Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
919293949596979899100
Chapter 5 Setting Up Open Directory Services 93
Open Directory Password Server in Mac OS X Server v10.4 or later supports NTLMv2
authentication, but Password Server in Mac OS X Server v10.3 or earlier does not
support NTLMv2.
Similarly, if you congure Mac OS X Server v10.4 or later to access a directory domain
of Mac OS X Server v10.2 or earlier, users dened in the older directory domain cannot
be authenticated with the MS-CHAPv2 method. This method might be required to
securely authenticate users for the VPN service of Mac OS X Server v10.4 or later.
Open Directory in Mac OS X Server v10.4 supports MS-CHAPv2 authentication, but
Password Server in Mac OS X Server v10.2 does not support MS-CHAPv2.
10 If the server you’re conguring has access to a directory system that also hosts a
Kerberos realm, you can join the server to the Kerberos realm.
To join the Kerberos realm, you need the name and password of a Kerberos
administrator or a user who has been delegated the authority to join the realm.
For more information, see Joining a Server to a Kerberos Realm on page 102.
Setting Up a Server as a Mac OS X Server PDC Domain Member
Using Server Admin, you can set up Mac OS X Server to join a Windows domain hosted
by a Mac OS X Server PDC. A server that joins a Windows domain can provide le,
print, and other services to users with accounts on the PDC.
The domain member server gets authentication services from the PDC or a backup
domain controller. The server can host user proles and home folders for users
who have user accounts on the PDC. The domain member server does not provide
authentication services to other domain member servers.
When authenticating, use an LDAP directory administrator account. You can’t use
a local administrator account, such as the primary server administrator account
(user ID 501).
To join Mac OS X Server to the Windows domain of a Mac OS X Server PDC:
1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select SMB.
4 Click Settings, then click General.
5 From the Role pop-up menu, choose Domain Member, then enter the following:
 Description: If you want, create a description. This description appears in the My
Network Places window of Windows XP and 2000 (the Network Neighborhood
window of Windows 95, 98, or ME), and is optional.