[MacTUG] FYI: Changes to our Active Directory and Macs...

Steve Hellyer phasetwo at apple.com
Wed Mar 31 10:16:43 EDT 2010 

Hi Erick,

While there seem to be agreement to not do this at this time. I am sure down the road this will be the way to go. Perhaps best after dust settles on integrating faculties into new central AD.

This white paper talk about how to add addition schema extension so Mac Lab Administrators can have policy control over clients.
http://images.apple.com/business/solutions/it/docs/Modifying_the_Active_Directory_Schema.pdf

Also Best practices on Mac connecting to AD.
http://images.apple.com/business/solutions/it/docs/Best_Practices_Active_Directory.pdf

Critical pieces I encounter...

-Mac OS X needs to point to AD server for NTP to keep clock in sync
-Mac OS X need to point to AD servers for DNS.
-AD DNS need to have both forward and reverse entries for all records
 
Specifically for Mac AD clients look for following to bind and discover directory system. (But with your domain) AD along with MS DNS service should create these automatically.
_ldap._tcp.mydomain.com
_kerberos._tcp.mydomain.com
_kpasswd._tcp.mydomain.com
_gc._tcp.mydomain.com

If you have firewall running make sure your not blocking ports the Mac use to talk to AD server. Mac OS X doesn't actually talk to AD using MS AD protocols rather they rely on the LDAP AD provides plus Kerberos.

389	TCP	Lightweight Directory Access Protocol (LDAP) 
636	TCP	Secure LDAP (SSL)
88	TCP	Kerberos
749	TCP/UDP	Kerberos 5 admin/changepw

Hope this helps and look forward to help where I can.

Steve

On 2010-03-30, at 12:09 PM, Erick Engelke wrote:

> 
> On Tue, 30 Mar 2010, Matthew Oliver wrote:
> 
>> I'd love to be involved in testing the new AD.
>> I should be able to make a couple client machines available to test on.
>> 
> 
> Sure Mathew.  I'll let you know when we actually have something to test.
> 
> Erick
> _______________________________________________
> MacTUG mailing list
> MacTUG at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/mactug

-------------------------------------------------------
Steve Hellyer
Pre-Sales Systems Engineer
Education Division (Higher Education)
Apple Canada Inc.
7495 Birchmount Rd.
Markham, Ontario, Canada
L3R 5G2

PH: (905)513-5647
Mailto: phasetwo at apple.com

Training Websites
http://training.apple.com/
http://www.witzapplecertifiedtraining.com/

AppleCare Online Support
http://www.apple.com/ca/support/

AppleCare Technical Phone Support
tel:1-800-263-3394  (basic up and running support for individual consumers)

AppleCare Enterprise Level Support
http://www.apple.com/ca/support/products/macosxserver_sw_supt.html

AppleCare Service Locations (Canada)
http://www.apple.ca/buy/locator/
Select Service Locations from pull down menu

More information about the MacTUG mailing list