I have a Mac server that I can join clients to using System Preferences -> Users and Groups -> Login Options -> Network Account Server. However, I'd like to do this remotely without having to touch every Mac. I have a local user on each machine that can sudo to root. How can I join the Network Account Server via the shell?
I've seen dsconfigad, but on a machine joined to my account server it doesn't show anything when I do dsconfigad -show, which implies that's the wrong command for me.
dsconfigad is for connecting to Active Directory domains; for Open Directory domains, you need to use dsconfigldap (which configures the LDAPv3 connector) instead. Basic usage is pretty simple:
sudo dsconfigldap -a odserver.domain.com
If you're going authenticated binding, you'll need to add flags to give the OD admin credentials, computer name, etc; see man dsconfigldap. If the server is also running 10.7, you'll be prompted for whether to trust its certificates; I haven't experimented with how to handle this in a script yet.
If the client is running 10.6 or older, there are some additional steps to set up the search policies and kerberos config (this is handled for you by 10.7's dsconfigldap):
sudo dscl /Search -create / SearchPolicy CSPSearchPath
sudo dscl /Search -append / CSPSearchPath /LDAPv3/odserver.domain.com
sudo dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
sudo dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/odserver.domain.com
sudo kerberosautoconfig -f /LDAPv3/odserver.domain.com
