Why Can't We Have Directory Services Like Open Directory (for Mac

In particular, modifying the schema of either Active Directory or Open Directory requires a certain level of knowledge about how the directory service works and is not a task for the inexperienced. Likewise, developing complex search path solutions can be difficult for new Mac OS X Server administrators.

• Why Can't We Have Directory Services Like Open Directory (for Mac 2017
• Why Can't We Have Directory Services Like Open Directory (for Macbook Pro

Mac OS X Printing via the Windows Print Server Introduction With the number of Macs growing, especially in the academic and consumer fields the need to support them has become a must have for many existing Windows environments. The question becomes, 'How does the competent Windows IT professional open up their print server to their Mac clients?' Methods Available: There are a several methods of allowing the use of your networked printers to Mac OSX clients. Below is summary of each method and a brief of the pros and cons. Printing Via LPD (Line Printer Daemon) - (Preferred): This is the easiest to install, and often the most reliable method of printing from Mac OSX to a printer queue installed on a Windows Server.

Primary Advantages / Disadvantages: Job is submitted within Windows as the logged in user. This is especially useful when using Active Directory services for Mac. Full document title information as set by the printing application is received by server.

Does not encounter common Kerberos authentication issues such as the popular NTSTATUSACCESSDENIED error for no apparent reason. Uses a separate port ( 515), from Windows File and Print Sharing ( 445).This allows for advanced security options via the Windows firewall to help allow fine tuning which systems or subnets can print via your servers LPD printers. Requires installation of the Line Printer Daemon printing services, also known as Print Services for Unix on your Windows Print Servers. Not all Macintosh printer drivers support this method of printing.

Printing Via Windows Print Sharing - (Popular): This option has become greatly popular, especially in the more recent releases of Mac OSX Leopard, Snow Leopard and Lion). In many environments this option can seamlessly integrate printing with a few clicks, and no additional configuration on your print server. Primary Advantages / Disadvantages: Job is often submitted as the user who installed the printer, rather than the user logged in. (See more details in the “Install a Printer via Windows Print Sharing” section) Full Document Title information is not available on the print server.

The queue will show 'Remote Downlevel Document' in lieu of a usable title such as 'A Good Presentation.pdf' Connects to existing Windows shares, does not requires additional server configuration if printers are already shared to Windows users. Can be difficult to troubleshoot some authentication issues. Supported by nearly all Mac printer drivers. Printing Via Windows Print Services for Macintosh (using AppleTalk) - (Deprecated): This legacy technology is no longer supported by Apple on their newer Operating System releases. While it can still be found in use within older networks, it is considered retired and will not be covered within this article. Direct Printing (Printing directly via the IP address of the printer) - (Last Resort): This option should only be used as a last resort, as it makes any management or control of printing resources very difficult at best and should be avoided. Installing printers in this manner will not be covered in this article.

Disadvantages: Little or no control or tracking of printer and associated printer costs. Little or no security options for printing. Typically supported by all Mac drivers.

Printing via LPD (Line Printer Daemon) - (Preferred): This section covers setting up this service, and installing and using a printer on Mac OSX. The first step in allowing printing is to enable the LPD service within Windows. This varies slightly between operating system. The below steps specifically apply to various server operating systems. Configuring your Windows Server to provide LPD Printing Services (Windows 2000 / 2003 / XP): 1.

Open Add/Remove Windows Components within Add/Remove Programs. Within this location Other network File and Print Services. Click on the Details button and within details check Print Services for Unix and click OK and then Next to install these components. Afterwards Windows will install this service. You may be prompted for your Windows Installation Media. Configuring your Windows Server to provide LPD Printing Services (Windows 2008 / 2008 R2): 1.

Run Server Manager and within Roles locate the Print and Document Services role. Within that Role, click the Add Role Services. Here you can add the LPD Service. Once the role has been installed, you are ready to install printers onto your Workstations.

Configuring your Windows Server to provide LPD Printing Services (Windows Vista / 7): 1. Open Control Panel Programs and Features. Within this dialog, click the Turn Windows Features on or off on the left hand side. The Windows Features dialog will open. Locate Print and Document Services and enable the item named LPD Print Server and then click OK.

Installing the LPD printer on your Mac OS X systems: The next step is to install the printer onto your Mac OS X system using the following steps. Open Print & Fax within the System Preferences of your operating system. 2. Click the + button towards the bottom right to install your first printer. The add printer dialog will appear. From here click on the IP button at the top of the dialog and then choose Line Printer Daemon – LPD within the Protocol drop down list. 3. Once selected a variety of fields need to be filled in to reference your printer on your print server.

The below should guide you to each one. Once all is configured, clicking Add should finalize the installation of the printer. Printing Via Windows Sharing - (Popular): The next step is to install the printer onto your Mac OS X system using the following steps. Installing a Printer via Windows Printer Sharing: Open Print & Fax within the System Preferences of your operating system.

Click the + button towards the bottom right to install your first printer. The add printer dialog will appear. From here click on the Windows button. After clicking the Windows button, the browse dialog may appear black for several minutes. The system is actually busy locating the available Windows networks, but does not have any indication of this. Once the networks have loaded, you can click each network to list the servers within the network.

Clicking on the server, will attempt to load the printer shares on that server. Again each click of network or server may take several minutes to load without any indication that it is busy. Depending on if you are authenticated, you may next get prompted for a username and password to view the shares on the server.

You will need to enter your domain credentials. After this you will see the list of shared printers.

The printer will not be installed and usable. Securing and Restricting Mac OS X Printing A common issue that comes up when using either of these forms of printing, are ensuring the user printing from Mac is the correct user so their printing can be managed and tracked properly. Consider these two scenarios. Situation A: Using LPR Printing, without Active Directory Login Services enabled on Mac In this case, the user logged in may not exist in Active Directory and may be a local user that does not reference or match any AD user printing account for quotas and restrictions. Situation B: Using Printing Via Windows Shares, but a user has saved their password In this case, all print jobs are sent as the first user who happened to click Save my password.

In a print tracking scenario, this would show a false statistic regarding who is actually printing each job. The Solution: The solution to these issues, is Print Manager Plus with the Client Billing & Authentication add-on option. This add-on option requires explicit authentication on each print job by interacting with the Authentication Module running on each Mac.

This will provide the following functionality, on top of all of the tracking and control functionality included with Print Manager Plus. All jobs will be tracked under the user actually printing it. Prevents unauthorized printing. Allows quota and restrictions by Active Directory user, group and OU to extend to Mac users. Can require users to verify each job before it prints to ensure they need it Obtaining Mac Drivers This final section includes some tips for obtaining Mac versions of drivers for the various models of printers that exist. Below are three most common means of finding and selecting a driver. Source A: The Print Manufacturer - (Preferred) The most popular source of drivers is through your printer manufacturers website.

Most modern printers are well supported under Intel based Mac OSX 10.5 and later systems. Browsing their support. Known Issues: In rare situations, a manufacturer will not provide any Mac drivers for their device.

In rare situations, the driver they provide may support the LPD method of printing described above. Source B: Third Party Drivers such as Gutenprint - (Alternative) If you are having trouble obtaining drivers for your printer, or are having trouble getting them to work via the LPD print server, you may want to consider third party drivers. Gutenprint, also known as Gimp-Print is an open source community project designed to provide fully functional drivers for a large variety of print devices.

Known Issues: The list is vast, but does not support all printers. May not provide all of the advanced printing options your device is capable of. Source C: Generic Drivers - (Alternative) The final step is to use generic drivers using either the Postscript (PS) printing language, or the Print Control Language (PCL).

These are available directly when installing the printer. Known Issues: Requires a device that supports native Postscript or PCL printer commands Provides a limited set of basic printer features only. Will not support any advanced features your device may support.

I'm currently setting up an OSX Server (Mavericks) in a small company (10.9 on the clients as well), and I'm trying to decide what the best approach is to manage accounts. The accounts will not be used for roaming; everyone has their own workstation, and never has any desire to log into other machines. This appears to eliminate the need for home directories on the server. Now I'm wondering whether I should create Local Network Users or Local Users (in both cases without a home directory on the server). What is the advantage of using Open Directory to manage Network Users rather than creating Local Users and leaving Open Directory switched off? There are no other servers or off-site networks involved that we need to 'hook into', so that is not something that seems to lead to a requirement for an Open Directory server. Is there any reason why I should not just create Local Users instead?

What can they not do that Local Network Users can do? EDIT: While I'm still interested in the answer to this, I've since elected to set up accounts using Open Directory. I could not find a reason not to, and I figured that there might be services that require it of which I'm unaware at this moment. This will hopefully ease future migration. For a small company, it's not even clear you would set up network users to start with.

The costs associated with setting up and running that might be more than it would cost to support a handful of Macs. Without knowing a few items such as exactly how many accounts, how many Macs, how different the Mac users are (are you setting up a lab with 15 identical machines or is each belonging to a user that has software needs different than all the rest.) Also, your decisions on how much users should support themselves (or can even support themselves) would go into the decision on how best to manage IT time and dollars to support the users.

There often is no best answer other than starting with something that has a chance of working and then iterating as you learn what is really needed in your specific shop. That being said, if you make Local Network Users they can log into client machines and use the services (file sharing, backup, etc.) from the server but not log directly into the server.

Why Can't We Have Directory Services Like Open Directory (for Mac 2017

Local Users get all the benefits of network users and also get a home directory stored on the server and can log in there as well. I'd start with two resources for planning your deployment:. Take Control of OS X Server by (to be - currently ). Apple Pro Training on by and The former is easier to get started and organized more in terms of functional tasks and the latter is an exhaustive reference and covers about all the mechanics of how the software operates and is configured. Local Network Users can also login to the local server, if you bind the server to itself in the Users & Groups preference, under Login Options, Network Account Server. Officially, the only thing you lose by shutting off Open Directory is the ability to manage devices using Profile Manager and have 'roaming' logins with centralized home directories. Un-officially, you also lose the massive administrative headache of Open Directory, which has been (and continues to be) the cause of untold frustration for sysadmins worldwide.

Why Can't We Have Directory Services Like Open Directory (for Macbook Pro

I'm in the process of migrating my network users back to local users, because Open Directory is just too easy to break. Quite often, it breaks all by itself. So, the answer to the original question is: Not unless you absolutely must.