Well after much frustration with setting up a new 10.3 client to login via “list of names” from a OD LDAP 10.3 Server and use MCX workgroup management I think I got it. Would love any input on this. I did NOT use AD my only shared domain is the LDAP. My main problem comes in because of all the info out there appears to be WRONG! I’ll explain.

I wanted to set up my new clients like they where under MM in OS9 so I set on the road to bind the clients for Auth and Home Dir. Now my server is an OD Master ok no problem. All my users have an OD Password ok no problem. KDC is up and running fine. Added client Node to Accounts Computer list and set MCX prefs for Login only. So to the client and the Directory Access utility. Now with out going into detail about the config I followed the Apple Setup Documentation, Philly School Districts nice Web page on Binding a 10.3 client and numerous other little notes from forums like afp548 on how to do this. Nothing seemed to work. Everyone kept saying to set the LDAPv3 config with “LDAP mappings” set to “From Server” adding or don’t have to add as Apple says your

dc=domain,dc=com

entry.
NOT once could I get this to work on a 10.3 client. So I finally after many hours of restarts I set it to “Open Directory Server” and added

dc=domain,dc=com

entry. to the search base. OMG it WORKED. The user now gets a List of User Network of the groups I allowed, Local Users, and Other. This is how my MCX Login prefs are set for this Group of Mac’s. The Home Dir. is a Network home and You can’t even tell, No Mounted server just all your default home link in Finder and such go to a “User Home” on the server. I had to copy a file and look as root on the server in the Users Home to be sure and it was. So Cool!!!
No whole Users Dir. Share point and no mounting of servers visible to client.
Now before I go any further with this can folks out there tell me:
A) What problems will I have with clients setup this way if any?
Why does everyone go the AD way with this MCX, LDAP, OD setup?
C) Will this setup work on 10.2 clients?
D) Are there security issues with the Auth this way? Is it going KDC or I could force the KDC check at login?
E) Did I just hit the jackpot? lol.

To Admin: If you would like I could write a Detailed Post or PDF of how I did this for others out there that want the easy way to Bind a client without AD and only use shared directory LDAP.