Discover the Power of Open Directory
Pages: 1, 2
Step 4: Configure a Mac client
Configuring a Mac client to talk to Open Directory is trivial. It is almost easier than launching iTunes. Go to your Mac client's Utilities folder and open up Directory Access.
From here, you want to check the LDAP option and select Configure. When the dialog box opens, select "New" and just type in mini.pretendco.com. When you select Continue, it will autoconfigure everything. You're done! Just reboot, and you'll be connected.
Figure 3. Selecting LDAP
Figure 4. Create a New LDAP Connection
Step 5: Enabling Fast User Switching
By far the easiest way to test Open Directory user accounts is to enable Fast User Switching in System Preferences > Accounts > Login Options. This way you can just go into the upper-righthand corner of your screen and quickly test changes you make.
(Note: One gotcha to look out for is that there is a cascading authentication lookup scheme. If you already have a local account called "bob," then you create an Open Directory account called "bob," the local account wins. Keep that in mind if something doesn't seem to work the way you hoped!)
Step 6: Adding an Open Directory user
Fire up Workgroup Manager and add a new user. I suggest adding a new test user called "oduser." Create an easy password like "test" and save the user.
Now select the Home tab and create a local home directory for the new user on your client machine. (Note that you will need to manually create this later.) Click the "+" icon and under home, enter /Users/oduser. This will put the home directory field in the database. Now save.
Figure 5. Create a Local Home Directory
Step 7: Adding a local home directory for the Open Directory User
We now need to create a local directory that corresponds with the home directory attribute. Open a shell as root and type in:
mkdir /Users/oduser
chown oduser:staff /Users/oduserStep 8: Do a fast user switch test
Go to the upper-right corner and log in as oduser with the password "test." You should be able to log in, and skeleton account data will auto-populate /Users/oduser. You are now using Open Directory!
Figure 6. Fast User Switch Select
Summary
Open Directory is easy to use and set up, and it can be used in both massive corporate installations and small home setups. Open Directory can manage a heterogeneous environment consisting of Windows, Linux, and OS X clients, or it can seamlessly integrate into an Active Directory or LDAP world.
This article showed you a quick and dirty way to set up Open Directory from scratch and authenticate a Mac client against it. This barely scratches the surface of what Open Directory can really do. In the next part of this article, I will show you how to integrate a Linux file server to serve out common network home directories for OS X and Linux clients, as well as authenticate Linux boxes to Open Directory.
Noah Gift is the co-author of Python For Unix and Linux by O'Reilly. He is an author, speaker, consultant, and community leader, writing for publications such as IBM Developerworks, Red Hat Magazine, O'Reilly, and MacTech, and Manning.
Return to Mac DevCenter.
You must be logged in to the O'Reilly Network to post a talkback.
Showing messages 1 through 18 of 18.
-
configuring host file
2008-01-07 04:57:05 AndyH1 [Reply | View]
Can you give me more info on how to use "terminal" to config local host file. How did you come up with the IP address you are using. I'm a newbie at this. Wanting to setup open directory for our company with two X-server with 25 clients.
Is their any site you recommend to help me bring our network to the next level.
Thanks
Andy
-
Why no Bonjour? (or Why edit /etc/hosts?)
2007-06-29 01:39:30 zmaniac [Reply | View]
Why are you handcoding IP addresses in /etc/hosts?
ZeroConf (aka Bonjour formerly Rendezvous) is very cross-platform (Linux usually has it built-in and Apple offers a dandy free download) and works the way you want it to.
Instead of editting nasty hosts files, each computer user can just set their computer's name and then refer to it as "computername.local".
http://ifcx.org/wiki/LocalNetworking.html
Jim
-
Why no Bonjour? (or Why edit /etc/hosts?)
2007-06-29 04:56:59 Noah Gift |
[Reply | View]
I wanted be very explicit in this article so people would exactly know what I was doing as DNS really trips people up. I have to admit ignorance on Bonjour though...I have rarely used it :)
Good tip in general though...I like it for testing things out!
-
local home dir?
2007-06-06 02:49:43 Paul_PO [Reply | View]
Why would one want to create a local home dir on which the client machine the OD user logs in?
Isn't the whole point of network homefolders that users can login to any machine that is part of the OD domain? -
local home dir?
2007-06-06 03:47:32 Noah Gift |
[Reply | View]
I can't agree with you more! I LOVE network home directories. I LOVE network Operating systems. For several months I worked off of a netbooted OD client with NFS Home Directories.
