+ Post New Thread
Results 1 to 12 of 12
Mac Thread, Macs on windows domain in Technical; Hi all! We are looking at what it would take for a suite of macs to be joined properly to ...
  1. #1

    Join Date
    Nov 2011
    Location
    Gloucester
    Posts
    354
    Thank Post
    13
    Thanked 29 Times in 28 Posts
    Rep Power
    23

    Macs on windows domain

    Hi all!

    We are looking at what it would take for a suite of macs to be joined properly to our windows domain,

    We would like it so the students can log on using their ad usernames and passwords and they can see and save to there home drive like they can on windows.

    What would we need to accomplish this?
    Can someone explain the magic triangle and what is required?
    And would we need more hardware than just a mac server?

    Many thanks as always guys and gals!!

  2. #2

    Join Date
    Feb 2013
    Location
    South West England
    Posts
    263
    Thank Post
    0
    Thanked 46 Times in 41 Posts
    Rep Power
    34
    We do this with no Mac server.

    Bind to AD and set the Windows server as the time source and away you go. We have had no issues.

  3. #3

    Join Date
    Jun 2012
    Location
    UK
    Posts
    39
    Thank Post
    0
    Thanked 6 Times in 5 Posts
    Rep Power
    7
    If you already have the macs you don't need anything else you just join them to the domain like you would with a windows box.

    The Magic triangle setup is where you join your mac to Active directory for authentication and also join the mac to open directory so you can apply settings/lockdown to the AD user/group.

  4. #4

    Join Date
    Feb 2014
    Location
    West London
    Posts
    18
    Thank Post
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    2
    The issues you're going to have doing it natively are that you can't administer the macs on the domain (GPOs etc won't work) and if you've got users who log on to macs and Windows machines using the same AD credentials, you will run into permission issues with their home / shared drives; especially if you're storing that stuff on a file server somewhere (i.e. not a local profile)

    We use Centrify to help manage the macs centrally and have 2 sets of folders set up with some fancy scripting so that the Windows & mac specific file resources don't get in the way of each other.

    Doing it properly (3 sites of which 1 uses both macs & PCs; 3 networks all linked but with different IP ranges; 4 sets of servers (6 mac servers and 20 Windows servers); Wireless with multiple "open" SSIDs) took us 6 months planning and 3 months implementation and FULL testing. We work on the theory that one error is one too many!

  5. #5

    Join Date
    Nov 2011
    Location
    Gloucester
    Posts
    354
    Thank Post
    13
    Thanked 29 Times in 28 Posts
    Rep Power
    23
    so to configure the macs i.e. lock them down (similar to gpo) it would require the mac server. is this correct?... is it only the server that is required or do you require storage for the home drives even if they are on the windows domain?

  6. #6

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,580
    Thank Post
    59
    Thanked 370 Times in 286 Posts
    Blog Entries
    7
    Rep Power
    134
    You don't necessarily need a Mac server to deploy profiles to Macs (you could just as easily use a third party solution) but you need something to generate them.

    I use a plugin for SCCM to manage our Macs. The plugin has the facility to generate the mobileconfig files required but it is basic compared to Profile Manager. I use the SCCM plugin to deploy the profiles but Profile Manager to generate them.

  7. #7
    robjduk's Avatar
    Join Date
    Jun 2011
    Posts
    523
    Thank Post
    25
    Thanked 76 Times in 59 Posts
    Rep Power
    26
    We use a mac server as it makes nice little profiles to lock them down and makes software deployment quite easy and think its a great option if you don't have SCCM.

  8. #8

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    3,095
    Thank Post
    161
    Thanked 654 Times in 587 Posts
    Rep Power
    169
    There are software solutions for your DCs that allow them to manage Macs - they're neat but no cheaper than a Mac Mini server. Home drives will pick up the AD attribute (if you tell the clients to use that) so they will use their normal network storage.

