[jwblase]

I've been hunting around for several days, but can't seem to find a definitive answer to this, so if you know, tell me, or show me where I can find it, PLEASE!!!!

I have a lone mac (an old beige G3 I found in a closet at work) that now has 10.2.8 up and running beautifully! However, I want to find a way to have it so that when anyone logs in, they can use their windows logins directly from the network.

Is this possible? Where do I find the answer? Arrrggghhhhh!!!!!

JB

[CharlesS]

Originally posted by jwblase:
I've been hunting around for several days, but can't seem to find a definitive answer to this, so if you know, tell me, or show me where I can find it, PLEASE!!!!

I have a lone mac (an old beige G3 I found in a closet at work) that now has 10.2.8 up and running beautifully! However, I want to find a way to have it so that when anyone logs in, they can use their windows logins directly from the network.

Is this possible? Where do I find the answer? Arrrggghhhhh!!!!!

JB

/Applications/Utilities/Directory Access

Turn on Active Directory (which is what Windows uses for network logins).

[Macola]

If you are logging into a domain (NT or Win2K) then the best solution is DAVE. You can download a demo.

If not, you'll probably have to check with your sysadmin to see what kind of services are running on your Win server.

[SMacTech]

You don't need DAVE, although it works great. If you are dealing with cross-platform files then just use SMB or if SFM (service for macintosh) is enabled, you can connect using that.
Select Connect to Server in the Finder, enter in smb://username@theserverIPaddress enter your password and pick the share you want.

[CharlesS]

I think he wants network login, not file sharing.

Shouldn't Directory Access be able to activate this?

[SMacTech]

I was referring to a network log on using SMB. Directory Access only needs SMB to be selected to browse using the Network icon. You can still connect to an SMB share without having SMB enabled in DA.

[jwblase]

Charles is right... I want to logon to the mac using the Windows login info. ADmitMac works great, but I understand that I should be able to configure Jaguar to do it anyway. I just don't know how.

Panther has the Active Directory plugin for Directory Access. Can I move that to a Jag computer and have it work, or is there something else I have to do?

JB

[CharlesS]

Originally posted by jwblase:
Charles is right... I want to logon to the mac using the Windows login info. ADmitMac works great, but I understand that I should be able to configure Jaguar to do it anyway. I just don't know how.

Panther has the Active Directory plugin for Directory Access. Can I move that to a Jag computer and have it work, or is there something else I have to do?

JB

Hmm, after checking, you do appear to be right - the plugins for Active Directory do not seem to be present in Jaguar. I suppose you could try coping the plug-ins from Panther over, but I don't think I'd really recommend doing so. The plug-ins may be written for 10.3 or for the 10.3 version of DirectoryService specifically, so who knows if that would muck DirectoryService up enough that you won't be able to log in anymore. If you want to try it, I suppose there's no harm as long as you know how to remove the plugins in single-user mode if need be. There appear to be two plug-ins, one in the DirectoryService framework and one in the Directory Access app bundle.

I think it would be far easier just to upgrade the machines to Panther, though...

[bartman00]

I'm working on intigrating some G5's at a library I work at. I've learned a ton about AD intigration and osX lately.

First, is your company running 2000 or 2003. If your running 2003 you'll have to turn off a security setting they made manditory between the reliece of 2000 and 2003

You'll want to upgrade to 10.3.3

To make it a bit easier create a computer account for the mac in the windows domain first. Then use the AD plugin from Directory access to "bind" the mac to the domain. Then go back to the Directory access main page. Hit the Authentication tab, then, custom and select your newly created AD authenitcation.

You should now be able to log in using your windows account. If you have home folders set up on the windows server you'll see the mount when you log in..

New in the 10.3.3 upgrade is a way to force osX to actually store your home folders on the windows box insted of just mounting a share!!!

At the terminal run dsconfiguread set teh tags -mountstyle SMB and -localhome DISABLE

When you log in you'll notice that your user profile is actually being stored on the windows server! Remember.. you have to have roaming profiles set up on the windows server first.

Bart

[jwblase]

Bart: Thanks for the info. Here's the setup as I can figure it:

1) My network admin would kill me if she knew I hooked up a Mac to her precious Windows 2000/NT4 network. (She actually freaked out about someone buying new computers and having XP on them).

2) We're running 2000, but not with roaming profiles. (Dumb, I know). Each time we login, the system creates a new local version of the home folder on each and every computer. Don't ask me, I only work here.

3) I've got the system up and running using a trial of ADmitMac, but I don't want to have to cough up $119 to keep logging into the system properly.

Here's my question: Can Directory Access authenticate to the non-Active Directory setup? Can it authenticate to the NT/2000 network?

Off to class for now Thanks.

JB

[bartman00]

A windows 2k server is AD.. and if you don't have roaming profiles then all you'll have to do is install 10.3 and use the Directory Access plugin. Don't buy macadmit when you can use that cash to buy the 10.3 update.

Bart

[CharlesS]

Originally posted by jwblase:
Bart: Thanks for the info. Here's the setup as I can figure it:

1) My network admin would kill me if she knew I hooked up a Mac to her precious Windows 2000/NT4 network. (She actually freaked out about someone buying new computers and having XP on them).

