+ Post New Thread
Results 1 to 6 of 6
Mac Thread, mac os server or windows ad integration in Technical; Greetings, Im investigating switching to macs for music tech, i think for basic garageband with audio interfaces they are quite ...
  1. #1

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    213
    Thank Post
    39
    Thanked 10 Times in 6 Posts
    Rep Power
    14

    mac os server or windows ad integration

    Greetings,

    Im investigating switching to macs for music tech, i think for basic garageband with audio interfaces they are quite comparable with pc cost. My main decision is to how i go about their access to the windows domain, I have the following two choices.

    1. A standalone network using a mac mini with osx server. Students having identical logons to their windows accounts. Students would only be able to do their music tech work and would not have access to network resources. They would be able to create office docs with office for mac and would have to email their work to themselves to be able to finish it on other computers.
    2. Binding mac to windows domain. Students could access their network home drives and be able to save directly to them. Will need total change of network share/file system permissions to allow macos to access home drive correctly. This would also create dozens of extra folders in each students user areas plus store important files there which the students could easily delete.
    3. Same as option one but use boot camp to allow installation of windows for use by other departments. Ive not imaged macs before so unsure how this would work with dual boot setup.

    Im not sure how having a mac osx server on the network will affect my windows domain (or even if it will).

    Any advice is welcome.
    Thanks
    James

  2. #2

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    3,014
    Thank Post
    406
    Thanked 415 Times in 281 Posts
    Rep Power
    253
    Quote Originally Posted by jjohnsoncantell View Post
    Greetings,

    Im investigating switching to macs for music tech, i think for basic garageband with audio interfaces they are quite comparable with pc cost. My main decision is to how i go about their access to the windows domain, I have the following two choices.

    1. A standalone network using a mac mini with osx server. Students having identical logons to their windows accounts. Students would only be able to do their music tech work and would not have access to network resources. They would be able to create office docs with office for mac and would have to email their work to themselves to be able to finish it on other computers.
    2. Binding mac to windows domain. Students could access their network home drives and be able to save directly to them. Will need total change of network share/file system permissions to allow macos to access home drive correctly. This would also create dozens of extra folders in each students user areas plus store important files there which the students could easily delete.
    3. Same as option one but use boot camp to allow installation of windows for use by other departments. Ive not imaged macs before so unsure how this would work with dual boot setup.

    Im not sure how having a mac osx server on the network will affect my windows domain (or even if it will).

    Any advice is welcome.
    Thanks
    James
    Our Mac server works very well with AD and you will find they're damn right easy to manage. No need to change security settings if your integrating with AD. Just make sure you setup Workgroup manager (Mac's GP equivalent). It won't have any effect on your Windows domain, well mine dosen't. You can also tell the Macs to automatically mount Shared areas and bring up only home drives when the student goes on to finder.

    Hopefully this helps and concerns send me a PM and I'll do my best to help you!

  3. #3

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    213
    Thank Post
    39
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    When i say security settings i mean acl's, something in the way i have them set stops the mac being able to map a users home drive. Every user has full access to their home drive so im guessing its another permission thats set. I set a permission free area up and that worked fine.

  4. #4
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Network users defined on Windows Server that are logging onto OSX systems must have at least read and/or list and/or traverse rights to folders/containers upstream of their home containers. Although ACLs prohibiting this for the same users logging onto PCs work fine the same can´t be said for Macs. All that happens is login fails or if login is successful users´ ability to launch applications and/or save work is restricted and/or hampered in some way.

    You may have to get creative with this depending on what form your AD structure takes? The last thing you want is to define ACLs that finally allows successful login and use of the OS X workstation yet gives free and easy access to any other network user´s data. However simply allowing list/traverse rights is usually enough as having the ability to ¨see¨ any other users folder is purely cosmetic as there would/should be no ability (assuming ACLs are assigned to grant full access to that user and no other) to go further would not be possible.

    Try to understand that OS X is a fairly sophisticated GUI to an underlying UNIX sub-system with a dual POSIX/ACL permissions models already built-in.

    Antonio Rocco (ACN)

  5. Thanks to AntonioRocco from:

    jjohnsoncantell (14th May 2014)

  6. #5

    Join Date
    Oct 2008
    Location
    Southampton, England
    Posts
    213
    Thank Post
    39
    Thanked 10 Times in 6 Posts
    Rep Power
    14
    Thats the answer ive been looking for. Will give it a try and see if it works, that way i can just bind the client to the domain and log them on as normal.

    Thanks
    James

  7. #6

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    299
    Thank Post
    49
    Thanked 27 Times in 24 Posts
    Rep Power
    19
    Quote Originally Posted by abillybob View Post
    Our Mac server works very well with AD and you will find they're damn right easy to manage. No need to change security settings if your integrating with AD. Just make sure you setup Workgroup manager (Mac's GP equivalent). It won't have any effect on your Windows domain, well mine dosen't. You can also tell the Macs to automatically mount Shared areas and bring up only home drives when the student goes on to finder.

    Hopefully this helps and concerns send me a PM and I'll do my best to help you!
    I agree, first of all in my experience I don't recommend upgrading to mavericks if you use workgroup manager. The only issues we've come across is the use of Internet and Keychain. Teachers and students want it to 'just work' and if a user changes a password the keychain prompt appears they tend to just press cancel and get confused. However, if you update it to allow the Macs not to authenticate using NTLM this should help.

    I recommend asking a local school who are running Macs if you could visit. We're visiting a school who are running the macs on a different VLAN away from AD to see how they work.

    Peter



SHARE:
+ Post New Thread

Similar Threads

  1. Mac OS Server Flashing Folder
    By PeterH in forum Mac
    Replies: 0
    Last Post: 28th January 2013, 03:11 PM
  2. Replies: 8
    Last Post: 23rd September 2011, 01:20 PM
  3. Replies: 12
    Last Post: 27th April 2010, 09:28 AM
  4. MAC OS Server and Active Directory
    By steveo2000 in forum Mac
    Replies: 1
    Last Post: 7th April 2009, 03:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •