computer network integration

How To Integrate Modern Macs To A Windows Network

mac-network-integrationA walk through of the steps needed to join an OS X 10.3 or 10.4 client to a Windows 2000 or Windows 2003 domain.

Any time you see a Star [*] symbol in the text, this is a link to a screenshot of what is being discussed.

  1. Setup (on the Windows DC)
  2. Open Active Directory Users and Computers (ADUC)[*] and decide on a location for the Apple Mac’s computer account. Best practice suggests creating an OU for Apple computer accounts.
  3. Create a computer account, giving it the name that you want to use for the Apple computer on your network – do not assign a GUID to make it a ‘managed’ account.
  4. Close ADUC

Setup (on the OS X client)

  1. Login with an account that has admin access to the computer.
  2. Open System Preferences and open the Sharing tab.
  3. Check that the computer’s name is the same as the one we just used in ADUC. [*]
  4. Click Show All
  5. Click Network. Select your active connection, and click on TCP/IP
  6. (If you are using DHCP then some or all of this information is possibly already delivered by your DHCP server – check with the DHCP admin)
  7. Type in a suitable IP address, subnet mask, router address.
  8. Type in a DNS server address – ENSURE that at least the first DNS server in the list corresponds to an Active Directory DNS server.
  9. Click on Search Domains, Fill in your active directory domain.
  10. Click Apply Now.[*]
  11. Click Accounts, then click Login Options, authenticating with your LOCAL admin account if asked.
  12. “Under Display Login Window As” select “Name and Password”.[*]
  13. Close System Preferences.

Testing that the client computer can “see” the network.

  1. Open the finder, and navigate to the utilities folder inside applications.[*]
  2. Open the terminal, and ping domain controllers by NETWORK NAME to ensure that DNS resolution is working properly within your domain.
  3. Ensure that name and IP are resolved correctly and that the ping actually works. [*]
  4. Stop the ping and close the terminal when done.

DO NOT TRY TO PROCEED IF THE ABOVE STEP DOES NOT WORK!

Binding the Mac client to the Windows Domain

  1. Run the directory access tool, which is also in the utilities folder.
  2. Tick “Active Directory”, then click Configure. [*]
  3. Fill in the Fully Qualified Domain Name of the Active Directory namespace (note, NOT the Active Directory Domain Controller!).
  4. Fill in the Computer name of the Mac. This should be the same as the one we setup earlier in ADUC on the Windows Server, and configured the mac to use in system properties. [*]
  5. Click BIND. Authenticate with your local Admin password if asked to do so.
  6. Next, fill in the details of a Windows User Account with permissions to add computers to the domain. Typically this will be an admin’s account.
  7. IF you DID NOT pre-create a computer account for the Apple Mac, then fill in the Computter OU with the details of where you’d like the account to be created, using standard LDAP notation.
  8. If you HAVE pre-created a computer account, then leave this as it is.
  9. Ensure that both tickboxes are ticked.
  10. Click OK [*]

The client will now attempt to bind to AD and join the domain.

  1. If you HAVE pre-created a computer account then you should be asked if you wish to use an existing computer account. Click OK, because that is exactly what we’re trying to do. [*]
  2. When the operation is finished, you can close Directory Access by clicking OK.
  3. At this time you can also click Advanced Options to inspect and configure custom settings. I strongly suggest leaving these alone if you don’t know what they mean or why you would want to change them. [*]
  4. Logout.

If all goes well you should now be greeted with a login window that expects you to type in your username and password [*] instead of selecting from a list.

You should now be able to log in with an Active Directory account by typing in the username and password in the traditional manner, and you can also login with a local account by specifying their username and password in the same way.

Tags: , , , , , ,

Network Integration Comments Off on How To Integrate Modern Macs To A Windows Network

Command Lines In Your Operating System

operating-system-command-linesIn the cases below I’m talking about commands that can either be run natively by the operating system, or (in the case of Windows at least) are available as free addons.

Windows

Remember that Windows commands are case INsensitive, e.g. “PING” and “ping” are the same command.

pathping –

Effectively performs a tracert from your current computer to the destination computer specified in the command line, notes all the nodes found in the tracert and performs a ping on each one of them, allowing you to assess the speed of the connection you are using and spot which nodes are slowing things down. This can be considered an implementation of the Linux mtr command, which sadly isn’t listed in the section below because it isn’t natively a part of the UNIX tools in OS X.

nslookup –

Allows you to query a DNS server from your workstation. Very useful for modern TCP/IP networks where you need to see how a workstation finds things in its little world or how things in this world might find it! A classic command that has been around forever in UNIX circles, and the fact that this was such a relatively recent addition to the windows CLI underlines how much of a joke the Windows shell has been up to now when compared to… well… just about anything else really.

NET –

A very powerful command, if somewhat clunky to use, that provides access to quite a lot of the way a Windows machine manages its own user security and its relationship to the rest of a domain network.

Using variations of the NET command you can

Create and manage user accounts, add your newly user accounts to groups and set properties such as passwords (NET USER, NET LOCALGROUP, NET GROUP).
Mount network drives (NET USE)
View and manage shares on the workstation (NET SHARE)
… and many more! The NET command is often a difficult command to use once you get beyond the basics, but it really is shocking the amount of times I’ve had some obscure NET command that was written for LAN Manager years ago pull my butt out of the fire on a modern server!

netdom –

Allows you to join a domain from the command line, manage trusts between domain member workstations and domain controllers and between domains. Part of the Windows server support tools. On the one hand this is a really boring command, on the other it’s probably utterly vital to anyone building workstations for a domain-based network who needs to script the building process rather than use the automated options in the OS setup.

Note the lack of space between NET & DOM; netdom is not a subset of the NET command above.

netdiag –

Allows you to view a quick snapshot of the state of basic network settings and network configuration on a PC in a domain and is very useful for those “Can’t see the network” type of calls. Part of the Windows server support tools. Note the lack of space between NET & DIAG, this is not a subset of the NET commands above.

dcdiag –

Allows you to view a quick snapshot of the state of basic domain settings and domain configuration in a Windows Server 2000 (or higher) domain. Very useful for those “I can see the network but it takes half-an-hour to login” calls or when you suspect one of your domain controllers is in the pouts and is refusing to talk to the other domain controllers because they’ve had a falling-out over their MySpace page comments or something.

mstsc –

Arguably a bit of a silly little command to have in a list like this but I find myself frequently running it from the command line rather than from my start menu. This is partially because I always have a command line window open at work and typing “MSTSC ” is quicker than navigating to the shortcut (yes, it’s pinned to my start menu shortcut area before you ask!) and partially because I tend to use some of the more useful parameters for terminal server such as /span to match up desktop sizes or /console to grab the console window on the server rather than create a new session.

mstsc /console, grabbing the console window on a server or workstation is especially useful, in particular with some applications and desktop interfaces to server services that just don’t want to play nicely with multiple terminal sessions open on one machine.

Apple Mac / UNIX

These are all UNIX type commands based on Mac OSX 10.4.10. As always, you should double-check what you’re doing before running any of these commands on any other kind of Unix. (Actually, I hope you’d make sure you understood what was being suggested before you followed any advice you read on my site, or pretty much anywhere else on the Internet for that matter.)

Remember that UNIX commands are case sensitive, e.g. “PING” and “ping” are not the same command.

top –

top presents a dynamic view of running processes on your system ordered by CPU use, together with a summary of the resources being consumed. This is incredibly useful if you want to see if a process is active, or (probably more likely actually) you want to see which process has decided to crash and consume all your CPU cycles and free memory, in order that you might kill (see below) it. For a non-dynamic list of running processes, consider the ps command instead.

kill –

This is how you force a process to quit in UNIX. Most often associated with forcing a hung program to quit (kill -9), kill is a signal to a process to quit which has a number of levels from forcing a quit (-9) to asking the process to stop what it’s doing and bring things to a halt as soon as it can do so in a tidy manner (-15).

Those of you who have actually been reading my past ramblings may remember that I mentioned these commands in the article I wrote after getting my first Mac. Something had hung on my new iBook and I was unaware of the Mac-specific methods of finding and force-quitting the hung process, so I actually used both the commands above to find and kill the faulty process. I think it was called “Finder” and I was quite surprised at what happened when I killed it.

rsync –

A command that is very useful for copying data from one computer to another in a very efficient way, and to keep these multiple locations synchronised so that actions that take place in one location are mirrored to the other location. Also see psync if we’re talking Mac-specific. Also see scp and rcp.

dig –

The replacement for nslookup on modern Unix (nslookup still works fine on my mac though). I tend to prefer the way dig formats its replies to queries compared to nslookup but at the end of the day this is really a matter of personal preference for most people.

One thing that might dictate your choice is if you plan to ‘pipe’ the output of your DNS query into another command, obviously you’d want to use the command that produced the most suitable output for the command you want to send the DNS information to.

alias –

A way of creating a “shortcut” to a command, including adding the default parameters that you always want to use with a command. Let’s say that you’ve heard about my BOFH style habit of tricking people into doing bad things with the ‘rm’, ‘cp’ and ‘mv’ commands to delete, copy or move files in Unix and you want to make sure that you don’t get caught out by this while playing around with a Unix or Apple tip suggested by me, you might specify an alias for the rm command that automatically turns on the interactive prompt mode (e.g. asking “are you sure” before deleting a file) with the alias command: alias rm=’rm –i’.

Many people would argue that this is a very good idea when doing just about anything at the command line if you’re logged in as root.

Remember, alias means never having to say “I’m very sorry boss but I appear to have deleted the irreplaceable files containing vital financial information.”

lsof –

Trying to find which process has locked a file? lsof is your friend, generating a list of open files by process that is holding them open. Now this is where it gets interesting; to appreciate just how powerful lsof is in unix you need to remember that just about everything on Unix is represented as a file… Including directories, open network ports and so on!

Try the command lsof –i|grep TCP to run the lsof command and to use the grep command to search the output of the lsof –i command for entries containing the line TCP to get a list of open TCP port connections on a machine, repeat with lsof –i|grep UDP to do the same for UDP connections.

Or to search for references to a folder, say /usr/bin, try lsof |grep /usr/bin – remember the grep command and the pipe character “|”, while not part of my list here these are very important parts of working with Unix at the command line.

man –

Shows the manual page for many UNIX commands. Arguably a bit of a lame end to my list of UNIX commands but then this is an important tool where the options and switches for some commands can be far too numerous to possibly remember. Remember, closing your eyes and guessing only looks cool in the movies, out here in the real world planning what you need to do then doing what you’ve planned to do is what wins the day.

Tags: , , ,

Operating System Comments Off on Command Lines In Your Operating System