Managing Ad Users With 10.4 Server / Od / Workgroup Manager

topkat2000

Registered
I have both AD users and OD users logging into to 10.4.2 clients. The clients are bound to my win2000 AD server using the AD plugin, and also connected to the OD server via LDAP. When the OD users log in, they get custom preferences that I've assigned them in Workgroup Manager (like dock, app, finder prefs). Now, I'm trying to figure out how to do the same for the AD users...I want to assign the AD users "Mac-specific" prefs using Workgroup Manager. Is this possible?

Here is the situation... The AD user logs in and is authenticated directly to the AD server. He is then assigned a local home directory on the client (which I want), BUT he is assigned preferences based on the local default user account on the client. I want those prefs to come from the Workgroup Manager on my OSX server (10.4.2), just like with my OD users.

Here is what I have done... Like the clients, the OSX server is bound to AD (in addition to being an OD Master). So when I go into Workgroup Manager I can see both my OD and my AD. I created a group in OD called "Managed AD Users". I then added the AD group called "<MyDomain>\users" to this new OD group...thinking that it would then make ALL of my AD users members of this OD group. I then assigned the new OD group certain preferences (dock, app, finder, etc.). However, as I said, these prefs are not being assigned when the AD users log into the clients. To test that the OD group prefs are working at all, I also added an OD user into the new group. When I log in as that OD user, I do in fact get assigned the prefs that I want the AD users to get.

Would I be correct in assuming that this isn't working because the AD users are authenticating from the client directly to the AD server? If the OD server isn't involved in the transaction, then how would it know to assign these preferences? In order for this to work, do I need to somehow have the AD users authenticate to the OD server, and have the OD server perform some sort of "pass-through" authentication to the AD server for them? (And in the process, assign them the prefs I've specified in Workgroup Manager) Hopefully someone knows what I'm rambling about here... :D

If anyone has done this or knows anything of this, I would be very grateful for some helpful info. Thanks in advance!

Josh-
 

azhaze1

Registered
Man, i have the same EXACT ISSUE that you are positing about, please let me know if you find a resolution
 
Top