Directory accounts for small business.

[H2SO4]

Hi all, hope well. This might be in the wrong forum...........
I have a query that I'm wondering if somebody can address in laymans terms.

Just to be clear, when I think about levels of computer user, (right or wrong), my mind splits them into these sectors;

• Beginners - people that have never used a computer before. (1)
• Occasional - Those that only use a computer belonging to others to type a letter occasionally.(3)
• Regular users - Joe Public. Works in an office knows how to use Word, Google but not too much else. He my be able to set up an email account from scratch but may be thrown but terms like, 'incoming mail server'. Doesn't use a computer outside of work. (5)
• Power user. Somebody that's pretty handy with a computer and different operating systems. Is comfortable using terminal. (8)
• Hacker. Almost nothing they cannot do with a computer. (10)

A 6.9 is the level I kind of see myself as being.

I run a small business. Macs have been purchased for my, (<10), staff and they all have local accounts.
We use DropBox to share files.

I would like though to have everybody on network accounts and if possible run my own mail server and I gather for this I would need a dedicated computer, (does it need to run a special MacOS Server OS), at a central location.
Is the above something somebody have done and is it beyond the scope of Joe Average to manage?

Many thanks for your input.

 

[satcomer]

With the rise in smart NAS now you turn it into NAS +Domain server! Look at the Synology Packages or even turn security cameras too!

 

[H2SO4]

With the rise in smart NAS now you turn it into NAS +Domain server! Look at the Synology Packages or even turn security cameras too!

Yeah, I'd been to a customer site and strangely he recommended a Synology NAS too. It's on my shopping list.
Didn't now about the Domain server thing though - thankyou.

 

[chrfr]

Hi all, hope well. This might be in the wrong forum...........
I have a query that I'm wondering if somebody can address in laymans terms.

Just to be clear, when I think about levels of computer user, (right or wrong), my mind splits them into these sectors;

• Beginners - people that have never used a computer before. (1)
• Occasional - Those that only use a computer belonging to others to type a letter occasionally.(3)
• Regular users - Joe Public. Works in an office knows how to use Word, Google but not too much else. He my be able to set up an email account from scratch but may be thrown but terms like, 'incoming mail server'. Doesn't use a computer outside of work. (5)
• Power user. Somebody that's pretty handy with a computer and different operating systems. Is comfortable using terminal. (8)
• Hacker. Almost nothing they cannot do with a computer. (10)

A 6.9 is the level I kind of see myself as being.

I run a small business. Macs have been purchased for my, (<10), staff and they all have local accounts.
We use DropBox to share files.

I would like though to have everybody on network accounts and if possible run my own mail server and I gather for this I would need a dedicated computer, (does it need to run a special MacOS Server OS), at a central location.
Is the above something somebody have done and is it beyond the scope of Joe Average to manage?

Many thanks for your input.

You don’t want to run your own mail server. there are plenty of services that’ll do that more reliably and you won’t have to worry about your outgoing mail being flagged as spam, nor will you have to worry about losing mail due to an internet outage.
What do you hope to gain by using network user accounts?

 

[H2SO4]

You don’t want to run your own mail server. there are plenty of services that’ll do that more reliably and you won’t have to worry about your outgoing mail being flagged as spam, nor will you have to worry about losing mail due to an internet outage.
What do you hope to gain by using network user accounts?

Hi.
I may be using the wrong terminology here and actually a NAS might be just what I need but I'm looking at moving away from local accounts to ones that are managed centrally.
I fear I'm out of my depth already actually, having spent the night reading about LDAP and Active Directory. Not things you can pick up quickly it would seem.

Problem with Dropbox is that a location on my local machine doesn't work the same on the local machines of others, for example if I want to issue a spreadsheet and have the external references pulled from a location that I manage, it won't work for the others.

 

[chrfr]

Hi.
I may be using the wrong terminology here and actually a NAS might be just what I need but I'm looking at moving away from local accounts to ones that are managed centrally.
I fear I'm out of my depth already actually, having spent the night reading about LDAP and Active Directory. Not things you can pick up quickly it would seem.

Problem with Dropbox is that a location on my local machine doesn't work the same on the local machines of others, for example if I want to issue a spreadsheet and have the external references pulled from a location that I manage, it won't work for the others.

Network accounts are largely deprecated and running a directory server is complicated. A mail server is out for all the reliability issues I mentioned already. Network accounts also don’t provide a way for all users to access that one account simultaneously; these accounts were intended to be used and accessed by a single user at a time. In short, Apple has no product in this space for any of your needs at this time.

