[unisog] MAC/PC Mixed Mode Envioronment

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Mon Jan 10 21:13:23 GMT 2005

We have a much smaller number of MAC users, and are > 99% PC based, but
here's what we do.

The university system has standardized on IP as the protocol of choice,
so we are actively phasing out the support of Appletalk.  

We are also using Windows AD as the master authentication database.  Our
experience is that the MAC users can connect to Windows file services
successfully with OSX.  One word of caution, we have run into problems
with earlier MACs that use restricted characters for file names (/) and
the like.  It makes it troublesome to share files between operating
systems, so we are using Windows or Linux for all of our services.  

Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Joe Little
Sent: Monday, January 10, 2005 11:54 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] MAC/PC Mixed Mode Envioronment

We are using MacOSX Server's Open Directory and Samba services with 
mixed success, and that is primarily due to the fact that we do not use 
ActiveDirectory as the backend authentication. I would definitely 
consider it in your configuration. Our issues mostly stem from the fact 
that we are more mixed environment, with a lot of Linux/UNIX systems.

There are also further AD-compatible services that can work with your 
scenario here:


On Jan 8, 2005, at 10:01 AM, Troy Gauthier wrote:

> We, as many other academic institutions, are currently looking into 
> the best
> practices for supporting a heterogeneous computing environment. We 
> have 75%
> PCs and 25% MACs. Currently they are al authenticated through our W2K3
> Server.
> I know that MAC OSX Panther has some built in features to allow for 
> Windows
> authentication and file sharing. How ever the access control is not as
> robust as I would like (giving only options for OWNER, GROUP, and 
> on each object). Although it is my understanding that this is 
> inherited from
> its UNIX backend.
> I would love to know if anyone has implemented or has a best practices

> for
> streamlining such an environment.
> 1.	Which Server solution should be used? Or should it be a
> W2K3/OSX Solution (since I'm pretty sure OSX can readily use MS Active
> Directory)
> 2.	Is there a common interface to manage the clients, perhaps a 3rd
> party solution?
> 3.	best practices to sucure and maintain both os's in such an
> environment.
> I know this is nothing new so that is why I am hoping a UNISOG 
> discussion on
> this can perhaps enlighten those of us that may be doing it the 
> complicated
> way.
> Cheers.
> Troy Gauthier
> Manager, Information Technology
> Museum of Anthropology
> University of British Columbia
> <winmail.dat>_______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list