Advice on integrating

Printable View

5th November 2009, 08:23 AM
dwhyte85

Advice on integrating

Hello,

We currently have around 20 macs within the school.

At the moment the music Dept has 6 which are connected to the network but not AD, they can access shares through the computers but have opted for DropBox as it suits the HoD better.

We have 14 which are sat in an Art room, we've gone through the process of adding them to the domain with directory utility, creating some applescript to map SMB & link to the desktop and have let the kids logon.

Recently the 14 have become 'flakey', the binding to AD seems to be failing & generally it's acting up a bit - we don't have time to keep going around re-binding to AD - we need something that is going to be a proper solution. I have read about the XServ and i'm very willing to put this in but my question is how seamless can the integration be? Is it scalable? Is it easy to do when you've rtfm? Will this solve issues with AD auth?

I really do not want to have two sets of logins/credentials - i'd like it to be integrated to AD as the kids can barely remember the current details they have. Obviously cost is something I have to bite the bullet with, learning curve is another which i'm more than happy to address - but is this going to be a solution to the problems we're having?

Would love the opinion of a hardened Windows admin who has had to cross over :-)
11th November 2009, 09:26 AM
sidewinder

Even with an xserve, if you want them to log in with AD credentials, each machine still needs to be bound to AD as well as OD (though someone correct me if im wrong)
I assumed the same as you when I first set it all up.

So it probably wouldnt solve your problems. What version of OSX are the 14 running?
11th November 2009, 09:35 AM
3s-gtech

I find our Macs can be a bit flakey with AD authentication, but I have yet to sync them with our timeserver - they stray a bit, then Kerberos won't let them log on. I have to log on, change the time, then it works.
16th November 2009, 01:02 PM
Marci

One hardened windows admin here...

Syncing everything to a central timeserver is a necessity imo. If you don't do it then yes, you WILL have issues. We run our Windows PDC as a timeserver, and everything (Mac / PC / Unix / Linux) in the building syncs to it... and we have no issues at all with AD logins on the Macs.

The X-Serve has merely allowed us to lockdown OSX on the Mac clients (which we could've done with a Mac Mini). We don't use it for anything else really (so that was a bit of a waste o' cash) and it has no impact on AD authenticating etc. We can switch it off quite happily... everyone can still log on and access their networked home folders etc as they do with Windows.
16th November 2009, 01:13 PM
gybe78

Our 18 iMacs are integrated with AD using a 3rd party product called ADmitMAC which also allows you to lock down and manage your iMacs using the Apple Workgroup Manager Utility. Great for managing a small number of Macs without having the expense of an Apple server.

Ours have been extremely reliable.
16th November 2009, 01:22 PM
techie08

Quote:

Originally Posted by gybe78

Our 18 iMacs are integrated with AD using a 3rd party product called ADmitMAC which also allows you to lock down and manage your iMacs using the Apple Workgroup Manager Utility. Great for managing a small number of Macs without having the expense of an Apple server.

Ours have been extremely reliable.

Ours too!!!! and we have 50 imacs with xserver
16th November 2009, 02:29 PM
sted

with the schema modifications and downlaoding workgroup manager ive got it managed reasonably well set up i just have to use a mac to do the amc bits (i can live with that) and other than time its cost nothing im now just tweaking it. Just done a drive map script which seems tp work as long as i complie it on each mac as administrator

anyone know how to add my domain admin account to the macs local administrators group its not exactly vital but would be handy
16th November 2009, 02:55 PM
richardp

As previously said make sure everything is looking at the same time server. An Xserve is unlikely to solve your AD authentication problems. Have you checked DNS is working as it should ?

To add your domain admin account just go to the Directory Utility / Services / Active Directory / Show Advanced Options / Administrative - then tick the Allow administration by box and enter your domain admin details including the domain eg Edugeek\Administrators or Edugeek\domain admins

Richard
17th November 2009, 02:21 PM
steveo2000

We installed OS X Server into the school on a mac mini a while back and everything is working fantastic. However we did need up upgrade are macs to 10.5 for this to work well! PM me if you have any questions!