[UniMacTech] Active Directory / Open Directory & Kerberos

Patrick Tehvand patrick at tehvand.com
Thu Sep 11 15:47:46 EST 2008 

HI Matt,

You may have to enable single sign on for those services to kerberize  
them with the AD kerberos settings.

dsconfigad -enableSSO

That said there are a number of issues with AD integration and various  
services.
http://docs.info.apple.com/article?artnum=306750

Calendaring in particular will need Augmentation not just binding:

AD users have not been imported.

This primarily relates to calendaring. Binding to an AD server will  
allow you to see the AD users in WGM, but binding alone will not  
enable the users for calendaring.

In Advanced mode, what you need to do is select the 'New Augmented  
User Records' item from the 'Server' window in WGM. In the resulting  
window, select the 'Calendar Server' from the drop down list at the  
bottom. Then select the AD user(s) you want to import.

In Workgroup mode you would import the AD users using Server  
Preferences.

Hope that helps.

P.

On 11/09/2008, at 9:22 AM, Matthew Taylor wrote:

> Hi,
>
> Has anyone had any luck binding a 10.5 client to both Active  
> Directory and Open Directory with Kerberos working seamlessly?
>
> I have 10.5 clients and 10.5 server.  The server is bound to the  
> universities' Active Directory and feeding off the AD's kerberos.  I  
> have groups in the 10.5 server that contain AD members.  The client  
> 10.5 machine is bound to BOTH the Active Directory and the 10.5 Open  
> Directory.  Thus when I log on to the client using my Active  
> Directory account I get in fine and the open directory group  
> settings are correctly applied.
>
> The problem is that when I go one step further and open iCal (or any  
> other kerberised program) on the client after logging in I don't see  
> the group calendar I set up on the OD server.  Also when I try to  
> access the Group Wiki on the OD server it denies me access.
>
> I am assuming this is some kind of kerberos problem.  I'd be keen to  
> find out if anyone else out there has been able to set up this  
> "magic triangle" authentication.
>
> Regards,
>
> Matt Taylor
> Computer Support
> Academy of the Arts
> University of Tasmania
> (03) 6324 4412
>
>
> _______________________________________________
> unimactech mailing list
> unimactech at auc.edu.au
> http://www.auc.edu.au/mailman/listinfo/unimactech

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20080911/371e1844/attachment.html

More information about the unimactech mailing list