How to Bind Mac OS X Clients to a Shared Domain - dummies

How to Bind Mac OS X Clients to a Shared Domain

By John Rizzo

You share the directory by creating a binding between the client and the Open Directory domain on Lion Server. Binding creates a connection between the server and the client, enabling the client to read the LDAP database, send authentication requests, and interact with the Kerberos realm for service tickets.

Regarding authentication, you see this interaction most frequently from the login window in Mac OS X, and most of that interaction is transparent to the user.

Any version newer than Mac OS X 10.2 can bind to Open Directory running on Lion Server. Your Mac OS X 10.7 client systems should not be bound to versions of Mac OS X Server previous to 10.7 in order to best support the newest enhancements of Mac OS X.

Bind Mac OS X 10.6 clients

Unlike with previous versions of Mac OS X, you can bind Mac OS X 10.6 and 10.7 clients by using System Preferences. These steps are good for binding both versions of the Mac client:

  1. Select the Apple menu and choose System Preferences and then click the Users & Groups icon in Mac OS X 10.7 (or Accounts in Mac OS X 10.6).

  2. Click Login Options.

    If the client has never previously bound to a directory, you see a Join button next to Network Account Server at the bottom of the Login Options window. If a current binding exists, you see an Edit button.

  3. Click the Join or Edit button and enter the Open Directory master’s fully qualified hostname in the Server field.

    If you’ve previously enabled service discovery on your Open Directory Master server, it will be listed.


  4. Click OK and, if prompted, enter the local administrator username and password, authorizing changes to the local directory structure.

  5. (Optional) Edit the Client Computer ID and enter the directory administrator’s username and password, or leave those fields blank for an anonymous binding.


After your client is bound to the server, the Mac OS X 10.7 Users and Groups preferences pane (or Accounts in Mac OS X 10.6) in System Preferences indicates this with a green dot and the server’s hostname. You can click the Edit button to modify the settings, and you can also access Directory Utility (in /System/Library/CoreServices) to make more advanced changes to the directory bindings.

Bind Mac OS X 10.5 and earlier clients

In previous versions of Mac OS X, you used Directory Utility, installed in the Utilities folder within the Applications folder, to bind to a network directory. To bind a Mac OS X 10.5.8 or earlier client, open Directory Utility and do the following:

  1. Click the lock icon and enter an administrator name and password.

  2. Click the Add (+) button and select Open Directory from the pop-up menu.

    Select Active Directory to bind to an Active Directory domain.

  3. Enter the fully qualified hostname or IP address of the server hosting the domain and click OK.