Tieing leopard to an Active Directory Environment

jcode1 · 05-23-2008, 08:44 AM

Hi Guys,
I work in a mostly Windows world at my company. I am on a team that is in charge of installing X Serves with Leopard server and tieing them to Active Directory. Basically, we want to be able to have single sign on authentication against AD. I was just wondering if you can point me to some case studies or any documentation out there that will help in the matter. I am looking for best practices as well as solutions to probelms that arose while doing this.

Thank You for what ever help you can provide.

jcode1

yellow · 05-23-2008, 09:10 AM

It's quite easy, actually.

Make sure the servers are set up as stand alones. Make sure the server's FQDN works properly both forwards and backwards in DNS.

Open the Directory Utility and bind to AD. Then set up Open Directory in the Server Admin. Under Setting tab, change the role to "Connected to a Directory System" and click the Join Kerberos button.

Make sure kerberos is working via Terminal:

kinit username

Where username is a valid AD username. If you're prompted for a password and then the prompt comes back after entering it, you're authenticated via kerberos & AD.

Check /System/Library/CoreServices/Kerberos.app to see the ticket info.

jcode1 · 05-27-2008, 07:46 AM

Just wanted to thank you for the help!

yellow · 05-27-2008, 08:03 AM

No problem.

05-23-2008, 08:44 AM	#1
jcode1 Prospect Join Date: May 2008 Posts: 2	Tieing leopard to an Active Directory Environment Hi Guys, I work in a mostly Windows world at my company. I am on a team that is in charge of installing X Serves with Leopard server and tieing them to Active Directory. Basically, we want to be able to have single sign on authentication against AD. I was just wondering if you can point me to some case studies or any documentation out there that will help in the matter. I am looking for best practices as well as solutions to probelms that arose while doing this. Thank You for what ever help you can provide. jcode1

05-23-2008, 09:10 AM	#2
yellow Moderator Join Date: Jan 2002 Posts: 10,677	It's quite easy, actually. Make sure the servers are set up as stand alones. Make sure the server's FQDN works properly both forwards and backwards in DNS. Open the Directory Utility and bind to AD. Then set up Open Directory in the Server Admin. Under Setting tab, change the role to "Connected to a Directory System" and click the Join Kerberos button. Make sure kerberos is working via Terminal: kinit username Where username is a valid AD username. If you're prompted for a password and then the prompt comes back after entering it, you're authenticated via kerberos & AD. Check /System/Library/CoreServices/Kerberos.app to see the ticket info. Last edited by yellow; 05-23-2008 at 09:14 AM.

05-27-2008, 07:46 AM	#3
jcode1 Prospect Join Date: May 2008 Posts: 2	Thanks Just wanted to thank you for the help!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

05-27-2008, 08:03 AM	#4
yellow Moderator Join Date: Jan 2002 Posts: 10,677	No problem.