According to https://help.apple.com/advancedserveradmin/mac/10.7/#apd52648A71-571A-433C-81A8-2A7792333F22 it's possible to join a Lion Open Directory using a Windows machine, making it think it's joining an Active Directory domain.
However, I had no success what so ever in actually making this work.
For one, not even the SRV record in DNS (on the same Lion server that's also running OpenDirectory) was created.
Once I've added that manually, replicating the real SRV record of a real Active Directory domain, Windows at least managed to find the server, but no success in actually connecting:
DNS was successfully queried for the service location (SRV) resource record used to
locate a domain controller for domain "miranda.pilif.home":
The query was for the SRV record for _ldap._tcp.dc._msdcs.miranda.pilif.home
The following domain controllers were identified by the query:
miranda.pilif.home
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain controllers to their IP
addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not
running.
don't concern yourselves with the strange domain – this is a test-mac mini running Lion at home.
Seeing how spotty the documentation for Lion Server was so far, I would be inclined to think that the documentation I linked above is just plain not true and that Lion, like its predecessors doesn't support playing Active Directory master.
Am I correct in this assumption or am I doing something wrong while installing Lion? Has anybody ever had success in joining Windows to a Lion Open Directory?
Best Answer
With eyes open, I upgraded from Snow Leopard Server to Lion Server for a client in a mixed environment. I was aware of the lack of domain support under Lion and that Windows machines could not be a part of the Open Directory and that SSO for all windows clients would be gone (which was not a big deal, because I had to configure all windows 7 clients this way due to lack of support in Samba which was bundled with Snow Leopard Server which was acting as a PDC).
So, I thought, hey, do the simple upgrade. You lose pdc, but who cares really? So, after taking the 'plunge' so to speak, All windows machines lost the ability to even connect with any of the shares on the previously available shares pre-upgrade. I could smb:// from macs to the server, but not from windows to the server. I was getting messages like the resource is not accessible...
After over a week of back and forth with Apple support, I am still no closer, however, as administrator, I can connect to the server using direct ip address (but not with the user accounts - even if I make them admins... which I also found curious)... which is a clue that it has something to do with user accounts and privileges where something got lost in the migration.
The config tools are awful for Lion Server, giving you minimal options and little documentation on where to go or on how to solve problems. For example, I was unable to find out where and/or how to change the machine name to windows users. Not documented anywhere. In fact windows support is a small check box beside each share asking if you want to share with windows clients. Workgroup name - nowhere, Domain, nowhere, machine name, nowhere. ARRGH. The server name can be adjusted by clicking on the server icon. Changing this only affects Mac clients, not Windows.
At the end, Apple representatives gave me lip service about how everyone's in competition and they don't really want each other to talk... and the fact that they do is a miracle. Don't buy it, but hey, I guess he ran out of suggestions for me.
On a newly configured 10.7 box with Server utils installed, there were no issues connecting to the shares with windows clients, so this config works as advertised... just not the upgrade.
My next step is to blow out the OD and rebuild it along with the shares to see if that could be the cause. Stay tuned. Another few hours I won't get back.
Recommendation in hind sight... Snow Leopard Server version works fine. Don't 'upgrade'. Tools offered in Lion Server are simplistic and any real configuration has to be done by command line... Apple doesn't know how to solve issues yet. If you want to be adventurous, go for it... just don't be surprised if you get bogged down in unexpected ways. A week's worth of productivity for me.