[X Servers] Mounting Home Directories with SMB via LDAP

[Michael Bartosh]

On Friday, January 24, 2003, at 05:23 PM, Beck, Forrest wrote:

> Do you think that it would be wise to have the client authenticate to 
> my OSX server and the OSX server contain a Network Netinfo Database 
> (for wgm) and Authenticate the clients against AD?

I'm not sure if I cane across well- usually I have a client configured 
to talk to /both/ the Mac OS X Server and the AD. A particular user 
record, though, still has to be in one or another- for instance user 
ssmith can not have his sAMAcount name and gid in the AD and his 
NFSHomeDirectory in the Open Directory.

ssmith (whose complete user record exists in AD) can, however, belong 
to workgroups that exist in the Open Directory. And the Open Directory 
can be used to to manage the groups of Macs that ssmith will be logging 
into.

> This would fix alot of problems I am having, if it is at all 
> possible.......  The only thing I am looking to accomplish is to 
> centralize my password database.

The easiest thing to do, in that case, is to:
	a) get a list of usernames
	b) use something like nicl or niutil to script their creation
	c) give them blank passwords
	d) configure the macs to use kerberos and authenticate against the KDC 
in the AD

>   I still want to keep my functionality of wgm.

See the above.

> i guess I should also let you know, I am doing this all without 
> Services for Unix.  I am hoping that when my SFU order comes in it 
> will tie up alot of loose ends.

I usually use sfu, but a mirrored user list with kerberos 
authentication seems like it might be a good choice given the 
requirements you've mentioned.

http://www.4am-media.com
Mac OS X Consulting and Training
Michael Bartosh
mbartosh at 4am-media.com
303.517.0272
Denver, CO


"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."

- -- Nietzsche

Think Different.