Best Practices for Integrating OS X with Active Directory - Yosemite

jarednichols
Honored Contributor

We've released a refresh of the AD integration technical document here: http://training.apple.com/pdf/wp_integrating_active_directory_yosemite.pdf.

6 REPLIES 6

dlondon
Valued Contributor

Hi Jared,

Thanks for that. Do you or anyone else know why it says "To properly support Kerberos, both forward and reverse Domain Name System (DNS) records should be accurate for Kerberized servers".

What is it about reverse DNS that is important? If you don't have it, what will break/not work?

Regards,

David London

rblaas
Contributor II

@jarednichols I know this is an old topic.
But perhaps you or someone else has made a best practice for El Capitan?

The link provided for Yosemite is not working anymore.

Regards,

Ronald

bpavlov
Honored Contributor

Are you running into a particular issue with El Capitan?

rblaas
Contributor II

@bpavlov

No, I am currently working on a script (bash) to read out the expiry date and sent a notification to the user.

mjsanders
New Contributor III

The latest whitepaper is for 10.10: on this page
direct: link

Ronald: for password expire dates I can recommend this ADPassMon tool, and similar KerbMinder.

rblaas
Contributor II

@mjsanders

Thanks for the link.

As far as Password Expiry Notifications I have seen ADPassMon. But I have create a bash script which will tell the user via CacaoDialog there password is expiring..

Still finetuning the script but a preview can be found here: link

I do have an update on this script but not fully tested it. In the new script I read out the Exact date for Password Expiry. (Just like ADPassMon does)