Joining a macOS Client to a Domain: Difference between revisions
m (Hortimech moved page Joining a Mac OS X Client to a Domain to Joining a macOS Client to a Domain: New Apples naming) |
m (Style) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
|||
Put your data here |
|||
After setting up a [[Active_Directory_Domain_Controller|Samba Active Directory (AD) Domain Controller (DC)]], you can join machines to the domain. Only machines joined to the domain are enabled to use domain resources. During the join, a machine account is created in the domain to authenticate the computer as a member. |
|||
These instructions can be used to join a macOS client to a Samba AD as a domain member. |
|||
= Prerequisites = |
|||
== Supported macOS Versions == |
|||
Active Directory support was added in Mac OS X Panther (version 10.3 released in 2003). However, these instructions have only been tested with the following versions of macOS: |
|||
* macOS Monterey (version 12.6.6) client and Samba version 4.13.13-Debian as AD DC |
|||
== Permissions == |
|||
* Local administrator account on the computer to be joined to the domain |
|||
* Domain account allowed to join machines to the domain, like the domain administrator account |
|||
== DNS configuration == |
|||
Active Directory (AD) uses DNS to locate other Domain Controllers (DC) and services, like Kerberos. Thus, AD domain members and servers must be able to resolve the AD DNS zones. |
|||
The instructions on the page, [[MacOS_DNS_Configuration|macOS DNS Configuration]], can be used to manually configure the DNS settings on macOS. |
|||
== Time Synchronisation == |
|||
Kerberos requires time to be synchronised on all domain members. For further details about Time Synchronisation and Samba, see the [[Time_Synchronisation|Time Synchronisation]] page. |
|||
To manually configure time synchronisation on a macOS domain member: |
|||
* Open <code>System Preferences</code>, then click on <code>Date & Time</code>. |
|||
: macOS security settings may require clicking on the padlock in the bottom left of the window and entering a local administrator account's credentials, before being able to make changes. |
|||
* On the <code>Date & Time</code> tab, the <code>Set date and time automatically:</code> checkbox must be ticked. The text entry box, can be used to enter server information. |
|||
= Joining a macOS client to a Domain = |
|||
* Open <code>System Preferences</code>, then click on <code>Users & Groups</code>. |
|||
: macOS security settings may require clicking on the padlock in the bottom left of the window and entering a local administrator account's credentials, before being able to make changes. |
|||
* On the left pane, click on <code>Login Options</code>, then click on the <code>Join…</code> button. |
|||
* Enter the AD DC server name in the <code>Server:</code> text entry box. For example, <code>dc1.samdom.example.com</code>. |
|||
* Immediately after entering the AD DC server name, the window should automatically change, now showing <code>Active Directory Settings:</code>. |
|||
* Enter the credentials of a domain account allowed to join machines to the domain, like the domain administrator account, then click <code>OK</code>. |
|||
* Enter the credentials of a local administrator account, then click <code>Modify Configuration</code>. |
|||
* Wait for the operation to complete. Once finished, <code>Login Options</code> should show the domain name with a green light, for example <code>SAMDOM</code>. |
|||
* If your security settings initially required you to click on the padlock, click on it again to lock the preferences. |
|||
* Close <code>System Preferences</code>. |
|||
* Restart the computer. |
|||
---- |
|||
[[Category:Active Directory]] |
|||
[[Category:Domain Members]] |
Latest revision as of 04:34, 1 June 2023
Introduction
After setting up a Samba Active Directory (AD) Domain Controller (DC), you can join machines to the domain. Only machines joined to the domain are enabled to use domain resources. During the join, a machine account is created in the domain to authenticate the computer as a member.
These instructions can be used to join a macOS client to a Samba AD as a domain member.
Prerequisites
Supported macOS Versions
Active Directory support was added in Mac OS X Panther (version 10.3 released in 2003). However, these instructions have only been tested with the following versions of macOS:
- macOS Monterey (version 12.6.6) client and Samba version 4.13.13-Debian as AD DC
Permissions
- Local administrator account on the computer to be joined to the domain
- Domain account allowed to join machines to the domain, like the domain administrator account
DNS configuration
Active Directory (AD) uses DNS to locate other Domain Controllers (DC) and services, like Kerberos. Thus, AD domain members and servers must be able to resolve the AD DNS zones.
The instructions on the page, macOS DNS Configuration, can be used to manually configure the DNS settings on macOS.
Time Synchronisation
Kerberos requires time to be synchronised on all domain members. For further details about Time Synchronisation and Samba, see the Time Synchronisation page.
To manually configure time synchronisation on a macOS domain member:
- Open
System Preferences
, then click onDate & Time
.
- macOS security settings may require clicking on the padlock in the bottom left of the window and entering a local administrator account's credentials, before being able to make changes.
- On the
Date & Time
tab, theSet date and time automatically:
checkbox must be ticked. The text entry box, can be used to enter server information.
Joining a macOS client to a Domain
- Open
System Preferences
, then click onUsers & Groups
.
- macOS security settings may require clicking on the padlock in the bottom left of the window and entering a local administrator account's credentials, before being able to make changes.
- On the left pane, click on
Login Options
, then click on theJoin…
button.
- Enter the AD DC server name in the
Server:
text entry box. For example,dc1.samdom.example.com
.
- Immediately after entering the AD DC server name, the window should automatically change, now showing
Active Directory Settings:
.
- Enter the credentials of a domain account allowed to join machines to the domain, like the domain administrator account, then click
OK
.
- Enter the credentials of a local administrator account, then click
Modify Configuration
.
- Wait for the operation to complete. Once finished,
Login Options
should show the domain name with a green light, for exampleSAMDOM
.
- If your security settings initially required you to click on the padlock, click on it again to lock the preferences.
- Close
System Preferences
.
- Restart the computer.