Integração Active Directory com o Open Directory RRS feed

  • Pergunta


    Olá pessoal,


    Estou precisando integrar o active directory com o open directory.

    Alguem já conseguiu fazer isso?

    Preciso atualizar algo no active directory?



    Por gentileza se alguem poder me ajudar ficaria grato





    segunda-feira, 20 de agosto de 2007 17:34


  • Olá Turbo TI,

    Verifique o seguinte artigo que fala sobre a integração do Active Directory e o Open Directory:

    Siga os passos abaixo para integrar seu AD ao Open Directory:

    1. Get the Open Directory master working correctly for all the services you'll want it to use.
    2. In the Active Directory management tools, delete the machine account that is in there now, and all the DNS entries for that machine.
    3. Recreate the Active Directory machine account, and the fwd/reverse DNS entries for it.
    4. Bind the server to Active Directory. Once that's done, make sure that Active Directory appears above LDAP in the authentication pane in Directory Access.
    5. From the command line, run: sudo kerberosautoconfig -u That will regenerate your file. If you have a "can't find it error" remove the LDAP entry from the authentication pane in Directory Access, hit apply, re-run sudo kerberosautoconfig -u, then put the LDAP entry back in Directory Access, making sure that Active Directory is on top.
    6. If this is an Open Directory master, ignore that silly "Join Kerberos" message, it doesn't really apply here.
    7. In Workgroup Manager, enable "Show All Records" in the prefs, then click on the Bullseye tab. Make sure you're auth'd to LDAP, then in the dropdown pick "config". Select the KerberosClient item, and in the inspector, change the RecordName to KerberosClient_DONOTUSE. This will keep Open Directory from trying to push down conflicting kerb records. You ONLY want the Active Directory kerb info on the clients. Save these changes.
    8. From the command line, run: sudo dsconfigad -enablesso This will tie in all the services on the Open Directory Master to use Active Directory for authentication. Go ahead and reboot, even though you really don't have to. I like to here, it's cleaner.
    9. In Workgroup Manager, bring up the Active Directory users, and add them to your Open Directory groups. This allows you to apply MCX policies to them. You can also add Active Directory groups to Open Directory groups as well.
    10. Now go ahead and bind the clients to both the Open Directory Master and Active Directory. I usually do Open Directory first. Again, make sure that Active Directory is first in the Authentication pane in Directory Access. Runsudo kerberosautoconfig -u on the clients, and then reboot. At that point, you should be able to log into a client, and get tickets, etc.
    11. In Workgroup Manager, set up your computer lists and policies with the bound client.

    Espero ter ajudado.


    Caio Vilas Boas
    MCT  |  Technology Consultant

     Caio Vilas Boas
     IT Pro Group

    sexta-feira, 16 de novembro de 2012 20:39