MacOSX in a PC World
May 30, 2008 6:03 AM   Subscribe

Help a PC guy out with Mac/Linux networking.

I have a pair of questions I hope someone can help me get a concise answer to:

I am a PC guy, I run a 150pc+ network (Windows 2003 + XP desktops). I am used to being able to run Login scripts to mount network drives, and single sign-on across all desktops.

I am working with a group that has 5-10 Macintosh PC's, and it seems as though they act like standalone XP machines normally (ie, you can share drives between them, but you need to setup user accounts/passwords on each machine).

If we purchase a copy of OSX Server, can we somehow "join" all the Mac's to the server so they all centrally authenticate like XP+Windows 2003 does? (ie, you need a valid 'domain' login to login to any of the OSX workstations).

For bonus points -- how could we bypass purchasing an OSX Server and simply do this jazz with an Ubuntu/Linux Server.
posted by SirStan to Computers & Internet (5 answers total) 5 users marked this as a favorite
Kerberos for Mac OSX can authenticate directly against Active Directory. You can also use Kerberos clients on Linux to authenticate Linux servers or clients against Active Directory; here is a blow-by-blow howto for SUSE using YAST.
posted by paulsc at 6:37 AM on May 30, 2008 [1 favorite]

At our institution we have been using AdmitMac. Can't remember why we went with that as opposed to native AD support but I'm sure the server guys mentioned quite a few acronyms to support the cause. In any case it works flawlessly, all macs login with AD credentials, you can mount network drives, and from what I understand they don't have to build in any extra support server-side for the Mac folks to access the networked drives. Also accessing shared printers through a windows print server seems to work well.

You by no means need to have a separate server to manage the Macs if you're already on Active Directory. The one advantage to an OSX server would be applying group policy globally to all of them. This is something that is iffy on AdmitMac and we had lots of problems trying to get it to work, so if locking down the systems is important to you that would be a way of instituting parental controls and locking down components of the systems. If you just need them to logon with their AD account and access network resources go with native first and see if it works. If not try out a trial of AdmitMac off their website and see how you like it.
posted by genial at 7:53 AM on May 30, 2008

Related info previously on AskMe.

You can do this homogeneously: read Apple's (marketing) page on Mac Client to Mac Server authentication.

Or, heterogeneously: paulsc gave the Mac Client to Windows Server link, and it seems possible to do Mac Client to Linux Server in a couple of ways: using Samba to approximate OpenDirectory (can't find a good cite - maybe this doesn't really work?) or using OpenLDAP.
posted by dammitjim at 8:00 AM on May 30, 2008

We just started this process a couple months ago in my organization. We're just using the built-in AD services in Leopard and we haven't run into any issues. We have a standard image we set up that has a local admin account, and once we install this image on a new machine, we bind it to the domain. At that point, file and print sharing works pretty seamlessly, and you can mount network shares by dropping a location file into the login items of the user or the user template, if you want it to apply to all new accounts.
posted by joshrholloway at 8:00 AM on May 30, 2008

If you want to bypass the Mac and Linux server and connect directly to the Windows server - you should also consider using AdmitMac from Thursby to simplify the management. It has really worked well here where every other configuration and setup has caused intermittent hiccups.
posted by clarkie666 at 1:53 PM on May 30, 2008

« Older Managing an Anothology Project   |   What can I do with a prehistoric laptop? Newer »
This thread is closed to new comments.