Antp (5th October 2008)
It's definitely possible, but depending on the versions of Mac OS X involved it carries a variety of issues (every time Apple release an update, it seems to fix some things, and break others!).
We've setup a combined Apple/Windows network over the summer in the following way (just a summary here, as it took a long time to get the details right, and I don't have the info to hand):
Step 1: Install and get the Windows side working first (DCs, home folders for users etc.)
Step 2: Install Mac OS X Server (we used 10.5.4, but 10.4 could also work)
Step 3: Bind the Mac OS X Server to the Active Directory network
Step 4: Create a Mac OS X Open Directory Master on the Mac server
Step 5: Install and configure Mac clients as required with all software (imaging if needed)
Step 6: Bind the Mac clients to both Active Directory and the Mac Open Directory (preferably use different names for each)
Step 7: Create groups on the Mac server that contain groups from the Active Directory (that way you can manage Mac user settings)
Step 8: Spend a lot of time battling with the bugs in Mac OS X Server that get in the way (such as it not actually sharing printers when you tell it to do so!)
We've finally ended up with it setup that all users authenticate against the Windows Active Directory, have a single home-folder whether they logon to the Macs or PCs. The Mac server is only used for managing the preferences and sharing printers - there's no files stored on it.
Forgot to say that there is *in theory* a way to set this up without using a Mac server at all - it involves modifying the Active Directory Schema. However, it's a very complicated procedure, and the person I know who's tried it (DMcCoy) has I think given up! It also runs the very real risk of destroying your Active Directory in the process...
Last edited by SteveMC; 5th October 2008 at 07:05 PM. Reason: Schema modifying warning
Antp (5th October 2008)
Sounds like youve got it down to a tee, you couldnt give me some more in-depth info when you have some spare time?
i Have just finished (ish) my AD - OD integration. I used the Ad-OD integration doc for some of it although i modified my setup slightly.
AD-OD integration Doc
What i have currently is an Xserve running 10.5.5 with a suite of iMacs runnign client 10.5.5 They authenticate against the AD for users and get their managed prefs from the OD. The iMacs are boot camped whihc means they run both Xp and OS X. Because of this i wanted a better solution to the problem of Macs not being able to update their DNS records. So i manually created the DHCP reservations and then manually created the DNS entries. This made it eaasy to manage the OS X side. This can all be automated during the imaging process using Net-restore and a flat file DB if you specify manual IP with DHCP setting.
I scripted the build of my DHCP reservations using netsh and ARD to get the ethernet addresses.
I have set the group policies on the AD server to redirect the my docs to the docs folder in the OS X home dir which resides on the AFP share that the clients access over AFp for AD users (set in the Directory Util). I have configured mail on the OS X server for AD users which is easy and i have a fully kerberised system for both OS X and AD users which is now easy to get thanks to the way Leopard 10.5.5 deals with this issue (about the only thing it does well). I have a mail server set up for pupils and this can send and receive mail to staff but cannot send mail out. I have also created an auto mail bundle that creates the mail account for users when they type their email and password.
I am currently now in the process of trying to get the ical service working for AD users. I have beeb having a bit of an issue with this. I have managed to get this working at home with the use of augmented records and hope to re-create this success tomorrow.
The kids have really gotten to grips with using both systems in school and have even started to ask the question before the beginning of the lesson "is it mac or windows miss?"
We are a primary school.
I feel i have managed to get a reasonably stable system set up and fully functional at the moment (don't get any thanks though) and i am happy with the way it has turned out.
Oh, and i don't have a single apple or ms cert to my name
I won't go into the whole 'only 5 - 7% of the market' thing though, as the fact that schools are supposed to teach a range of transferable skills and not the market leader only speaks for itself.
I am happy to come and help you get it all sorted ... your school can approach me directly and I only charge £200 an hour (minimum of 2 days).
Now ... let's get back to the reality of this post. Please state the nature of your role within your school. Are you a student, a teacher, admin/support staff or technical support? The answer to your question varies on your role.
..you don't see Windows admins listing their certs? Perhaps not on this good forum, but there are some
Anyway- reality time. Integration should be planned. It's perhaps not as easy as some make it appear (and that's no doubt because they are good administrators), but neither is it as hard as some responses have made it sound.
I think Tony has a point though- we can only really help if we know what your role is in your current post.
Even so, if you need help with integration and you are the mover and shaker of your school network I am more than willing to help.
As I've mentioned in the past in various versions of 10.4 and 10.5 some things just are broken, and this is usually confirmed by finding a well hidden KB on apples site explaining that it's broken but they really don't care.
