Help

Macs running 10.8 and integration with AD running on Windows Server 2012 domain controllers

blackholemac
Valued Contributor III

Posted on ‎07-11-2013 12:03 PM

I was just wondering if anyone out there knows of any pitfalls involved in integrating Macs with Windows Server 2012 for an AD domain controller. Our admins want to bump up some of our DCs this summer and at least took the time to ask before doing so if there were any issues with Mac integration.

0 Kudos
Reply
3 REPLIES 3

maxbehr
Contributor II

Posted on ‎07-12-2013 06:11 AM

We have had no problems. We are using the Centrify plugin (for smart card authentication).

0 Kudos
Reply

blackholemac
Valued Contributor III

Posted on ‎07-15-2013 04:57 AM

We aren't using Centrify, but thanks for posting. I'm hoping there aren't any built in AD plug in issues or Kerberos issues or what not. It used to be that for Macs to work back in the 2008 (pre R2 days) that Windows NT support for clients had to be turned on. Since those days and since Apple is now using a new AD plug-in and new SMB project to replace Kerberos, I don't think this type of thing is likely to come up, but I wanted to check since our Windows folks actually seem to care and want things to work well with Mac integration.

0 Kudos
Reply

maxbehr
Contributor II

Posted on ‎07-15-2013 06:37 AM

Yeah, I've had good success with testing with the Apple plugin as well. No need to downgrade security settings (signing of packets etc) on the domain controller. Although Apple has replaced SAMBA with their own SMB agent, kerberos is not going away. It along with LDAP are basically the foundations of Active Directory. They have replaced the MIT version of Kerberos with the Heimdal implementation. One issue that we have had is with network time. For some reason our Windows guys can't seem to get NTP working correctly for non-windows clients. We've had clock skew issues because the domain controllers are out of sync not only with each other but with Macintosh clients as well.

0 Kudos
Reply