Hello. In Active Directory we have Domain Controllers. Is there any way I can make the Mac OS Server the authentication and authorization server for all Macs on a remote LAN. -Rather than installing another DC. At this time they're authenticating via WAN VLAN tunnel to one of our DCs.
Thanks in advance!
Do you want to use a MOSX server as master directory (with Open Directory) or do you want it to forward the AD to the local clients?
I'm thinking more towards Open Directory. Although I'd hate to manage a second set of users, groups, and policies. Maybe with Open Directory, it could possibly resolve the pesky keychain synch issues.
What do you recommend? -I don't plan on adding the MacOS schema to AD. I'm thinking if they need to access any AD shares (once in a blue moon) they could re-authenticate.
Anybody?...😐
If you're using only OD you can set up a master OD and have other MOSX servers bound to that master OD (or it's replicas). The same thing should be possible to do by binding your MOSX server(s) to AD and then having clients authenticating towards the server(s) with AD accounts. It is really pesky to have to sets of users. We are at a transfer state from OD to AD and, well, it's a little messy so I definitely prefer having one user directory.
If you have the possibility to set up a test server (virtualised is wonderful with snapshots and everything, could be possible to do on your own desktop/laptop even, VMWare/ESXi only) I would definitely try to bind the server(s) to AD if that's already existing and see if it works as expected before setting up another user directory.
Server 4.0: Client and Computer Authentication