God, I hate those.

Good luck...

[jwblase]

Bart: I was under the impression that Active Directory was only used in Win2003 server. I didn't know that it wasn't used for NT/2k.

That sure makes understanding what's going on much easier.

JB

[bartman00]

You shouldn't lump NT and 2k together like that. They are the ones that are TOTALLY diffrent. 2k is when AD was introduced. 2003 and 2000 are a lot alike. I'm not totally sure what even changed in 2003, I don't use any of the new features.

Your admin needs to be let go. The ones like that are only scared of stuff because they them self don't really know anything and are to lazy to find out. There is something inherently wrong with a tech person who is scared of change! I meen christ.. that's what tech is about.

Bart

[jwblase]

Actually, our IT admin should be let go because she "didn't know how to hook up the backup drives" when we lost 4 months worth of attendance and grade data (That's a direct quote from her).

And, this year she somehow wiped all of our exchange server data, including our superintendent's calendar, email, and contact info. Oops.

I had always thought that 2k was just a renaming and minor upgrade from NT4, and that 2003 was the major upgrade. Guess I was backwards!

JB

[Spheric Harlot]

Originally posted by bartman00:
You'll want to upgrade to 10.3.3

...which isn't supported on a beige G3 (I don't think it will even install without XPostFacto).

-s*

[bartmanbanned]

Oh... I thought he said a B&W.. no matter. Let's get real.

1 That thing is dog slow
2 It's not like you're going to be using it for any real work related stuff
3 you'll have to spend some cash to get it working
4 your IT admin will flip if she finds out, is it really worth her bitching to the boss about you even if she is bat **** crazy

Just give it up man. You can do it with LDAP but I have yet to be able to and with the AD plugin I stopped trying.

Bart

[jwblase]

Actually, it's now in my classroom, and runs Office v.X just fine.

I've got the upgrade disks (from my G5), and will be upgrading on the Beige G3 soon enough. In the meantime, I got my B/W G3 up and running, and will be putting that one up too. Lucky for me, I'm at home to set it up, and already have panther installed

Is the AD forest just the domain name that we're logging into? Just checking.

JB

[mitchell_pgh]

Well, I respect sys admins that know what they are talking about, and are willing to try things, but I also respect admins that try to keep their network locked down.

It's a fine line...

Most poor admins that I know usually don't feel like putting in the extra time to do ANYTHING... It's VERY frustrating!

[mitchell_pgh]

P.S. You do know the beige G3s won't run Panther don't you? (I think there is a way around it, but you know...)

[jwblase]

I can use XPostFacto to install on the Beige.

Personally, it seems as if our admin doesn't really know what she's doing, (given the huge mistakes she's made in the past 3 years), and doesn't want to bother to do anything different whatsoever. Even if it means the district spending three times as much $$ on less effective solutions.

JB

[bartman00]

you're not going to be able to bind the mac to the domain with out the help of an admin. You need to have a computer account created for the mac in the windows domain, then again enter the admin credentials on the pc when you bind it.

Bart

[jwblase]

New info found out:

My domain here at school is still running an NT domain.

I can login and do everything I want using the trial version of ADmitMac in Jaguar, but can't seem to find a way to do the same thing in Panther. The Active Directory plugin doesn't seem to keep the settings that I type in. I'm assuming that's because it can't find any AD info on the network.

I entered the workgroup info in the SMB plugin for Directory Access, and I can see all the shares just fine.

Now: Is there a way to use Panther to login to the NT domain from the Login Window? If so, how can I configure it? I've been putzing around with it for awhile, but can't seem to make things stick.

JB

[Raining Down in Texas]

Here's the third of a three article set describing Active Directory integration for OS X. There are links to the first two parts in the introductory text. Maybe this will help.

[jwblase]

Just an update:

1) I have both machines running Panther 10.3.3 with all updates. XPostFacto worked like a charm on the Beige G3, and it's running better than ever!

2) Using the Active Directory plugin for Directory Access seems to be working fine until I get to one stage: The binding. After reading up on the subject, it seems that 10.3.3 introduced a bug in AD that doesn't let the Mac create a new computer and bind to it correctly on the AD server. The Mac can create the computer, but can't seem to bind to it because of "insufficient privileges". This privilege problem seems to be caused by a problem with the AD plugin not recognizing the AD users and groups and/or not applying them properly.

It seems to be a problem that Apple will hopefully work out before 10.4. I don't want to have to go through this all before!

If anyone has a solution to the 10.3.3 Active Directory problem, let me know so I can test ASAP!

JB

[CharlesS]

Hmm, if you've got permissions problems, have you tried running Repair Permissions in Disk Utility?

[jwblase]

It's not an OS permissions problems... it's a login to Active Directory permissions problems. There's a bug in the 10.3.3 Active Directory Plugin (See MacWindows for more full descriptions of the problem.)

It seems that Apple's update did something icky to the AD login.

I really hope they get it fixed soon, because it's the only thing holding up the integration of these two macs to the network!

JB