TweetFollow Us on Twitter

Active Directory & Mac OS X

Volume Number: 20 (2004)
Issue Number: 11
Column Tag: Programming

Active Directory & Mac OS X

by Michael Bartosh

Fitting in, not standing out. We mean it this time.

Ancient History

Many in the Mac IT community will recall the Windows NT revolution and its impact on Apple's place in the market. Microsoft began heavily promoting NT, selling its centralized management capabilities (which appealed to the rapidly professionalizing field of desktop IT management) as well as Apple's seemingly delayed reaction. You could make a case that Apple's strategy in this area was unsuccessful and may have had some degree of negative impact on its overall market share. In 1993 when Windows NT 3 was introduced Apple enjoyed a nearly 10% market share. By 1997, 1 year after NT4's introduction, Apple's market share had declined to around 4.4 %, and Microsoft had made great inroads, particularly in the server space, into some of Apple's core markets. Rather than embracing and fitting into the infrastructures that its customers had chosen, Apple continued to employee strategies that have not been proven successful in the enterprise marketplace.

History Reloaded

In 2003, Active Directory (Microsoft's Directory Services product) was in much the same position that Windows NT was in the late 1990's. In its second revision (as a part of the Windows 2003 server product; the first was included with Windows 2000) Active Directory had achieved a deep level of penetration into several of Apple's core markets. Once again, Apple had a decision to make-- embrace the idea of heterogeneous multi-vendor networks driven by ad-hoc market standards, or retreat to its less successful roots. Luckily in 10.3 Apple seems to have at least tentatively chosen the former path, engineering into the Mac OS X specific capabilities for integration with Active Directory. This is a new and bold step forward for Apple, and something that goes a long way towards bring legitimacy to Apple in enterprise and institutional markets.

The Active Directory Plug-in: Features

Active Directory Integration is nothing new to Mac OS X-- previous to Panther a certain level of interoperability was feasible. Feasible, however implies neither secure nor straightforward, to say nothing of the simplicity Mac users are accustomed to. The problem with pre-10.3 configurations is that they were tedious, complex, and relatively insecure. There was no standardized or consistent integration procedure, and the result was typically a mess of hacks, work-arounds and duct tape. Additionally, really complete solutions tended towards intrusiveness, often requiring extensive changes to the Active Directory.

Panther's Active Directory Plug-in provides a simpler and more full-featured platform for directory services configuration. It supports a number of line-item features (which I'll cover) but its single most important feature is not a line item at all, but a basic architectural principal. It seeks to emulate a Windows client as much as possible. Its communication with the Windows domain is nearly indistinguishable from its Microsoft-bred counterparts. Its goal is to integrate as seamlessly as feasible into the infrastructure that many of Apple's customers have chosen, requiring no infrastructure changes and little massaging or special treatment. Beyond that strategic goal, its specific features are many.

  • Single Sign On: The Active Directory plug-in leverages the extensive client-side work Apple has pursed in order to effectively make use of the Kerberos authentication protocol. Kerberos is Active directory's native authentication platform, and effective Active Directory integration demands a mature Kerberos environment. When a User logs into Mac OS X using an Active Directory account they are granted a TGT (ticket granting ticket) which ultimately allows them to access Kerberized services-- including Exchange's Outlook Web Access-- without having to authenticate again.

  • Windows Home Directories: In its default configuration, the Active Directory Plug-in obtains the location of the User's home directory (in the homeDirectory attribute of the User's Active Directory account) and puts it into the User's Dock so that it is easily accessible. It can also be configured, however (as covered later in this article) to use the SMB-mounted Windows home share as a Mac OS X network home directory.

  • Password Policy Enforcement: In Jaguar password policies set in Active Directory were not effectively enforced. Although the situation isn't perfect in Panther, users are allowed to change expired passwords on log-in, and password changing is effectively integrated into the user experience, allowing users to change their Active Directory password with either the passwd command line utility or the Accounts pane of the System Preferences application.

