1 Reply Latest reply: Nov 21, 2011 5:44 AM by John Lockwood
Beno 44 Level 1 (15 points)



I have  a network of 4 10.6 servers spread in 3 different offices all linked to the same Open Directory.


Each site has a different subnet and I linked by a Cisco sitetosite VPN.


I have tried accessing a user who's home network is stored on a different site (i.e. accessing home network store on site 1 from site 3) but I get a message that it cannot be accessed at this time.


I suppose the DNS is correctly setup as I have been able to setup the OD as a replica without any problem.


Is this possible at all?




  • John Lockwood Level 5 (7,691 points)

    As far as I can see this should be possible as long as the following is all correctly done.


    • Each sites needs to be permenantly linked, a site-to-site VPN setup should be fine
    • Each site needs to be able to allow both servers and clients to talk to each other without any NAT or FireWalls preventing needed traffic
    • Ideally a single internal DNS server would cover all the sites, although having secondary DNS servers would be fine, this would be needed to allow Open Directory to work properly
    • In Workgroup Manager you would have multiple choice for network home directory locations, one per site ideally, pointing to a server at each site serving the network home directories, an account would be configured to use the server for the site it is normally located at
    • If a user tries logging in from a different site, they would be logging in via Open Directory and it should point them onwards to the server holding their home directory


    If the VPN links are not permenantly connected then this is likely to fail, slow links would obviously not help but in theory should just make the process slower.


    As a first step do a ping test in both directions, and also do a

    sudo changeip -checkhostname

    on the servers


    To further help test things, you could from a local account on a Mac, manually login to the remote AFP servers. This would at least confirm the AFP side of things is working but would not confirm the Open Directory side of things.