Use the vastool utility to perform a command line join.
At the command line, enter vastool join to join the macOS system to an Active Directory domain.
Use the vastool utility to perform a command line join.
At the command line, enter vastool join to join the macOS system to an Active Directory domain.
You can access the same functionality that is available through the QAS Join application using the Safeguard Authentication Services command line utilities.
There are two ways to join your macOS system to an Active Directory domain:
Run the vasjoin.sh script.
$ sudo /opt/quest/libexec/vas/scripts/vasjoin.sh
This script prompts you for information needed to perform the join operation without requiring you to know the syntax of the vastool join command.
-OR-
Run the vastool join command.
$ sudo /opt/quest/bin/vastool -u Administrator join -f example.com
To leave an Active Directory domain from a Terminal session, use the vastool unjoin command.
Note: See the vastool man page located in the docs directory of the installation media for more information about the vastool join or vastool unjoin commands.
When joining an Active Directory domain, Safeguard Authentication Services automatically modifies the following system configurations:
Once you have successfully completed the Safeguard Authentication Services join process, you are immediately able to log in to the macOS system through the macOS Login Window.
When leaving a domain, the Safeguard Authentication Services unjoin process reverts the above changes that were made by the Safeguard Authentication Services join process. Also, uninstalling Safeguard Authentication Services automatically reverts the above changes as well.
Note: You can re-join on top of existing computer accounts created with the macOS Active Directory plugin by default using the Safeguard Authentication Services Active Directory plugin, but we recommend disabling the macOS Active Directory plugin so that the domain will not appear in the Directory Servers window as not responding.
It is important to verify that your system is configured correctly to use the Active Directory account information provided by Safeguard Authentication Services.
To verify the Safeguard Authentication Services installation and configuration
Run the following shell commands.
To show a list of the available Unix-enabled Active Directory users, enter
dscl /VAS list /Users
To show a list of the available Unix-enabled Active Directory groups, enter
dscl /VAS list /Groups
To ensure that the system can read user information for Safeguard Authentication Services users, enter
dscl /Search read /Users/<Username>
where <Username> is the username of a Safeguard Authentication Services user.
To perform an authentication for a Safeguard Authentication Services user, enter
dscl /Search auth <Username>
where <Username> is the username of a Safeguard Authentication Services user.
If any of the previous commands do not work, capture debug information from the Safeguard Authentication Services Directory Service plugin.
[vas_macos] dslog-mode = /Library/Logs/vasds.log dslog-components = all
$ sudo /opt/quest/libexec/vas/macos/vasdsreload
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center