• No results found

Integrating Mac OS X & Active Directory

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Integrating Mac OS X & Active Directory"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

Integrating Mac OS X

& Active Directory

! Document Created by:

! Anderson Lam

(2)

Table of Contents

...

Flowchart! 3

...

Create an Administrator Account! 4

...

Change the Local Computer Name! 6

...

Set Remote Administration Settings! 6

...

Determine the Ethernet ID! 7

...

Bind with Active Directory! 8

...

Log into Active Directory! 11

...

Set Administrator Access for the User! 11

...

Redirect the User’s Home Directory! 12

...

Remove redundant home directory ! 14

...

Remove the user’s old .plist file! 14

What to do if . . .

... User’s existing home directory matches their AD username (optional)! 15

...

Notes! 16

(3)

Create HelpDesk Admin. account (pg. 4)

Change Local Computer Name (pg. 6)

Set Remote Administration Settings (pg. 6)

Determine the Ethernet ID (pg. 7)

Bind with Active Directory (pg. 8)

Does the user’s existing local account match the username of their AD account?

Log into Active Directory (pg. 11)

Set Administrator Access for the AD user (pg. 11)

Redirect the User’s Home Directory (pg. 12)

User’s home directory matches their AD user name (pg. 15)

Log into Active Directory (pg. 11)

Set Administrator Access for the AD user (pg. 11)

No Yes

(4)

Creating an Administrator Account

Before beginning, check to see if the Macintosh computer has a HelpDesk administrative account on the computer. If it does not, create one via System

Preferences.

1. Open System Preferences. It is located either in the Dock at the bottom of the screen or in the Applications folder on the hard drive. 2. Click on the Accounts system preference.

3. Click on the Lock icon at the bottom of the Accounts window. Enter an

administrator’s username and password to allow adding or editing of accounts.

Currently, all faculty accounts that are local to the computer are administrator level. You can use that account’s credentials to create your HelpDesk administrator account.

(5)

5. On the sheet that appears, change New

Account from Standard to Administrator.

6. Enter the credentials for the Help Desk administrator account and click Create

Account.

(6)

Changing the Local Computer Name

To perform these steps, first log into the Help Desk administrator account.

To change the local computer name to match the Active Directory Computer ID, go to System Preferences --> Sharing. Enter the computer name NEIU-tag

number in the text box near the top of the

window. Press Return on the keyboard.

Remote Administration Settings

Remote administration can be activated in the Sharing system preference. 1. In the Services listing, enable Remote

Management.

2. Set Allow access for: Only these users 3. Click on the “+” button to add the

HelpDesk Administrator account.

(7)

Determining Ethernet ID

To locate the Ethernet ID (also known as the MAC address or physical address) on the computer, go to System Preferences --> Network. Click on the Ethernet interface to select it, then click on the Advanced button.

In the Advanced options sheet, click on the Ethernet tab. The ethernet ID can be found there.

(8)

Binding with Active Directory

To bind the computer to Active Directory, first log into the HelpDesk administrator account.

Open the Accounts system preference and click on the Login Options located near the bottom-left of the window.

If these settings have not been set already: 1. Set Automatic login to Off.

2. Set Display login window as to Name and password.

3. Next, locate where it says Network Account Server and click on Join. 4. On the sheet that appears, click

Open Directory Utility...

If the computer is running 10.5, you will not see the Network

Account Server option in the Accounts system preference

(9)

If necessary, unlock the utility in order to make the necessary changes in the Directory Utility.

5. Under the Services tab, click a checkmark next to Active Directory.

6. Highlight Active Directory and click on the “pencil” icon near the bottom of the window to edit the Active Directory settings.

7. Enter the following information:

Active Directory Domain: univ.neiu.edu Computer ID: NEIU-tag number

Click on the Bind... button.

For security purposes, the computer may prompt you to enter the administrator username and password before allowing you to continue.

8. Enter the credentials associated with the HelpDesk administrator account. Click OK.

9. Next, enter your Active Directory username and password which allows you to bind computers to the directory. Click OK.

(10)

After binding is successful, click on the triangle next to Show Advanced Options.

Under the User Experience tab:

• Enable Create mobile account at login. • Disable Require confirmation before

creating a mobile account.

All other settings can be left on default. Click OK.

The computer will require authentication to accept the changes.

Enter the credentials associated with the HelpDesk administrator account. Click OK.

(11)

Important!!!

If the user’s local account uses the same username as their AD account, skip ahead to the section User’s existing home

directory matches their AD username (page 15) at the end of

this document for more information before continuing.

Log into Active Directory

Have the user log into their computer using their NEIUport credentials. The computer will authenticate their account against Active Directory and create a local home directory for the user. Users are automatically given limited access to the computer. To elevate the user to Administrator role, follow the steps in the next section.

