Up previously, I've just taken care of connect with Windows customers and also the periodic * nix web server. Quickly, a couple of customers with Macs will certainly get included in our network. What are some "gotchas" to keep an eye out for when including Macs to the network? Key problems below: compatibility with Active Directory and also security
If you have sufficient Macs, I would certainly recommend including a Mac web server - to create the so called "Holy Trinity". You do not also require to acquire an Xserve - OSX web server works on a Mac Mini!
The Macs usage ADVERTISEMENT for all the regular access/permissions and also the Mac web server for Mac details job such as updates (you'll locate a Mac variation of WSUS called Software Update Server). You can additionally make use of the Mac web server release alternatives (NetInstall) for installs.
One point it took me a while to identify: if you set an "acquire" ACL on a folder, it will just influence freshly developed documents - the "gotcha" being that if a customer "drags and also goes down" a documents right into the folder concerned, the approvals for the folder will not transform at all (unless it is dragged from a various quantity, where it will, fundamentally, be replicated and also pasted). For the documents to think the acquired ACL you set, they will certainly need to "replicate and also paste", or by hand set the approvals ... possibly (given that ACL actions need to theoretically coincide) this takes place on Windows also, I do not recognize, yet it deserves duplicating.
I recognize of a couple of end - customer assistance concerns you could run into:
- Renaming a user's home directory can cause "missing files"
- While this has actually given that been dealt with, earlier versions of OS X had some ADVERTISEMENT assimilation concerns sometimes.
- Replacing a folder with a folder of the same name can have semantical distinctions from what you are made use of to.
- It is feasible to surprise a directory (under particular conditions) by drawing up a file with the same name.
Here is an excellent method, never mind attempting to get OSX itself to connect to your ADVERTISEMENT - it can be done yet I think it is not that very easy and also can take a reasonable little assistance. Acquire something called 'AdmitMac' from http://www.thursby.com/ - it takes all the discomfort away and also is certainly sustained by them straight. Oh and also do not allow your macs make use of any kind of methods that you are not satisfied with, they are really adaptable yet they need to function around you not vice versa.
Updates ... although OS X can confirm to ADVERTISEMENT there is absolutely nothing that needs them to upgrade their computer systems. See to it you talk with them concerning mounting the updates as they appear. There actually isn't any kind of means to compel them to do it though.
Some variations of OSX crash a whole lot when attached to a home windows 2003 web server that has energetic directory site made it possible for. They appear to have actually repaired it at some time yet I could not inform you when. So maintain to date.
Relying on that obtains the equipment, you might or might not intend to enable network logon. While you can limit customer accessibility (making use of adult controls) you could simply intend to make the customer not a manager and also leave it at that as several applications self upgrade and also generate various other applications, so limiting them can bring about problem. I've constantly offering my mac customers complete aministrative accessibility and also never ever saw any one of the troubles emerge that I've seen my home windows customers get involved in when they have complete admin accessibility to their boxes. There's primarily no spyware or infection's for the mac, it makes it a whole lot less complicated to keep.
You need to additionally keep in mind that every mac has "net sharing" capacity that features a DHCP web server which can create problem.
Additionally enable imap in exchange and also allow them make use of apple's "Mail". It's globes far better after that entourage. Additionally the personal digital assistant has actually ldap assistance constructed in. There's absolutely nothing else unique to the mac that enters your mind.
You could intend to buy an energy that disables the production of.DS _ Store files on network quantities. Or else you'll locate these little files turning up throughout your network quantities as the Mac users utilize them.
I make use of an application called Cocktail for this.
I developed a
/etc/resolver, and also inhabited this documents with the nameservers for the
company.localADVERTISEMENT domain name. This permits Mac OS X to make use of typical DNS to settle
subdomain.company.local), while. still permitting Rendezvous to run. as anticipated.
The only downside I've attended this. strategy is that the nameservers in. this
company.localdocuments do not upgrade. using DHCP, so I need to upgrade them. by hand.
Here is an extra main assistance record from Apple which will certainly parse your existing
/etc/resolv.conf to inhabit the documents in