Introduction
Mac OS X and Mac OS X Server have been designed to fit into existing enterprise directory services. Appleâ„¢’s extensible Open Directory architecture integrates with standards-based LDAP directory services, including Sun JAVA Enterprise Directory Server and IBM Directory Server, as well as with proprietary ones such as Microsoftâ„¢s Active Directory.
In Mac OS X 10.4 (Tiger), Apple released a new feature called Portable Home Directories which allows Macintosh laptop users to maintain synchronized copies of their home directories on their laptop and the network. When a user goes off line with the laptop, her home directory goes with her, so she can continue to work just as if she would back at the office. When she reconnects to the network, Mac OS X automatically syncs up selected content in her local home directory with the one on the server.
The following possibilities are available to any Systems Administrator or Architect who is looking to integrate Mac OS X into their IT Environment. Depending upon what’s already installed and available, the choices are:
- Use the existing Active Directory Environment to authentication Macintosh users.
- Use the existing Open Directory Server on a Mac OS X server to authenticate Mac users
- Use the existing LDAP Environment (Novell, Sun ONE, OpenLDAP etc) to extend authentication services
- Install one of the above, if a centralized solution is not already implemented.
In this article, we will discuss in detail, the steps required to integrate Mac OS X with Sun ONE Directory Server for authentication and also configure and manage the Portable Home Directories using NFS. There is adequate documentation on the internet with regards to Active Directory Integration and synchronizing home directories using Window File Sharing Protocols and SAMBA. However, when it comes to non-Apple and non-Microsoft Directory Services and NFS, there is a dearth of case studies and documentation. We hope to resolve that with this article.
In addition to achieving full integration, this approach also allows the use the Macintosh Work Group Manager to manage apple users, groups and computers and associated policies. Apple stores all of policy and preference settings in plists. Unless you have another method to make changes to these plists and manage them, I strongly recommend that you use Work Group Manager.
Assumptions
It is assumed that the implementation environment is a Unix environment with a standards based LDAP server deployed for authentication and home directories being served from a central NFS server. It is desired to extend the LDAP auth services and NFS home directories to Macintosh Systems
Hi,
thanks for your article.
Reading the introduction I thought: ‘Wow, exactly what I was looking for’. But it seems this article only covers the integration of the mac os scheme with a directory server. Or did I miss a link to a followup?
I would really like to know details on how you setup PHD with NFS.
Thanks,
Christoph
No problem! I am glad you found it useful. With Leopard out for the developers, I hope to write up a similar article on Leopard’s integration with NFS and AD!
Exactly what I needed to get my Macintoshes integrated into a larger system. Thank you very much!
Extremely handy! Thanks a bunch for posting this!