[K12OSN] mac OS X and win2003 and LTSP integration

"Terrell Prudé, Jr." microman at cmosnetworks.com
Sat Aug 27 06:10:08 UTC 2005 

Joe Guenther wrote:

> I have a problem ... yes we only ask when we have problems it seems.
>
> I have a school that currently has a Macintosh OS X server as the 
> student file server (Samba) and Mac netboot.  It also authenticates 
> mac iBook, etc via Open Directory.  Now the school has been forced to 
> make big changes ... the former tech has left, the school is half 
> ready for the start of school and a new Windows 2003 server is being 
> brought it to replace the Mac OS X server.  At any rate I have been 
> asked to integrate a new LTSP lab into the whole scheme of things.
>
> The problem being - currently DHCP is being served by the Mac OS X 
> server. If we turn that off half our school users on Macs cannot login 
> to the Open Directory.  DHCP also seems to serve certain LDAP 
> parameters to the mac clients.  IF the mac serves DHCP, the LTSP 
> terminals will not boot!!  problem ...
>
> is there a solution to tweak the Mac OS X server to serve the 
> appropriate bits of info to the LTSP clients? The GUI leaves very few 
> DHCP server options ... where is there/is there a test conf file to 
> tweak or hack?
>
> is there a way of serving the mac tidbits from the Linux server?
>
> It seems we have to have the mac server around long enough to get the 
> mac authentication working on Win2003 server, so until then the two 
> have to co-exist _peacefully_ in the same rack.
>
> can anyone help point me in the right direction?  I am currently as I 
> write this working on the LTSP authentication to Active Directory.  I 
> am running 4.2.1EL and following the instructions from  
> http://enterprise.linux.com/article.pl?sid=04/12/09/2318244  I assume 
> that the NSS_LDAP package is already updated as this article refers to 
> ver 207 on Fedors core 1.  I notice mine is 226.6.  Thus I will run 
> the Microsoft  Services for Unix 3.5 and the authconfig as per the 
> article and see what happens.  But the DHCP issue is not resolved.
>
> Joe Guenther
> Chinook's Edge School Div


Just curious.  Given that GNU/Linux supports AppleTalk, Samba, and LDAP, 
then why not just replace the Mac OS X server with a GNU/Linux server 
instead of Windows 2003?  Apple's "Open Directory" is just an OpenLDAP 
server that uses Kerberos authentication.  My "educated guess" is that 
Apple's built-in DHCP server is configured to give clients DHCP option 
95, which is the option that says "hey, go use this LDAP server" (in 
this case, itself, since it's running the LDAP directory).  Any Mac 
clients that are configured for a so-called automatic search policy 
will, I understand, use this DHCP option if presented with it.  Here's 
the RFC that talks about the option.

    
http://www.iana.org/assignments/bootp-dhcp-extensions/bootp-dhcp-option-95

ISC DHCPD, as you might expect, can be configured to use option 95 as 
well.  Here's a quick 'n' dirty example snippet.

  option ldap-server code 95 = text;
  authoritative;
  subnet 192.168.0.0 netmask 255.255.255.0 {
     range 192.168.0.2 192.168.0.254;
     option ldap-server "ldap://192.168.0.1/ou=MyOrganizationalUnit";
  }

--TP
_____________________
Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it 
out! <http://www.mozilla.org/thunderbird>

More information about the K12OSN mailing list