In almost every single environment, business, education, or non-profit, there sits the Microsoft Active Directory System. Stable, scalable, and reliable, this system works really well when it’s on its own with its own clients. But how do you make your single Mac or Group of Macs integrate with their proprietary solution?
Mac OS X Server and Client have some a long way in order to ease the pain of integration and deployment into existing Windows based systems. With the help of some really great engineers (and some really "odd" naming conventions), macs can be integrated into these systems very easily through 2 different types of setups. The first one is known as the Magic Triangle, and the second is known as the Cylinder of Destiny.
Whether its Windows 2K / 2K3 / 2K8 with regular or the more enhanced digitally signed packet security measures in place, we can help you make your integration and deployment project go smoothly and efficiently.
Mac OS X Server and Client have some a long way in order to ease the pain of integration and deployment into existing Windows based systems. With the help of some really great engineers (and some really "odd" naming conventions), macs can be integrated into these systems very easily through 2 different types of setups. The first one is known as the Magic Triangle, and the second is known as the Cylinder of Destiny.
Whether its Windows 2K / 2K3 / 2K8 with regular or the more enhanced digitally signed packet security measures in place, we can help you make your integration and deployment project go smoothly and efficiently.
The Magic Triangle:
This setup was the first of its kind. It is still used heavily to this day. A Mac OS X Server is setup as an Open Directory Master which in turn is bound to a Microsoft Active Directory Server. The KDC service is then stopped and subsequently destroyed on the Mac OS X Server and all authentication for users comes down from Active Directory.
Once authentication has been verified, Group based MCX policies are then handed to your mac clients via the Mac OS X Server. If a user has a profile on a either a remote AFP/SMB/NFS type share point it it mounted. If it does not, then a local home is created.
This setup was the first of its kind. It is still used heavily to this day. A Mac OS X Server is setup as an Open Directory Master which in turn is bound to a Microsoft Active Directory Server. The KDC service is then stopped and subsequently destroyed on the Mac OS X Server and all authentication for users comes down from Active Directory.
Once authentication has been verified, Group based MCX policies are then handed to your mac clients via the Mac OS X Server. If a user has a profile on a either a remote AFP/SMB/NFS type share point it it mounted. If it does not, then a local home is created.
Cylinder of Destiny:
This current setup is basically very similar in its fundamental aspects as the Magic Triangle, however there some differences. With this type of setup, the Mac OS X Server is setup in either a workgroup or advanced server deployment. The administrator then has the ability to not only join the server to the Active Directory domain, but augment user records from Active Directory down to the Open Directory level. This in turn allows the Mac OS X Server to apply user specific attributes outside of the Active Directory Schema without modifying the base configuration.
This ability, for instance allows an administrator on a Mac OS X Server system to allow a user account within Active Directory the ability to have an account on the server for iCal Services, for example.
This current setup is basically very similar in its fundamental aspects as the Magic Triangle, however there some differences. With this type of setup, the Mac OS X Server is setup in either a workgroup or advanced server deployment. The administrator then has the ability to not only join the server to the Active Directory domain, but augment user records from Active Directory down to the Open Directory level. This in turn allows the Mac OS X Server to apply user specific attributes outside of the Active Directory Schema without modifying the base configuration.
This ability, for instance allows an administrator on a Mac OS X Server system to allow a user account within Active Directory the ability to have an account on the server for iCal Services, for example.
