Introduction

Here at Warilla High School we needed to provide a single individual logon for our 90+ staff and 1000+ students. 2005 was the perfect opportunity to build a system from the ground up with new hardware to provide for the increased population at the school. Using our 2003 setup of integrating Mac OS 9 with AD via Macintosh Manager as a place to expand on, the following pages is our solution.

The 2003-2004 setup provided a fully functional basis to extend on with the introduction of newer technology such as Mac OS X and Windows XP operating systems. During the life of this system, we did a pilot with Mac OS X as a workstation OS, integrated in our existing setup. Some major issues became apparent as the pilot went ahead. These issues were the main focus for the direction our new system was developed.

The old system consisted of computers in the following roles:

  • Active Directory running on Windows 2000 Server;
  • File Server running on Windows 2000 Server;
  • Macintosh Manager running on Mac OS X 10.2 Server.

This solution worked fine with Mac OS 9 but left much to be desired. Motivation for the development of the new system included:

  • AFP implementation on Windows 2000 Server did not support long file names;
  • AFP took an hour to start sharing the 100gb user data;
  • Virus and patching Windows 2000 Server meant for lengthy downtime;
  • Drop boxes and group shared folders did not function on Mac OS based computers

Further more, we required a method of locking down the workstations. We preferred to use the native tools available for each platform. Also, for home directories to be located on a file server, Mac OS X required the file server support long file names so that certain preferences could be saved. The new system thus required:

  • Active Directory to lock down Windows clients via group policy via a central location
  • Mac OS X + Workgroup manager to lock down Mac OS X clients
  • Mac OS X + Macintosh manager to lock down Mac OS 9 clients
  • An AFP implementation that supported long file names

To achieve the functionality we were after, the following points were our focus:

  • Windows Active Directory will not talk to other directory servers such as LDAP or Apple’s Open Directory LDAP implementation;
  • AFP sharing with support for long file names could only be obtained using a third party program that was beyond the scope of our budget;
  • Mac OS X management required open directory.

With these points in mind, we came up with the solution you see on these pages. Below is an overview:

  • Active Directory via Windows 2003 Server provides the central user database;
    • Group Policy to control user environments,
    • AD will not talk to other directories above it - this is the reason for assigning the directory server role to Windows.
  • Mac OS X provides storage and open directory;
    • Mac OS X’s implementation of AFP provides long file names,
    • Provides Macintosh Manager and Workgroup Manager to control user environments

Please continue through the rest of this website to find out the specifics of our integration of Windows and Mac OS. Feel free to contact me for further clarification or questions about our system.

Included is the hardware specifications for interest.

Directory Server File Server

* I have never seen the Xserve hit higher than 20% processor usage (apart from booting). It boots in less than a minute including AFP shares.
* The PowerEdge memory usage and CPU usage remain minimal during operation.