Editor’s Note: This story is reprinted from. For more Mac coverage, visit. Supporting Mac users can be a challenge to systems administrators in a Windows Active Directory environment. Although Apple has used Samba to make it easy for Macs to browse and access shares and printers hosted by Windows servers using Microsoft's server message block (SMB) protocol, true Active Directory integration requires more than just access to resources. For one thing, it requires support for an environment where users can rely on their Active Directory accounts for log-in to both Mac and Windows computers. Depending on your environment, you may also want to be able to implement security measures to limit what users may do while logged into a Mac or to manage the user experience as you would do with group policies for Windows machines. There are a number of solutions and approaches that you can take for integrating Macs into your Active Directory infrastructure, and I'll be talking about some of them here.
I also tried setting the playback resolution to both 1/2 and 1/4, but get the same exact issue. With reverse playback there is a slight delay before the video starts playing, but the audio starts immediately. This only happens in reverse. Playing forward is fine. Happens with all formats. System 7.5.2 is known to fix some problems with disabling the video interrupts on the Mac IIsi and IIci that may prevent Linux from running correctly. However, 7.5.2 is buggy, so if you actually plan to use MacOS, you will want to upgrade to 7.5.3 or 7.5.5.
Apple's Active Directory plug-in The lowest-cost solution is to use Apple's built-in Active Directory support. Beginning in Mac OS X Panther (10.3), Apple introduced a plug-in to its Directory Access utility that allows you to configure authentication against Active Directory.
Apple's Active Directory plug-in uses LDAP to query Active Directory. The Active Directory plug-in works fairly well. It supports forests with multiple domains, domain controller fail-over and can automount a user's home directory. It can also grant users administrator access to a Mac workstation based on their Active Directory group membership. You can also enable mobile accounts for portable computers and designate a preferred domain controller if needed. The process of using the plug-in to join a Mac to an Active Directory domain is straightforward, and is similar to joining a Windows computer to a domain. You'll need an Active Directory account with permission to join the computer to the domain; if the account was not created in advance, you'll need authority to create it.
You will also need to configure the search path of available directories to include Active Directory using the Authentication tab in the Directory Access tool. Mac OS X can search multiple directory configurations in a specified path when a user attempts to log in. Dynamic UID vs. Static UID mapping One of the hurdles to integrating Mac OS X with Active Directory is that their directory services schemas are significantly different. One of the key attributes in the Open Directory schema used by Mac OS X is the User ID number (UID). As in other Unix systems, the UID is used by the Mac OS X file system to designate file ownership and permissions both for local and remote files. Each local or network user account used to log into Mac OS X requires a UID.
But there is no directly correlating attribute in Active Directory. Apple provides a choice of two methods to providing Active Directory users a UID attribute. The first and default option is to dynamically generate a UID for each user when they log in. When this option is used, Mac OS X generates a UID at log-in based on the GUID (Globally Unique Identifier) attribute from the user's Active Directory account and the MAC address of the Macintosh network card he is using. The second option is to choose an attribute that is included in Active Directory as the user's UID.
You can map any attribute, be it one that is part of the default Active Directory schema or one that is part of a custom schema extension. Dynamic UID generation is much easier and requires no action on the part of the systems administrator. However, it isn't perfect. Each time a user logs in on a different Mac, he will have a different UID.
This can be problematic if you have any Mac servers (or even individual Macs with file sharing enabled) because user access to files on those servers will change each time they use a different computer despite the fact that they are using the same Active Directory account. Using a static UID by mapping it to an attribute in Active Directory prevents these potential issues, and it may be a solution that you have already implemented for other Unix systems in your network.
However, it requires more effort. If you choose to map to an existing attribute, you will need to manually populate this number in each user account that will be used for Mac log-in. This can be a tedious process. If you choose to use an existing attribute rather than extend Active Directory's schema, you'll lose the ability to use that attribute for another purpose. Thursby's ADmitMac by Thursby Software Systems offers several features that Apple's Active Directory plug-in and Samba configuration do not.
