[unisog] MAC/PC Mixed Mode Envioronment
nigel at cofa.unsw.edu.au
Wed Jan 12 19:52:41 GMT 2005
On 09/01/2005, at 5:01 AM, Troy Gauthier wrote:
> 1. Which Server solution should be used? Or should it be a combination
> W2K3/OSX Solution (since I'm pretty sure OSX can readily use MS Active
I'm assuming you're wanting to use the same network users for your Mac
clients as you do for your Windows clients? with network home
You have a few options here.
You can have a 'pure' Active Directory setup, with your OS X clients
being connected to the Active Directory domain.
You can put an OS X Server box in, and get the best of both
environments, using Active Directory for your authentication, and using
the OS X Server box to add Mac-specific control over the Mac clients.
This would be my initial suggestion without getting more info about
You can put an OS X Server box in, and keep the Mac clients isolated
from the Windows network.
Mac OS X clients could either have their home directories on an SMB
server, or on an AFP server.
I wouldn't suggest using Services for Mac on the Windows box for home
directories. The version of AFP it uses will not be satisfactory for
your OS X clients.
If you're thinking of using AFP for home directories on a Windows box,
I would suggest investigating solutions such as Extreme Z-IP.
I run my OS X Open Directory Master as a PDC using Samba, and in all
honesty, I've had my share of problems with it. I wouldn't recommend
SMB home directories on an OS X Server, but there should be no need for
you to do this.
The integration features are quite good these days. Apple have worked
hard to try and make sure that they 'play well with others', as they
simply have to. You won't need to modify your AD setup at all if you're
running the current version of Mac OS X.
You can have your OS X Server box integrate to a Windows Kerberos setup
as well. This works quite well, with the OSXS box being able to grant
and accept tickets for your existing Kerberos infrastructure, whether
that be Windows or standard MIT Kerberos on a *nix.
> 2. Is there a common interface to manage the clients, perhaps a 3rd
> party solution?
> 3. best practices to sucure and maintain both os's in such an
I would have a look at http://www.macenterprise.org (formerly
MacOSXlabs.org) and join that mailing list.
There are a lot of people doing very similar things to this.
If you're worried about the limitations of a traditional Unix
'user/group/other' permissions setup, you may want to consider waiting
until OS X 10.4 comes out in the first half of this year. It will bring
ACLs to the platform, but really it is just a matter of changing the
way you think about permissions. You can do pretty much everything you
need with this kind of a permissions model, it just becomes a bit more
conceptually difficult if you're used to an ACL setup.
If you have the chance, I'd try and find out if Apple are running their
Directory Services training course anywhere near you. It would be well
worth sending someone along to this course, it is one of the best
training courses they have ever run.
The training materials alone will give you step by step recipes for
setting things in a way that I think you're looking for. I can think
of several examples in this material that would suit your situation.
if you have any more questions you want to ask off-list, please feel
free to email me.
Nigel Kersten Systems Administrator
College of Fine Arts, UNSW Sydney, Australia.
CRICOS Provider Code: 00098G
More information about the unisog