« Welcome | Main | iPhones and UM Cal »

Leopard and Active Directory

Many of Mac users at the U of M are finding themselves now interacting with the University's central Active Directory service. A while back I took a shot at writing a utility using AppleScript Studio that would help smooth the process of configuring Kerberos, getting a ticket and mounting AD shares over smb in the Finder.

Under Leopard, the built-in process is now much simpler than the app I wrote and as such the only useful part anymore is the configuration utility. I've separated out that functionality and updated the configuration file it uses to work better with 10.5.

A beta build has been circulating and has tested well so far. If you'd like to try it out, you can download it from http://www.tc.umn.edu/~drew/umnad/Kerberos%20Config%20Tool%2010.5.zip. For the curious the utility merely pulls a copy of edu.mit.Kerberos from my personal web space down to your computer at /Library/Preferences/edu.mit.Kerberos. Both the utility and the edu.mit.Kerberos file will be moving to the main UMNAD site soon.

Once run you can mount your shares by going to the Finder's Go menu and selecting Connect to Server... then enter in your shares in the Server Address: field in the form of smb://server.ad.umn.edu/share$ where dept is your server name (usually your department name) and share is your share name (often the same as your server name). I highly recommend clicking [ + ] to add your shares to the favorites list.

The Finder under 10.5 can now mount sub-directories at the root so if you had a personal folder at smb://dept.ad.umn.edu/dept$/people/me it would show up in the Finder as a server volume named "me".

There is a bug right now where the shares do not show up properly under the Finder's SHARED column in the Sidebar. My recommendation is to:


  1. Go into the Finder's Preferences
  2. Under the General tab:

    • enable Connected Servers under Show these items on the Desktop:.

  3. Under the Sidebar tab:

    • disable Connected Servers under SHARED.
    • under DEVICES enable the Computer item.

You can then see all your mounted shares on the desktop and by clicking on the name of your computer in the sidebar.

Comments

Why, since upgrading to 10.5 am I being asked for my username and password twice. Once for logging in to UMN Active Directory (which is successful) and then again for logging into my shared drives (which isn't successful, even after trying every possible username and password combo I have)? View Sreen Shot of second username and password prompt. I work with Extension.

@Tom,

Use the utility mentioned in the article. It replaces the UMN Active Directory tool. Once you've run the new config utility use the Finder's Connect to Server command and use your Internet (x.500) ID and password to connect.