Like Apple's solution, ADmitMac is based around a Directory Access plug-in. Most notably, ADmitMac fully supports Kerberos under Active Directory as well as signed LDAP and SMB communication and NT LAN Manager, enabling much tighter security with Windows 2003 Server. As such, it doesn't require you to lower the default security settings of Windows 2003 Server.
Apple's solutions require unsigned LDAP and SMB communication. In addition to enhanced security, ADmit Mac supports the Windows Distributed File System and long share names, and provides additional options for browsing a Windows Server network for shares and printers. A specialized version is also available with support for the Common Access Card smart card standard. ADmit Mac also provides some other advantages. First, it offers an Active Directory management console for Mac OS X that allows administrators to reset user passwords, move users and computers and create or modify existing accounts much as they would using the Microsoft Management Console.
Second, it offers more options than Apple's solution for how network and local home directories are managed. Particularly helpful on this front is a tool that can be used to move a local Mac user's home folder to a network location and associate it with an Active Directory account. This can make the transition to Active Directory integration much easier for end users. Also, ADmitMac supports an Apple-managed client environment. Like group policies in Active Directory, Mac OS X's managed client environment - sometimes referred to as MCX - allows administrators to restrict access to Mac OS X system components and to create a highly customized user experience.
ADmit enables several of Apple's client management features and does so using Mac OS X Server's Workgroup Manager. To do so, ADmit Mac creates a file stored on a Windows share within the domain to hold all the MCX user information that would normally be stored in an Open Directory domain hosted by Mac OS X Server. However, Thursby's own documentation admits that its client management approach isn't perfect and that some actions may result in unexplained error messages or simply may not function without any indication of an error. Centrify's Direct Control for Mac Centrify's is a series of solutions for integrating diverse platforms with Active Directory, including Mac OS X. Direct Control installs as a Directory Access plug-in under Mac OS X. When the server-side solution is installed on Windows domain controllers, it adds a series of group policy objects (GPOs) that can be used to manage the Mac environment. Direct Control offers a range of GPOs for security and user experience settings - many of which mirror the options available using Mac OS X Server's Workgroup Manager tool.
It does this by integrating a local registry file copied to the Mac with Apple's MCX architecture. Direct Control also offers the ability to use smart cards for authentication. Direct Control offers the simplest and most full-featured Active Directory integration solution for Mac OS X. Because it relies on Active Directory's group policy architecture, it functions more seamlessly for managing access than does Thursby's ADmitMac, particularly for systems administrators who are unfamiliar with Mac OS X. Also impressive: It succeeds without modifying the Active Directory schema. It does not, however, offer the security of signed SMB connections, although it does support encrypted LDAP queries. It also works well with products such as Thursby's DAVE to enable signed SMB communication as well as with third-party server-side solutions that support Mac OS X's Apple Filing Protocol, which offers greater security than unsigned SMB.
Using Mac OS X Server for additional client management If you want to take full advantage of Apple's client management architecture, the best solution is to implement Mac OS X Server in your Active Directory environment. This can be the most challenging method of adding support for Mac OS X because Active Directory and Open Directory, Mac OS X Server's native directory service, have very distinct schemas.
They also share three matching attributes: username, password and home directory. This can make creating a fully integrated infrastructure a very big challenge because it requires extending the schema of one or both platforms. There is a method of offering partial Mac client management and access to other Mac OS X Server services under Active Directory that doesn't require schema modification.
The approach is twofold. First, join Mac servers and clients to Active Directory using Apple's Active Directory plug-in. Second, create a directory search path on Mac servers and clients that searches both the Active Directory domain and an Open Directory domain hosted by one or more Mac servers. This configuration allows you to create computer lists in the Open Directory domain that contain Mac computer accounts from Active Directory. Management settings can then be enforced on those computer lists using Mac OS X Server's Workgroup Manager with no further configuration. The same approach can be extended to groups of users by creating group accounts in the Open Directory domain and populating them with user accounts from Active Directory. This method isn't perfect, and some client management functions may not respond properly, but it requires significantly less effort than modifying the Open Directory and/or Active Directory schemas.