  • Multiple domain authentication: Active Directory is capable of scaling to very large deployments. These large deployments often form forests made up of multiple domains. Apple's Active Directory plug-in optionally allows for users from any domain in a forrest (even domains in a different namespace-- for instance a domain called pantherserver.org in a forest called apple.com) to log into the Mac in question.

  • Active Directory Group Support: Active Directory keeps track of groups in a way that is very different from Mac OS X (and most other Unix-based Operating Systems). This made it very difficult in Jaguar to leverage the extensive group management capabilities of Active Directory. Panther's Active Directory Plug-in is designed specifically to interpret Active Directory group data, manipulating it in a way that makes it useful to Mac OS X.

  • Delegated Administration: Active Directory largely operates on the principal of delegated administration-- granting certain administrative privileges in a granular fashion to users who are not domain administrators (users, for instance, are often delegated the authority to add their workstations to the domain). The Active Directory Plug-in is friendly to this concept, optionally allowing one or more Active Directory groups to administer the Mac OS X workstation. Administrative capabilities can additionally be granted to specific users (rather than groups) the same way they would be on the Windows platform, by setting the Managed By attribute in the Windows Active Directory Users and Computers application.

  • Disconnect Behavior: Panther displays far better disconnect behavior when domain resources are not available. In Jaguar the user experience as Open Directory (Apple's Directory Services infrastructure) struggled to re-connect to missing directory domains was painful to say the least, with difficult timeouts that left the client useful for extended periods of time. This has improved in Panther to the extent that Active Directory user accounts can even be cached locally, so that the user is able to log in even if the domain is not available. When the domain is available password policies (such as expiry) are enforced.

  • UniqueID Generation: One of the biggest challenges of integrating any Unix operating system with Active Directory is the UniqueID. This integer (sometimes called uid) is used to uniquely identify Unix accounts. Active Directory supports several unique identifiers (among them guids and sids) but they are 128 bit hex identifiers. This results in quite a bit of difficulty during integration, since a user account without a UniqueID isn't really a user account as far as Mac OS X is concerned. The Active Directory Plug-in works around this issue, generating an integer UniqueID from the 128 bit hex guid. This conversion (done according to Microsoft's specification at blah) produces an integer UniqueID that is both consistent throughout the domain and Unique among all user accounts. The only real downside to this process is that the converted UniqueID's are very large, and not all Applications deal with them correctly.

  • Domain controller preference: When the Active Directory Plug-in joins a domain it attempts to locate the nearest domain controller using site policy published to DNS. Unfortunately site policy is not always configured correctly, so the Active Directory Plug-in allows you to specify a preferred domain controller.

Configuring the AD Plug-in

The Active Directory Plug-in, like most other end-user configurable Open Directory Plug-in's, is configured using the Directory Access application, which is located in an out of box Mac OS X install in /Applications/Utilities. Configuring Active Directory integration is as simple as starting Directory Access, choosing its Active Directory Plug-in, and clicking on the configure button, as seen in Figure 1.


Figure 1. The Directory Access application.

Configuring the Active Directory Plug-in results in the dialog seen in Figure 2. It is, in its basic form, extremely straightforward, prompting for a domain and forest to join, along with an ID for the computer. In the case of Mac OS X clients this computer ID should reflect local naming conventions and policies (machines are often named sequentially, or based on their user or physical location). Servers joining Active Directory should use the unqualified portion of their hostname. Homes.pantherserver.org, for instance, would have a computer ID of homes (this allows for easier single-sign on interoperability between the server an the Active Directory Kerberos environment).


Figure 2. The Active Directory Plug-in's basic configuration dialog.

Optionally, clicking on the Show Advanced Options triangle reveals the interface pictured in Figure 3. This is where most (but not all) of the features listed earlier in this article are implemented.


Figure 3. The Active Directory Plug-in's advanced configuration dialog.

