Authenticate by LDAP or NT Domain?

g4titanium

Registered

Does anyone know how to get OS X to autenticate against an NT domain controller, or alteratively an LDAP server?

Thanks

Paul
 
LDAP is in there already ( but read only at the moment ).

In /Applications/Utilities there is a tool called Directory Services. It has a plugin architecture for authentication.

Apple has provided plugins in the GUI for NetInfo and LDAP.

( I think NIS will work as well, but I think that requires command line configuration of lookupd )

If you want it to be a client of Active Directory, Openview, NDS or whatever, a plug in will be needed to talk to it directly, OR if that service can present itself as LDAP that may be a solution as well.

 
Can these be used to help OSX dial into an NT RAS? I'm being booted out at the authentication stage, and I think I need to point it at a specific NT domain.
 
Originally posted by tismey
Can these be used to help OSX dial into an NT RAS? I'm being booted out at the authentication stage, and I think I need to point it at a specific NT domain.
This might be unrelated, but logging into an NT domain often requires you to put the domain and host in the same field like "[nt domain]\[hostname]". (It might be / instead of \.) I know we have to do that when ftp'ing to our NT boxes at work.
 
I think the / can go either way. Also, I think you need to have a computer account on the domain controller as well as a user account.
 
Thanks guys, but still no dice. Thing is, I can't make any changes on the server side - our netadmin isn't about to do anything which requires thinking to help out a Mac user.

In my gut, I feel like it MUST be possible. I've been able to hook my TiBook up to the NT LAN (using sharity), I can connect to our Oracle databases (using SQLGrinder) and now VPC test drive is out, I can ControlIT into our webservers. I was told that all of these things weren't possible by our netadmins. So I refuse to believe that they've foiled me at the last hurdle, which is getting onto the network remotely.

One of the guys here can dial into the RAS from his linux box without any server-side changes being made, so I can see no reason why I shouldn't be able to do it from OSX. If all else fails, would it be possible to port over the dialler he uses (I know nada about this side of things at the moment - perhaps a good time to start learning)?
 
Can you use PAM (pluggable authentication modules) in osx. If so you could use a ntlm pam thingy for authentication against a Win2k (or NT) box. Alternatively there's a kerberos bundle in my system/library/Authenticators folder (thoughy it could have come from installing DAVE). Win 2k can use Kerberos for authentication - any idea where this is used?

Kieron

 
Back
Top