It can function as a temporary solution if you are planning to extend the schema but require an immediate solution while you do so. What about Services for Mac? Windows Server includes Services for Mac (SFM) - optional components that provide the ability to create and manage shares and print queues using the Apple Filing Protocol (AFP) and the defunct AppleTalk protocol. Services for Mac is a solution that was designed to work with the classic Mac OS versions - in other words, those before Mac OS X. Its security options rely on a Microsoft user authentication module being installed on Mac clients, a version of which was never developed for Mac OS X. As such, the only way to support Mac OS X access to SFM shares and print queues is by using clear text passwords or the limited encryption of an older version of the AppleShare protocol. Given Apple's longstanding inclusion of Samba in Mac OS X and the security limitation, it has been quite some time since SFM was considered a terribly solid solution.
SFM also suffers from performance issues because of its design and the fact that it relies on the outdated AppleTalk protocol. That said, there are alternate third-party AFP servers for Windows Server, including the robust ExtremeZ IP by Group Logic and MacServerIP by Cyan Software. These products offer enhanced security options but they also offer one other feature that can be important for some Mac users. Mac files contain a resource fork as part of their structure; this fork is not supported by either NTFS or FAT file systems. When working with SMB-mounted drives, Mac OS X typically performs a translation of the resource fork into a separate file to work around this issue.
For most applications, this functions very well. However, some applications encounter problems with this approach. In those situations, having an AFP server solution can result in a more seamless workflow. Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. In addition to writing for Computerworld, he is a frequent contributor to InformIT.com. Ryan was also the co-author of O'Reilly's 'Essential Mac OS X Panther Server Administration.'
You can find more information about Ryan, his consulting services and recently published work at www.ryanfaas.com and can e-mail him at [email protected]. This story, 'Mac support in an Active Directory environment' was originally published.
Review Review: Using LG's UltraFine 4K Display with Apple's USB-C MacBooks is as simple as can be By Saturday, December 17, 2016, 09:13 am PT (12:13 pm ET) While it isn't branded as an Apple display, the LG UltraFine 4K Display is quite Apple-like, featuring a minimalist design, high-quality ultra high-resolution screen, and dead-simple plug-and-play connectivity. It's a fantastic choice and a gorgeous display if you have a USB-C equipped MacBook, with a few caveats: it lessens the appeal of the MacBook Pro's Touch Bar and Touch ID, and it doesn't utilize Thunderbolt 3.
There are no buttons on this display— not even a power button. Everything works automatically, and if you need to tweak settings, you adjust the display through macOS itself.
Stereo speakers are embedded below the display, giving the front a clean look. There is no camera. Apple's latest MacBooks with USB-C, including the new MacBook Pro with Touch Bar, allow power, data, display and audio to be transmitted through one cable. That means you no longer need to plug your MacBook into the wall, as the power is provided via the display itself over just one cable. The included cable is also thick and high quality. It's not some cheap flimsy cable that you'll be afraid of fraying, or worse. While we miss MagSafe in day-to-day use, testing the new MacBook Pro with Touch Bar and connecting just one cable for power, display and accessories eases some of the sting.
This is as simple as can be. USB-C, but not Thunderbolt 3 In a concession made presumably to allow the 21.5-inch LG monitor to work with Apple's ultraportable 12-inch MacBook, the UltraFine 4K Display transmits over the USB-C protocol, and not Thunderbolt 3. This means that if you use this display with Apple's latest MacBook Pro lineup, you won't be tapping into the full potential of the Thunderbolt 3 USB-C ports on your machine. Confused yet? Apple's 12-inch MacBook (both the 2015 and 2016 versions) features a single USB-C port for charging and data. Its USB-C port is not capable of Thunderbolt 3, which allows for faster transfer speeds, but remains restricted to the new MacBook Pro. By transmitting video and data over USB-C, and not Thunderbolt 3, this does limit the capabilities of the 4K display somewhat.
