Your SlideShare is downloading. ×
  • Like
OS X Tiger Mobile Profiles for AD Users
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

OS X Tiger Mobile Profiles for AD Users

  • 190 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
190
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. OS X Tiger Mobile Profiles for AD Users
    • Presented By :
          • Fabiano Iacusso
            • Quinnipiac University
  • 2. Outline
    • Introduction
      • Brief History of MySelf
      • Current OS X Environment at Quinnipiac
    • Managing our Labs (Setup)
      • Bound OS X Server to AD
      • Use of Client Workstation LDAP Authentication - TLS LDAPv3
        • Portable Home Directories
        • Network Share Accessibility (Filespace)
        • Abide by AD Password Policies
      • Print Management
  • 3. Introduction
    • Quinnipiac University Experience
      • Undergraduate/Graduate Student (‘01-’07)
      • Hired in May 2005
        • Network Operations / Client Support Services
        • Computer Systems Administrator (Dec ’06 - Present)
  • 4. QU Environment
    • Student Body - 8,000+ students
    • Server Environment
      • 140+ Windows Based
      • 8 Linux (RedHat, SuSe)
      • 2 Mac OS X
    • Mac Workstations (Lab Env)
      • 29 Intel iMac
      • 21 Intel Mac Pro (Dual-Core Xeon)
  • 5. Benefits of Binding XServer / Clients to Active Directory
    • Better Network Integration
      • Domain Admins - inherit full rights
      • Domain Password Policies Apply
      • Access to file shares
      • Print Management
    • HomeSync - Facilitating Portable Home Directories
  • 6. Requested Lab Details :
    • Allow Students and Faculty to log in with their AD User Accounts
    • Need to have User’s Home Profiles Backed up onto a Server (and Archived)
  • 7. The Challenge
    • QU’s Policy, “We do not support Macs”...
      • No approvals for hosting an Apple Open Directory Domain
    • I’m a Windows Admin - Where to start?!
    • Once Complete, how to apply this to all computers?
  • 8. HomeSync
    • Facilitates Portable Home Directories
      • Similar to Roaming Profiles for Mac
    • System -> Library -> CoreServices -> Menu Extras -> HomeSync.menu
  • 9.
    • Accounts -> Create Mobile Accounts -> Configure
    • Avoid Administrative Nightmare - How to Automate?
  • 10. Mobile User Account using Open Directory
  • 11.  
  • 12.  
  • 13.  
  • 14.  
  • 15. Mobile User Account using Active Directory
  • 16. Bind XServer into AD
    • Directory Utility
      • Services
    • Configure Active Directory plugin
  • 17. Configure unique AD attributes
  • 18. Configure Administrators
  • 19. Shared AFP Home Directory Setup
  • 20. Review WorkGroup Manager - Verify AD Users
  • 21. Continued - primary group identifier
  • 22.  
  • 23. #<home_dir><url>afp://xs-xenon.quinnipiac.edu/Home</url><path>$sAMAccountName$</path></home_dir> HOMEDIRECTORY NFSHOMEDIRECTORY For HomeSync Configuration : #/Network/Servers/XS-Xenon/Volumes/RAID0/Home/$sAMAccountName$ Client LDAP Configuration - LDAP Plugin (Directory Utility)
  • 24. Managed accounts Managed accounts are configured with certain preferences by the administrator. The managed preferences are stored in the user’s LDAP profile in two fields. MCXFlags attribute identifies the user as having managed settings and no or numerous MCXSettings attributes define the settings. They need to be mapped to MCXFlags and MCXSettings respectively in the DirectoryService **(Directory Access or Utility - Active Directory Plugin) . The settings take effect at login and persist in one of three ways : Once , the user’s preferences may subsequently be changed Often , any changes last only for the lifetime of the session Always , the preferences may not be overridden at all
  • 25. Creating a Mobile Managed account The values to set in LDAP for managed user needs to look like this: <dict> <key>has_mcx_settings</key> <true/> </dict> </plist>
  • 26. Location : created on client after logon/Library/Preferences/com.apple.MCX.plist Modify HomeSync Settings: /Library/Preferences/com.apple.homeSync.plist
  • 27.  
  • 28. Test Configuration - Demo
  • 29.
    • Change expired passwords at logon.
    • Another reason to Make Faculty/Staff Mac workstations Domain Members.
    • Keeping our CISO happy.
    Other Benefits of AD Integration : Domain Password Policy
  • 30. Other Benefits of AD Integration : File Space Resources
  • 31. Other Benefits of AD Integration : Print Management
  • 32. Wrap-Up - Questions
    • Feel free to Contact Me :
      • [email_address]
      • Desk : 203-582-3342