.org <http://www.wpcp.org> > > > > v - 773.534.0034 x135 > > f - 773.534.8101 > > > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
