Mac Thread, AD/OD Password and Keychain Syncronisation in Technical; We have 3 suites of Macs (Leopard) here all authenticating against active directory and I'm having problems keeping the Macs ...
20th January 2011, 02:12 PM #1
- Rep Power
AD/OD Password and Keychain Syncronisation
We have 3 suites of Macs (Leopard) here all authenticating against active directory and I'm having problems keeping the Macs keychains in sync with their AD counter-parts.
Normally if a user has forgotten their password we change it for them from the Windows server but when they log back into the Macs their keychain no longer matches. The main problem is Safari complaining which is starting to drive our Creative and Media students round the bend.
I've looked into the KeyChain Minder application and looks like it does the job but I'm a bit worried about how well the users will be able to use it.
Has anyone got any experience in using KeyChain Minder or another more transparent solution?
21st January 2011, 01:16 PM #2
From what I understand when a password on the Windows account has been changed, when you log into the Mac it brings up a dialog that tells you that it doesn't match the keychain and so gives you the option to update it.
Alternatively you could just trash their keychain when an account has had it's password reset.
11th March 2011, 08:58 PM #3
I've got the same problem here, I think the problem is that the keychain dialogue boxes that pop require far too much thought to work out what they mean. If you press the right buttons it isn't a problem, but it seems most people just press anything just to get to start working.
I think the easiest solution is to use a script to delete the keychains every night, but then you wreck it for everyone who does actually understand how to use it.
11th March 2011, 09:35 PM #4
Why use this? I have the default profile set so that when a new AD user logs in, it will copy the default profile and create a new keychain for the user. Login is only a few seconds, no difference from a local user except that it just needs to quick copy the default profile that I built.
How do you built your default profile? If you need a hand I have a Automator script that I built that runs through and does the needed copying, trashing of unneeded files, cache, keychain, repair permissions, and so on all in one click.
All I ever do is make the needed adjustments to the local user "default" that I have for building what I want the user to see then once I'm happy I logout to then run the script then that's it, make a copy and deploy.
When users go to login they get the new profile and so on.
Hmmm... may have stated more than I needed to in my response :-)
Let me know if you want to see the script.
Last edited by Carter; 11th March 2011 at 09:39 PM.
11th March 2011, 11:38 PM #5
Ok, so incase what I posted above may help out with your issue I decided to go ahead and update my document and post it up with the updated script. http://www.edugeek.net/forums/mac/72...-5-10-6-a.html
Hope this helps
Last Post: 22nd November 2010, 01:40 PM
By saplinpoo in forum Mac
Last Post: 21st April 2010, 03:47 PM
Last Post: 9th December 2008, 02:26 PM
By BKGarry in forum MIS Systems
Last Post: 24th October 2008, 06:47 PM
Last Post: 1st February 2008, 04:43 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)