Home / server / Questions / 333892
Accepted
Michael
Asked: 2011-11-23 14:23:16 +0800 CST

Replicate Active Directory to Mac OS X Server Lion OpenLDAP

  • 772

Is there anyway to setup OS X Server so it is a replica of my Windows Server AD or do I need to do the "magic triangle" setup?

My goal is to allow SSO with my Mac users but would like to take advantage of some of Mac's server features like central updating (similar to WSUS), remote desktop, etc.

Thanks.

Michael

mac-osx-server active-directory

1 Answers

  1. Best Answer

    OS X Server cannot replicate AD, but that's not what you want anyway; if it were an AD replica it'd just be serving the same info your AD domain controllers are already serving. If you want managed preferences for AD user accounts, the standard options are to either extend the AD schema or go with a dual directory ("magic triangle") setup.

    Lion does add another option, profile-based management. According to Apple's KB article #HT4837, this can be set up to work with AD accounts, but I don't have any experience with it yet. Note that this will work with iOS devices as well as OS X Lion, but will not manage earlier versions of OS X.

    However, for the specific features you mentioned, software update server and Apple Remote Desktop administration, you don't even need any of those. For ARD, you could create a local account on the OS X clients and give it ARD rights in the Sharing preference pane (there's also a command-line option with the /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart command); or you can enable directory-based authentication and use network accounts (although again, I haven't done this with AD accounts, and comments on the linked article indicate some problems... under v10.4). The ARD Admin application itself runs on your admin desktop, completely independently of any server well, you can configure one ARD admin computer to act as a task server, but that's different).

    As for software update service, it's basically a web server that replicates content from Apple's server farm. Configuring OS X computers to use it is just a preference setting; you can set it as a managed preference (i.e. schema extension, magic triangle, or via profile), or you can just set it on each computer with the command defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://su.domain_name.com:8088/index.sucatalog (as root, with your update server's address substituted). Note that if you have ARD set up, it's really easy to use its Send Unix Command option to run this on all your Macs at once.

    • 1