[Nyuni]

Hey everyone -

I'm very interested in the capabilities of Panther Server to act as a Primary Domain Controller for Windows clients. I administer a network of about 50 systems currently on a Windows 2000 Active Directory Domain, and have been pushing upper management on the idea of replacing our backend with OS X Servers. Management is interested - I've shown them the numbers and how much sticking with Windows-based solutions is costing us in Windows Server seat and client access licenses. The unlimited-client license of OS X server bundled with XServe makes a compelling argument, since we're looking to expand our base of connected clients within the next year.

While I have loads of experience with MacOS X on the client side, I'm not so savvy when it comes to OS X Server. My question is this: If I set up one OS X Server box as a Primary Domain Controller for an NT Domain via Open Directory, is there a way to define a secondary OS X Server box as a backup for domain authentication if the first machine should go down for any reason? In reading through the documentation for OS X Server provided on Apple's website, it doesn't seem exactly clear to me. I'm hoping someone with experience can chime in.. redundancy and minimized downtime are the name of the game here, and I would like to continue to keep my reputation as the "Guy who always keeps the network running" if the OS X box acting as the PDC should go down...

[Scotttheking]

Are you familiar with the differences between Active Domain and NT4 style domains?
Samba 3, which is what OSX uses for it's Windows integration, uses NT4 style domains.
Also, how familiar in general are you at working with Samba? Although I've never used OS X Server, I think it's safe to say you'll be hitting the command line to do a fair amount of work.

As for backup domain controllers, I'm pretty sure Samba can't do that yet.

I am in the process of deploying a Linux machine running Samba to replace an old NT4 domain controller on a small network, and it's a fair bit of work. I'm happy to help you do it, but you really need to know what you are getting in to.

If you have any questions, feel free to ask.

--Scott

[Nyuni]

I'm familiar with the differences between Active Directory and NT4-style domains..

I've set up and deployed Samba within the organization already on Linux, so I'm fairly comfortable with it. From reading the 10.3 server documentation, it seems like setting up the PDC is simple enough. I'm not worried about actually getting that aspect of it running.. I figure between OS X's front-end and my own commandline Samba knowledge, I could get the job done. What I wonder is whether in the case of my PDC going down, if I would be able to push another machine into servicing the authentications. I know 10.3 has the new Open Directory LDAP underpinnings.. is it possible to keep an Open Directory database replicated between an Opern Directory master and a node machine? If that's the case, if my primary machine went down, I could just utilize Samba on the second to have it act as the PDC and service the logons. Does this sound feasible?

[kampl]

Apple Opensource Pages seems relevant if you're shooting for an all SAMBA serving environment.

More Apple Pages . This might be better actually now that I'm looking deeper.

[Nyuni]

Thanks, both of those links are perfect.. especially the second one which talks about binding to an LDAP database, since that's what I'll be doing with Open Directory.. seems like it should work out well. Thanks a lot!

[CatOne]

Originally posted by Nyuni:
Hey everyone -

I'm very interested in the capabilities of Panther Server to act as a Primary Domain Controller for Windows clients. I administer a network of about 50 systems currently on a Windows 2000 Active Directory Domain, and have been pushing upper management on the idea of replacing our backend with OS X Servers. Management is interested - I've shown them the numbers and how much sticking with Windows-based solutions is costing us in Windows Server seat and client access licenses. The unlimited-client license of OS X server bundled with XServe makes a compelling argument, since we're looking to expand our base of connected clients within the next year.

While I have loads of experience with MacOS X on the client side, I'm not so savvy when it comes to OS X Server. My question is this: If I set up one OS X Server box as a Primary Domain Controller for an NT Domain via Open Directory, is there a way to define a secondary OS X Server box as a backup for domain authentication if the first machine should go down for any reason? In reading through the documentation for OS X Server provided on Apple's website, it doesn't seem exactly clear to me. I'm hoping someone with experience can chime in.. redundancy and minimized downtime are the name of the game here, and I would like to continue to keep my reputation as the "Guy who always keeps the network running" if the OS X box acting as the PDC should go down...