Administrator Access for the User

Log out of the user’s account and log into the HelpDesk administrator account. 1. Select the user’s account in the

list.

2. Enable Allow user to administer

this computer.

(12)

Redirecting the User’s Home Directory

If the user previously had a local home directory on the computer, you will need to redirect their accounts to access their previous home directory.

1. Log into the HelpDesk administrator account.

2. Launch the Terminal application. It is located in /Applications/Utilities. 3. A terminal window will appear on the screen:

4. Enable superuser permissions:

sudo -s

The computer will ask you to authenticate with the HelpDesk password. The password will not appear on the screen when you type it.

5. Change the current directory:

cd /var/db/dslocal/nodes/Default/users

If you wish to confirm the absolute pathname of the current working directory before continuing, use the pwd command.

6. Move the .plist file for the user’s previous account to the /Users/Shared folder. As a precaution, we are moving the .plist file rather than deleting it.

mv username.plist /Users/Shared

(13)

7. Leave the Terminal window open for now and launch System Preferences. Click on

Accounts in the System Preferences.

8. Right-click on the user’s account and choose Advanced Options...

(If the computer does not have a button, “ctrl-click” will simulate a right-button.)

9. Click Choose and select the user’s original home directory.

10. Return to the Terminal window and change the file permissions in the home directory.

chown -R AD_username /Users/home_directory

AD_username refers to the user’s Active Directory username. home_directory refers to the user’s original home directory.

(14)

Remove redundant home directory

You can now delete the home directory that was created when the user first logged into Active Directory. The home directory is not needed because we have redirected the user’s AD account to use the previously-existing local home directory. Home directories are located in /Users.

Remove the user’s old .plist file

Delete the username.plist file that was moved to /Users/Shared.

(15)

User’s existing home directory matches their AD username (optional)

The user’s local account is the same username as their Active Directory account. How can I redirect their user home directory?

Before trying to log into Active Directory, perform the steps below: 1. Log into the HelpDesk administrator account.

2. Launch the Terminal application. It is located in /Applications/Utilities. 3. A terminal window will appear on the screen:

4. Enable superuser permissions:

sudo -s

The computer will ask you to authenticate with the HelpDesk password. The password will not appear on the screen when you type it.

5. Change the current directory:

cd /var/db/dslocal/nodes/Default/users

If you wish to confirm the absolute pathname of the current working directory before continuing, use the pwd command.

(16)

7. Restart the DirectoryService process.

killall DirectoryService 8. Change the file permissions in the home directory.

chown -R AD_username /Users/home_directory

AD_username refers to the user’s Active Directory username. home_directory refers to the user’s original home directory.

You can now return to page 11 to continue. You will not have to follow the section,

Redirecting the User’s Home Directory, because you already performed this task. Notes

Users should not use the Accounts system preference to change their password. The Accounts system preference will only change their Active Directory password and will not sync the change to NEIUport, Blackboard, or any other single sign-on system. Users can use NEIUport to change/re-sync their passwords.

• When finished, delete redundant home directories (if any) and delete the

username.plist file that was moved to /Users/Shared.

• These instructions have been tested on a computer running 10.6 and will also work with 10.5 with slight modification. See the note at the bottom of page 8 for more information. Due to differences in local directory systems, these instructions probably won’t work on OS 10.4 or older.

References

Download now ( PDF - 16 Page - 1.38 MB )

Related documents

Tableau Server Administrator Guide

In other words, if Jane Smith’s Tableau Server user account has a username of MyCo\jsmith and Tableau Server is using Active Directory for user authentication, her username on the

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

EAP Identity: for example “kimchi” (User created on your Active Directory/ Local user created in Cisco ACS). EAP Username: for example “kimchi” (User created on your

Integrating Mac OS X 10.6 with Active Directory. 1 April 2010

[r]

Active Directory Management. User Interface Guide

Once the user is created in your Active Directory, you can link the user with the Control Panel account by clicking the [Link Account] button at the bottom of the Properties

CaseWare Data Store Administration Tool User Guide 2014

The Active Directory Import allows users contained in the Windows Active Directory to be imported into the Working Papers user list.. In addition to the user name,

CLEO NED Active Directory Integration. Version 1.2.0

The password of the user created in Section 2.1 [Active Directory User Account],..

Kerberos Constrained Delegation. Kerberos Constrained Delegation. Feature Description

Before configuring the LoadMaster, a user account must be created and trusted in the Windows domain (Active Directory).. This user should also be set to

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

- Configure and manage backup jobs for Windows and Vmware servers including monitoring backup job statuses.. - Deploy and update remote backup agents on