With less bandwidth available, the USB-C ports on the back of the monitor operate at USB 2.0 speeds— slower than even the full-size USB 3.0 ports on Apple's 2015 MacBook Pro. For power users who need the absolute best, it might be best to make the jump up to LG's larger 27-inch UltraFine 5K Display, as that model's ports utilize Thunderbolt 3. Without standard USB-C video support on the 27-inch model, it's for MacBook Pro users only, as the 12-inch MacBook doesn't have the necessary Thunderbolt 3 hardware.
Considering how limited adoption of previous-generation Thunderbolt accessories has been, we doubt this concession will be of much concern to most users. If you're in the market for a display and the 27-inch model is too big or pricey, the USB-C-only connectivity of the 21.5-inch model will not likely be a hinderance. A gorgeous wide color 4K display on par with Apple's own Retina display When we say this display is an Apple-like product, we're talking mostly about the quality of the screen. This 4K panel is a stunner from the moment you turn it on, with brilliant, bright and vibrant colors that truly stand out. We've been spoiled by years of using MacBooks with Retina displays, making it impossible to go back to lower-resolution laptop screens.
Apple famously never gave its Thunderbolt Display the Retina treatment, but the LG UltraFine 4K Display fills in that role quite nicely. The best compliment we can pay the LG screen is that you won't really notice any difference in quality jumping from the beautiful Retina display built in to the MacBook Pro to the 4K monitor. LG's UltraFine displays support the P3 wide color gamut, again matching the capabilities of the gorgeous Retina display on Apple's 2016 MacBook Pro lineup. This means the display also matches the color capabilities of the iPhone 7 display and camera, making them a great pairing for mobile photography. Around the borders, the LG monitor has a matte black look that's simple. The screen itself is glossy, which helps colors to pop, but may not be ideal for those who use it in a bright environment.
The 21.5-inch panel packs in a resolution of 4,096 by 2,304 pixels. With the default scaling of macOS, fonts are readable and UI elements are all at a comfortable size. And with real estate much larger than a MacBook can provide, tasks both basic and complex are more comfortable to manage. We tested the LG 4K display exclusively with Apple's new 2016 MacBook Pro with Touch Bar. Our system is a maxed-out model, featuring the fastest Intel processor available and 16 gigabytes of RAM. The horsepower was more than enough to drive both the monitor and the MacBook's display with no noticeable slowdown or issues. Of course, Apple's 12-inch MacBook offers significantly less performance than then MacBook Pro to achieve its svelte design.
Considering video is done over USB-C to allow compatibility with the 12-inch MacBook, Apple obviously feels it's good enough for this screen, but we didn't have the opportunity to test with a lower end system. Stand it, slide it, tilt it, mount it The LG UltraFine 4K Display comes with the stand already attached. The base is flat and metal, heavy and solid.
Even on a slightly wobbly desk, the LG monitor feels secure on this base. The stand itself has a clever design that allows it to be easily slid upwards or downwards without any need to lock or unlock any moving parts. Simply apply pressure to the monitor and it will slide upwards and downwards as needed. The LG UltraFine 4K Display, however, makes no apologies for the switch to USB-C. It connects to Apple's MacBook Pro with a USB-C to USB-C cable, and includes four USB-C ports on the back.
There are no full-size USB ports or any other types of inputs on the monitor. And, as we mentioned before, these ports run at the slower USB 2.0 speed, despite featuring USB-C connectivity.
This means that devices connected to the MacBook through the monitor will be slower than if they were connected directly to the MacBook. For most devices, and for most users, this concession probably won't make much of a difference. Just be aware that opting for the smaller, cheaper LG UltraFine monitor means you're not tapping into the full potential of your MacBook.
