Monthly Archives: March 2013

OSX Apple Remote Desktop Active Directory Logins From A Windows Client (Remotix)

Written by William Roush on March 25, 2013 at 9:03 pm

A few weeks ago we got our Mac Mini in, quickly got ESXi on it, and proceded to run a handful of OSX VMs on it for various development purposes, mainly servers to test our software on… However I ran into one major issue:

 

How are we to share these machines?

 

I had a few requirements I should lay out first:

  • Needs to be able to authenticate with our local Active Directory server.
  • Needs to obey Apple’s virtual terminal permissions (either requesting shared access or starting a new virtual terminal, not using VNC).
  • Needs to work on Windows (no, can’t just buy a Macbook, defeats the purpose of this setup).

A promising piece of software I stumbled upon was Remotix For Windows, it was a much nicer interface than other VNC products, and boasted integration with OSX logins… score!

However Active Directory logins were failing, and the steps to get them working are a bit cryptic if you don’t know what you’re looking for, and took quite a bit of looking for me to dig up all of the steps required to get it to work. Now I’m going to assume a couple things:

  • You can log in via an Active Directory account on the console of the machine.
  • You have Apple Remote Desktop enabled.

First thing, we need to enable directory logins on Apple Remote Deskop, we’ll enable it by running this:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setdirlogins -dirlogins yes

Then we’ll need to grant users access to Apple Remote Desktop by creating a local “ard_admin” group, and tying Active Directory groups to it, we’ll do that by running these two commands:

dseditgroup -o create ard_admin
dseditgroup -o edit -a 'YOURDOMAIN\your_ad_admin_group' -t group ard_admin

At this point I restarted OSX so that the ARD settings took affect.

Now you should be able to fire up Remotix, connect to the machine and provide Active Directory credentials and log in.