I'm looking at setting up an Open Directory network on a new OSX 10.6 Server. Can I do this for remote users that are not on my LAN? This is my first network that is Mac based but I come from a Windows Active Directory background so it seems as though it should be similar. Basically I have several remote employees that I would like to be able to give a workstation that they can log into from there homes, yet be treated as though they are on the same LAN. I currently have something similar with users connecting via VPN however I want to be able to manage users via the Open Directory.
I see from some of Apple's documentation that your putting in a server name like server.example.com.. So it seems like all I would need to do is forward the ports in my router to the correct place and it should connect. Instinct tells me though its not quite that easy. Of course none of the documentation that I have found talks about anything outside your LAN.
Hope all that makes sense. Anyone have any thoughts?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Yes that does make sense thank you. Currently there are 3, but the issue is they will be working from home and I don't want to go into their homes and mess with their personal network. I have, however, found some documentation on creating "Mobile Accounts" so I'm reading up on that. It seems it will sink home folders so that may be the solution. I'm hoping if they connect via VPN that it will sink that way. Do you have any experience with the mobility preferences?
yes, BUT the your password policy will not be enforced as the remote clients will not be connected to your OD infrastructure at logon.
As for your mobile accounts, you will have to do some serious fine tuning to specify what items you want sync'd. Basically his is roaming prfiles as you have on Windows and like Windows, you don't want to be syncing movies and 100mb files, ESPECIALLY across the WAN.
You won't be able to control logon via your OD infrastructure unless you have a VPN endpoint device at their internet gateway that holds a tunnel open to the remote network.
Lastly, if you don't have VPN end point devices in place, when the user logs off, this would would end their VPN session, which would break thier home folder syncing of this is what you also want to accomplish.
Business Accounts
Answer for Membership
by: nappy_dPosted on 2009-11-06 at 08:23:37ID: 25760497
Here is the good news; yes OD(Open Directory) works almost EXACTLY like AD.
Now, for remote computers to use your OD from a remote location, you need a vpn connection.
The problem is that you cannot get the Mac clients to logon via vpn for network authentication, easily but it can be done.
What you will need are VPN routers for each remote user.
How many remote users do you have?
What you CAN do, is to implement a low cost firewall like http://www.smoothwall.org.
Then at each remote location implement a liksys wrt router with dd-wrt firmware.
What this does, is allow the clients to establish an always on vpn session back to your office network.
Does this make sense?
Let me know and I can clarify further with diagrams if necessary.