It seems to me that one use of a corporate VPN might be to enable login by remote users whose network accounts are not "mobile" (cached locally) on the computer in question; this could be because it is not a machine from which they normally work, or because policy restrictions demand a live connection to the corporate network in order for remote machines to be used.
I imagine it might look something like this:
At the login window, the computer attempts to reach a bound directory server directly; if none are reachable (but a network connection is present), then it attempts to connect to the corporate VPN and reach the directory server over that.
Such a VPN connection could be established using either:
generic account credentials that have restricted rights on the corporate network, e.g. can only access the directory server for login verification—in this case, the VPN connection might be dropped and then reestablished using user-specific credentials post-login (vice-versa on logout); or
user-specific credentials provided at the login window—in this case, the VPN connection could remain alive throughout the login session and dropped on logout.
It has surprised me that documentation involving this sort of scenario has been extremely difficult to find.
Are there any technical reasons why this approach would not work?
If not, how is it usually configured on OS X?
Aucun commentaire:
Enregistrer un commentaire