Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
101102103104105106107108109110
104 Chapter 7 Managing Directory Access
In addition, you must add the Active Directory domain to a custom search policy in the
Authentication or Contacts pane of Directory Access.
If you selected Authenticate in multiple domains” in step 7, adding the Active
Directory forest to a custom Authentication search policy enables this computer to
authenticate users from any domain in the forest.
If you deselected Authenticate in multiple domains,” you can add domains
individually to the search policy.
For instructions, see “Enabling or Disabling Active Directory Service” on page 84 and
“Defining Custom Search Policies” on page 89.
Enabling or Disabling Active Directory Credential Caching
Using Directory Access, you can enable or disable the use of offline authentication
credentials from an Active Directory domain accessed by the Active Directory plug-in.
A user with Active Directory credentials cached on a Mac OS X computer can log in
while the computer is disconnected from the network. This credential caching does not
require modifying the Active Directory schema. If the Active Directory schema has
been extended to include Mac OS X managed client attributes, their mobile account
setting will be used instead of the Active Directory plug-in’s cached account setting.
To enable or disable caching of authentication credentials from an Active
Directory domain:
1 In Directory Access, click Services.
2 If the lock icon is locked, click it and type the name and password of an administrator.
3 Select Active Directory in the list of services, then click Configure.
4 If the advanced options are hidden, click Show Advanced Options.
5 Click “Cache last user logon for offline operation.”
Specifying a Preferred Active Directory Server
Using Directory Access, you can specify the DNS name of the server whose Active
Directory domain you want the Active Directory plug-in to access by default. If the
server becomes unavailable in the future, the Active Directory plug-in automatically
falls back to another nearby server in the forest. If this option is unselected, the Active
Directory plug-in automatically determines the closest Active Directory domain in the
forest.
LL2352.Book Page 104 Friday, August 22, 2003 3:12 PM