I have about 200 Macs running Tiger and/or Leopard. I have them all bound to an AD 2003 domain. I have all the users set up as mobile accounts in the event that the AD DCs are unavailable, we have a network issue (or if the user has a laptop and is off our LAN of course). Cached accounts/settings work pretty good for AD accounts in OS X.
Now I am getting ready to deploy a OD Master server for MCX user/computer management purposes soon. Therefore, my Mac desktops will be bound to both AD and OD in the next few months if all goes well. Enter the “Magic Triangle”
Im familiar with what happens if a Mac client cant connect to an AD domain (i.e.; the Mac client is off the LAN, a switch router cable has failed, the DCs are down etc). What I am NOT familiar with is what happens to a Mac client that is bound to OD & AD and a similar disaster situation occurs.
Hypothetically, lets say an OD server(s) is unavailable due to a network issue. Will the Mac users be able to log into their Macs and function with cached MCX policies without needing to contact the OD server for a while, or will the Mac users log in with no user/management policies applied at all? Or will the Mac users not be able to log into the Mac at all (i.e Mac eventually times out, stalls, throws an error etc). And what is the timeout threshold in OS X before it gives up trying to talk to an OD (LDAPv3) server anyway? These questions are not in any of Apple’s OD or User Management (MCX) Admin Guides…
We have a very robust infrastructure here. Several Ad DCs, and OD master and replica(s), and our network is solid too. But I still need to be aware of how OD and MCX works in the event of a network or LDAP related connection failure.
.
.
Comments are closed