Mac OSX and Windows 2000 Active Directory

Kevin Brown plug-discuss@lists.plug.phoenix.az.us
Wed, 23 Oct 2002 22:30:41 -0700 

> Using samba to allow unix systems to authenticate against active directory.
> (I don't necessarily recommend doing this, but sometimes you have to do
> things
> you don't want to!)
> 
> http://online.securityfocus.com/infocus/1563

Thanks for the pointer.  None of the systems are in place as yet, so it may not
be too late to change the minds of my boss and others in the company.  I don't
think I can change their minds regarding the Outlook/Exchange combo, but they
were interested in hearing about Evolution and the Ximian connector.

> Mapping drives to windows shares with samba works exactly the same way
> with AD as it did under NT4. Some items to keep in mind.
> 
> 1: Samba does not support Windows Kerberos or NTLM V2. You have to support
> either lanman or NTLM authentication.
> (Windows will by default, but if you have aggressive security people they
> may have disabled them.)

The servers are still in the testing phase of development, so most of the
default settings are still in place.  I'm the security guy for the most part
since I have the most dealings with the employees from that standpoint.

> 2: Joining the windows domain will work as well, but the computer account
> must be created as pre-windows 2000 compatible.

Alright, time to go fish up the samba docs from the website to refresh my memory
on doing this and digging through the Win2k users gui to find the option for the
pre-2k setting.

> 3: You want to use (at least) the 2.2.x versions of Samba.

Mac OSX comes with 2.2.3a, so I guess this should work then :)

> For much more good info on this, go here:
> 
> http://www.google.com/search?q=samba+howto

OK.  Knowing that helps some.  The reason for using the AD to authenticate users
was to aide in centralization of logins.  This way a person could bounce from a
Windows XP desktop to a Mac OSX laptop and back without the logins having to be
maintained seperately.

> ----- Original Message -----
> From: "Kevin Brown" <kevin_brown@qwest.net>
> To: <plug-discuss@lists.plug.phoenix.az.us>
> Sent: Wednesday, October 23, 2002 7:41 PM
> Subject: Mac OSX and Windows 2000 Active Directory
> 
> > I recently obtained full-time employment and one of the tasks that I'm
> faced
> > with is getting Mac OSX to work with a Windows 2000 Active Directory
> Domain.
> > OSX ships with Samba 2.2.3a, which I believe allows it to be able to work
> with
> > the older NT4 domains.
> >
> > The biggest problem I'm looking at right now is getting the Mac to
> automount
> > shares from the AD servers when the user logs in and quite possibly using
> the AD
> > servers to authenticate the user in the first place.  I know I can get
> normal
> > Windows Shares statically mounted via fstab entries, but don't know about
> Win2k
> > AD domains/shares.
> >
> > Anyone have pointers to any docs about doing this?