Apple OS X Active Directory OS X Mavericks v10.9
2
OS X Active Directory Mac Mac Active Directory Mac Windows Apple OS X Active Directory Apple Open Directory Open Directory OS X OS X OS X Server Open Directory LDAP Kerberos SASL Apple Open Directory OS X Active Directory Active Directory OS X OS X Active Directory OS X Mac Active Directory NetBoot Active Directory Mac Active Directory Active DirectoryOS X Windows Mac Active Directory Kerberos Active Directory Active Directory OS X Server Active Directory OS X Server OS X ServerWindows Active Directory wiki OS X Server OS X Server OS X Server Windows 3
OS X LDAP Mac Active Directory Mac Active Directory LDAP Active Directory E Active Directory OS X Active Directory Active Directory E E Microsoft Active Directory OS X Active Directory Mac DNS Active Directory Active Directory ID ID Mac Mac Active Directory Active Directory ID Active Directory Mac LocalHostName Mac 4
Windows Server Mac Active Directory Windows Server 2000 2003 2003 R2 2008 2008 R2 OS X Active Directory UNC Mac Dock smb afp UNIXOS X /usr/bin/bash OS X Active Directory UID GIDUID GID Active Directory OS X Active Directory Mac OS X Mac Active Directory Active Directory dsconfigad Active Directory dsconfigad -preferred ads01.example.com -a COMPUTERNAME domain example.com -u administrator -p "password" 5
dsconfigad Directory Access dsconfigad -alldomains enable -groups domain admins@example.com, enterprise admins@example.com dsconfigad Active Directory Open Directory Active Directory DNS Active Directory Mac Active Directory Open Directory Mac Active Directory Mac Active Directory Knowledge Base HT5981 http://support.apple.com/kb/ht5981?viewlocale=ja_jp opendirectoryd odutil set log debug Active Directory /var/log/opendirectoryd.log odutil set log default Knowledge Base HT4696 http://support.apple.com/kb/ht4696?viewlocale=ja_jp /usr/sbin/dsconfigad -packetencrypt disable /usr/sbin/dsconfigad -packetencrypt allow UDP 53 TCP 88 TCP 389 TCP/UDP 464 - DNS - Kerberos - LDAP - KerberosKPasswd 6
TCP 3268 LDAP Ethernet capture.out tcpdump tcpdump K -i en0 -s 0 -w capture.out port 88 or port 464 or port 53 or port 389 or port 3268 Wireshark OS X DNS Active Directory DNS SRV Mac WindowsDNS Mac DNS dig example.com Active Directory DNS dig -t SRV _ldap._tcp.example.com IP MacDNS Active Directory DNS OS X Active Directory A PTRDNS OS X Active Directory Mac OS X Mac Active Directory 24 Mac Active Directory 14 dsconfigad Apple Microsoft Kerberos Active Directory OS X 7
KerberosNTLMv1 NTLMv2 Microsoft NT LAN Manager NTLM Mac Active Directory OS X Server Active Directory MacActive Directory Kerberos Ticket Granting Ticket TGT Kerberos TGT Mac Kerberos klist / / /CoreServices/.app OS X Active Directory dsconfigad 1 Windows Windows OS X OS X Active Directory GPO Apple Active Directory Open Directory Active DirectoryLDAP OS X Server Message Block SMB Mac LDAP DAP over SSL Secure Sockets Layer SSL Open Directory SSL /usr/sbin/dsconfigad -packetencrypt ssl SSL / / security /usr/bin/security add-trusted-cert -d -p basic -k /Library/ Keychains/System.keychain < > 8
802.1X VPN S/MIME OS X Microsoft OS X Mavericks DCE/RPC OS X Server UI Knowledge Base HT5357 http://support.apple.com/kb/ht5357?viewlocale=ja_jp 1 Active Directory Microsof AD 802.1X EAP-TLS MDM 14 CA DFS OS X DFS UNC SMB DFS AFP afp:// URL Active Directory URL UNC Mac SMB AFP OS X Mac Windows Active Directory OS X OS X Mac Open DirectoryActive Directory Active Directory Mac Mac 9
Active Directory Mac Mac Mac OS X Active Directory Beyond Trust Centrify Thursby Quest IT Active Directory Windows Active Directory OS X Active Directory Active Directory OS X Directory Services Apple Active Directory Active Directory Mac Active Directory Windows \\server\share\user URL Mac Active Directory 10
Active Directory smb://server.ad.domain/share/ user URL // server/share/user //server.userad.domain/share/home Mac Windows Mac AFP SMB OS X Server WindowsOS X Server OS X Windows AFP Mac SMB Windows OS X Active Directory Mac Mac Active Directory Mac Windows OS X Windows OS X xml Active Directory OS X Active Directory AppleApple 11
A Apple OS X Active Directory http://support.apple.com/kb/ts1532?viewlocale=ja_jp OS X Server Active Directory SSL http://support.apple.com/kb/ht4730?viewlocale=ja_jp DCE RPC Active Directory Microsoft http://support.apple.com/kb/ht5357?viewlocale=ja_jp ADCertificatePayloadPlugin Microsoft http://support.apple.com/kb/ht4784?viewlocale=ja_jp OS X Server opendirectoryd http://support.apple.com/kb/ht4696?viewlocale=ja_jp OS X Mavericks Active Directory http://support.apple.com/kb/ht5981?viewlocale=ja_jp 12
B DFS GPO Apple GroupLogic ExtremeZ-IP www.grouplogic.com Windows Apple AFP Mac AFP Windows Centrify DirectControl www.centrify.com Active Directory OS X Active Directory GPO PowerBroker Identity Services Enterprise Edition www.beyondtrust.com Active Directory OS X Active Directory GPO Thursby ADmitMac www.thursby.com Active Directory SMB DFS Objective Development Sharity www.obdev.at/products/sharity SMB DFS Quest Authentication Services www.quest.com Active Directory OS X Active Directory GPO 13
Apple Inc. 2014 Apple Inc. All rights reserved. Apple Apple AppleCare FileVault Finder FireWire ichat Mac Mac OS OS X Apple Inc. UNIX Open Group OS X Mavericks v10.9 Open Brand UNIX 03 2/14/14 14