Magic Triangle, How?
I have been a Mac user for years now but have never touched Mac server before and we have just got a Mac Mini server to accompany some new iMacs. The stage I am at so far with the server is, I've plugged it in, clicked next a couple of times, got to the desktop, updated it. Where do I go from here to create a Magic Triangle setup?
Thanks for the help!
This is fairly well documented on here if you search. In basic terms (as you haven't told us which OS you are running):
In Server Admin, set the server to be "Connected to a Directory System". Join your AD domain. You then promote your server to be an Open Directory Master to provide directory / MCX info to your Mac clients.
On the client, you open Directory Utility, bind to your Active Directory domain, then enter the the path to your Open Directory Master in the search path, but do not bind. In the Search Path setting, your AD server will need to be first in line to allow authentication, with your OD Master second. Under the settings for AD you probably want to uncheck "Create local home on startup volume" if you want you users to have a network home directory (roaming profile). If your home directory server is Windows based (ie, not HFS+ format), iPhoto will not work....random info there.
This will allow you to authenticate against your AD, mount a home folder, and get preferences to lock down your Macs.
I appreciate my response is very vague, but if you can come back with some specifics we can help you out further.
Just one quick question, when Im setting up to be the Open Directory master do I change the Kerberos Realm to MYWINDOWSDOMAIN.local rather then SVR-MAC01.local? And do I change the LDAP Search Base to dc=mywindowsdomain,dc=local rather then dc=svr-mac01,dc=local? Thanks.
Originally Posted by iSteve
EDIT: I just tried this both ways and each time I get a spinning wheel at the bottom saying 'Creating Open Directory master' (see picture).
If I force close out of server admin because of the spinning wheel it does not create the 'diradmin' account, any help would be much appreciated!
The 'diradmin' user can also be created through the Server app (/Applications/Server.app). More info here.
Originally Posted by CallumCatterall
Hi, thanks for that. Is there any reason that it doesn't do it automatically? Also could you help me with my other question, about the Kerberos Realm and LDAP Search Base? Really appreciate your help!
Originally Posted by Arthur
Just an update, as I was doing this for testing in a VM I only gave it a single core, I added another one and tried again and it worked perfectly! Thanks for your help.
If you have an AD connection already in place for your mac server before you promote it to an OD master it should automatically kerberise the services using the AD Kerberos realm. At least that's what used to happen in 10.6
I haven't tried a magic triangle setup under 10.7 yet. But I assume the process is the same.
Hi, It was already bound to the AD domain before I setup the OD master, am I right in saying that it should be the same as the AD domain as now it is using the Mac server name in for the LDAP and Kerberos and it does work... Thanks!
Originally Posted by HodgeHi
If you list the services in terminal it will tell you which kerberos realm that they have been kerberised with. The command is:-
sudo klist -kt
It needs to be run on the server. Again I need to point out that I am doing this on a 10.6 server and assuming that the process is the same. Try at your own risk on a live server.