The key most people miss is sudo dsconfigad -enableSSO. I would say pay special attention to the kerberos part of the Golden Triangle approach. I do get a password expiration notification when I log in as an AD user.I set mine up following those directions exactly, and here's my experiences: The golden triangle approach has worked great for me. I have a few Xserves running as file servers in an Active Directory environment.
Do your users even bother using this application? If so have you found a way to hide them? The directory application shows a number of system accounts, cluttering it up. Additionally this will allow Mac OS users to use spotlight on the server mounts. Letting the Windows users use SMB on a Mac server is my best option, as the Mac users can use AFP (enabling the use of resource forks, instead of leaving. If we let the Mac users use an SMB share on a Windows server, the Macs have to leave. Do you join these VMs to the domain as well? Do you do anything else special with VMs?įile share compatibility. Nearly everyone uses either Parallels Desktop or VMWare Fusion. Is this a bug? Is there any work around? Do you just mount the needed drives at logon? If so, how do you manage these login scripts? However when you use Finder's "Go to Folder." action or access via smbclient -k the system will properly use kerberos. Browse to a windows server in "All." and open a SMB share, you'll have to authenticate. Password expirations (specifically that there is no notification given to the user while they are logged in).įinder not consistent about using kerberos. We are specifically having issues with the following:
In your corporate network, how do you handle Mac OS X users on your Active Directory based network? What are some specific things you do to cater to the Mac OS users?