The scenarios, The scenarios 639 – Apple Mac OS X Server (version 10.2.3 or later) User Manual

639

A P P E N D I X

B

B

Integrating Mac OS X Directory Services
With Active Directory

This appendix describes how information stored in an Active Directory domain on a
Microsoft Windows server can be used to

m authenticate Macintosh users who get file services from Mac OS X Server via the Apple

Filing Protocol (AFP)

m authenticate users who log in to Mac OS X computers and who have network home

directories located on a Mac OS X Server

Prerequisites for Integrating Mac OS X With Active Directory

You should be able to understand the examples described in this appendix without extensive
knowledge of Active Directory. Implementing these examples is another matter. To
implement the examples in this chapter, you must be familiar with Active Directory schema
concepts including classes and attributes. You must be able to install the Microsoft Schema
Manager tool on a Windows server. You must be able to use the Schema Manager tool to add
attributes and classes to the Active Directory schema.

The Scenarios

This appendix presents two scenarios for Active Directory integration. In each scenario, an
Active Directory domain authenticates Macintosh users and a Mac OS X Server hosts files for
the authenticated Macintosh computer users:

m In one scenario, a Mac OS X Server provides Apple file service for Macintosh users whose

accounts are stored in an Active Directory domain.

When a user connects to the server to access files through the Apple Filing Protocol
(AFP), the user is authenticated using Active Directory information. Then the user can
mount AFP share points for which the user has access privileges. Recall that a share point
is a hard disk (or hard disk partition), folder, or CD that contains files and folders you
want particular users to share. You set access privileges to control access to a share point.

LL0395.Book Page 639 Wednesday, November 20, 2002 11:44 AM