OS X Tiger Mobile Profiles for AD Users <ul><li>Presented By : </li></ul><ul><ul><ul><ul><li>Fabiano Iacusso </li></ul></u...
Outline <ul><li>Introduction </li></ul><ul><ul><li>Brief History of MySelf </li></ul></ul><ul><ul><li>Current OS X Environ...
Introduction <ul><li>Quinnipiac University Experience </li></ul><ul><ul><li>Undergraduate/Graduate Student (‘01-’07) </li>...
QU Environment <ul><li>Student Body - 8,000+ students </li></ul><ul><li>Server Environment </li></ul><ul><ul><li>140+ Wind...
Benefits of Binding XServer / Clients to Active Directory <ul><li>Better Network Integration </li></ul><ul><ul><li>Domain ...
Requested Lab Details : <ul><li>Allow Students and Faculty to log in with their AD User Accounts </li></ul><ul><li>Need to...
The Challenge <ul><li>QU’s Policy, “We do not support Macs”... </li></ul><ul><ul><li>No approvals for hosting an Apple Ope...
HomeSync <ul><li>Facilitates Portable Home Directories  </li></ul><ul><ul><li>Similar to Roaming Profiles for Mac  </li></...
<ul><li>Accounts -> Create Mobile Accounts -> Configure </li></ul><ul><li>Avoid Administrative Nightmare - How to Automate...
Mobile User Account using Open Directory
 
 
 
 
Mobile User Account using Active Directory
Bind XServer into AD <ul><li>Directory Utility  </li></ul><ul><ul><li>Services  </li></ul></ul><ul><li>Configure Active Di...
Configure unique AD attributes
Configure Administrators
Shared AFP Home Directory Setup
Review WorkGroup Manager - Verify AD Users
Continued  - primary group identifier
 
#<home_dir><url>afp://xs-xenon.quinnipiac.edu/Home</url><path>$sAMAccountName$</path></home_dir> HOMEDIRECTORY NFSHOMEDIRE...
Managed accounts Managed accounts are configured with certain preferences by the administrator.   The managed preferences ...
Creating a Mobile Managed account The values to set in LDAP for managed user needs to look like this: <dict> <key>has_mcx_...
Location : created on client after logon/Library/Preferences/com.apple.MCX.plist Modify HomeSync Settings:  /Library/Prefe...
 
Test Configuration - Demo
<ul><li>Change expired passwords at logon.  </li></ul><ul><li>Another reason to Make Faculty/Staff Mac workstations Domain...
Other Benefits of AD Integration : File Space Resources
Other Benefits of AD Integration : Print Management
Wrap-Up - Questions <ul><li>Feel free to Contact Me :  </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>De...
Upcoming SlideShare
Loading in …5
×

OS X Tiger Mobile Profiles for AD Users

382 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
382
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OS X Tiger Mobile Profiles for AD Users

