Open Directory Active Directory users want to know Is there a method?

Help
Open Directory Active Directory users want to know Is there a method?
Or can I make the Active Directory users to share on the Open Directory.
My goal is to use our school Mac computers with SSO

If I understand your question correctly, using Active Directory with OSX, there are a few ways this can be accomplished.
One way is by joining each Mac directly to Active Directory. This doesn't take advantage of the additional managed preference available to OSX, but does allow AD users to authenticate on OSX. On each machine, one would open System Preferences > Accounts > Login Options > Click Join next to Network Account Server. Follow the prompts and provide the domain name of your Active Directory deployment to join the system.
Another method is to follow the steps above, but only after extending the Active Directory Schema to support the OSX-specific managed preferences. It's a mostly harmless operation and means that you'll have a single administration interface for both OSX and Windows systems. The AD Schema information is available from Apple Support, but may also be readily available on the Internet.
Because our Windows team preferred to not change our AD schema any more than we already had, we used a different method. We created an Open Directory Master on one of our OSX servers, then we joined it as a member server to Active Directory. Next, we join all of our OSX workstations and laptops as members to the Open Directory domain instead of to Active Directory.  This way, SSO still works.  New user accounts are added to Active Directory and all managed preferences for OSX can be managed through the native OSX Workgroup Manager tool.
I think there are some instructions in the User Management PDF (Mac OS X Server, User Management, Version 10.6 Snow Leopard) or in the Advanced Server Admin PDF (Mac OS X Server, Advanced Server Administration, Version 10.6 Snow Leopard) but not completely certain. This page might have the docs.

Similar Messages

  • Mountain Lion Open Directory Users PhotoShop Elements 6.0

    Under Mac 10.8.5 , Licensing works fine for local users, but it fail for Open Directory Users.
    specifically I'm trying to launch Adobe Photoshop Elements 6.
    none of my workstations are connected
    it worked just fine under Leopard and Snow Leopard.
    running disk utilities repair permissions did not help.
    running the License Repair tool from adobe did not help.
    deleting the FLEXnet Publisher
    and Preferences/FLEXnet Publisher
    and the
    Preferences/FLEXnet Publisher/FLEXnet did not help
    all of my open directory users are group 1028
    i have
    chgrp -R 1028 /Library/Application Support/Adobe/
    chgrp -R 1028 /Applications/Adobe*
    chmod 775 /Library/Application Support/Adobe/Elements Organizer/11.0/
    chmod 775 /Library/Application Support/Adobe/Adobe PCD/cache
    chmod 775 /Library/Application Support/Adobe/Adobe PCD
    chmod 775 /Library/Application Support/Adobe/SLStore/
    chmod 777 /Library/Application Support/Adobe/Premiere Elements/11.0/AMTInfo.txt
    many of the files in these directories have permissions 664.
    several of the files that are frequently accesses were already 664 before i looked at them.
    i have over 80 user workstations.
    Mountain Lion OSX 10.8.5
    MacPro workstations 2 3.06 GHz 6-core intel Xeon
    12 Gigs of Ram
    Note i also have Adobe Premiere 11.0 installed on the workstations.
    Adobe Premiere 11.0 works fine after all the ownership and permission issues are solved.

    Hi OpenDirectoryDude,
    Photoshop Elements 6 has not been tested and has compatibility issues with Mac 10.8.5

