RE: [Fed-Talk] Setting up an iMAC on an Exchange Network with CAC
RE: [Fed-Talk] Setting up an iMAC on an Exchange Network with CAC
- Subject: RE: [Fed-Talk] Setting up an iMAC on an Exchange Network with CAC
- From: "Miller, Timothy J." <email@hidden>
- Date: Mon, 4 Aug 2008 11:17:47 -0400
- Thread-topic: [Fed-Talk] Setting up an iMAC on an Exchange Network with CAC
Your DC probably has a cert from the AFPKI, which the Mac needs to validate.
The AFPKI root and the AFRC issuer CAs aren't shipped with OS X (DoD PKI
roots are). Now, these *should* be pushed to you via Group Policy but I
don't know how Thursby handles trust push via GP. You can always export
them from a domain-joined Windows box yourself and import them on OS X. Be
sure to set system-wide trust for the root and issuer CAs.
In re: the workstation getting it's own cert--not relevant for domain logon.
However, please email me off list about that. I have some questions that
aren't appropriate for a public forum.
-- Tim
-----Original Message-----
From: fed-talk-bounces+tmiller=email@hidden
[mailto:fed-talk-bounces+tmiller=email@hidden] On Behalf Of
Mathew Heath Van Horn
Sent: Monday, August 04, 2008 6:55 AM
To: email@hidden
Subject: [Fed-Talk] Setting up an iMAC on an Exchange Network with CAC
I've been trying to setup an iMAC running Leopard on our Exchange network
with CAC support and so far no luck.
I tried using ADmitMac for CAC by Thursby, but it can't authenticate with
OCSP because our domain controllers are blocking direct access. The error
results is that the iMAC doesn't have the right certificates. Our active
directory and exchange experts seem to the think that maybe the apple isn't
joined to the domain correctly. On the vista side, when a computer joins
the domain, the domain controllers issue the PC a certificate unique to that
box. We tried using that certificate on the Leopard side of the machine,
but that didn't help.
We tried everything we could think of to join the iMAC to the network, but
in the end, we had to roll back to Tiger and use an account with a password
just to get through the domain controllers. Does anyone know of a way to
join an iMAC to an exchange network?
Thanks
Mathew J. Heath Van Horn, Capt, USAF
AFRC/A6XI
478-327-1679
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden