Answers in line to additional questions
> From: Noah Eiger <[EMAIL PROTECTED]> > Organization: PRBO Conservation Science > Reply-To: <[EMAIL PROTECTED]> > Date: Wed, 26 May 2004 10:36:54 -0700 > To: Active Directory List <[EMAIL PROTECTED]> > Subject: [ActiveDir] SUMMARY: Mixed network PC and Mac -> AD or XServe > > First, thanks to Charles Soto and Nicholas Froome. > > In general, my question was about the best way to implement directory > services (including single sign-on, authentication, and directory security) > for a mixed network of PCs and Macs (30 Macs, 40 PCs). Would one run Open > Directory or Active Directory (I did not consider third-way options like > Novell's eDirectory or *nix NIS)? I also wanted to know about performance > issues for Macs accessing Windows volumes or vice-versa. I also posted this > question to an Active Directory list. > > The short answer is that this is quite complicated and that neither AD nor > OD services the other clients with 100% functionality. While I am still > researching this topic, here is some info that I gleaned from responses to > both lists: > > FINDINGS: > - OD is more complex to administer. This is, of course, opinion. I am not > sure if this is due to the greater distribution of Windows and AD or of > something inherent about OD. I disagree, it may be more a pain in the ass because of the workgroup manager interface, but certainly not more complex. > - AD's real strengths are in spreading directory services across multiple > sites and with integrating AD-aware applications such as Exchange or > SQLServer or RIS. > - OD offers better basic services to Windows clients than AD does to Mac > clients (though this might be changing, see next). > - OS X 10.3.3's Active Directory Plug-in goes a very long way toward > allowing Macs to function within AD just as PCs do. > - Don't waist energy on getting Mac OS 9x clients to talk to AD. Go 10.3.3. > - This is a quote: "Now, lets talk about AFP. Dump it... Get rid of it... it > is as 80's as Ferris Bueller and while it may work in movies, technology > needs upgrades. (chicka chicka... chicka chicka... omp omp OOOOOHHHH > Yeaaaaahhh! Sorry little bit of 'yellow fever') No wonder Microsoft is > getting rid of it, Apple should too. Macs do great with smb:// cifs:// > ftp://, etc. , I haven't noticed any difference in file services to smb > shares between a pc and a mac connected to the same share over the same > network." > - Unless absolutely necessary, avoid running both services. Getting the > directories to share info is possible (since they both speak LDAP) but > complex. > - If you want to run Exchange, you need AD. > - Some folks pointed to Apple's lower cost since the server software is > included and there are essentially no client access licenses (CAL) as with > Windows. However, I found Apple's hardware to be pricy compared to similar > servers from Dell. Apple also uses IDE drives in their RAID enclosures. > > > REMAINING QUESTIONS: > - What is the performance of cross platform file service? Specifically, can > Mac clients running high-demand applications like Quark and Photoshop get > acceptable performance from Windows servers? Is something like ExtremeZ-IP > needed? I think that the cifs:// or smb:// file performance is fine. I am not a designer so I haven't attempted modifying huge uncompressed PhotoShop documents, but as long as you are on a 100mb Full Duplex network it should be fine. > - Can XServe volumes be managed by Active Directory? That is, can you add > and XServe as a member server of an AD domain? Yes, you can use the active directory plugin in 10.3.3 to add xserves to an active directory domain, and some creative vi'ing on the /etc/smb.conf file to manage authentication via kerberos. > - Would love to hear real-world experiences with the new AD Plug-in for > 10.3.3. The 10.3.3 plugin is not bad, but the 10.3.4(due to be released the end of this week) goes a little bit farther. There is still an issue gaining a kerberos ticket if you have a particular set of circumstances, but apple has been notified of the issue and is currently working on the problem. > - I consider some services like RIS to be pretty essential to speeding > deployment and recovery in a Windows environment. Are there similar > applications or services that require OD for Macs? Check out netboot for this purpose, it doesn't have any direct hooks into OD and isn't required to do your imaging. http://docs.info.apple.com/article.html?artnum=107912 And download "System Imaging Administration" > > RESOURCES: > You all might know about these already but here are some links: > > Apple Server resources: > http://docs.info.apple.com/article.html?artnum=107912 > > Microsoft Active Directory and SFM: > http://www.microsoft.com/windowsserver2003/technologies/directory/activedire > ctory/default.mspx > http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=windows200 > 0sfm > > Windows-Mac integration > http://www.macwindows.com > http://www.macosxlabs.org > http://www.4am-media.com > > Active Directory Integration > http://www.macosxlabs.org/webcasts/2004-03-16_ActiveDirectory/index.html > http://www.macdevcenter.com/lpt/a/4075 > http://www.bombich.com/mactips/activedir.html > > > File Sharing & Performance > http://www.grouplogic.com/products/extreme/overview.cfm > http://www.apple.com/xserve/performance.html > > > > Thanks again to all. Any further comments welcome. > > nme > ---------------------------------------------------------------------------- > -- > Noah M. Eiger > EIS Consulting for > PRBO Conservation Science > 510-717-5742 > [EMAIL PROTECTED] > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Sent using the Microsoft Entourage 2004 for Mac Test Drive. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