Stay tuned for the second article. I mentioned in my summary this barely scratches the surface of Open Directory. In the second article we will setup a common NFS Home Directory for a Cent OS/RHEL client and an OS X client. This has never been documented before and makes your Mac a true *nix machine.
In the third article we get even crazier and setup network home directories for a Windows Machine served up off of a Mac, and authenticated to Open Directory!
There are some cases where you would need to authenticate to Open Directory, yet keep a separate offline folder. Specifically, you may have an expensive Final Cut Pro Suite that does uncompressed HD editing directly off of a XSAN. You may not want to keep your user directory on the network if you have a poor infrastructure as it could cause network hangs. If you have a great network infrastructure with expensive Cisco switches and GigE throughout the building then it probably won't be an issue. -
shamless plug & I look forward to the windows article
2007-06-07 02:10:32 Jerky [Reply | View]
I've always liked multi platform interoperability projects. I've been slowly compiling and publishing my notes on things like this.
Since the second article isn't out but if anyone would see a bit more about how to get Linux(and some other UNIXes) working with NFS and Open Directory:
http://www.jerkys.org/wiki/x/OwAf
http://www.jerkys.org/wiki/x/YgAf
I am looking forward to see how the Windows client is approached. That's the one I've spent the least amount of time with. -
shamless plug & I look forward to the windows article
2007-06-07 04:22:00 Noah Gift |
[Reply | View]
Glad to see your using Open Directory to talk to *nix clients! Both kerberos and ldap authentication just work out of the box with OD. -
shamless plug & I look forward to the windows article
2007-06-07 10:49:54 Jerky [Reply | View]
Open Directory definitely makes it easier. I tried for many years to wrap my head around LDAP & Kerberos auth using different linux and UNIX flavors and just couldn't get it. A few checkboxes and text fields and you have a fully functional Directory and KDC. Maybe now after seeing it fully working it would be a bit easier to go back and setup a linux on linux auth setup but using Open Directory cleared up some of the haze and is much simpler to get going.
-
Fast User Switching and Netboot
2007-06-04 08:09:47 markmacmac [Reply | View]
Have you ever set up Netboot and Enable Fast User switching on the clients? I've tried with Panther Server but my clients come up with an error, something about "can't find directory" or something like that. When I fully log out on the client and log back in with a different name, then it works, albeit without fast user switching. Any ideas? -
Fast User Switching and Netboot
2007-06-25 14:47:03 tim1724 [Reply | View]
if you want Fast User Switching, then you have to use NFS for home directories. FUS doesn't work with AFP or SMB homedirs.
-
Fast User Switching and Netboot
2007-06-04 11:28:22 Jason Deraleau |
[Reply | View]
The problem has more to do with Network Home Folders. When you log into an account that has an NHF setup, the sharepoint from the server gets mounted as that user, specifically. If you then try to login as another user with an NHF on the same system, the second user account can't access the sharepoint from the server (it's already mounted by user one), so they get an error that the system can't access the user's home folder. -
Fast User Switching and Netboot
2007-06-04 08:12:11 markmacmac [Reply | View]
to add to the previous, the clients are logging in via Open Directory. -
Fast User Switching and Netboot
2007-06-04 08:26:01 Noah Gift |
[Reply | View]
I have never used Fast User Switching on Panther in the combination you described. I have done this on Tiger and have never had a problem though. -
Fast User Switching and Netboot
2007-06-04 15:48:04 Noah Gift |
[Reply | View]
I guess I should clarify that I always use NFS, which behaves differently than AFP and SMB for network home directories.
I personally like NFS as you can use it for Linux and Mac.
You might try doing an su - to that same user your having problems with to see if you can log in from the command line and get a home directory. If you can that it would make it point to fast user switching.
My name is Jessica and I'm a photographer from Brazil. I had a white macbook, and now just got an iMac, and your solution would be perfect to seamlessly walk between both computers without loosing data. With one simple problem, I don't have a MacMini lying around, nor U$1000 to spare ( nor even the Mac OS X Server license ).
I would gladly tho, pay apple for a "family-pack" solution ( like, 5 user ) license to install the Open Directory server alone on any MacOS machine, but they don't have that option. I was a software engeneer on a past life before switching to Photography, but trust me, I'd go for your original solution if I had the cash to spare, I love simpler things :)
But, the iMac replaced an old windows (Pentium IV) box here at home. You think it's doable to just install Darwin/x86 on that box, and use it with the sole purpose of being an small home-based Open Directory Server, with the mobile features you described?