  1. 1. OS X Tiger Mobile Profiles for AD Users <ul><li>Presented By : </li></ul><ul><ul><ul><ul><li>Fabiano Iacusso </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Quinnipiac University </li></ul></ul></ul></ul></ul>
  2. 2. Outline <ul><li>Introduction </li></ul><ul><ul><li>Brief History of MySelf </li></ul></ul><ul><ul><li>Current OS X Environment at Quinnipiac </li></ul></ul><ul><li>Managing our Labs (Setup) </li></ul><ul><ul><li>Bound OS X Server to AD </li></ul></ul><ul><ul><li>Use of Client Workstation LDAP Authentication - TLS LDAPv3 </li></ul></ul><ul><ul><ul><li>Portable Home Directories </li></ul></ul></ul><ul><ul><ul><li>Network Share Accessibility (Filespace) </li></ul></ul></ul><ul><ul><ul><li>Abide by AD Password Policies </li></ul></ul></ul><ul><ul><li>Print Management </li></ul></ul>
  3. 3. Introduction <ul><li>Quinnipiac University Experience </li></ul><ul><ul><li>Undergraduate/Graduate Student (‘01-’07) </li></ul></ul><ul><ul><li>Hired in May 2005 </li></ul></ul><ul><ul><ul><li>Network Operations / Client Support Services </li></ul></ul></ul><ul><ul><ul><li>Computer Systems Administrator (Dec ’06 - Present) </li></ul></ul></ul>
  4. 4. QU Environment <ul><li>Student Body - 8,000+ students </li></ul><ul><li>Server Environment </li></ul><ul><ul><li>140+ Windows Based </li></ul></ul><ul><ul><li>8 Linux (RedHat, SuSe) </li></ul></ul><ul><ul><li>2 Mac OS X </li></ul></ul><ul><li>Mac Workstations (Lab Env) </li></ul><ul><ul><li>29 Intel iMac </li></ul></ul><ul><ul><li>21 Intel Mac Pro (Dual-Core Xeon) </li></ul></ul>
  5. 5. Benefits of Binding XServer / Clients to Active Directory <ul><li>Better Network Integration </li></ul><ul><ul><li>Domain Admins - inherit full rights </li></ul></ul><ul><ul><li>Domain Password Policies Apply </li></ul></ul><ul><ul><li>Access to file shares </li></ul></ul><ul><ul><li>Print Management </li></ul></ul><ul><li>HomeSync - Facilitating Portable Home Directories </li></ul>
  6. 6. Requested Lab Details : <ul><li>Allow Students and Faculty to log in with their AD User Accounts </li></ul><ul><li>Need to have User’s Home Profiles Backed up onto a Server (and Archived) </li></ul>
  7. 7. The Challenge <ul><li>QU’s Policy, “We do not support Macs”... </li></ul><ul><ul><li>No approvals for hosting an Apple Open Directory Domain </li></ul></ul><ul><li>I’m a Windows Admin - Where to start?! </li></ul><ul><li>Once Complete, how to apply this to all computers? </li></ul>
  8. 8. HomeSync <ul><li>Facilitates Portable Home Directories </li></ul><ul><ul><li>Similar to Roaming Profiles for Mac </li></ul></ul><ul><li>System -> Library -> CoreServices -> Menu Extras -> HomeSync.menu </li></ul>
  9. 9. <ul><li>Accounts -> Create Mobile Accounts -> Configure </li></ul><ul><li>Avoid Administrative Nightmare - How to Automate? </li></ul>
  10. 10. Mobile User Account using Open Directory
  11. 15. Mobile User Account using Active Directory
  12. 16. Bind XServer into AD <ul><li>Directory Utility </li></ul><ul><ul><li>Services </li></ul></ul><ul><li>Configure Active Directory plugin </li></ul>
  13. 17. Configure unique AD attributes
  14. 18. Configure Administrators
  15. 19. Shared AFP Home Directory Setup
  16. 20. Review WorkGroup Manager - Verify AD Users
  17. 21. Continued - primary group identifier
  18. 23. #<home_dir><url>afp://xs-xenon.quinnipiac.edu/Home</url><path>$sAMAccountName$</path></home_dir> HOMEDIRECTORY NFSHOMEDIRECTORY For HomeSync Configuration : #/Network/Servers/XS-Xenon/Volumes/RAID0/Home/$sAMAccountName$ Client LDAP Configuration - LDAP Plugin (Directory Utility)
  19. 24. Managed accounts Managed accounts are configured with certain preferences by the administrator. The managed preferences are stored in the user’s LDAP profile in two fields. MCXFlags attribute identifies the user as having managed settings and no or numerous MCXSettings attributes define the settings. They need to be mapped to MCXFlags and MCXSettings respectively in the DirectoryService **(Directory Access or Utility - Active Directory Plugin) . The settings take effect at login and persist in one of three ways : Once , the user’s preferences may subsequently be changed Often , any changes last only for the lifetime of the session Always , the preferences may not be overridden at all
  20. 25. Creating a Mobile Managed account The values to set in LDAP for managed user needs to look like this: <dict> <key>has_mcx_settings</key> <true/> </dict> </plist>
  21. 26. Location : created on client after logon/Library/Preferences/com.apple.MCX.plist Modify HomeSync Settings: /Library/Preferences/com.apple.homeSync.plist
  22. 28. Test Configuration - Demo
  23. 29. <ul><li>Change expired passwords at logon. </li></ul><ul><li>Another reason to Make Faculty/Staff Mac workstations Domain Members. </li></ul><ul><li>Keeping our CISO happy. </li></ul>Other Benefits of AD Integration : Domain Password Policy
  24. 30. Other Benefits of AD Integration : File Space Resources
  25. 31. Other Benefits of AD Integration : Print Management
  26. 32. Wrap-Up - Questions <ul><li>Feel free to Contact Me : </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>Desk : 203-582-3342 </li></ul></ul>

×