Open Directory Remote Authentication

Discussion in 'Mac OS X Server, Xserve, and Networking' started by mvoogt, Dec 13, 2016.

Most Liked Posts
  1. mvoogt, Dec 13, 2016

    mvoogt macrumors newbie

    mvoogt

    Joined:
    Dec 13, 2016
    #1
    Somewhat of a novice here...

    I have an OSX server that I have Open Directory on that I use for authentication. I have a second location that I would like to be able to use this same Open Directory list of people to authenticate.



    On the remote machine's "Network Account Server" when I put in the IP address of the Open Directory server I'm using to authenticate... it cannot seem to find it.



    Do I need to open a port of some sort? What am I doing wrong?
     
    share
    + Quote Reply
  2. DJLC, Dec 15, 2016

    DJLC macrumors 6502a

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #2
    Your best bet here IMO is to establish a VPN between the two locations. If you only have one central server, you're probably going to want to establish a VPN from the remote router to the central server. Traffic bound for the central office subnet will go over VPN; other traffic straight out to the internet. Make sure you set the central server as the DNS server for remote machines. Be sure forward AND reverse DNS is functional before attempting to bind the remote machine to OD.
     
    share
    + Quote Reply
    hobowankenobi likes this.
  3. hobowankenobi, Dec 19, 2016

    hobowankenobi macrumors 6502a

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #3
    You might also consider a VPN tunnel between the routers at the two locations.

    So, instead of each client computer connecting to the host VNP server at the home location (your OS X server box), you would connect the two routers via a VPN tunnel, so that all the machines at location 2 would automatically be on the network (virtually) of location one.

    With matching routers that support this functionality, it is doable. Easiest with static IP addresses. Here is a an overview, and here is a discussion of this sort of setup.

    I have done this for SMBs I supported some years ago, and it worked nicely, although it was for file sharing and screen sharing, but they were not using OD.
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page