Apple MACs and Windows Domains with AD

[Andrew Yoward]

Folks,

Please forgive my ignorance, but your assistance is required and
greatly appreciated. I am currently working for the National Health
Service in Sunderland in the UK, we have a Windows domain running on
our network with AD and all the trimmings. The network runs on IP,
with DHCP and DNS etc. etc. One of our web developers requests that
the NHS trust buy him a PowerMAC and I have been tasked by the Head of
I.M. & T that I find out if it can connect to our network. So I come
to a series of questions that I hope you will be able to help me with:

1. Will the Mac be able to connect and authenticate to the network
using IP (supplied by DHCP) or will I have to enable AppleTalk? Will
my DDNS be ok with it?
2. Will the user be able to use his LAN account to log in to the Mac
and authenticate with the W2K servers/domain, or will he have to log
in to use services such as printers that hang off the W2K servers (I
am assuming that these services will be available)?
3. How will things like file access work e.g. home directories on the
W2K servers?
4. Will they have to be mapped manually, as I don't envisage login
scripts being able to run from the server?
5. Would I have to install Samba to facilitate the above?

There are probably questions that I have forgotten to raise, but I am
just looking for some assistance as someone who has never had the
pleasure of working on a Mac in any sort of network situation. I am
certainly looking forward to playing with one.

Your responses will be most appreciated.

Many Thanks,

Andrew Yoward
IT Manager, Sunderland Teaching Primary Care NHS Trust

 

[Paul W. Nelson]

You might be interested in ADmitMac from Thursby Software Systems:
http://www.thursby.com

1. Will the Mac be able to connect and authenticate to the network
using IP (supplied by DHCP) or will I have to enable AppleTalk? Will
my DDNS be ok with it?

Connecting with IP/DHCP/DNS is built into Mac OS X, so you don't need
anything special.

2. Will the user be able to use his LAN account to log in to the Mac
and authenticate with the W2K servers/domain, or will he have to log
in to use services such as printers that hang off the W2K servers (I
am assuming that these services will be available)?

ADmitMac provides the one time login in a simple way without modifying your
AD schema. Users log into the Macintosh desktop using their domain
credentials. Authentication is done using Kerberos. ADmitMac 1.1 supports
NTLMv2 as well.

3. How will things like file access work e.g. home directories on the
W2K servers?

ADmitMac allows you to use the home directory from the user's profile as
their Macintosh home directory. This keeps all their preferences and
documents on the server. It also gives you the option of keeping the user's
home directory on the Mac's hard disk. ADmitMac 1.1 will allow you to keep
the user's home directory on the hard disk, and automatically mount the home
directory from the profile on the desktop when the network is available.

ADmitMac 1.1 will support SMB signing in addition to NTLMv2 and Kerberized
CIFS/SMB client connections.

4. Will they have to be mapped manually, as I don't envisage login
scripts being able to run from the server?

ADmitMac has complete support for DFS. You can also create shortcuts for
any volumes the user might need and put them in their network home directory
(ADmitMac recognizes Windows shortcut files). You can also make Macintosh
aliases (like shortcut files) and put them in the users' local home folder.
These aliases will automatically mount a Windows share when they are opened
or double-clicked by the user.

5. Would I have to install Samba to facilitate the above?

You don't need to install Samba on new Macs, since it comes built in.
However, Samba's main strength is in sharing Macintosh files with PC users,
and it doesn't provide AD client support. ADmitMac 1.1 will provide file
and printer sharing support as well.

 

[William M. Smith]

You might be interested in ADmitMac from Thursby Software Systems:
http://www.thursby.com

Hi Andrew!

I've never had the opportunity to work with or test ADmitMac but I'm sure if
it's anything like Dave from Thursby, it's a great product.

I did want to point out that it is a commercial piece of software compared
to other solutions, which may require more setup and a deeper understanding
of network protocols such as LDAP. (Thursby does offer a trial version of
ADmitMac, so it's definitely worth looking into.)

For a one machine setup, ADmitMac may be your best solution, but if you'd
like free alternatives check out

http://www.macwindows.com and http://www.macosxlabs.org

Some solutions for authenticating Macs to AD require AD schema modification
and some don't. The more secure solutions typically do.

Mac OS X 10.3 (Panther) is Apple's next operating system release and is
slated to be released in less than two weeks. It will incorporate AD
connectivity as well. You'll most likely get it with your new Mac.

Hope this helps! bill