You can't just install 10.5 server, secure, configure and then bind clients to AD/OD and have them work.
Printing is broken and requires manual fixing, SSL for OD is broken and requires manual fixing. The next issue is reliability, join OD/AD and want it to apply the OD preferences each and every boot? Well that's going to take a lot of debugging even on a freshly installed machine.
The secret is that Macs hide as many errors as possible in the system.log making it difficult to find them. So this can give the illusion that everything is working perfectly, while things actually aren't.
I particularly want to squash the fact that it's related to the administrators experience comfort or skill with OS X, because every minor version of OS X has different flaws.
Want to get password changes working correctly (as opposed to when it feels like it) on 10.4.9? Well you can't, no matter how many years experience you have because the AD plugin is broken.
Remember that XP has 4 major revisions XP,SP1,SP2,SP3
In that time OS X has had 49 (10.0.0 -> 10.5.5)
We have had macs and PCs running on the same network and AD for about 5+ years now. I would recommend it as it is great as an administrator to learn about both. And of course the students get more out of it.
However, there are still some teaching staff who whinge and say we should never of gone with macs (mainly because of the costs) but lets face it... teaching staff are an odd breed!
Antp (9th October 2008)
And as the song goes "God didn't make those little green apples" I feel there is good and bad areas but hopefully this will be bridged when Jobs and Microsoft with Intel join forces and OSX and Windows will be fully interoperable even though they have different O/Ss and used to the benefit of all.
P.S. Just get me rose tinted glasses hehe!
im a student nand
think that our school really needs macs for our media studies and art departments, and as they dual boot and you can get mac minis for £400 (ish)
i think it'd bbe great.
also id like to learn a bit more about the server side of macs.
im 90% sure they would get a few mac minis if i could convinve them that it is fairly easy to integrate them into the current network, also both the head of art and media studies agree that we need macs.
Last edited by Antp; 9th October 2008 at 02:19 PM.
What are the learning aims for the students? How will this be affected by the change in hardware/software? Planned for the increased backup sizes? Multiple home folders or potential directory modifications?
Sure, just one or two joined to AD is usually fine. Want to start managing a room and it starts to become disproportionate in the amount of time needed to support.
I realise that you believe, probably quite rightly, that adding Macs to your schools network would be beneficial to students, especially with Art and Media Studies. These are both subjects that macs lend themselves to very well. However, your IT dept. may well have genuine concerns regarding introducing Macs to the network.
Your IT dept. may not have the skillset to support macs, and to introduce them would take a lot of time on their part, diverting attention from other issues in the school. There is also the issue of staff and student training. This again needs proper planning and consultation with key members of staff, else the whole project is doomed to fail.
You say that you would like to learn more about the Mac server side. Although very admirable, as a student, the school would need to consider how, if at all, you would be able to assist. There is the issue of giving a priveledged login to a student, as well as possible liability issues surrounding loss of data etc (I'm not certain on this, so someone more knowedgable may be able to tell us more).
Maybe an acceptable solution that you could put forward to your teachers would be the purchase of a couple of mac mini's, which as you state, is fairly inexpensive, as a trial. These could be run as stand-alone machines, and access controlled using parental controls. Students could move work between them using memory sticks. This would greatly lessen the impact on the IT staff and allow teaching staff to see how well they fit into their lessons. It may also make converts of your IT staff too!
I'm not saying that adding Macs to an Active Directory environment is bad, just that it needs to be properly thought out, planned and managed. At our school, we have quite a few Macs, and apart from a few quirks (like all OS's), they work well. I use a mac for most of my work, including remote server admin. That said, we have a Systems Manager that is very clued up, and specialises on Macs.
Hope this helps
Mac mini's are apples budget internet PC, they are not designed or speced for working with media. Their graphics chips put any serious video editting out the window for a start. You will need to stick another 1gb ram onto the base model as 1gb of ram is just enough for any GUI OS at present, never mind at the end of their 3-5 year life. And you will need to purchase iLife seperately (im assuming this app is the main reason for you wanting macs). And you seem to have forgot that you need a monitor to use a computer, so thats another £400 if you buy from apple. (obviously you could buy monitors seperately and reduce costs by £300, but even then it is still double the price we pay for far higher speced PCs)
Total cost per PC = £900+ and thats before youve taken out a 3 year warrenty (afaik iMacs are better value for money, yet still not good, so if you are serious about making a case id look at iMacs rather than mini's)
There are serious cases for macs, being "cool" isnt one of them
Last edited by j17sparky; 9th October 2008 at 10:52 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)