Options from this interface (along with other interesting bits of data) are stored in the Active Directory Plug-in's configuration file (/Library/Preferences/DirectoryService/ActiveDirectory.plist) which is discussed in more depth later in this article.

When the desired options have been specified, you may select the Bind button. This results in an authentication dialog, pictured in Figure 4. This dialog accepts a container or organizational unit in Active Directory along with credentials required to add a computer account to it. This is an important concept-- the graphical interface erroneously implies that Domain Administrator credentials are required to add the Mac to the Active Directory Domain. In reality, all you need to supply are the credentials of a user able to add computer accounts to the specified container or ou. As mentioned earlier this is a commonly delegated task, often left to users or low-level IT staff.


Figure 4. Joining Active Directory requires that the specified credentials be able to add computer accounts to the indicated organizational unit or container.

Troubleshooting

Other than a thorough understanding of Active Directory, Open Directory, and directory services in general the two most important tools for troubleshooting Active Directory integration issues are network sniffers (like tcpdump and ethereal) and the Directory Service daemon's debug mode.

tcpdump is installed on Mac OS X (and most other Unix operating systems) so I most commonly use it to initially gather data, later examining that data using a graphical tool like ethereal. Kerberos data in particular looks largely like a bunch of hex over the wire, and ethereal can be a great help translating this data into something that's human readable.

big15:~ mab$ sudo tcpdump -w join.dump -i en1 port domain 
or port 3268 or port kerberos or port kpasswd or port ldap

Comment

The work of the Active Directory plug-in is actually executed by the DirectoryService daemon, which produces very good logging data, particularly in the case of Active Directory interoperability. To turn debug logging in, you need to send the USR1 signal to the DirectoryService process. This begins logging to /Library/Logs/DirectoryService.debug.log. Active directory messages are prepended with the string ADPlugin:, so the log itself (which is very verbose) is easy to filter.

xsg5:~ tadmin$ sudo killall -USR1 DirectoryService
xsg5:~ tadmin$ tail -f /Library/Logs/DirectoryService/
                       DirectoryService.debug.log | grep ADPlugin 
2004-10-14 01:38:17 PDT - ADPlugin: Calling CustomCall
2004-10-14 01:38:17 PDT - ADPlugin: Doing CheckServerRecords......
2004-10-14 01:38:17 PDT - ADPlugin: Good credentials for joiner@ADS.4AM-MEDIA.COM
2004-10-14 01:38:17 PDT - ADPlugin: No connection in connection mgr for joiner@ 
                                       ADS.4AM-MEDIA.COM@ads.4am-media.com:389
2004-10-14 01:38:18 PDT - ADPlugin: Secure BIND Session with server 
                                       w2k.ads.4am-media.com:389
2004-10-14 01:38:18 PDT - ADPlugin: Processing Site Search with found IP
2004-10-14 01:38:19 PDT - ADPlugin: Added connection to connection mgr 
                                       joiner@ADS.4AM-MEDIA.COM@ads.4am-media.com:389
2004-10-14 01:38:19 PDT - ADPlugin: Found Default Domain ads.4am-media.com

Turning on debug logging in the DirectoryService daemon. The debug log is easy to filter with grep.

DirectoryService debug logging remains enabled until the daemon is re-started or until it receives another USR1 signal. Sending a USR2 signal enables API logging, which logs every Open Directory API call to the system log (/var/log/system.log). USR2 logging is heavy-weight, and will automatically turn off after 5 minutes.

The User Experience

In its default configuration, users from Active Directory are allowed to log in to Mac OS X using several forms of their user name (in order to be as compatible as feasible with the Windows user experience.) John Doe for, for instance might be able to log in as jdoe, John Doe, jdoe@ads.pantherserver.org or ADS\jdoe. The user is given a local home location in the /Users directory and a Kerberos TGT (ticket granting ticket) is obtained on log-in. This means that users can access most domain resources-- from kerberized file servers to Outlook Web Access (using Safari) without re-authenticating. In the client flavor of Mac OS X (Mac OS X Server's behavior differs) the user's SMB home directory (if it is listed in their user record) is placed in their dock and automatically mounted using NTLMv1 authentication (the TGT is not obtained early enough to mount it using Kerberos, which is far more secure).

Advanced Configuration

Some of the Active Directory Plug-in's most significant features are not available in its graphical interface. Most of these are available through the dsconfigad command, the AD Plug-in's command-line configuration interface. The Active Directory homeDirectory UNC, for instance, can be used as the Mac OS X home directory (rather than being mounted on the desktop) using the dsconfigad command's -localhome flag.

djou:~ djou$ dsconfigad -localhome disable
djou's Password:
Settings changed successfully
djou:~ djou$ dsconfigad -show

You are bound to Active Directory:
  Active Directory Forest     = ads.4am-media.com
  Active Directory Domain     = ads.4am-media.com
  Computer Account            = m-h02

Advanced Options
  Mount Style                 = smb:

Using dsconfigad, first to turn off the the default local home behavior, then to examine the Plug-In's configuration. When -localhome is disabled, user home directories are mounted late enough to support Kerberos authentication.

This disabled localhome behavior has two variants, controlled by the mountstyle flag. A mountstyle of SMB (the default configuration) interprets the UNC as an SMB URL plist, allowing Mac OS X to use it as an SMB home directory.

djou:~ djou$ dscl /Active\ Directory/ads.4am-media.com -read 
                        /Users/winnie homeDirectory HomeDirectory
homeDirectory: \\w2k\homes\winnie
HomeDirectory: <home_dir><url>smb://w2k.ads.4am-media.com/
                     homes</url><path>winnie/</path></home_dir>

Coupled with the AD Plug-in's -localhome disable option, the SMB mount style interprites the Active Directory homeDirectory UNC as a Mac OS X HomeDirectory (a URL plist). Notice the case sensitivity here-- the Active Directory attribute is called homeDirectory. It is used to produce the Mac OS X HomeDirectory.

Conversely a mountstyle of AFP interprets the UNC as an AFP URL. In general, AFP offers a better home directory experience than SMB, so this option has potential to improve the overall effectiveness of your infrastructure. In the vast majority of cases this is less than useful, though, since Microsoft's AFP Server is specifically not up to the task of supporting Mac OS X home directories. This setting becomes advantageous in two cases: when the home directory server is running the newest version of ExtremeZ IP (which features an AFP implementation that is far more capable than Microsoft's) or when the home directories are housed on Mac OS X Server. The latter case is a new and powerful option, implying that Windows clients will mount the same (Mac OS X-hosted) home directory using SMB that Mac OS X clients mount using AFP. The homeDirectory UNC in the AD User record in this case actually specifies a share on Mac OS X Server. This allows you to leverage Apple's compelling and relatively affordable server solutions, even in a Windows-centric infrastructure. That this is feasible is a testament to the deep level of integration that Mac OS X Server is capable of. The only real down side is that in Panther this does limit administrators Unix user-group-other permissions, rather than the deep set of access controls provided by the Windows platform.

djou:~ djou$ dsconfigad -mountstyle afp
djou's Password:
Settings changed successfully
djou:~ djou$ dscl /Active\ Directory/ads.4am-media.com -read /Users/winnie HomeDirectory
HomeDirectory: <home_dir><url>afp:// w2k.ads.4am-media.com/homes<
                     /url><path>winnie/</path></home_dir>

Changing the -mountstyle to afp indicates that the Active Directory homeDirectory attribute should be interpreted as an AFP (rather than SMB) url.

Most other, graphically available, options can also be set with dsconfigad; these options are well documented on dsconfigad's man page.

The Active Directory Plug-in: Architecture

Important to the deployment of any application is a good architectural knowledge of the files, executables, data stores and logs that support its functionality.

  • /Library/Preferences/DirectoryService/ActiveDirectory.plist: The configuration file for the Active Directory Plug-in. Options (set both graphically and using dsconfigad) are stored here, in addition to mappings between Active Directory and Open Directory record types and attributes.

  • /Library/Preferences/DirectoryService/SearchNodeConfig.plist: The file that stores the Open Directory search policy, specifying which directory domains should be searched for user accounts and other directory data.

  • /Library/Preferences/DirectoryService/ADGroupCache.plist: As of 10.3.4, exists only in Mac OS X Server. Active Directory stores group data differently from Mac OS X and most other Unix operating systems. The transformation of Active Directory groups into something that Mac OS X understands is relatively heavy weight. Because of this and because Mac OS X frequently likes to look up group membership Apple initially cached a local copy of every group in the Active Directory. This solution did not scale, taking up to three days and sometimes producing a cache file that was a hundred megabytes or more. In 10.3.4 Apple abandoned this strategy in Mac OS X, reasoning that dynamic lookups of group membership data probably could be achieved efficiently enough to meet user performance expectations, meaning that (in the client OS) the ADGroupCache is no longer used. The legacy behavior is preserved in Mac OS X Server since it needs access to a full listing of group membership no matter who is logged in. The frequency of the Plug-in's interrogation, though, is configurable by editing the Group Search Interval Hours key in ActiveDirectory.plist (it has a default value of 12 hours).

Data transformation

The Active Directory Plug-in is interesting in that it doesn't just query Active Directory for data. That wouldn't be very useful, since Active Directory doe not contain all the data that Mac OS X needs for valid user or group records. In addition to querying Active Directory, the Plug-in performs a number of data transformations, sometimes even appending data to the user records it finds. The best example of this is probably Managed Client data (MCXSettings). When the Plug-in's localhome flag is set to enable, a great deal of Managed client data is added to each user record, specifically place the user's Active Directory Home Directory into their dock (and to have it mounted at log-in) Other examples include:

  • Authentication Authority: A user's AuthenticationAuthority is the attribute that Apple uses determine how the user should be authenticated. Users without AuthenticationAuthorities can not support login-time password policies (such as expiry and forced changes) or password changes in the Accounts pane. The AD Plug-in generates an AuthenticationAuthority for every user based on the domain's configuration, allowing for the seamless support of Active Directory password policies.
djou:~ djou$ dscl /Active\ Directory/ads.4am-media.com -read 
/Users/winnie 
AuthenticationAuthorityAuthenticationAuthority: 
1.0;Kerberosv5;83981D08-027D-3843-BE3B-AB80FA3DA07F;winnie@ADS.4AM-MEDIA.COM; ADS.4AM-MEDIA;
comment
  • HomeDirectory and NFSHomeDirectory: HomeDirectory and NFSHomeDirectory describe the location of a user's network home directory. The former is an XML plist describing how to create the latter, which is a file system path. Neither is a standard part of an Active Directory user record (although the latter can be supplied by Active directory's msSFU30HomeDirectory if services for Unix are installed). As seen earlier, both are automatically generated based on the account's home directory as described in their Active Directory user record (using the UNC path described earlier in this chapter).

  • Mount Record: The mount record works in conjunction with the User's HomeDirectory and NFSHomeDirectory attributes to help support network home directories. Like the user home directory attributes it is generated on the fly based on the User's home directory UNC.
djou:~ djou$ dscl /Active\ Directory/ads.4am-media.com -read /Mounts/w2k:\\/homes
ADDomain: ads.4am-media.com
AppleMetaNodeLocation: /Active Directory/ ads.4am-media.com Comment: 
                          Dynamically generated - DO NOT ATTEMPT TO MODIFY
RecordName: w2k:/homes
VFSLinkDir: /Network/Servers/w2k/homes
VFSOpts: net url==smb://w2k.ads.4am-media.com/homes
VFSType: url

The AD Plug-in generates an automount record designed to help mount network home directories. Guest access doe not have to be enabled on this share point. For now, Mac OS X is incapable of using virtual home shares (\\server\username) as user network home directories, and must be able to locate home directories at a path below a share point.

  • Kerberos Auto Configuration record: One of Mac OS X's more intriguing Kerberos integration features is auto-configuration. Mac OS X, when it determines that it needs to be configured for Kerberos, will execute the kerberosautoconfig command. Kerberosautoconfig, in turn, will search the directory domains that the client is aware of, looking for a Kerberos configuration record. This record is very specific to Apple's infrastructure, and not typically found in non-Mac directories. The Active Directory Plug-in, however, is smart enough to auto-generate this configuration record, allowing for easy Kerberos interoperability.

Caveats

Panther's Active Directory Plug-in is by no means perfect, and although Apple has done a relatively good job I'd be remiss if I did not mention some of the pitfalls I've encountered. The most common issues tend to be unrelated to the Plug-in itself, and are more related to other capabilities in the OS. -localhome enabled's use of NTLMv1 authentication (which is disabled in security-sensitive environments), for instance, is due to the fact that the OS does not obtain a TGT early enough during log-in. There's not much that the AD Plug-in can do about that. Similarly, Mac OS X may not access user home directories on either DFS or a clustered CIFS file system. Incidentally, Thursby's ADmitMac product, which is a commercial Open Directory plug-in for both NT domains and Active Directory, is not subject to these particular limitations, since it uses Thursb'y Dave CIFS / SMB client. AdmitMac also overcomes a less common issue, where Computer accounts are not allowed to read certain user attributes. This measure is sometimes implemented to protect user privacy, but since Panther's AD Plug-in connects to the domain as the computer (rather than as the user) this could have the effect of keeping users from being recognized. AdmitMac pulls some tricks to actually connect to the domain as the user (rather than the computer) ensuring full access to at least some user data. Finally, note that AdmitMac supports Packet Signing, a cryptographic security feature turned on by default in Windows 2003 server. The AD Plug-in does not. Neither AdmitMac northe AD Plug-in support nested groups, a common management strategy in Active Directory.

Another common issue that is encountered at the basic integration level is the use of DNS. Mac OS X, like Windows clients, uses DNS to locate domain resources during the join process. This means that Mac OS X clients must have the Active Directory DNS server listed in the Network pane of the System Preferences application. Another DNS-related issue revolves around the common use of the .local TLD. This conflicts with Apple's Rendezvous multicast DNS implementation and must be worked around. Apple documents one procedure for this in kbase 107800. There are several other, less intrusive solutions but they are beyond the scope of this article.

Conclusion

Someone other than me said that "A willow tree bends in the wind and so the branches, being supple do not break." It takes little imagination to understand that Microsoft is a force of nature right now and that competing all out against them is ill advised. What matters to Apple's survival is sales, and Panther's Active Directory Plug-in, in making Mac OS X more willow-like, makes sales a lot easier. Good solutions support-- rather than fight-- existing IT infrastructures.


Michael Bartosh is a consultant specializing in large scale server deployments, directory services integration and scalable systems management.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Tinderbox 8.1.0 - Store and organize you...
Tinderbox is a personal content management assistant. It stores your notes, ideas, and plans. It can help you organize and understand them. And Tinderbox helps you share ideas through Web journals... Read more
Microsoft Office 365, 2019 16.30 - Popul...
Microsoft Office 365. The essentials to get it all done. Unmistakably Office, designed for Mac Get started quickly with new, modern versions of Word, Excel, PowerPoint, Outlook and OneNote-... Read more
RoboForm 8.6.5 - Password manager; syncs...
RoboForm is a password manager that offers one-click login, mobile syncing, easy form filling, and reliable security. Password Manager. RoboForm remembers your passwords so you don't have to! Just... Read more
Amazon Chime 4.26.6995 - Communications...
Amazon Chime is a communications service that transforms online meetings with a secure, easy-to-use application that you can trust. Amazon Chime works seamlessly across your devices so that you can... Read more
EarthDesk 7.4.1 - $24.99
EarthDesk replaces your static desktop picture with a rendered image of Earth showing correct sun, moon, and city illumination. With an Internet connection, EarthDesk displays near-real-time global... Read more
Boom 3D 1.3.2 - $19.99
Boom 3D is a revolutionary app with 3D Surround Sound and phenomenally rich and intense audio that is realistic and works on any headphones. Features 3D surround sound Built-in audio player... Read more
Sketch 59 - Design app for UX/UI for iOS...
Sketch is an innovative and fresh look at vector drawing. Its intentionally minimalist design is based upon a drawing space of unlimited size and layers, free of palettes, panels, menus, windows, and... Read more
Alfred 4.0.5 - Quick launcher for apps a...
Alfred is an award-winning productivity application for OS X. Alfred saves you time when you search for files online or on your Mac. Be more productive with hotkeys, keywords, and file actions at... Read more
DiskCatalogMaker 7.5.7 - Catalog your di...
DiskCatalogMaker is a simple disk management tool which catalogs disks. Simple, light-weight, and fast Finder-like intuitive look and feel Super-fast search algorithm Can compress catalog data for... Read more
Adobe Premiere Elements 2020 18.0 - Cons...
Adobe Premiere Elements just got better. Now you can create quick movies from favorite parts of your clips or tell big life stories in full-on productions. Add motion inside movie titles, punch up... Read more

Latest Forum Discussions

See All

Hello Hero All Stars receives update wit...
The first Hello Hero game hit global platforms in 2013 and proved a huge success, with developer Fincon adding two more entries to this popular series of casual RPG games since. Released in June this year, Hello Hero All Stars brings many of the... | Read more »
Zombieland: Double Tapper, a cartoon idl...
Zombieland: Double Tapper is the idle RPG tie-in to the upcoming Zombieland: Double Tap. Oddly, it's one of two different Zombieland games launching today, with the other being the Switch title Zombieland: Double Tap - Road Trip. [Read more] | Read more »
Rusty Lake's The White Door launche...
Rusty Lake and Second Maze's intriguing point-and-click adventure game, The White Door, is now up for pre-order on the App Store. This one sees you playing as Robert Hill, a mental health patient who is suffering from severe memory loss. The game... | Read more »
Hellrule is an auto-runner inspired by G...
Hellrule is an upcoming auto-runner game from independent developer Pedrocorp where players will take control of a dapperly dressed gentlemen who comes equipped with a razor-sharp umbrella for slicing up his foes. The game will be available for... | Read more »
Grobo is a gravity bending puzzle platfo...
Grobo is a 2D puzzle platformer that marks the first release from developers Hot Chocolate Games. You'll find yourself manipulating gravity as you make your through this title that's available now for iOS and Android. [Read more] | Read more »
Adrenaline, Compulsive Entertainment’s h...
Compulsive Entertainment’s high-octane arcade racer, Adrenaline, has now made its way to the App Store following a successful launch on Google Play. It’s a ton of challenging, fast-paced fun, boasting easy-to-learn controls and a varied selection... | Read more »
Mario Kart Tour is adding Super Mario Ga...
Earlier today on Twitter, Nintendo announced that Mario Kart Tour is getting a new racer and track. Fans of Super Mario Galaxy will be pleased to hear that Rosalina is the first post-launch character being added, while the iconic Rainbow Road is... | Read more »
$100,000 up for grabs at World of Tanks...
The fourth annual Blitz Twister Cup will be held in Minsk (Belarus) on November 9th. For those not in the know, the Blitz Twister Cup is an eSports championship for the hugely popular World of Tanks Blitz. [Read more] | Read more »
Brown Dust’s crossover event with That T...
Brown Dust, Neowiz’s epic fantasy RPG, is no stranger to special events, though its latest crossover might be its most exciting yet. On top of a challenging new dungeon, fan-favourite characters from the hit anime series That Time I Got... | Read more »
Call of Duty Mobile first impressions: A...
After many months of waiting, Tencent and Activision’s Call of Duty Mobile is finally out. The ambitious twitch shooter looks to bring the core COD experience to mobile with few concessions. Achieving such a goal is no small feat, even with all... | Read more »

Price Scanner via MacPrices.net

Save up to $30 on Apple’s AirPods at these re...
Amazon is offering discounts on new 2019 Apple AirPods ranging up to $30 off MSRP. Shipping is free: – AirPods with Charging Case: $144 $15 off MSRP – AirPods with Wireless Charging Case: $169 $30... Read more
Save $15 on Apple Watch Series 5 models on Wa...
Walmart has new Apple Watch Series 5 models on sale for $15 off Apple’s MSRP on their online store. Choose free shipping or free local store pickup (if available). Sale prices for online orders only... Read more
Save $750 on the base 8-Core 27″ iMac Pro wit...
Apple has Certified Refurbished 27″ 3.2GHz 8-Core iMac Pros available for $4249 including free shipping. Their price is $750 off the cost of new models. A standard Apple one-year warranty is included... Read more
Apple continues to offer 11″ iPad Pros, refur...
Apple has Certified Refurbished 11″ iPad Pros available on their online store for up to $220 off the cost of new models. Prices start at $679. Each iPad comes with a standard Apple one-year warranty... Read more
Get Beats Solo3 Wireless Headphones today for...
Amazon has Beats Solo3 Wireless On-Ear Headphones in stock and on sale today for $139.99 shipped. Their price is $60 off Apple’s MSRP, and it’s the lowest price available for this model from any of... Read more
Sale! 2019 13″ MacBook Airs for $200 off Appl...
Amazon has new 2019 13″ MacBook Airs on sale for $200 off Apple’s MSRP, with prices starting at $899, each including free shipping. Be sure to select Amazon as the seller during checkout, rather than... Read more
Verizon offers $150 discount on iPhone 8, 8 P...
Use code SMART150 at checkout at Verizon to take $150 off the price of an iPhone 8, iPhone 8 Plus, or iPhone X. New line of service required. Their discount reduces the price of a 64GB iPhone 8 to $... Read more
38mm Apple Watch Series 3 GPS model on sale f...
Amazon has 38mm Apple Watch Series 3 GPS models available for only $189. Choose Amazon as the seller rather than a third-party, and note that Amazon stock fluctuates, so be sure to check their site... Read more
13″ 1.6GHz/128GB MacBook Air on sale today fo...
Amazon has new 2019 13″ 1.6GHz/128GB Space Gray MacBook Airs on sale for $100 off Apple’s MSRP, only $999, including free shipping. Be sure to select Amazon as the seller during checkout, rather than... Read more
Trade in your iPhone 6 at Verizon and get $10...
Holding onto an older iPhone 6 or 6s and ready to upgrade to a new Apple iPhone 11? Verizon is offering Apple’s new iPhone 11 models for $300 off MSRP to new customers with an eligible trade-in (see... Read more

Jobs Board

Best Buy *Apple* Computing Master - Best Bu...
**741153BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Sales **Location Number:** 000411-Flint-Store **Job Description:** **What does a Best Read more
Surgical Technologist III, *Apple* Hill Sur...
Surgical Technologist III, Apple Hill Surgical Center - Full Time Tracking Code APPHILLST Job Description Surgical Technologist III Apple Hill Surgical Center 25 Read more
Geek Squad *Apple* Master Consultation Agen...
**741154BR** **Job Title:** Geek Squad Apple Master Consultation Agent **Job Category:** Services/Installation/Repair **Location Number:** Read more
Best Buy *Apple* Computing Master - Best Bu...
**740900BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Store Associates **Location Number:** 000387-Randall Road-Store **Job Description:** Read more
Best Buy *Apple* Computing Master - Best Bu...
**735122BR** **Job Title:** Best Buy Apple Computing Master **Job Category:** Sales **Location Number:** 000405-Saginaw-Store **Job Description:** **What does a Best Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.