4 Replies Latest reply: May 1, 2012 6:40 PM by Tim Fall
Tim Fall Level 1 Level 1 (65 points)

I know this has been asked before, but I was wondering if it is possible to just use Open Directory on Lion Server to do user login authentication and management while having home folders only stored on the local machines. I'm trying to allow the laptops being administered to login using the Open Directory authentication when it can be accessed (at work), and to use local authentication when it is not (at home). In both cases I'm trying to have the home folders be stored on the local machine. There is no need for a user to log in to any machine other than their own.

 

 

Additionally, can a user be limited to loging in using the Open Directory authentication on just their machine?

 

I appreciate the help.

  • Strontium90 Level 4 Level 4 (3,700 points)

    Of course.  This is (was) called mobile accounts.  The concept is as you describe.  The machine is bound to the server and the user logs in initial while on the LAN.  This will create a local home folder but use server credentials.  These credentials are then cached for offline use.

     

    And also yes.  You can limit domain access using the Accounts preference panel.  Once bound, click on Login Options and you will see a new checkbox and button that will allow you to limit specific accounts to specific machines.

  • Tim Fall Level 1 Level 1 (65 points)

    Thanks, thats exactly what I wanted to know. I may be able to figure this out when I use it, but is it possible to do the limiting in the profile setup so that it can be pushed out?

  • Strontium90 Level 4 Level 4 (3,700 points)

    Hmm.  Limiting pushed out in a profile?  Not that I know of.  However, if you have ARD and you know a little defaults magic, this probably can be sent out as a remote command.  I will admit, I've only used the limited user stuff in the lab as I've not found a business need to deploy in the field.  Thus, I've never looked to automate.

  • Tim Fall Level 1 Level 1 (65 points)

    Thats a good point. I've done this before. I'm trying to figure out a way to set individual settings (especially associateing Apple ID's and activating services) for users in a way that can pushed out. It would make it much easier to swap them out should anything go wrong.