Some of our end users made the request to use Macs in our environment, which has been basically all Windows (except for a few Linux servers). I set about finding the best way to manage these Macs in our little Windows world. I put the question out to other admins to see what they were using to manage Macs and the answers I got back were mostly along the lines of “we don’t” or “let us know what you end up doing.” Those options weren’t viable for us so here are the other options I found: Changing the Active Directory schema so that you can manage Mac policy via Group Policy Management, using software like Likewise or Centrify, or setting up what is called the “Magic Triangle.” I went with the latter as it seemed to be the option that offered the most flexibility while still managing the devices with account policies. From the research I’ve done, changing the Active Directory schema is the least recommended setup as it could corrupt your current Active Directory setup and doesn’t work 100% of the time. The Magic Triangle in Figure A describes the links between the Mac Server, Active Directory Domain Controller, and the Mac clients.
In this first part of a series of posts, I will go through the initial steps I took to install the necessary apps and try to save any of you from some of the troubleshooting (and starting over) that I had to go through. Mac OS X Lion Server is not exactly what I would call enterprise ready, but it seems they’re working on it. In this series I’ll be specifically talking about Lion server 10.7. Be warned, different versions may have different options and there doesn’t seem to be a whole lot out there specific to 10.7, but it is pretty close to 10.6. You can purchase Mac OS X Lion Server from the Apple Store for $50 and install it on a currently running Mac OS X machine like a Mac Pro or Mac Mini. I downloaded the Mac OS on a USB stick and started there. Here is a very detailed step-by-step:
- Insert the USB with Mac OS X in the Mac device
- Press the Option key while it is booting so that you may select the boot device
- Select the Mac OS X USB to boot
- Select Disk Utility to create and name partitions.
- Close Disk Utility
- Now choose (Re)install Mac OS X at the beginning menu
- Choose the drive you’d like to install the OS on (most likely the partition you just created) and give it a few minutes to install.
- Go through the account creation wizard
- Login using the account you just created which is by default an admin account
- Click on System Preferences in the dock to open it
- Click on Network
- Configure the Ethernet Adapter accordingly (I used a manual configuration to give it a static IP)
- Click Show All to return to System Preferences
- Click on Sharing
- You may edit the server’s name here (let’s call it MacServer) *Avoid using hyphens
- Put a checkmark next to Remote Login and Remote Management.
- While Remote Management is highlighted click on Computer Settings and put a check next to Anyone may request permission to control screen and VNC Viewers may control screen with password (enter a password in the password field).
- Now you may go back to your workstation and connect to the IP address using a VNC Viewer. Before you click to connect, click Options and select Hextile and Full (all available colors). You will not be able to connect if you don’t use these options.
- Once connected, make sure you have an internet connection and then click on the App Store icon in the dock and search for OS X Lion Server. Purchase and download it.
- Click on the server icon and click through the wizard to finish the installation.
At this point you have a Mac Device that you’re using as a Mac Server, a Windows Domain Controller (I’m assuming) and at least one Mac client machine to test with. For the Mac client, I suggest not using a Mac Book Air, as it does not have an Ethernet port. It seems that most of the configuration requires all of the components be on the same subnet (for example 192.168.1.0/24). The configuration will not work on different subnets or over wireless, even if your wireless has access to your network using an ACS or something like that. If you do have a Mac Book Air, you can purchase a dongle so that you may connect to the network using a network cable and that seems to work pretty well.
In the next posts I’ll go through configuring the magic triangle and setting up some of the policies I am using. I highly recommend going through not only the steps, but the actual blog posts in order, as that seems to be VERY important (luckily I only had to completely wipe everything once and start over once…). Good luck!