+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 30
Mac Thread, Mac Server, Windows Domain, AD etc... in Technical; Hi All, Does anyone know a good place to start/have a link to a good guide for setting up a ...
  1. #1

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Mac Server, Windows Domain, AD etc...

    Hi All,

    Does anyone know a good place to start/have a link to a good guide for setting up a mac server on a windows domain? I would like to log into the mac with the users ad account & lock down the mac based on their ad user group if this is possible. I've just started looking at macs & I have no clue with them, so any help would be great.

    Thanks

    M

  2. #2

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by mike86 View Post
    Hi All,

    Does anyone know a good place to start/have a link to a good guide for setting up a mac server on a windows domain? I would like to log into the mac with the users ad account & lock down the mac based on their ad user group if this is possible. I've just started looking at macs & I have no clue with them, so any help would be great.

    Thanks

    M
    There are a few ways you can go with this and what you do depends on how many Mac clients you will have, how much money you have to spend, and how much you want to learn about managing Macs.

    If you have only either a few clients or more money than time to learn, then you can just use Centrify (http://www.centrify.com/directcontrol/mac_os_x.asp) or AdmitMac (http://www.thursby.com/products/admitmac.html) and manage the Macs pretty much just like you do your Windows clients using GPOs. You'll still need to create separate GPOs for the Macs, but it will be familiar and relatively painless. These solutions aren't cheap for large numbers of Macs though.

    If you have more time than money, then you should use a Mac Mini server and WorkGroup Manager (WGM) or Profile Manager. If you use profiles then you just bind the Macs straight to the Domain Server for authentication and use profiles for management.

    In between these two options cost-wise is Casper Suite, which can do everything from imaging, package deployment, policies, profiles and more. CS is like SCCM and a bit more for Macs. JAMF offers excellent pricing for Education on the licensing, but there is the upfront one time JumpStart.

    Whatever you use for management (unless its CS), you'll still need an imaging tool, but you can use the built-in NetInstall service on a Mac Mini running the server app (http://support.apple.com/kb/HT5599) or the excellent and free DeployStudio (http://www.deploystudio.com/Home.html)

  3. #3

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    cheers seawolf, I appreciate your help, I've set up a mac server, and trying to use profile manager, problem is my ad users show up in users of the server app, however when trying to set up profile manager, only my local admin user shows up. If I log in to the profile manager web interface as my ad user, I get the option to enrol, if I click this it looks like it's doing something, then stays on the same page. Any ideas.

  4. #4

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by mike86 View Post
    cheers seawolf, I appreciate your help, I've set up a mac server, and trying to use profile manager, problem is my ad users show up in users of the server app, however when trying to set up profile manager, only my local admin user shows up. If I log in to the profile manager web interface as my ad user, I get the option to enrol, if I click this it looks like it's doing something, then stays on the same page. Any ideas.
    Make sure you've set it up as indicated here http://www.krypted.com/?p=7619

    Krypted is a good source of info for many things Mac.

  5. 2 Thanks to seawolf:

    mike86 (30th July 2013), SovietRussia (31st July 2013)

  6. #5

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Will do, just reinstalling mountain lion & server & starting from scratch...Thanks again for your help.

  7. #6

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I've managed to get this working & I can now enrol devices however no ad users show up in profile manager. I'm using Mountain lion server & the instructions from the site you posted are for lion...Can almost smell victory now.

  8. #7

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by mike86 View Post
    I've managed to get this working & I can now enrol devices however no ad users show up in profile manager. I'm using Mountain lion server & the instructions from the site you posted are for lion...Can almost smell victory now.
    You did bind the Mac server to the AD domain and you installed WGM for 10.8 and followed that part of the instructions? If its still not working I don't know. Without seeing it myself it could be a bit of the needle in a haystack.

  9. #8

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Yep installed WGM & binded however com.apple etc group isn't listed, in face no local groups are listed.

  10. #9

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Looks like I've cracked it, had to create a group and add users to it. Then they'd show up in profile manager, although I had to search for them before they would show. Have just set up profiles now & waiting for them to push. Hopefully all will work, then I can wait for September until the kids come back & break everything

  11. #10

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Last bit, if anyone can shed any light. I'm trying to apply settings to ad users when the log in, so students & staff get locked down differently. However no profiles are being pushed out automatically, I've opened all the relevant ports for APN on the firewall, still no luck. HELP!!!!

  12. #11
    SovietRussia's Avatar
    Join Date
    Mar 2013
    Location
    Powys, Wales
    Posts
    606
    Thank Post
    67
    Thanked 131 Times in 102 Posts
    Rep Power
    43
    Quote Originally Posted by mike86 View Post
    Last bit, if anyone can shed any light. I'm trying to apply settings to ad users when the log in, so students & staff get locked down differently. However no profiles are being pushed out automatically, I've opened all the relevant ports for APN on the firewall, still no luck. HELP!!!!
    Go to one of the client machines, open up terminal:

    telnet gateway.push.apple.com 2195

    If you get access, means it isnt being blocked.

  13. #12

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I can get access when running that command. It shows up in profile manager when I log on to the machine: push settings username: studentuser - sending

    however it doesn't seem to send.

  14. #13

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Suppose I could lock them down with wgm, are there draw backs to this?

  15. #14

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by mike86 View Post
    Suppose I could lock them down with wgm, are there draw backs to this?
    The only drawback is that WGM will probably disappear in 10.9, but the underlying MCX settings will likely still work. And with profiles users don't have to logout/in for changes to apply.

  16. #15

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    83
    Thank Post
    35
    Thanked 1 Time in 1 Post
    Rep Power
    0
    thanks, having trouble getting client macs to show in workgroup manager, they are bound to the OD & AD, they show in the AD section on workgroup manager but only the server shows in the OD part. If I try to add it manually it says there's already a mac with this name?! So confused.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 6
    Last Post: 22nd February 2011, 11:23 AM
  2. Replies: 6
    Last Post: 15th October 2010, 11:55 AM
  3. sambafile server windows domain
    By duxbuz in forum Wireless Networks
    Replies: 15
    Last Post: 25th June 2010, 11:01 AM
  4. backing Up Mac in Windows Domain
    By brahma in forum Mac
    Replies: 2
    Last Post: 18th March 2010, 06:50 PM
  5. Replies: 7
    Last Post: 12th November 2009, 05:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •