While Macs enjoy growing market share and higher visibility within businesses, most Mac environments are heterogeneous, requiring some form of co-existence with Windows servers. Whether Windows servers are powering email, printer connectivity, remote access, file sharing or all of the above and more, several options exist for integrating with Active Directory.
10.7.2 made things better
Organizations reported a fairly wide range of issues trying to integrate Active Directory services and authentication, especially across larger networks, with Mac OS X Lion's release. However, Apple's 10.7.2 update is commonly accepted as having addressed many integration issues and errors.
Apple touts its Open Directory, a foundation of the Lion release, as leveraging standard protocols. Due to its support for LDAP, Kerberos and SASL, Open Directory integrates with Active Directory with little effort and enables extending Windows PC username/password authentication to Macs, enforcing Windows-based password policies on Macs, deploying single sign-on access to Active Directory administered resources and forcing client management policies and administration strategies.
Of course, every directory services implementation is different. Adding a heterogeneous OS in the form of Mac OS X to a Microsoft Windows network introduces complexity that sometimes benefits from the assistance of third-party tools. Several options exist.
Centrify Suite for Mac OS X
In addition to helping extend Active Directory authentication and policies to Macs, Centrify Suite for Mac OS X adds features to perform auditing functions, support mounting home directories on Mac desktops, and connect Macs to DFS-enabled shares. Centrify also enhances security by adding support for Smart Cards, automated certificate enrollment and encrypted disk access.
PowerBroker Identity Services Open Edition
Open source integration products are available, too. PowerBroker (formerly Likewise Open) offers an open source alternative for helping manage identities, authentication, password policies and even single sign-on when integrating Macs within an Active Directory environment. A vast array of OSs are supported. Administrators can review the complete list online.
Thursby Software ADmitMac / Dav v9
Similar to Centrify, Thursby Software offers tools to support both Active Directory integration and the ability to connect to DFS-based volumes. Thursby's ADmitMAC v6.0 extends Active Directory administration to Mac systems, while its DAVE v9.0 product powers DFS support for Macs. DAVE also provides full support for home directories using native Microsoft protocol implementation as opposed to protocol conversion. ADmitMac, meanwhile, supports extending Windows group policy administration to Macs along with single sign on and additional authentication features while maintaining SOX, PCI and HIPAA compliance.
Quest Software Authentication Services
Quest Software maintains a wide range of Active Directory tools and utilities. The company also offers cross-platform tools to assist Unix, Linux and Mac administrators in integrating those systems with Microsoft directory services. Authentication Services is one such product. The utility assists in extending Active Directory-based authentication, authorization and administration to Mac systems, among others. Authentication Services helps Windows administrators more easily integrate Macs, leverage existing Windows server infrastructure, and investments better manage access controls while further extending the reach of Windows-based group policies.
Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president of Eckel Media Corp., a communications company specializing in public relations and technical authoring projects.