MCX computers / Airport

[Anonymous]

Just to simplify a question in an earlier post –

My Airport eMacs are not showing in Computer list browse to add. They are using a different IP range, subnet and router to the wired Macs. I’ve added their MAC and names manually, one at a time.

I’m using IPSecuritas which fails to establish a connection at autostart. I have to login as local admin, stop the failed IPsec connection, start IPSecuritas manually and then it works. I logout so other users can login now IPsec is working. Problem is when they login, they only get GROUP prefs, not the computer prefs I set in WGM.

????

cheers

[Anonymous]

I want to add more info to my post.

Main network Windows. Built-in Ethernet Macs using fixed IPs from set range + DHCP from Windows. Xserve providing MCX. Xserve has forward/reverse DNS with Windows. All OK (OSX.3.5 updated).

Our wireless PCs / Macs are being routed in through a different switch and use IPsec certificates for secure access.

The wireless Macs (eMacs 10.3.5 updated) use Airport Extreme (updated) and have fully manual Airport TCP/IP settings from a different IP range with a different subnet / router. The AEBS (x2) have self-assigned their IP from the 169. range. One AEBS deals with 4 eMacs, the other with 5 eMacs and 4 G4s.

To configure IPsec on the eMacs we used IPSecuritas (http://www.lobotomo.com/products/IPSecuritas/) which is great but support response seems slow.

Here are my main issues:

1) AEBS configs. + Airport Admin Utility do not communicate when using manual Airport TCP/IP settings on the client Macs – only if I switch back to full DHCP?

I also now have one out of five eMacs in the same locale that fails an Airport connection everytime but was working OK previously ( “Error connecting to Airport …” message ).

2) Logging into the Xserve is slower (as expected) but often the home folder does not mount or the MCX computer preferences do not get enforced. The Airport Macs are not visible in Network Browser (routing ?) and they only get Guest Computer prefs. – not from the computer list I set up using their MAC addresses.

3) IPSecuritas autostarts but the connection fails. I have to login with a local admin account, start IPsec manually (using IPSecuritas) which works, logout and leave the machine for users to login to LDAP on the Xserve. Does anyone have any pointers about IPsec (racoon/KAME/IPSecuritas) and Airport, and the boot startup / initialise network sequence ?

4) What about classic + AE ? I run Quark 5 (OS X classic emulation, not boot) which searches for its licencse file over the network to the Windows PDC. Works fine on Ethernet Macs, but not on Airport Macs. Is this related to problem 2 above (routing ?)

A lengthy post, I know, but I’ve been left to finish this set up ASAP as I’m the only Mac support person at our College. The Windows guy set up the IPsec certificates and discovered IPSecuritas, but thats it.

Thanks alot for any help / tips / pointers for the above ….

[Detrius]

Probably not related, but it’s worth looking at: your base stations have self-assigned IPs. See if you can manage to get them on the network.

Also, I have had issues with doing this stuff over Airport–even without the IPSec. Is the wireless network open, or is it password protected? I’ve had issues with protected networks where machines won’t connect until a user logs in.

Depending on your setup, you may do well to add extra base stations to take the responsibility of connecting to the wireless networks away from the macs–let the base station connect to the wireless network, and the macs connect via ethernet. Before attempting this, you would want to ensure that the IPSec works properly when these machines are connected over ethernet.

You can also tweak the /System/Library/StartupItems to ensure that the dependencies are setup correctly for your situation.

With respect to the MAC addresses not showing up–if it’s not the fact that it’s a different subnet, then the IPSec will definitely filter it out. The IPSec is just using IP–the MAC addresses are on a lower layer than IP and thus are no longer needed when you are doing IP routing.

These are just a few things that come to mind–it may not even be remotely helpful.

[Anonymous]

[QUOTE BY= macshome] You probably have this set, but when trying this with AirPort make sure that you set the Macs to a specific base station, not automatic.[/QUOTE] – Yes – this is done already – thanks Josh

[Anonymous]

[QUOTE BY= Detrius] Probably not related, but it’s worth looking at: your base stations have self-assigned IPs. See if you can manage to get them on the network.[/QUOTE]

I’ve assgned them IPs from the range set aside for the wireless Macs – they now show in Admin Utility – thanks.

[QUOTE BY= Detrius] Also, I have had issues with doing this stuff over Airport–even without the IPSec. Is the wireless network open, or is it password protected? I’ve had issues with protected networks where machines won’t connect until a user logs in.[/QUOTE]

The wireless network is protected by IPsec certificates but not by any passwords I know of (Windows side) especially not the AEBS’s because I set them up.

[QUOTE BY= Detrius] You can also tweak the /System/Library/StartupItems to ensure that the dependencies are setup correctly for your situation.[/QUOTE]

I know about the StartupItems but not about dependencies. I am using the SlowDown script from this site.

[QUOTE BY= Detrius] With respect to the MAC addresses not showing up–if it’s not the fact that it’s a different subnet, then the IPSec will definitely filter it out. The IPSec is just using IP–the MAC addresses are on a lower layer than IP and thus are no longer needed when you are doing IP routing.[/QUOTE]

The router has been tweaked by the Windows guy and now the wireless Macs can see each other in Local but the wired Macs (including the Xserve) can’t see them. The individual wireless IPs show up in AFP on the Xserve because NAT has been switched off on the router.

[QUOTE BY= Detrius] These are just a few things that come to mind–it may not even be remotely helpful.[/QUOTE]

It’s all helpful – I’m on a steep learning curve. Many thanks.

[Author]

Posts