Over the next few months I want to roll out MacOS X. I have all the
pieces in place in my test environment before I move it to my
production servers. I have a Mac client running Panther (10.3), a newXserve running 10.3 server, and a Netware 6.5 server. I already have
all of the Mac's and Windows PCs on campus getting their IP address
through DHCP setup on a Windows 2000 server. My question is broad andconcerns how these pieces fit together. What I would like to do is

1. Have my users authenticate to eDirectory and have their home
directories mount on the desktop. I know that macosxlabs.org has the
directions on how to do this under 10.2. I have been told an updated
set of directions under 10.3 will be posted in the next two weeks.
2. I also want to use Workgroup Manager to make manage my clients

How do these two things fit together? In other words which way do I
approach this:

1. I think I can take OSX server and set it up so that it gets its
lists of users, what group(s) they belong to, and the location of home

directories from eDirectory using an LDAP lookup. I then setup LDAP on

a OSX client machines to authenticate to MacOSX server. I then have amanaged client using the settings in WorkGroup Manager and users haveaccess to their home directories in Netware.

2. I setup each Mac client to authenticate to eDirectory according tothe directions found at macosxlabs.org. This authentication is done
through extending the schema in Netware and setting up the LDAP loginon each client. I also setup MacOSX server to pull its list of users
and what groups they belong to right from eDirectory via an LDAP
lookup. This allows users to gain access to their home directories and

me have the ability to manage each client. In other words, MacOSX
server pushes the desktop management information directly into
eDirectory and OSX clients get it from there. If this is the case (and

I am betting that this is the correct setup) can OSX server pull group

information out of eDirectory? I have all my students belonging to
different student groups and adults belonging to other groups. I willwant to be able to tweak workgroup manager to lock down the client a
little further for adults than I do students.

As you can see, the confusion I am having all relates to
authentication. It seems like a Mac client needs to authenticate to
eDirectory to gain access to their home folder but also to MacOSX
server in order to be a managed client. My other thought was when I
setup LDAP on a client machine do I include both eDirectory AND MacOSX

server LDAP lookups to accomplish this? Once I get the underlying
mechanism on how this all works I can start the setup and testing
process in earnest.