Yes, you can do this. One of the options is "replica" or some such. I believe the second machine will act as a BDC if you set it up this way. Check www.apple.com/server/documentation -- the Windows Services guide, and the Open Directory Admin guide.

[thunderous_funker]

bump

Having spent the last 2 years constantly wrestling with an utterly unreliable and unpredicatable Active Directory system...

AND

the last 2 days completely recreating my Directory from scratch because the entire thing bombed (yes, every user, computer, share point, permission, etc for 60+ employees..)...

I am very very seriously considering moving towards an Active Directory alternative.

After reading up on Panther Server it sounds very compelling but I have no real world experience.

Anyone actually using OS X Server as a PDC? How is it?
Anyone using Home Directories or Roaming Profiles? How's performnace?
Is Sambe really ready for primetime or can I expect a lot of quirks and inconsistencies?

I love Win2K for file and print services but Active Directory is driving towards an early grave. Is OS X Server a real alternative or do should I be looking for a Novel eDirectory forum?

[CatOne]

Originally posted by thunderous_funker:
bump

Having spent the last 2 years constantly wrestling with an utterly unreliable and unpredicatable Active Directory system...

AND

the last 2 days completely recreating my Directory from scratch because the entire thing bombed (yes, every user, computer, share point, permission, etc for 60+ employees..)...

I am very very seriously considering moving towards an Active Directory alternative.

After reading up on Panther Server it sounds very compelling but I have no real world experience.

Anyone actually using OS X Server as a PDC? How is it?
Anyone using Home Directories or Roaming Profiles? How's performnace?
Is Sambe really ready for primetime or can I expect a lot of quirks and inconsistencies?

I love Win2K for file and print services but Active Directory is driving towards an early grave. Is OS X Server a real alternative or do should I be looking for a Novel eDirectory forum?

Samba 3.0 (in Panther) is pretty solid. It can do anything an NT 4.0 PDC can do -- it's not as functional as a full AD implementation.

It's certainly worth a try. I've set it up and tinkered a bit, though never tested it with 100's of users in a "production" environment.

[KappaBandit]

I am currently authenticating Win2K, Classic Mac OS, and Mac OS X all from a Mac OS X Server v.10.3.

Things run very smooth and the 10.3 Server admin tools are very nice. No need to go to the command line.

I am hosting a very small network but I have not run into any performance difficulties so suspect if it has any they would be with scaling.

In answer to an earlier question – you can have multiple Open Directory Masters on the same network but not multiple PDCs. In conjunction with that you can have fail over support dump all services from the primary OS X Server to a secondary. That is covered somewhere in the server documentation but I would need to look up just where.

Cheers,

The Bandit

[OreoCookie]

Originally posted by thunderous_funker:
bump

Having spent the last 2 years constantly wrestling with an utterly unreliable and unpredicatable Active Directory system...

AND

the last 2 days completely recreating my Directory from scratch because the entire thing bombed (yes, every user, computer, share point, permission, etc for 60+ employees..)...

I am very very seriously considering moving towards an Active Directory alternative.

After reading up on Panther Server it sounds very compelling but I have no real world experience.

Anyone actually using OS X Server as a PDC? How is it?
Anyone using Home Directories or Roaming Profiles? How's performnace?
Is Sambe really ready for primetime or can I expect a lot of quirks and inconsistencies?

I love Win2K for file and print services but Active Directory is driving towards an early grave. Is OS X Server a real alternative or do should I be looking for a Novel eDirectory forum?

It's free, so why don't you test it in a small environment of -- say -- 5 PC with your iBook/PowerBook as a server.

Tinker with it till you have a working config and show that to your boss. Samba 3 can be used as a full replacement for an NT4 Server. However, there is no AD support as it isn't an open standard. The guys have to do everything by reverse engineering.