Touch Bar or Touch ID fanatics need not apply Unless you plan on using the LG UltraFine 4K Display as a second monitor with your MacBook Pro opened up, using the notebook and display as a desktop-style replacement with external mouse and keyboard means users will lose easy access to two of the most-touted features on the new MacBook Pro: the Touch Bar and Touch ID. We can't knock LG for this, but prospective buyers should at least be aware that Apple does not sell any external wireless keyboards with Touch Bar or Touch ID. For now, those features remain exclusive to the chassis of the new 13- and 15-inch MacBook Pro. If you find yourself using these features on a regular basis, you'll probably want to use the LG UltraFine 4K Display as a second monitor to complement the Retina display on your MacBook Pro. In this scenario, the monitor does sit a few inches higher on a desk or table than the MacBook Pro display.
We didn't find this to be a major issue on our testing. Using the second monitor also defeats some of the convenience of the Touch Bar, even when equipped as an extension of your desktop.
One of the advantages of the Touch Bar is the fact that it's at the top of the keyboard, so close to the Retina display on the MacBook Pro, easy to see and to use. When you're looking at a second monitor that's not atop the Touch Bar, some of the convenience is lost. Personally, we prefer to close our notebook and stow it away with a large, gorgeous monitor of this size, allowing the best of both worlds between desktop computing while docked, and an ultraportable notebook on the go.
As a result, it would be nice to see Apple offer a high-end Magic Keyboard with its own integrated Touch Bar and Touch ID. This way, we wouldn't have to sacrifice two key features on the new MacBook Pro while using the notebook in desktop mode. But if you have a 12-inch MacBook, or a new 13-inch MacBook Pro without Touch Bar, or you simply don't care that much about the Touch Bar or Touch ID on your high-end MacBook Pro, this isn't an issue. A word about Apple's defunct Thunderbolt Display, and pricing It's dead. Time to move on. Apple signaled that it had permanently exited the standalone monitor business. That means the legacy Thunderbolt Display, which has been discontinued and was priced at a hefty $999, will not make a return.
Apple instead partnered with LG to make this the premier external USB-C monitor for the MacBook Pro. And currently priced at $524, it's a steal compared to what Apple used to charge for the non-Retina Thunderbolt Display. The current pricing on the 21.5-inch LG UltraFine 4K display is a, intended to appease users who are upset over Apple's switch to USB-C.
Starting Dec. 31, the price will go back up to its usual $699. At $524, it's also considerably cheaper than the $974 ultra high-resolution 5K model, which boasts a screen size of 27 inches. That larger monitor will return to an MSRP of $1299.95 starting in 2017. With only a few weeks left to lock in a 25 percent discount, those who are on the fence should probably buy now.
This is a gorgeous display with a lot to offer, and if you want a USB-C monitor with 4K resolution in this size, the price is right. Conclusion If you're looking for an external display and you have Apple's 12-inch MacBook, we feel like the LG UltraFine 4K Display is the obvious choice. The 21.5-inch size may be too small for some, but it's substantially bigger than anything in Apple's notebook lineup. We also think this display is a great fit for the 2016 MacBook Pro sans Touch Bar.
Using the 13-inch MacBook Pro with Touch Bar with this display, however, gives us some pause. Depending on a user's workflow, and depending on how frequently they find themselves using the Touch Bar, it's ultimately going to be a personal decision of what works best. If you're running the 15-inch MacBook Pro with Touch Bar, it's harder to recommend the LG UltraFine 4K Display. Sure, the jump from 15 inches to 21.5 inches is significant, but the sacrifices made to send video over USB-C rather than Thunderbolt 3 start to weigh heavily. Consider also that the 15-inch MacBook Pro has a dedicated graphics card capable of pushing more pixels, making the larger 27-inch LG 5K display— with Thunderbolt 3— a much more attractive option.
If you can fit it on your desk, at least. On the surface, however, LG's UltraFine 4K Display is as simple as it gets in terms of aesthetics and performance. On the whole, we view that as a good thing. And the fact that the display offers all of the quality, clarity and performance of Apple's own Retina display means there's no downgrade or tradeoff— at least, as far as the picture is concerned.
![]()
Score: 4 out of 5.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |