I am working in a mixed environment of Mac OS and Windows machines, which the domain controller is Open Directory served by a Mac server. Actually, Mac and Windows both are installed on every machine and could be selected on boot time.
As a longtime problem, we could not join Windows 7 users to Open Directory domain. That's why I decided to setup an Active Directory server for Windows users and leave Open Directory for Mac users. Then the next problem was we must have each user twice in both Open Directory and Active Directory.
My question is: Is there a way to configure AD to relay its authentication requests to OD user database, and also load home directories from a shared point on the network?
An Open Directory can be used as PDC or a BDC and yes you can replicate active directory into your Open Directory server. once that is said, setting up a new Open Directory BDC is not a question of two lines of code. I'll suggest you to read the following:
http://manuals.info.apple.com/MANUALS/1000/MA1180/en_US/OpenDirAdmin_v10.6.pdf
you may find more than you are looking for. :)
Related
I tried to set a FileZilla FTP Server for my boss. When downloading files from FTP, we got error 550. I promise I had set all accession for that group, which means they should be able to do anything they want on that path.
Fine, I set accession for each user. It did work, for I can download the test file on the server computer.
Then I came back to my computer and tried to download files from that path, but the only file I did not get error 550 is the test file that I tested on the server computer.
What's going on and what can I do?
Well, I've found the answer.
The reason for all that I described is that windows file permissions do not match the FileZilla permission control system. That's where the error 550 comes from.
To limit the file permissions of FileZilla, I built a Guest user and transferred its ownership to the guest user. This can stop hackers from hacking the system by FileZilla service. When we drag a file to the FTP shared file folder by windows explorer, the file's owner is not the FileZilla administrator, but yourself.
That means FileZilla has no permission to do anything on those files.
The group's working (sorry for I didn't test it). That's why I can see two public folders after I added that shared folder for every user.
The solution is just use your FileZilla client to transfer files. Do not drag files by explorer.
I have an issue with mounting Windows file share in Cygwin.
We have Windows file share which is using NFS to share content. I was assigned to install Cygwin on it so some application can connect over SFTP to that server.
Now they need to access the shared folder from that application and the app would pull data from that folder.The thing is that the folder is Windows shared folder (exmple; \server\photos). the current Windows users need to be able to connect to that share (it is mapped to their M drive) and the app need to connect to SFTP and pull the data from there.
My idea was to mount that NFS share in Cygwin and set it as /home directory so when the app connects, it automatically goes there.
My questions are: is this possible, and does anyone know any better solutions?
I am open for all suggestions.
Thank you.
Cygwin views the top of its directory tree / to be within the Windows directory C:\cygwin64 (or whatever its installation directory was). As a result, you are unable to move above that point in the filesystem from a Cygwin shell. The solution is to go through Cygwin's directory /cygdrive, which is automatically set up as the access point where all Windows disk drives are mounted. If your shared folder is mounted in Windows as M:, you should be able to access it in Cygwin as /cygdrive/m without any additional work.
As far as setting it up as /home, you might be able to create a symbolic link from /home to /cygdrive/m if that is what you need.
I have a windows application getting ported for Mac.In windows i store encrypted data in the registry.But when it comes to Mac im unfamiliar.
The application is licensed per PC.So all Users using the Machine will be able to use it.So in windows im storing the key in HKEY\LOCAL MACHINE
How does user access rights work in Mac? Where do i need to store the data?
This type of data is usually stored in a file in Application Support directory. If you want to store one file for all users you should choose /Library/Application Support system directory.
The directory is not user-writable, so you will have to run installer with root privileges. This directory can't be used by sandboxed apps.
You should create a subfolder in this directory and store your file inside.
For more information see The Mac Application Environment, especially Table 1-1, "Key directories for Mac apps", and File System Basics.
Edit:
Usually OS X apps don't need any installation. They are self-contained bundles that can be run from any location. Usually you keep them in Applications folder (drag it there). System wide /Applications folder is accessible for all users. There is also private ~/Applications folder in each user's home.
On the other hand apps that need to install data to system folders use installers. Installer usually copies application bundle to /Applications folder, but also handles authentication and asks user for admin credentials. Installers may also run scripts.
Maybe your license could be generated by a script during installation?
If not, you would have to generate license file on first application run. In such case, if you want to keep one file for all users in /Library/Application Support, you will have to escalate privileges and ask user for admin access. If you don't want to do that, consider storing separate license file for each user in their home ~/Library/Application Support folder.
I'm not great with windows server so not sure of the best way to describe this. I have a Windows 2003 Server box running IIS 6. I'm giving a designer FTP to a specific folder on the root and allowing read/write access. This is so they can't touch the rest of the website.
However, his scripts surely would be able to? For example he could create an upload script? What's the best way to "self-contain" this folder?
Cheers,
RJ
What i would do if possible is to remove the execute rights for that folder in IIS
In IIS MMC expand the website, select the folder and open the properties windows.
On the Home Directory tab, Change the execute permissions to **NONE**
This would allow them to upload files (any files) but scripts in that folder will not execute/run
Hope this helps.
we have a design office full of macs, but we want to achieve a robust user arquitecture, we're thinking in using windows server active directory for this task.
Is it possible to connect macosx machines to a windows server domain and user its login features and group features and permissions for file server?
Is it an easy task?
Thank you so much
It should be possible to have client machines connect to an Active Directory server. Go to System Preferences ยป Users and groups and select Login. At the bottom of that preference pane where is an option to connect to a directory server.
No idea how easy it will be to setup. I'm on OS X Lion by the way.