> On Mar 23, 2015, at 7:28 AM, Jonathan Billings <billi...@negate.org> wrote: > > On Mon, Mar 23, 2015 at 07:39:12AM -0400, Jason Healy wrote: >> I’m looking to tap the collective wisdom for product selection >> advice and also recommendations for professional services for our >> environment. We’re looking to replace our current authentication >> system. We’re a K-12 that’s all-Apple (about 500 client machines). >> On the server side, we’re a mix of OS X, Linux, and BSDs. > > I'm amused everyone seems to be telling you to set up an AD > infrastructure when you have absolutely no windows clients or > servers.
That’s because AD is a first tier directory server for OS X systems. Arguably, at this point, Apple provides better support for AD than OD. With the release of each version of OS X Apple releases a best practices white paper for integrating with AD. The Yosemite update can be found here: http://training.apple.com/pdf/wp_integrating_active_directory_yosemite.pdf Googling should find the previous editions. However, imho, you should avoid binding end-user Macintosh systems to a directory server and focus on the integration of organizational services (like file servers and web applications). If you do bind OS X systems to a directory server make sure to test-test-and-retest every single OS upgrade before deploying. Apple has a habit of carelessly breaking login authentication against directory servers and requiring undocumented workarounds or fixes. You should budget for enterprise support tickets in such cases since talking to a senior advisor at Apple is probably the only way you’ll find a fix in a timely manner. But of course, ymmv based on different needs and willingness to fiddle. Good luck! Gil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
