+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20
Mac Thread, OD integrated with AD with full Kerberos Support in Technical; Well how about that. Got in this morning and first thing i did was boot the imac that i was ...
  1. #16

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: OD integrated with AD with full Kerberos Support

    Well how about that. Got in this morning and first thing i did was boot the imac that i was working on last night before home-time (which was still not applying the managed prefs) and unbinded it from the OD. I then proceeded to remove the LDAP settings and deleted the account from the OD Master, since it had to be forcibly removed.

    I then just added the Client's LDAP setting back in, this time without binding and restarted the machine.

    It pulled the managed settings first time and all accounts were available.

    The machines at home aren't using Boot Camp either so there must be something else thats stopping it, but ther isn't any real need to be binded to the OD is there?

    I will test some computer preferences and see how they go.

    Many thanks for sticking with me through these mega-long posts ;-)

  2. #17

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: OD integrated with AD with full Kerberos Support

    Ii have tested the preferences with both machine and user accounts and they are applyiing nicely. This allows me to manage both sides of things even though the OS X clients are not binded to the OD domain (just pointing at it for authentication).

    I am still unsure what sort of repercussions that this will bring though. Will there be issues with Kerberos authentication, although i have moved the local home directory from the clients to the AD server that is hosting the home shares and the users are not being asked for authentication.

    I am just starting to configure and set up the mail service to authenticate the AD users but have run into an issue where the service is not authenticating the user whilst setting up the account in Mail, but the setting is not enabled in WGM. I have read the bit about SACLs in server admin, but at this moment in time its not making much sense. How does the OD server know that these accounts are able to access the maill server when it is not configured for each user in either the OD or the AD?

    If anyone has got this working could they give me a point in the right direction please?

    Many thanks.

  3. #18

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: OD integrated with AD with full Kerberos Support

    Hello All,

    Just an update on my mail issue.

    I have since found that the users in the AD have been addded to the com.apple.access_mail group when entered into the SACL for the mail service. The mail function has not been enabled however in the WGM though. Is it supposed to?

    I have tried to configure the mail client to access the service from the OS X side and cannot get it to accept the users id. I have checked the kerberos app and found that when it checks the mail server it then hands a ticket for the pop service or imap service depending on which one you choose, so the kerberos seems to be working but it still fails to login the user.

    The mail log states a line like badlogin: name of machine and ip address and the GSSAPI generic error.

    Is this an issue from the non-binding. I don't really wnat to mess up the client setup since it is working at the moment and i have yet to finalise some settings before i continue to re-build the domain.

    Just wondering if amyone has come across and resolved these issues?

    thanks

  4. #19

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: OD integrated with AD with full Kerberos Support

    Just to tidy up the thread. I have since managed to get the OS X clients to send and receive mail, i think by putting the OD Master in the contacts list.

    Clients using Outlook and Outlook express need to have clear text password enabled as they can not authenticate using Kerberos for pop3 or smtp.

  5. #20

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57

    Re: OD integrated with AD with full Kerberos Support

    Just to tidy up the thread. I have since managed to get the OS X clients to send and receive mail, i think by putting the OD Master in the contacts list.

    Clients using Outlook and Outlook express need to have clear text password enabled as they can not authenticate using Kerberos for pop3 or smtp.



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. OSX server ,AD & kerberos
    By pooley in forum Mac
    Replies: 3
    Last Post: 7th September 2007, 01:05 PM
  2. Group Policy / Kerberos problem
    By ajbritton in forum Windows
    Replies: 2
    Last Post: 25th March 2006, 07:18 PM
  3. WinInstall Full
    By ZeroHour in forum Windows
    Replies: 5
    Last Post: 20th January 2006, 12:53 PM
  4. Kerberos error - All policies disappeared
    By ajbritton in forum Windows
    Replies: 13
    Last Post: 2nd November 2005, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •