4 Replies Latest reply on May 13, 2016 11:57 AM by BowdenData

    What difficulties would I face with mixed mac and pc computers with AD logins

    dmorgan

      We have our files Hosted on a Mac it is joined to our domain and we have several pc and mac clients.

       

      Not all the mac clients are joined to the domain. the FM server is joined to the domain but that has been unreliable in the past and is the reason the mac clients aren't joined to the domain at present.

       

      What kinds of problems and any solutions you may have if we try to authenticate through Active Directory?

        • 1. Re: What difficulties would I face with mixed mac and pc computers with AD logins
          wimdecorte

          At the very least the FMS box needs to be joined to the domain otherwise External Authentication to the AD will not work.  Other than that you will have no issues.

           

          SSO will not work but I does not sound like that is a concern.

          2 of 2 people found this helpful
          • 2. Re: What difficulties would I face with mixed mac and pc computers with AD logins
            itraining

            Hi dmorgan

             

            Wim's response is correct regarding AD, albeit optimistic. Real world experience at a large University in Australia, we hit the same issues you mention in your post: binding Mac OS X machines to the university implementation of AD is problematic and unstable. Every release of Mac OS X we go through the same discussion: should we bind the Macs to AD? The results are always variable and when we do experience some success it is rarely permanent and stable. End result, we don't bind the Macs to the domain via AD, until the next release of Mac OS X when we raise our hopes and repeat the process again.

             

            Luckily, the university has a solid implementation of Kerberos authentication via LDAP. This is how we authenticate our users when the database is hosted on a FileMaker Server running Apple hardware and operating system.

             

            If you ever find a solution to the AD flakiness, please let me know. The Apple people visit the uni and declare it is Microsoft's fault or the IT department and their implementation of AD. The IT people and the Microsoft reps blame Apple. It has been 15 years since the UNIX based Mac OS X was released and I would be happy for a stable workaround, if not a solution to the Mac binding issue.

             

            Hope this helps.

             

            Michael Richards

            Brisbane (Australia)

            2 of 2 people found this helpful
            • 3. Re: What difficulties would I face with mixed mac and pc computers with AD logins
              wimdecorte

              itraining wrote:

               

              Hi dmorgan

               

              Wim's response is correct regarding AD, albeit optimistic. Real world experience at a large University in Australia, we hit the same issues you mention in your post: binding Mac OS X machines to the university implementation of AD is problematic and unstable.

               

              Yes.  Right on both accounts

               

              The principle still holds and so does the test that I mentioned.  But to get it actually to work is a different ballgame.

              the AD support in OSX has varied wildly between major and minor versions with things breaking left and right throughout the years.

               

              A good resource is MacWindows: The Source for Macintosh-Windows integration

              Whenever OSX releases a patch or a new version you can get good info there on what it may do to the AD binding.  It's not a pretty picture.  Apple just doesn't seem to care enough about the enterprise market to make this stable.

              2 of 2 people found this helpful
              • 4. Re: What difficulties would I face with mixed mac and pc computers with AD logins
                BowdenData

                Potential solution, but with additional cost. If the need is there, then the cost might make sense. I have not used either of these products for a few years now, but AdmitMac ( for AD integration) was rock solid at that time. It appears on the web site that they have kept the products up to date.

                 

                http://www.thursby.com/products/admitmac

                 

                Dave is their product that not only does AD integration, but offers file sharing and so on.

                 

                http://www.thursby.com/products/dave

                 

                HTH.

                 

                Doug

                1 of 1 people found this helpful