authenticating windows workstations off open directory

rurouni bill

Hi all,

I'm new here and new to Macs generally. I'm working for a boarding school that has a 50/50 split of Macs to PCs for workstations and most of the servers are Mac OS X. (some 10.3, some 10.4).

I'm trying to set up Open Directory on one of the 10.4 servers. Everything seems to be going ok. My question is this... what is the best way to authenticate a windows workstation (XP specifically) to an open directory master? I see lots of walkthroughs on how to authenticate a Mac workstation to an AD server but none the other way.

I've set up the server as an OD master and as a PDC in the 'windows' settings under server admin. I can join a windows workstation to the 'domain' I set up, but it doesn't seem complete. for instance, when I'm on one of the joined PCs and I try to copy my old 'local' profile to my new domain-based profile, I need to assign permissions to the new profile location. But I can't choose the domain I created as a source of user accounts. (not sure if I'm explaining this clearly)

Is it best to not join the PC's to the Mac-based domain and let them authenticate when they go to shared folders instead? That seems easier, but then I lose all the cool points of centralized authentication (i.e. changing the administrator password on all workstations at once versus going around one by one.)

Ok, thanks for any help. Sorry for the long-windedness.