On Dec 19, 2008, at 7:55 PM, Nigel Kersten wrote: > > On Fri, Dec 19, 2008 at 2:29 PM, Carl Caum <carl.c...@gmail.com> > wrote: > > Does anyone know how to go about joining Mac OS X Leopard to an Active > Directory domain with puppet? > Primarily it needs to be broken down in to doing LDAP authentication > with a few attribute mappings and using kerberos for the password > authentication. > > You're going to want to push out your DS preferences and then do an > exec for the joining of the machine account I imagine, although you > could do some of this with templates..... > > How were you doing this before Puppet? > > There are no native types now, because those of us doing the Mac > stuff with Puppet don't work in AD environments :) > > I'm more than happy to spend time helping you work through this > though Carl. I'm reasonably familiar with AD integration even though > we don't do it here. > > This would be a great recipe to get up on the Puppet wiki.
We are in a large AD environment using Puppet. We currently handle the AD joining outside of Puppet with a python script in a launchd job that runs at first boot, though we will probably be moving this to Puppet. The typical steps are: Make sure time server is set and time is set correctly ( ntpd.conf or exec systemsetup ) Activate AD plugin by enabling it in DirectoryService.plist. ( just a simple key value but I think you need to restart DirectoryService for it to notice ) Configure AD plugin using dsconfigad options. ( this can take a lot of options all of these just change key values in ActiveDirectory.plist ) Join to domain using dsconfigad with a limited AD account and password with permissions to add machines to your OU. ( this would need to exec the dsconfigad command with username, password, OU, machine join name. Unfortunately the password is passed to dsconfigad in clear text as a parameter ) Set the authentication search path to Custom, and include your AD domain node using dscl. ( dscl exec ) We do manage the time server with Puppet and setting a couple of mapping attributes in the AD plists. I'm happy to help you get this all working in Puppet as well. Kyle --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
