Open Directory Remote Authentication

[mvoogt]

Somewhat of a novice here...

I have an OSX server that I have Open Directory on that I use for authentication. I have a second location that I would like to be able to use this same Open Directory list of people to authenticate.



On the remote machine's "Network Account Server" when I put in the IP address of the Open Directory server I'm using to authenticate... it cannot seem to find it.



Do I need to open a port of some sort? What am I doing wrong?

 

[DJLC]

Your best bet here IMO is to establish a VPN between the two locations. If you only have one central server, you're probably going to want to establish a VPN from the remote router to the central server. Traffic bound for the central office subnet will go over VPN; other traffic straight out to the internet. Make sure you set the central server as the DNS server for remote machines. Be sure forward AND reverse DNS is functional before attempting to bind the remote machine to OD.

 

[hobowankenobi]

You might also consider a VPN tunnel between the routers at the two locations.

So, instead of each client computer connecting to the host VNP server at the home location (your OS X server box), you would connect the two routers via a VPN tunnel, so that all the machines at location 2 would automatically be on the network (virtually) of location one.

With matching routers that support this functionality, it is doable. Easiest with static IP addresses. Here is a an overview, and here is a discussion of this sort of setup.

I have done this for SMBs I supported some years ago, and it worked nicely, although it was for file sharing and screen sharing, but they were not using OD.