L3 Training
Typical Managed Client Settings at a K-6 school.

This is a very brief treatise on how to setup Managed Client under Mac OS X Server v10.3.4.

Prior to setting up your server you should make sure that you have a valid Address (A) record from your DNS system and a valid PTR record as well.
You can check for a valid Address record using the Terminal.

Below is a session in Terminal showing how to check for a valid forward and reverse DNS record using the 'host' utility.

Note that everything after the $ sign is a command or output from the command.

Last login: Wed Jul 28 16:16:18 on ttyp1
Welcome to Darwin!
Vista:~ brad$ host 192.168.0.8
8.0.168.192.in-addr.arpa domain name pointer trumpington.pembertonfamily.com.
So we know the server at the address 192.168.0.8 has a valid reverse record - it has a PTR record.

Now we'll check for an A record doing a forward lookup

Vista:~ brad$ host trumpington.pembertonfamily.com
trumpington.pembertonfamily.com has address 68.98.219.186
Vista:~ brad$

Here's the syntax:

host <IP Address><RETURN>
is for the reverse lookup
host <Host Name><RETRUN>
is for the forward lookup

Here is what an error looks like:

Vista:~ brad$ host cheese.l3training.com
Host cheese.l3training.com not found: 3(NXDOMAIN)
Vista:~ brad$

You should update your server to the latest version using Software Update and then use Server Admin to change the role of your server in the Open Directory service from Standalone to Open Directory Master. After changing that you should reboot the server just in case.

You must have DNS working right to have this work unless you're smarter than I am ;-)

Launch Server Admin on your server and add your server to the list (if it's not already there). Select the Open Directory service and change the role from Standalone to Open Direcotory Master. You will be asked to authenticate.

Note that if your reverse DNS lookup isn't working the Kerberos Realm Name and Search Base fields won't be automatically populated and the LDAP server (slapd) will most likely fail to start.



After DNS is setup and your server is an Open Directory Master you're ready to proceed. At the server you can launch Workgroup Manager and login to the server.

The best thing to do is figure out how many types of users will be sharing the server and need a managed environment or need to share files or have a place to store their documents.

Create a group for each type of user you've got.


Make sure the User home is shared - it is already by default.
Check the protocols tab.

Make sure the Mac clients can get to it using AFP and if you have Windows clients check to make sure Windows file services are on.

By default under 10.3.4 server AFP,SMB(Windows) and FTP are enabled.

Next you'll need to make sure an automount record is created for your home folders.

Note that on the screenshot 'Where:' is LDAPv3/127.0.0.1. This means your server is acting as an Open Directory Master.

Now you'll need to enable some preferences for the group you already setup.
You can define preferences a) never b) once or c) always. Once simply means you set it for the first time they login. If they wish to change it they are permitted. Always mean they cannot modify the setting - it will be set at every login.

  1. Click Preferences (double switch icon)

  2. Click the Groups tab (small icon with three busts)

  3. Click on the Finder icon (smiley face guy)

  4. Select the Once radio button

  5. Change the 'New Finder window shows' section to Home

  6. Click Apply Now

  7. Click Done
Once you've made the changes click Done and notice that there is now a small circle with a pointer in it indicating a change has been made to that preference.
You have to set the computers to define the preferences for the Guest computer list.

I've heard that individual computer records in a list can be problematic so I always recommend using the Guest Computers setting.

  1. Click Accounts (Bust icon)

  2. Click the Computer Tab (Rectangle icon)

  3. Click on the Guest Computers list entry

  4. The List tab screen should appear to the right

  5. Select the 'Define Guest Computer preferences here' radio button.

  6. Click Save
You'll need to go to a client machine and set it up to authenticate at the login window to your server.
You do this using the Directory Access utility in /Applications/Utilities


Launch Directory Access and click the lock and authenticate as an Admin user.
Click on the LDAPv3 list item and click the Configure button.
  1. Click the show options disclosure triangle.

  2. Click New

  3. Name your configuration anything you want

  4. Enter the exact name returned by the host command above or just use the server IP address, e.g. 192.168.0.8

  5. Leave the LDAP mappings set to 'From Server'

  6. Click OK

  1. Click the Authentication Tab

  2. Change the Search pop-up menu to 'Custom path' if it isn't already

  3. Click Add...

  4. Select your server from the selection list

  5. Click Apply
    (It should look like the screen shot to the right)

  6. Quit Directory Access

  7. You may need to turn off auto-login and Fast User Switching for this to work. You can change these settings in System Preferences > Accounts > Login Options

  8. Reboot your client machine.

  9. Upon reboot you should be presented with Other... at the login window. You can type in a network user ID and password to authenticate.