  • Authentication Delays / Slow Authentication for Open Directory Users

    I'm experiencing delays when authenticating Open Directory users and it absolutely has me at my wit's end.
    The problem is quite simple: any time an Open Directory user authenticates his password there is a delay of at least 5-10 seconds. This goes for clients that are bound to the directory server and also authenticating locally on the server. Here are some examples:
    * On the server, there is a several second delay on the Login Window screen when trying to log in using an Open Directory account. Logging in as a local user is instantaneous.
    * In Workgroup manager, authenticating as the Directory Administrator takes several seconds.
    * On a remote computer, sharing the screen using an Open Directory user take several seconds and again, a local user is instantaneous. Screen sharing takes particularly long and often temporarily shows a sheet saying it has lost the connection with the server while authenticating.
    * Connecting with AFP takes several seconds when using an Open Directory login
    * On a client computer, unlocking the screen after sleep or screen saver takes several seconds for Open Directory users
    * Connecting with SSH does NOT exhibit the behavior
    In addition to all of this, I've seen periodic random unexplainable freezes for several seconds on client computers that are bound to the directory even when logged in as a local user account (and with no other users logged in.) For example, launching applications often results in a freeze. After unbinding the computer from the directory the problem goes away entirely.
    The history of the problem:
    Used Tiger Server for over a year = no problems
    Clean install of Leopard Server 10.5.0 back in October = no problems
    Update to Leopard Server 10.5.1 = no problems
    Then, all of the sudden one day several weeks back I started having problems. The server had been up for a few weeks. I didn't install any updates. I didn't change any configuration. Literally the only thing that I had done recently was unplug the Apple Cinema Display and keyboard+mouse that was connected to the server. Then I started having problems so I plugged the display, keyboard and mouse back in to troubleshoot it. I cleared the directory services caches on my server and clients and rebooted the Airport Base Station that's serving as my router and eventually the problem went away. I wish I could tell you which of those things resolved the problem but I have no idea. It was fine for a couple more weeks (and incidentally I once again unplugged the display, keyboard and mouse from the server). Then last week I started having problems again and this time no amount of rebooting, cache clearing, rebinding, troubleshooting using information in these forums or anything else will fix the problem. I only mention the display/keyboard/mouse thing because it's literally the only thing I changed around the time the problems started happening. I truly don't think it has anything to do with it.
    So in desperation I backed up and did a clean install today. Here's the process I used:
    0. Erase the disk
    1. Install Leopard Server 10.5.0 from the install DVD
    2. In the setup assistant, use the Advanced Configuration option but I didn't enable any services. Set up network settings and host name of myserver.mydomain.private.
    3. Reboot
    4. Use Software Update to update to 10.5.1 and Security Update 2007-009 v1.1
    5. Reboot
    6. Configure DNS (see below for detailed configuration)
    7. Reboot
    8. Change role to Open Directory Master
    9. Reboot
    ... and the problem is still there. Simply logging into the server GUI with the Directory Administrator account has the delay. Authenticating in Workgroup Manager has the delay. I haven't even bothered to set up AFP or any other users yet. I'm truly at my wit's end and I'm ready to chuck the server out the window.
    I've done a lot of googling and searching of these forums looking for answers. All of the responses seem to point to a problem with DNS or with the Kerberos realm. I believe all of my setup is correct. Here it is:
    == Basic Configuration ==
    OS: Mac OS X Server 10.5.1 (9B18) with Security Update 2007-009 v.1.1
    Services Enabled:
    DNS
    Open Directory
    (All other services are not yet enabled)
    == DNS Setup ==
    Primary Zone: mydomain.private.
    Allows zone transfer: no
    Nameservers: ns.mydomain.private.
    myserver (Machine) 10.0.22.201
    ns (Alias) myserver.mydomain.private.
    Reverse Zone: 22.0.10.in-addr.arpa.
    10.0.22.201 (Reverse Mapping) myserver.mydomain.private.
    Accept recursive queries from the following networks:
    localnets
    Forwarder IP Addresses:
    208.67.222.222
    208.67.220.220
    == Open Directory Setup ==
    Role: Open Directory Master
    LDAP Search Base: dc=myserver,dc=mydomain,dc=private
    Kerberos Realm: myserver.mydomain.private
    == Network Configuration ==
    Configure: Manually
    IP Address: 10.0.22.201
    Subnet Mask: 255.255.255.0
    Router: 10.0.22.1
    DNS Server: 127.0.0.1
    Search Domains: mydomain.private
    == Other Stuff ==
    Using 'changeip -checkhostname' verifies that the hostname and DNS hostname are both myserver.mydomain.private.
    I set the realm to myserver.mydomain.private (though the default was myserver.local) based on the advice of another poster to this forum. Kerberos.app reveals something interesting: the kdc and admin servers are both myserver.local and the domains are .local and local. I tried changing all instances of 'local' to 'mydomain.private' to see if that would solve the problem. No luck.
    I verified on a client that 'host myserver' and 'host 10.0.22.201' return proper DNS and reverse DNS resolutions.
    Hopefully one of the gurus out there will be able to help me out.
    Thanks,
    jeff

    I gathered together some log information for when I try to authenticate user 'diradmin' in Workgroup Manager. You can see from the log messages that this authentication took 4 seconds. There's an interesting error message in slapd.log (see below) but it doesn't say what it's looking for in the keytab that it's not finding. Grr! I've provided a listing of the principles in my keytab. I haven't monkeyed around with it at all -- this is just what resulted from promoting the server to an Open Directory Master.
    == kdc.log ==
    Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
    Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
    Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
    Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
    Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
    Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
    Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
    Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
    == slapd.log ==
    Dec 30 18:21:48 myserver slapd[36]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
    Dec 30 18:21:52 myserver slapd[36]: SASL [conn=20] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
    == sudo klist -k ==
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Principal
    3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
    3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
    3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
    3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
    3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
    3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
    3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
    3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
    3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
    3 cifs/[email protected]
    3 cifs/[email protected]
    3 cifs/[email protected]
    3 ldap/[email protected]
    3 ldap/[email protected]
    3 ldap/[email protected]
    3 xgrid/[email protected]
    3 xgrid/[email protected]
    3 xgrid/[email protected]
    3 vpn/[email protected]
    3 vpn/[email protected]
    3 vpn/[email protected]
    3 ipp/[email protected]
    3 ipp/[email protected]
    3 ipp/[email protected]
    3 xmpp/[email protected]
    3 xmpp/[email protected]
    3 xmpp/[email protected]
    3 XMPP/[email protected]
    3 XMPP/[email protected]
    3 XMPP/[email protected]
    3 host/[email protected]
    3 host/[email protected]
    3 host/[email protected]
    3 smtp/[email protected]
    3 smtp/[email protected]
    3 smtp/[email protected]
    3 nfs/[email protected]
    3 nfs/[email protected]
    3 nfs/[email protected]
    3 http/[email protected]
    3 http/[email protected]
    3 http/[email protected]
    3 HTTP/[email protected]
    3 HTTP/[email protected]
    3 HTTP/[email protected]
    3 pop/[email protected]
    3 pop/[email protected]
    3 pop/[email protected]
    3 imap/[email protected]
    3 imap/[email protected]
    3 imap/[email protected]
    3 ftp/[email protected]
    3 ftp/[email protected]
    3 ftp/[email protected]
    3 afpserver/[email protected]
    3 afpserver/[email protected]
    3 afpserver/[email protected]

  • Cannot find bookmarks - open directory user

    We have LDAP v3 at our school. A teacher logged on to a different computer and her bookmarks were missing. Since she is an open directory user, I believe her books should follow her. We were trying to figure out where on a Mac the bookmarks are stored...and we could not figure it out.
    We see the profile where an internet search told us the bookmarks were -- but we could not see them. What specific folder are they in and what is the name of the file/folder that contains the bookmarks?

    The name of the file is '''places.sqlite'''.

  • How do I unbind a local user from an Open Directory user?

    I have a couple MacBook Pros running Leopard that successfully bound a local account to a corresponding Open Directory account using Directory Utility.
    I had to re-install Leopard Server (using Standard configuration) and re-create Open Directory accounts. Now these laptops are unable to bind to the new Open Directory accounts. They receive an error that the Open Directory user ID and password provided is incorrect. In addition the local user can no longer reset or change their password. I'm thinking this is because their local accounts are still bound to the old Open Directory accounts that no longer exist. Is there are way to unbind a local account in Leopard that has been bound to an Open Directory account via the Directory Utility.

    What account are you using to bind the machine? When binding you must authenticate using the OD admin login which is usually setup as diradmin or as the current client you are logged into the machine with, but this client needs to exist on the OD server.

  • Lion: All Open Directory users obliterated

    After a rough migration from SLS, I've been running Lion Server successfully for a couple of weeks now.  However, this morning I saw that the file sharing services were down.  When I brought the server up on the monitor, the Finder was frozen solid.  I had to do a hard restart, and once it came up, all the Open Directory users are gone.  Only local users remain.  When I attempt to open the LDAP directory in Workgroup Manager it throws up a -14006 error.
    I'm going to attempt to rebuild the machine from a backup last night, but I'm wondering if anyone has any (quicker) advice.
    I'm tempted to just try and copy /var/db/openldap from the backup image over to the server, but I'm afraid it'll simply explode.  Is there a better alternative?  I don't have a current backup archive of *just* the open directory stuff...

    Restoring from a backup image "fixed" it of course, but I'm still curious how to restore the open directory database from a mirrored partition (i.e. without the use of an explicite restore from an open directory backup)

  • I'm a Snow Leopard OS X 10.6.x user and am wanting to know if there is an Apple product for converting mpeg files to an iMovie usable format?

    I'm a Snow Leopard OS X 10.6.x user and am wanting to know if there is an Apple product for converting mpeg files to a format compatible with iMovie

    mpegStreamclip:
    http://www.squared5.com/svideo/mpeg-streamclip-mac.html

  • I have an otterbox for my iphone 4s. I have a  alpine 910 gps stereo and want to know if there are any docking units that hold my iphone while inside the otterbox case and can charging, and transferring data to the stereo?

    I have an otterbox case for my iphone 4s and want to know if there's a docking unit where i can sit my phone in with the case still on and with a usb connection it'sll charge and transfer data (music, video, etc, to my stereo unit (alpine 910 gps)

    Apple isnt here. this is a user based forum for technical questions. The solution is to restart, reset, and restore as new which is in the manual after that get it replaced for hard ware failure. if your within your one year warranty its replaced if it is out of the warranty then it is 199$

  • Hey, I'm doing some cross browser testing and i want to know Is there any difference between the behavior of Firefox in an operating system 64bit & operating system with 32bit. (like windows7/windows vista...)

    ''duplicate of https://support.mozilla.com/en-US/questions/905881''
    Hey, I'm doing some cross browser testing and i want to know Is there any difference between the behavior of Firefox in an operating system 64bit & operating system with 32bit. (like windows7/windows vista...)

    Hi Kossa,
    You can also check if the issue occurs in
    Clean Boot. If the issue disappears in the Clean Boot environment, you can continue to narrow down which entry is causing the issue.
    Besides, uninstall it and re-download
    a fresh copy of FireFox to check the result. If the issue still exists, create a new user account to see if it occurs.
    If the issue persists, you can contact Mozilla Support directly and use Internet Explorer (IE) during the time.
    J
    Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise,
    regarding this product's performance or reliability.
    Regards,
    Linda

  • Hey, I'm doing some cross browser testing and i want to know Is there any difference between the behavior of Firefox in an operating system 64bit & operating system with 32bit. (like windows7/windows vista...) Thanks,

    Hey, I'm doing some cross browser testing and i want to know Is there any difference between the behavior of Firefox in an operating system 64bit & operating system with 32bit. (like windows7/windows vista...) Thanks,

    Hi O_H_I_O,
    Have you got an error code ?
    Considering it is a brand new machine ,please update the machines .To get a better performance of the machines ,we should always keep it up to date .
    There is a possibility that the DVD/CD-ROm drives driver is old or has corrupted .Please open the device manager , update or reinstall the driver to have a check.
    Apart from this ,we can run the built-in tool to a diagnostic :
    Control Panel\All Control Panel Items\Troubleshooting\All Categories\Hardware and Devices
    We also can run the following fixit tool to have a check.
    Fix problems with CD or DVD drives that can’t read or write media
    http://support.microsoft.com/mats/cd_dvd_drive_problems
    Best regards

  • I have used the "description" spot in iPhoto for in-depth additional information for photos of my ancestors. Now I am wanting to know if there is a way to print the photos along with the descriptions; either photo by photo, or maybe more than one per page

    I have used the "description" spot in iPhoto for in-depth additional information for photos of my ancestors. Now I am wanting to know if there is a way to print the photos along with the descriptions; either photo by photo, or maybe more than one per page, or possibly in some sort of booklet format. Thank you very much.

    You can make a Book and have a photo on one side and your text description on the other.

  • Although I have been using Google Maps App in India for a while now (without any issues) but I still want to know if there are any plans for launching Turn by Turn Navigation under the OOTB Map App for iOS?

    Although I have been using Google Maps App in India for a while now (without any issues) but I still want to know if there are any plans for launching Turn by Turn Navigation under the OOTB Map App for iOS?
    It has been quite a while since Apple came up with Map App of their own and should be releasing improved maps with more capabilities in India.
    Cheers!
    Abhishek

    No one here can answer your question, as there is no one from Apple here, & no one here represents Apple or speaks for Apple.

  • My Iphone 4 has a cracked screen and has made it impossible for me to unlock my pin. I an giving the phone to a friend but want to know if there is a way I can ensure all my data is wiped off it before I do. Can anyone help?

    My Iphone 4 has a cracked screen and has made it impossible for me to unlock my pin. I an giving the phone to a friend but want to know if there is a way I can ensure all my data is wiped off it before I do. Can anyone help? I have upgraded to a iPhone 5 so Im not sure if the old one would have automatically wiped the old phone. I have lots of emails and messages I wouldnt want peo

    Have you synced this phone, with iTunes, while the passcode was enabled? If so, plug it in, iTunes running, & hit the Restore button on the Summary Pane. This will also erase the phone.
    However, if you have not synced, while the passcode was enabled, you will not be able to do this without first enereting the passcode. If that's the case, try recovery mode:
    http://support.apple.com/kb/HT1808

  • My Dads computer crashed and all my music was on there and my iPod. I want to know if there is anyway to transfer music from your iPod to laptop including music you didn't purchase off itunes

    My Dads computer crashed and all my music was on there and my iPod. I want to know if there is anyway to transfer music from your iPod to laptop including music you didn't purchase off itunes

    iTunes: How to move your music to a new computer

  • HT204088 A minor has charged alot of charges on my account. Was wanting to know if there is a way I can have them taken off?

    I have a lot of charges on my account. It was a minor that did it. Was wanting to know if there is a way I can get it taken off?

    Click here and ask the iTunes Store staff for a refund.
    (104722)

Maybe you are looking for

  • Crashes on Opening

    Got this warning & can't get into the program. I don't want to lose my sites that have not been published yet. Process: iWeb [294] Path: /Applications/iWeb.app/Contents/MacOS/iWeb Identifier: com.apple.iWeb Version: 3.0.2 (302) Build Info: iWeb-48900

  • Problem with HTTP load balancing

    Hello Experts I have a problem when i do loadbalancing for links like http://1.1.1.1/site/home where 1.1.1.1 is the VIP address (i got http not found), while it is working fine when the link is http://1.1.1.1, the link is working fine on the real ser

  • MultiThreaded compare and swap question.

    I'v got this assignment and I'm not sure which approach to take. I think I've got it right with my second try, but I was wondering if I could get some sort of verification or something. "Use Java monitors to implement the atomic Compare-And-Swap inst

  • IndDesign becomes unresponsive when I open a file, solutions?

    Every time I try to open InDesign CC it works but when I try to open any Indesign file it doesn't respond and freezes. I tried repairing the disk utility and all of the apps are up to date. Any solutions?

  • Has anyone put more than 8 languages on a single DVD?

    I've set up the 9th language stream on track 2. Is this how it's done with only 8 streams per track? Thanks, Brian