It sounds like what you really need is simply a business subscription to Dropbox, Microsoft 365, or another similar service. That way all the users you designate have access to the same account and will be able to access everything in there. Even if you were using network accounts or a local server, you’ll still have the problem of making sure all the referenced files in your spreadsheet are in the shared storage, so you might as well take advantage of the flexibility and ease of setup and use that one of the shared cloud services can provide you.
Microsoft 365 for small business can provide the shared cloud storage and email hosting for you, which to me sounds like your best option.

 

[H2SO4]

Network accounts are largely deprecated and running a directory server is complicated. A mail server is out for all the reliability issues I mentioned already. Network accounts also don’t provide a way for all users to access that one account simultaneously; these accounts were intended to be used and accessed by a single user at a time. In short, Apple has no product in this space for any of your needs at this time.

It sounds like what you really need is simply a business subscription to Dropbox, Microsoft 365, or another similar service. That way all the users you designate have access to the same account and will be able to access everything in there. Even if you were using network accounts or a local server, you’ll still have the problem of making sure all the referenced files in your spreadsheet are in the shared storage, so you might as well take advantage of the flexibility and ease of setup and use that one of the shared cloud services can provide you.
Microsoft 365 for small business can provide the shared cloud storage and email hosting for you, which to me sounds like your best option.

You may well be right.
I already have the business Subscription to Dropbox, unfortunately the Mac version doesn't allow any file to be referenced in the same way by each user as the DropBox folder cannot be located at the top level of the hard drive.
That said, I'll leave the mail server option as you suggest.
Am thinking about a NAS so files can be accessed in a VPN shared folder over for all other things?

 

[AlumaMac]

Is your staff in the same building?

 

[H2SO4]

Is your staff in the same building?

Hi. We do have a premises but based from home is the norm.

 

[chrfr]

You may well be right.
I already have the business Subscription to Dropbox, unfortunately the Mac version doesn't allow any file to be referenced in the same way by each user as the DropBox folder cannot be located at the top level of the hard drive.
That said, I'll leave the mail server option as you suggest.
Am thinking about a NAS so files can be accessed in a VPN shared folder over for all other things?

This sounds like a workflow problem. A remote shared volume will still be a specific folder on a user’s computer, in the /Volumes directory. You’ll still need to ensure that your referenced data is still located in a directory that’s on that server, which means that this workflow change would also work for your existing Dropbox account.
Dropbox is still very likely to be a better option for you once you work out the necessary changes for your workflow.

 

[AlumaMac]

Hi. We do have a premises but based from home is the norm.

So if you go the NAS route you're going to have to consider contingency plans for failures at the NAS location (i.e. power, internet, NAS, etc.). Might be simpler/safer to go with an online service as mentioned above.

 

[H2SO4]

This sounds like a workflow problem. A remote shared volume will still be a specific folder on a user’s computer, in the /Volumes directory. You’ll still need to ensure that your referenced data is still located in a directory that’s on that server, which means that this workflow change would also work for your existing Dropbox account.
Dropbox is still very likely to be a better option for you once you work out the necessary changes for your workflow.

Hi. If I'm right, you're suggesting some files in Dropbox and some on a server somewhere?

 

[H2SO4]

So if you go the NAS route you're going to have to consider contingency plans for failures at the NAS location (i.e. power, internet, NAS, etc.). Might be simpler/safer to go with an online service as mentioned above.

Yeah there is that.
I'm exploring that option also with a business down the road from me.

 

[chrfr]

Hi. If I'm right, you're suggesting some files in Dropbox and some on a server somewhere?

No, keep all your data, even whatever referenced data you're referring to, in Dropbox.

 

[H2SO4]

No, keep all your data, even whatever referenced data you're referring to, in Dropbox.

I'm not sure that is possible?

 

[chrfr]

I'm not sure that is possible?

What are your data sources?

 

[satcomer]

To update my earlier post here is video on Synology's Domain Server

 

[hobowankenobi]

You can run a directory server (Synology may be the easiest/most cost-effective), but cloud-based syncing may be better if you factor in your time and reliability. Many cloud-based options beyond Dropbox for syncing data.

There are new methods emerging for authentication, though I assume most will cost more than SMB wants to pay. Overview here. Market leader here. Compelling-looking service here as an example.

If you are considering running a Google account for mail service, you might want to check out authentication too, which requires a higher cost service such as Google Workstation Business plus.

 

[hobowankenobi]

I should add:

Keep in mind that typically credentials are cached locally for any non-cloud-based centralized directory on Macs. I am not aware of any way around this.

For example, say user reboots a laptop somewhere away from the LAN. They want to log in, so their MBP needs to contact the directory server. But wifi networks will not be joined until after the user logs in. As of now (who knows what the future holds) Macs use cached credentials (saved locally) so no network connection is required to log in.

It gets even more complicated that the same happens even when on the LAN. After the first successful login, credentials get cached, and now the Mac no longer talks to the directory server until AFTER log in. Complicated.

