Active Directory plugin settings

Requirements
Mac OS X 10.4 client

Notes
I had some problems connecting to the home directories via AFP so it is set up to connect over SMB. This means your file server must be running windows file services and that window preferences will not be saved.

With the relase of Mac OS X 10.4 (Tiger) Apple refined its active directory connectivity. I have not tried this solution on a server to connect to AD but it works fine on clients.

First, open Directory Access which is located in /Applications/Utilities. You may need to click the lock and enter your username and password on the local machine to make changes.

Select Active Directory and click on configure. This will bring up the configuration window where we can enter all of the information.

Directory access

Enter the active directory domain name in the Active Directory Domain field. You can modify the computer name from the default computer name if you wish - this name will appear in active directory.

Domain info

Click Bind to connect to the active directory. Enter the usual password and username that you would connecting a Windows client to AD.

Bind to AD

Click on the down arrow button to show advanced options.

To continue using network home directories untick Force local home directory on startup disk and make sure Use UNC path from Active Directory to derive network home location is ticked. I tried to use AFP but the computer could never mount the home directory. Selecting SMB worked without any problems.

AD user experience

Click on the Mappings tab. This is where you can map extra attributes. Since my system is still supporting 10.3 via my previous methods I continued to map UID to postalCode. This provides the computer with the same UID that we have manually defined for users. You can leave these options all turned off and Mac OS will fill it in dynamically.

AD mappings

Click OK. You’re done!

This entry was posted on Sunday, September 9th, 2007 at 5:45 pm and is filed under Mac OS X. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Active Directory plugin settings”

  1. connectionfailure Says:
    December 3rd, 2007 at 11:32 am

    So you’re saying that when 10.3 was around you manually picked a bunch of numbers, say 6xx, and you went into each user in Active Directory and put that in postal code? The same for GIDs, you put them in Telephone Number?
    If I leave the fields blank I get ridiculously high UIDs and GIDs.

  2. admin Says:
    December 4th, 2007 at 4:13 pm

    I manually maintain the UID for all users in my directory to ensure that the proper UID is used throughout the entire system.

    While I still use the LDAP plugin, while I was playing with the AD plugin I used the postalCode attribute to set a manual UID so that their usual Mac home directory had the correct permissions (due to Mac OS using UID’s to assign permissions).

    The system would work much better if active directory assigned a unique number instead of the alphanumeric combo it does because you would be able to map the UID to that attribute.

  3. connectionfailure Says:
    December 4th, 2007 at 7:21 pm

    But would you recommend using an unused AD field like postalCode for a 20-mac setup? I mean, if you could start from scratch like I am, how would you do it?What should the UIDs be, 6xx like I mentioned? What about the GIDs, I have no idea what numbers they should be.

Leave a Reply