Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
161162163164165166167168169170
 Changing the Active Directory Groups That Can Administer the Computer
on page 169
 Controlling Authentication from All Domains in the Active Directory Forest on
page 170
11 Click Bind, use the following to authenticate as a user who has rights to bind a
computer to the Active Directory domain, select the search policies you want Active
Directory added to (see below), and click OK:
 Username and Password: You might be able to authenticate by entering the name
and password of your Active Directory user account, or the Active Directory domain
administrator might need to provide a name and password.
 Computer OU: Enter the organizational unit (OU) for the computer you’re conguring.
 Use for authentication: Use to determine whether Active Directory is added to the
computer’s authentication search policy.
 Use for contacts: Use to determine whether Active Directory is added to the
computer’s contacts search policy.
When you click OK, Directory Utility sets up trusted binding between the computer
you’re conguring and the Active Directory server. The computers search policies
are set according to the options you selected when you authenticated, and Active
Directory is enabled in Directory Utility’s Services pane.
With the default settings for Active Directory advanced options, the Active Directory
forest is added to the computers authentication search policy and contacts search
policy if you selected “Use for authentication or “Use for contacts.”
However, if you deselect Allow authentication from any domain in the forest” in
the Administrative advanced options pane before clicking Bind, the nearest Active
Directory domain is added instead of the forest.
You can change search policies later by adding or removing the Active Directory forest
or individual domains. For more information, see Dening Custom Search Policies” on
page 129.
12 (Optional) Join the server to the Active Directory Kerberos realm:
On the server or an administrator computer that can connect to the server, open Â
Server Admin and select Open Directory for the server.
Click Settings, then click General. Â
Click Join Kerberos, then choose the Active Directory Kerberos realm from the pop- Â
up menu and enter credentials for a local administrator on this server.
For more information, see Joining a Server to a Kerberos Realm on page 102.
162 Chapter 8 Advanced Directory Client Settings