Question about connections to AD

J

jramos

Registered
Was about to test this but was thinking maybe someone else might have tried this already.....

We have AD/OD setup working and the question came up "What happens if our WAN connection is dropped and we cannot get to one of the Domain Controllers?".

Setup

Remote site has a Xserver that is bound to AD severing files over AFP. Clients at this site are setup bound to both OD and AD and login is done with AD accounts, the shares on the xserve is setup with OD groups that have AD members, the site has no local DC so if the WAN link is dropped there is no connection to AD. On the clients the accounts are setup as mobile so if the WAN connection is dropped they can still login to the Macs, but the question is will they still be able to mount the shares since the rights are setup with OD groups with AD members?
 
OD isn't storing the authentication authority information for the AD users in the OD groups - it is only really holding onto the LDAP info such as UID and location of the account. The server will still need the AD for authenticating the user that resides in AD as their true "home" in your domain.

They have permissions to the data via OD, but not the ability to login to the server itself without the AD connection. With the mobile user, they'll simply be using the local directory node to authenticate, so they won't have a Kerberos TGT either to access the AFP service on the Xserve on top of it.

Michael
 
You must log in or register to reply here.
Back
Top