  9. #9

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    299
    Thank Post
    49
    Thanked 27 Times in 24 Posts
    Rep Power
    19
    If you are thinking of using a mac server and plan to use profile manager (for the preferences of the machines) then here are a few things to think about:
    - Mac server
    - Profile Manager (Similar to GPO for Windows), Workgroup Manager and is becoming out dated.
    - Deploy Studio (to deploy a base image of the Mac)
    - Apple Remote Desktop (to push application installs)
    - Firewall settings configured to allow required ports for Apple
    - NTLM does not work on Macs so you can use ident for the authentication to Internet. Or use no authentication on the Macs.
    - Time on the Macs are same as the domain server

    A basic list of things to think about.

    When you join the Mac to AD you can specify to use the user's home drive on your Windows file server.

    The magic triangle uses the authentication from AD to connect to Windows Shares, then the Mac Server is used just for the management of the profiles, locking down the Macs as required.
    Last edited by Pashers; 13th June 2014 at 12:57 PM.

  10. #10

    Join Date
    Jun 2012
    Location
    UK
    Posts
    39
    Thank Post
    0
    Thanked 6 Times in 5 Posts
    Rep Power
    7
    For 3 clients i wouldn't bother with a mac server. You can use a process called local mcx.
    + you download a free program called workgroup manager from apple.
    + run workgroup manager and point it at the local machine.
    + apply settings as needed (note some newer settings can't be controlled)
    + repeat process on remaining macs

    As for connecting to your windows storage, this shouldn't be a problem at all, the mac will mount the users home directory path that you have under the user account in AD.
    i don't know what the permission issue is that is listed above but i have ran macs connected to AD and SMB shares for 9 years and never seen this, but everyones network is different.

  11. #11

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 287 Times in 219 Posts
    Blog Entries
    1
    Rep Power
    176
    Quote Originally Posted by bwestlake View Post
    Hi all!

    We are looking at what it would take for a suite of macs to be joined properly to our windows domain,

    We would like it so the students can log on using their ad usernames and passwords and they can see and save to there home drive like they can on windows.

    What would we need to accomplish this?
    Can someone explain the magic triangle and what is required?
    And would we need more hardware than just a mac server?

    Many thanks as always guys and gals!!
    1. As previously stated just bind them to AD. User Authentication solved.

    2. If you want Mac server, you can use Profile Manager (using AD groups) to lockdown and configure Macs. Any Mac can run Server app, so unless you have a lot of Macs you don't need a high spec server.

    3. If you don't want to bother with a server, you can install Server app on a desktop, create configuration profiles, export them then install them as part of your standard image to do the lockdown. You could also use WGM in the same way, but WGM is going the way of the dodo.

    Other suggestions are to consider solutions like Casper Suite or Puppet/Munki. DeployStudio is a no brainer as it's free and easy if you have a spare Mac Mini to act as a server.

  12. #12

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 287 Times in 219 Posts
    Blog Entries
    1
    Rep Power
    176
    Quote Originally Posted by Stuclark View Post
    The issues you're going to have doing it natively are that you can't administer the macs on the domain (GPOs etc won't work) and if you've got users who log on to macs and Windows machines using the same AD credentials, you will run into permission issues with their home / shared drives; especially if you're storing that stuff on a file server somewhere (i.e. not a local profile)
    We don't see any permissions issues and we map the same network home for Mac and PCs (folder redirection for Win7 set to replicate Mac home folder names). What problems do you have?



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 7
    Last Post: 17th August 2013, 12:50 PM
  2. Replies: 6
    Last Post: 22nd February 2011, 12:23 PM
  3. Ubuntu On Windows Domain
    By FN-GM in forum Windows
    Replies: 5
    Last Post: 27th July 2007, 02:11 AM
  4. MAC on Windows Network
    By frankybaloney in forum Mac
    Replies: 7
    Last Post: 3rd May 2007, 02:52 PM
  5. Thinclients, RIs, TFTPD server on windows domain
    By tosca925 in forum Thin Client and Virtual Machines
    Replies: 11
    Last Post: 16th March 2007, 11:57 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •