+ Post New Thread
Results 1 to 9 of 9
Mac Thread, Magic Triangle, How? in Technical; Hi, I have been a Mac user for years now but have never touched Mac server before and we have ...
  1. #1
    CallumCatterall's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    45
    Thank Post
    10
    Thanked 12 Times in 3 Posts
    Rep Power
    9

    Question Magic Triangle, How?

    Hi,

    I have been a Mac user for years now but have never touched Mac server before and we have just got a Mac Mini server to accompany some new iMacs. The stage I am at so far with the server is, I've plugged it in, clicked next a couple of times, got to the desktop, updated it. Where do I go from here to create a Magic Triangle setup?

    Thanks for the help!
    Last edited by CallumCatterall; 24th February 2012 at 06:18 AM.

  2. #2

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    23
    This is fairly well documented on here if you search. In basic terms (as you haven't told us which OS you are running):

    In Server Admin, set the server to be "Connected to a Directory System". Join your AD domain. You then promote your server to be an Open Directory Master to provide directory / MCX info to your Mac clients.

    On the client, you open Directory Utility, bind to your Active Directory domain, then enter the the path to your Open Directory Master in the search path, but do not bind. In the Search Path setting, your AD server will need to be first in line to allow authentication, with your OD Master second. Under the settings for AD you probably want to uncheck "Create local home on startup volume" if you want you users to have a network home directory (roaming profile). If your home directory server is Windows based (ie, not HFS+ format), iPhoto will not work....random info there.

    This will allow you to authenticate against your AD, mount a home folder, and get preferences to lock down your Macs.

    I appreciate my response is very vague, but if you can come back with some specifics we can help you out further.

  3. 2 Thanks to iSteve:

    CallumCatterall (24th February 2012), speckytecky (24th February 2012)

  4. #3
    CallumCatterall's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    45
    Thank Post
    10
    Thanked 12 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by iSteve View Post
    This is fairly well documented on here if you search. In basic terms (as you haven't told us which OS you are running):...
    Just one quick question, when Im setting up to be the Open Directory master do I change the Kerberos Realm to MYWINDOWSDOMAIN.local rather then SVR-MAC01.local? And do I change the LDAP Search Base to dc=mywindowsdomain,dc=local rather then dc=svr-mac01,dc=local? Thanks.

    EDIT: I just tried this both ways and each time I get a spinning wheel at the bottom saying 'Creating Open Directory master' (see picture).

    Screen Shot 2012-02-25 at 21.48.41.png

    If I force close out of server admin because of the spinning wheel it does not create the 'diradmin' account, any help would be much appreciated!
    Last edited by CallumCatterall; 26th February 2012 at 03:37 AM.

  5. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,773
    Thank Post
    262
    Thanked 2,963 Times in 2,178 Posts
    Rep Power
    838
    Quote Originally Posted by CallumCatterall View Post
    If I close out of server admin it does not create the 'diradmin' account, any help would be much appreciated!
    The 'diradmin' user can also be created through the Server app (/Applications/Server.app). More info here.





  6. #5
    CallumCatterall's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    45
    Thank Post
    10
    Thanked 12 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by Arthur View Post
    The 'diradmin' user can also be created through the Server app (/Applications/Server.app). More info here....
    Hi, thanks for that. Is there any reason that it doesn't do it automatically? Also could you help me with my other question, about the Kerberos Realm and LDAP Search Base? Really appreciate your help!

  7. #6
    CallumCatterall's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    45
    Thank Post
    10
    Thanked 12 Times in 3 Posts
    Rep Power
    9
    Just an update, as I was doing this for testing in a VM I only gave it a single core, I added another one and tried again and it worked perfectly! Thanks for your help.

  8. #7

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    If you have an AD connection already in place for your mac server before you promote it to an OD master it should automatically kerberise the services using the AD Kerberos realm. At least that's what used to happen in 10.6

    I haven't tried a magic triangle setup under 10.7 yet. But I assume the process is the same.

  9. #8
    CallumCatterall's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    45
    Thank Post
    10
    Thanked 12 Times in 3 Posts
    Rep Power
    9
    Quote Originally Posted by HodgeHi View Post
    If you have an AD connection already in place for your mac server before you promote it to an OD master...
    Hi, It was already bound to the AD domain before I setup the OD master, am I right in saying that it should be the same as the AD domain as now it is using the Mac server name in for the LDAP and Kerberos and it does work... Thanks!

  10. #9

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    If you list the services in terminal it will tell you which kerberos realm that they have been kerberised with. The command is:-

    sudo klist -kt

    It needs to be run on the server. Again I need to point out that I am doing this on a 10.6 server and assuming that the process is the same. Try at your own risk on a live server.



SHARE:
+ Post New Thread

Similar Threads

  1. Magic Triangle User Area
    By LinkZ in forum Mac
    Replies: 1
    Last Post: 24th January 2012, 01:58 PM
  2. Magic triangle, kerberos minor query
    By Greenbeast in forum Mac
    Replies: 3
    Last Post: 19th September 2011, 11:41 AM
  3. Magic Triangle Permissions
    By danselvey in forum Mac
    Replies: 17
    Last Post: 28th March 2011, 04:42 AM
  4. Replies: 0
    Last Post: 6th November 2010, 08:53 PM
  5. The "Magic Triangle"
    By stig in forum Mac
    Replies: 0
    Last Post: 1st October 2009, 03:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •