Windows Server 2008 on Open Directory

[rverrips]

Hi

I'm using a MacPro as terminal server running 10-user Aquaconnect (ver 3.1.3 at time of writing this), connecting to the Mac OS X 10.5 sessions via SunRay 2's - The Sunray Terminal Server Client is rDesktop and working great with RDP to Mac OS X Server, although the performance still needs improving (Aquaconnect say this will happen in a few months, probably version 4).

Problem is I have one or two legacy app's that still require a Windows session - I have Windows 2008 as terminal server off the MacPro with VirtualBox (now version 3.10) but the binding to Open Directory is giving the Terminal Services Licensing some grief.

Anyone out there got Windows Terminal Licensing services working with Open Directory 10.5?

Thanks

R

[maccebu]

I am unsure if I understand your setup correctly. You have a macpro that is being setup as terminal server using Aquaconnect and clients connect to this macrpro using SunRay2 plus it has windows2008 server running on VirtualBox on the sam macpro

What exactly are you trying to do? as far as i know Windows Terminal Licensing services has nothing to do with Open Directory.

Open Directory is needed if you want to have a centralized authentication and management service to control all your apple machines. If you need to connect a PC to the Open Directory to have a centralized authentication or to utilise the the open directory accounts then you need to configure WINDOWS service(tiger)/SMB service(leopard) as a PDC (primary domain controller) on your Open Directory box.

are you trying to bind your Windows 2008 server to open directory? if so then the solution would be the above

[rverrips]

Open Directory is needed if you want to have a centralized authentication and management service to control all your apple machines. If you need to connect a PC to the Open Directory to have a centralized authentication or to utilise the the open directory accounts then you need to configure WINDOWS service(tiger)/SMB service(leopard) as a PDC (primary domain controller) on your Open Directory box.

are you trying to bind your Windows 2008 server to open directory? if so then the solution would be the above

Dear Maccebu

Thanks for the prompt reply - Indeed, above is exactly what I've done, and the users logging into the Windows 2008 server authenticate correctly to their Credentials stored in Open Directory. However, the Windows Terminal Services Licensing doesn't seem to play well with the PDC services provided by Open Directory. I've been trying a few solutions online, but none of them seem to state actual working examples of Windows 2008 Terminal Services in a pure "Open Directory" example.

One solution would be to setup the Windows Server as PDC and then bind Open Directory to that, but I'd prefer not to ...

The first bit of my post was merely to illustrate why I'm using Windows Terminal server (not out of choice), apologies if it was confusing.

Thanks

Roy

[maccebu]

Dear Maccebu
apologies if it was confusing.

don't be.. and by the way Welcome to the forums!! I am sure there are other people who could chime in and help you..

We have this situation before where in we have an accounting software that needed to run on windows and to be access by multiple users and the way we did it was with Windows Terminal Services on Win2003 server. All the accounting users were using mac mini's and they were using Remote Desktop Connection Software that is included with Mac Office 2004 under Additional tools folder to connect to the terminal server.

All the minis are binded to Open Directory as well as the Windows 2003 server configured exactly as what I posted earlier. Everything was binded using DNS all the minis and the servers are pointing to our local DNS server (which has all the IP address of all our Windows and OS X server) which is hosted on an xserve and everything work correctly. Users can connect to the terminal server using the Open Directory accounts.

I can't remember though how i setup the win2003 terminal server but the scenario is this as long as the WindowsServer is binded correctly to open directory and can authenticate well to the OD then terminal services should work as expected. This was with the Tiger days

The only difference in your setup is that we have a separate PC box and you have run your Windows Box virtually on the macpro and probably you are on leopard..

Questions..
is the macpro binded to OD? how are you binding the clients and the windows box DNS or IP's?
did you setup the windows box to have a complete separate ip address or does the box shares with the macpro?
most probably its with the settings in terminal services..

[rverrips]

The only difference in your setup is that we have a separate PC box and you have run your Windows Box virtually on the macpro and probably you are on leopard..

Yes, Leopard Server, i.e. Mac OS X 10.5

Questions..
1 - is the macpro binded to OD? how are you binding the clients and the windows box DNS or IP's?
2 - did you setup the windows box to have a complete separate ip address or does the box shares with the macpro?
3 - most probably its with the settings in terminal services..

1 - The MacPro is running OS X Server and is the Open Directory Master - Binding using IP's / DNS doesn't make a difference.
2 - Separate IP, and host record for it's exists in DNS - It's also in the list of computers in WorkGroup Manager
3 - It seems to be related to DNS - The Terminal Services work fine in unlicensed mode, so it's not TS - However, when trying to setup Terminal Services Licensing I'm guessing there's some DNS entries needed that the Open Directory DNS isn't providing correctly to the services. I'll keep trolling the Microsoft help area's, but any advice I get always says to drop Open Directory and Mac DNS and go for AD which I really don't want to do ... (Looking for encouragement from the Mac world *smile*)

[maccebu]

your setup seems to be correct plus you mentioned that everything will work when using terminal service in an unlicense mode.. that tells me that everything is setup correctly.. so it must be a settings in terminal services using a license mode.. or it could be DNS as well. Do you have a forward and reverse DNS setup correctly? as there are some services that needed to have forward/reverse DNS in order for it to work. Not sure though if Terminal Services uses fw/rev DNS..

[willdaddy]

Did you ever get this to work? I'm running a similar setup except that my windows server is not virtualized. I've got Win 2008 (not R2) and OS X Server 10.6.5

I always get password errors when attempting to join the domain. Been really frustrating, I created a computer account with the machine name, tried creating DNS entries for the Windows server, ensured that the windows machine only looks to the mac for DNS etc.


Any tips? Did you have trouble getting it to join up at all?

Will

[rverrips]

Did you ever get this to work? I'm running a similar setup except that my windows server is not virtualized. I've got Win 2008 (not R2) and OS X Server 10.6.5

Any tips? Did you have trouble getting it to join up at all?

Actually I gave up as I could never get kerberos to work correctly, and flipped the setup around making the Windows AD my primary domain and joined that from the Mac, which worked fine, although means I need to do all my admin in Windows. I'm thinking you may have more success with server 10.6 (which was what I was always told to upgrade to make it work) as I am still on 10.5.

Our upgrade cycle will have us upgrade to server 10.7 when it's available and I'll give it a shot then again and let you know how it works out.