Comments on: Guide: Using Mac OS X Server as a PDC

By: Pwr68

Pwr68 — Tue, 11 Oct 2011 15:37:00 +0000

Hi Mike! I’m a native ‘Burgher, so a shoutout to RMU!

We implemented the PDC exactly as you described (very helpful, thank you). When we attempt to connect an XP Pro machine to the domain, we receive an error that the domain can not be located.

The details of the error are identical to the problem that this fellow posted: https://discussions.apple.com/thread/1000368?start=0&tstart=0

No one has responded yet, so I am curious if you can shed some light. If Samba also launches a WINS service, does it automatically create an entry in WINS for the domain? If not WINS, then does it add a SVR record to DNS?

Thanks!
-Peter

By: Jp

Jp — Wed, 25 May 2011 14:56:00 +0000

This we tested a Microsoft terminal server setup with Windows Server 2008.
And it works great.

The MS server is running virtual under Fusion an a domain member.
Remember: The Windows Server 2008 R2 version does NOT work.
You can do a license downgrade trough Microsoft.

Just have to keep in mind the NTLMv2 settings change. Rest is easy.

By: Mike Boylan

Mike Boylan — Wed, 18 May 2011 00:25:00 +0000

JP,

Thanks.

Personally I’d recommend taking the route of the magic triangle unless you have an absolute particular use case where it would prove ineffective. Where I work now, RMU, is a good example. We wanted to go magic triangle but require the Mac home directories to be separate from the Windows ones. Without augmenting records (which is nasty), this just isn’t possible.

Moving forward, using AD for authentication and OD for management on Mac client machines is looking to be the recommended practice. It’s what Apple is pushing in heterogeneous environments, and it’s what is being well documented by others both casually on blogs like mine, and professionally by technical authors like Greg Neagle and Ed Marczak.

It’s very important to note as well that in Mac OS X Lion, due to be released this summer, Samba is gone. Apple wrote their own proprietary windows networking stack because of new licensing restrictions with the GNU 3. GNU 3 is what all new versions of Samba are licensed under.

You’re also correct in assuming that Apple’s Samba version in Snow Leopard is outdated. Apple customizes it, so the version numbers are never the same as official samba releases, but it’s lagging pretty far behind now.

My recommendation: Move towards the magic triangle. Get the Mac OS X Directory Services book for 10.6 from Peachpit Press. It’s also available on the iBook store. Also pick up a copy of Enterprise Mac Managed Preferences from Apress. Both are fantastic resources you’ll find yourself referring to often.

Hope that helps — thanks for reaching out!

- Mike

By: Jp

Jp — Tue, 17 May 2011 14:56:00 +0000

Hi Mike, great tutorial. Thx.
I am currently deploying AD/OD/OSX clients. Known as Magic/Golden Traingle.
We are thinking of doing an OpenDirectory-only version, where 1 W2K8 R2 TerminalServer is binding to OpenDirectory.
Form reading your tut, I get the feeling that SAMBA ( for the profiles of the TS users) is not gonna work cause of the Samba version. Would you happen to know so?

For the Windows logon scripts ( Gpolicy), do you know of any documentation on that icm 10.6 Server->W2K8?

I am a self learning noob ( sorry no education yet) relying on your ( and many others) fantastic documentation.

By: Mike Boylan

Mike Boylan — Fri, 04 Feb 2011 02:13:00 +0000

So you want to connect your Mac to a directory service being hosted on a Linux samba PDC? That wouldn’t involve OS X server… that would simply be a process of binding the client through Directory Utility.app

If you’re going to be using linux anyway, I’m curious as to why you wouldn’t use something like OpenLDAP rather than emulating an old Windows-NT style domain controller through Samba?

This guide is for people who are using Open Directory as their primary directory infrastructure and need to integrate Windows clients into it. Let me know if I can be of any more assistance. I should also say that Apple ships very highly customized versions of samba on OS X Server that behave in nonstandard ways to integrate with OD.

By: ludo

ludo — Wed, 02 Feb 2011 14:35:00 +0000

i want to connect with a mac to a linux samba PDC
can you please provide your /etc/samba/smb.conf (or whereever the smb.conf is) ? it would be great to see, what the MAC Sever writes in there for making MAC clients able to login.
I think i then can transform this to my Linux Server.

By: Matt

Matt — Sun, 10 Oct 2010 19:37:00 +0000

Thanks a lot !!

By: Mike Boylan

Mike Boylan — Thu, 26 Aug 2010 04:23:00 +0000

Neat! Thanks for this. Not officially supported, but if it works, hell, it works.

By: John Skinner

John Skinner — Thu, 26 Aug 2010 04:09:00 +0000

Now there is a workaround for Windows 7 and Mac OS X Server PDC!!!
I found more info over here..
http://www.macwindows.com/OSXServer.html#050310c

By: Mike Boylan

Mike Boylan — Fri, 11 Jun 2010 22:33:32 +0000

Yeah, you have to use a directory administrator account because, as you'll see, it will make a computer account with the convention [WINDOWSPCNAME]$ in Workgroup Manager.

I think Windows 7 support dropped support for NT style domains and that's what Samba emulates.