There are some tools that assist with this like NoMAD, which will sync user passwords while on the LAN (or visible via VPN or public facing directory server), but only after the user has logged in.

----

Long story short...if it were me, I would not use a directory server for user log in, unless you had machines all on the same LAN. For users connecting over the internet, I would use a centralized syncing file server that would gracefully handle bad connections, dropped connections, and versioning that allowed folks to work on files locally when they don't have a good connection, and catch up when do.

As far as I know, that means a cloud-based file-syncing tool. Dropbox is the granddaddy, but there are more services than one can shake a stick at, so don't be afraid to test a few.

It is possible to run your own cloud-based file sync server, but between the hardware and cofig costs, along with uptime requirements, it may be difficult to beat a cloud-based service. If you want more control, and fewer limits, something like Resilio or GoodSync is worth a look.

Depending on software needs Google Workspace of MS 365 are very real options. 365 gives both local and cloud-based file syncing, and with the OneDrive client (very similar functionality to DropBox), not to mention live collaboration in the basic apps like Word and Excel, as well as browser-based access and work so anybody can literally work anywhere on any device, as long as they have internet.

 

[hobowankenobi]

OTOH, to roll your own, Synology is the best option out there I have run regarding a large feature set and easiest to setup and operate.

The Drive sync and backup tool is pretty good and very similar to DropBox too...better in some ways. I have used it over WAN for backups, and while not super fast, it was dependable. They also have a great feature to sync one NAS to another, for live backups.

 

[H2SO4]

Running a central server is definitely an achievable task, but it might require some dedicated time to set up and maintain. Macs have made the process relatively more straightforward, but you'd need a Mac running MacOS Server for the full range of options like you mentioned.

Thans for this info.
I'm wondering if the best thing to do is go with a 'ready made service' as the others that work around me arent that IT literate. There is a lot I don't know about this and if either I'm not available forI don't know it mght be best to have a 'Pro' that knows.

 

[mcnallym]

Thans for this info.
I'm wondering if the best thing to do is go with a 'ready made service' as the others that work around me arent that IT literate. There is a lot I don't know about this and if either I'm not available forI don't know it mght be best to have a 'Pro' that knows.

Mac OS Server is too all extents and purposes really kind of killed off now. Is still there but more and more removed.

As you said that the users all working from home then a NAS at one of the locations means that the NAS unless you have hosted in which case will be a service as opposed to a NAS accessed at that location.

So not only do you (and presuming your location) have to manage the NAS then also have to publish the NAS to the Internet as well and have a solution restricting access to who you want. Also anything they download will be limited by what you upload speed is on your connection.

I would say you are probably better off going with a service provide who can set all of that up for in a hosted solution.
Yes you pay however if something not working then pick up the phone and get it sorted.

 

[H2SO4]

Mac OS Server is too all extents and purposes really kind of killed off now. Is still there but more and more removed.

As you said that the users all working from home then a NAS at one of the locations means that the NAS unless you have hosted in which case will be a service as opposed to a NAS accessed at that location.

So not only do you (and presuming your location) have to manage the NAS then also have to publish the NAS to the Internet as well and have a solution restricting access to who you want. Also anything they download will be limited by what you upload speed is on your connection.

I would say you are probably better off going with a service provide who can set all of that up for in a hosted solution.
Yes you pay however if something not working then pick up the phone and get it sorted.

Just what you said, and...............whilst I'm "ok", with a computer, reading up on the subject as to the pitfalls of administering made me realise that I could get myself into more trouble than it's worth.

 

[H2SO4]

Hi.
I may be using the wrong terminology here and actually a NAS might be just what I need but I'm looking at moving away from local accounts to ones that are managed centrally.
I fear I'm out of my depth already actually, having spent the night reading about LDAP and Active Directory. Not things you can pick up quickly it would seem.

Problem with Dropbox is that a location on my local machine doesn't work the same on the local machines of others, for example if I want to issue a spreadsheet and have the external references pulled from a location that I manage, it won't work for the others.

Yes. This was my problem with it. If they allowed it to be put at the root of the drive that would be Ok as you could reference that easily.

 

[hobowankenobi]

Yes. This was my problem with it. If they allowed it to be put at the root of the drive that would be Ok as you could reference that easily.

That ship sailed...about 20 years ago. From the early days of Mac OS X, the only location designated for all users to have access is:

Macintosh HD/Users/Shared

Even that has limitations, in that (last time I checked), while all users have read/write access, only the user that created a file can delete it, which can be problematic in a bigger work group.

Regardless of platform, security requirements/configurations pretty much prevent full access to system volumes, and it take alot of work (and is neither recommended or supported) to allow full access. Syncing options (iCloud, OneDrive, Google, Synology, etc.) are all more secure, more fault tolerant, and much less work to setup and maintain...and most are more cross-platform too.