Synchronizing multiple Mac Mini Server Open Directories across branch offices

Discussion in 'Mac OS X Server, Xserve, and Networking' started by quadrinary, Feb 16, 2012.

  1. quadrinary macrumors newbie

    Jul 19, 2004
    Greetings from Central Asia -

    The non-profit that I work with has been undergoing a long-overdue IT upgrade and we recently purchased some Mac Mini Servers (still running Snow Leopard Server) to act as the core of our network across our 3 offices in 3 different cities.

    We have employees moving between offices regularly, so I'm hoping to find a way to synchronize our user database between our head office and our branch offices instead of creating separate databases in each location. We use RADIUS and pfSense with a CaptivePortal for controlling who has internet access as well as have file shares, so keeping user database management to a minimum is an ideal.

    I come from a mostly Microsoft Domain background with regards to these things so I'm not entirely sure where to start. Hopefully some hopeful folks here will steer me in the right direction!

    I have a (mostly) unrelated question though - OS X Server seems to have two separate user databases - the "local" DB and the LDAP/OpenDirectory DB. Is there a way to make these function together? When creating users and assigning them to groups, which is best practice to use? How do I give an LDAP/OD user login rights to the server?

    Thanks in advance,

  2. quadrinary thread starter macrumors newbie

    Jul 19, 2004
  3. PsyMan, Apr 4, 2012
    Last edited: Apr 4, 2012

    PsyMan macrumors newbie

    Sep 5, 2011
    Hi Tim,

    Depending on bandwidth between sites you could use one as an Open Directory Master and using a VPN then use the other 2 as OD replica's.

    If home folders are of minimal size you could also use one as the home folder host and mount it in the other locations (also over VPN)

    If it is only a handful of people who visit other sites then dependant on their requirements you could either rsync their homes or let them be happy to keep their important files on USB drives.

    FYI (in case you have not set up OD yet, a VERY brief overview of how I normally do it, others may differ so don't take this as a definitive guide :D)

    Services required: (from standalone server)

    AFP, DHCP, DNS, OPEN DIRECTORY (add NFS and SMB if required)

    1. Apply your server a static IP and set up DNS properly in server admin (start service)
    1a. Set servers own network settings to use as primary DNS (then your preffered ISP DNS)
    2. (as root in terminal window) changeip -checkhostname (once it reports that nothing needs changing and all is OK then proceed to 3 else follow the recommended resulting command and try again)
    3. use server admin to create master OD server
    4. Use server admin to create a sharepoint with automount for home folders
    5. Set DHCP pool and in LDAP section use the DNS address of your server (eg. then dc=server,dc=mydomain,dc=com in the relevant bit, in DHCP DNS bit put your server's IP as primary DNS.
    6. Use workgroup manager to manage accounts/groups/permissions (all very easy, especially if you are used to Microsoft's over complicated systems)
    7. On the client machines use account/login options to join the server from the pull down menu (from system prefs on Snow leopard and Lion) Previous client OS's you need to use directory utility from utilities to do the same.

    That should get you on the way.

    If you have a VPN you can then set the other 2 as replica's using a similar setup to the above and follow the OD replica wizard.

    Hope this is of some help, a lot depends on the individual requirements of each site really so the above is simply food for thought and some practical advice.



Share This Page