[Anonymous]

I have followed the article about installing postfix in OSX 10.2 server for use with Apple’s IMAP services. I’ve got a school with a load of iBooks and 5 Windows XP machines. I am running Postfix on an early Xserve running OS X Server 10.2.6. I have run into two odd problems.

First (with password server running and the Windows Users having password server passwords) Windows users can only authenticate from Outlook if they are entered in to the local netinfo database. The root netinfo database is on the same xserve. If the users are in the root domain (with basic or password server passwords) they cannot successfully authenticate to the IMAP server. Moving them to the local netinfo domain allows them to talk to the IMAP server.

The second problem is this. I have setup the Windows Users without a home directory (thinking that it would not be neccessary). If mail comes in from outside the school’s subnet for a Windows user, it shows up in the IMAP INBOX. If one Windows user sends a message to another Windows user (within the subnet) the message does not show up in the IMAP mailbox. But if the user logs directly into the server, from the command line the “missing mail” shows up in mail. This does not seem to be a problem with Mac users, although the Mac users have home directories on the Xserve.

Anybody have anything useful to say about either of these problems?

Thanks, signed Confused

[Anonymous]

Thanks for the followup.
1. UID is mapped to the Active Directory field uSNCreated.

2. GID is statically assigned the value of group Staff (#20), so my AD admin account is treated the same as any other AD user for now. I hope to utilize an OSX server as you described, but haven’t gotten that working yet. So, for now, all AD-authenticated users are treated the same –they’re logged in as part of the staff group.

-When I log in with my local admin account or even a local non-admin user account, I am able to run Classic and MacOS9 applications.

3. Re: home folders, I hope to eventually map users’ home folders to their existing network folders on our Win2K servers (File Services for Mac). For now though, I’ve just used the /System/Library/User\ Template/English.lproj to make a /User/default folder locally on our machines and used chmod to give logged in users permission to read, write, & execute in this home directory. (see http://www.bombich.com)

Thanks for any help & advice!

[Anonymous]

Thanks for the info. Could you just point out which parts would need to be chaned? Obviously the w2k.afp548.com is where I put the DC’s name, but for example is /Users on the top line what I need to type in, or is this item where my users storred in AD (in my case, FixedPol)?

Also is there anything, apart from the domain name, in the last line that I would have to change?

Finally, where is this ‘mounts’ file?

Sorry for the questions but this is my first go on OS X server!!

Thanks again!
Stephen

[Anonymous]

Found them in netinfo manager…

[Anonymous]

I’m having the same issue right now. Where does one find the mcx_cache? I did a search on the XServ and didn’t see it.

Thanks for your help,
Steve

[Anonymous]

I am interested in the scripts too if you can post them!!!

Cheers

[Anonymous]

Joel,

Thanks for the links to that info. A bit beyond what I feel comfortable doing. Interesting reading, though, and I will show to our corporate network admin next time he visits.

Joe

[Anonymous]

Thanks for the info Joel.

[Anonymous]

Hi,

I’m a newbie also and have the same Firewall/VPN with same firmware version.

I was able to get the connection working using the settings in this forum topic:

[url]https://www.afp548.com/eBBS/viewtopic.php?t=201[/url]

Read through all of the posts in the thread for good information.

The differences between your posted settings and what I have are:

You:
Local Secure Group: 192.168.20.0 (the entire local subnet)
Me:
xxx.xxx.xxx.1 (instead of 0)

You:
Remote Network 192.168.20.1
Me:
xxx.xxx.xxx.1/24

I think the above two items will help. The next two, I don’t think make a difference.

You:
DH Group: 1
Me:
DH Group: 2

You:
PFS Group: 1
Me:
PFS Group: 2

There are differences in some of the times, but I don’t think that would make a difference (I could easily be wrong).

Hope this helps.

[Anonymous]

Hi again,

Had a look around the list and found the answers to my problem.

I can now log in as an AD user and get a home folder (can’t write to it though!)

I am getting an Xserve this week so I will be back with a few more Q’s later!!

Stephen

[Anonymous]

I just followed your advice, and it works, thanks, that was really a nightmare, also I was wondering if there is a command to connect and disconect to a samba server ? just to back up some important data in 4 machines in a schedule, and disconect as soon as the copy (Backup) is done ?
Or a utility to do or handle that sort of….

[Anonymous]

I’m having the same problem.

I already solved this on the past but i don’t remember what i did.

The message in the /Library/Logs/WindowsServices/WindowsServices.log:
[i:739ac0d25c]/SourceCache/samba/samba-26/source/smbd/password.c:DirServicesAuthUser
“dsAuthMethodStandard:dsAuthSMBNTKey” :([/i:739ac0d25c]

I don’t know the solution… but look this link:

[url]https://www.afp548.com./Articles/system/sambapdc.html[/url]

focus in this point:

[quote:739ac0d25c]This might be more generally applicable to a NetInfo-based setup, but only came up when I was working on the PDC issue. If you have a NetInfo hierarchy set up, you may well have more than one ‘root’ account on the server (for example top and machine level). When Samba is performing certain actions which have to be done as root, you might get authentication failures because your root passwords in NetInfo don’t match each other. In our case, we had all sorts of problems until we discovered that the root password in the top level of the NetInfo hierarchy hadn’t been reset during a password change. Normally this didn’t matter, because NetInfo would look at the local machine accounts too, but for some reason Samba didn’t.
[/quote:739ac0d25c]

Still trying here, if anybody gets the solution, share it.

See ya,
syncBoo

[Anonymous]

Is it possible to do it without LDAP completely? To tie it into I suppose NetInfo’s passwords?

[Anonymous]

I am not getting the following in system.log:

Aug 7 22:43:46 iMac racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 192.168.1.XX[500]<=>208.39.140.XX[500]
Aug 7 22:43:46 iMac racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Aggressive mode.
Aug 7 22:43:46 iMac racoon: WARNING:ipsec_doi.c:3039:ipsecdoi_checkid1(): ID type mismatched.
Aug 7 22:43:46 iMac racoon: ERROR: isakmp_agg.c:358:agg_i2recv(): invalid ID payload.
…
Aug 7 22:44:17 iMac racoon: ERROR: isakmp.c:1773:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 208.39.140.XX8->192.168.1.XX

My sysadmin gave me the following NetScreen settings. Anything special about these values.

gateway ip: 208.39.140.XX
remote subnet 66.240.0.0/255.255.255.0
id type is email address, ie: [email protected]
preshared key: YYYYY
phase 1 negotiation mode: aggressive
replay detection enabled
phase 1 encryption algorithm: DES
phase 1 hash algorithm: MD5
phase 1 SA lifetime: 28800 sec
key group: diffie-hellman group 2
phase 2 enc alg: DES
phase 2 hash alg: MD5
phase 2 lifetime: 3600 sec
phase 2 negotiations are ESP, not AH
ipsec compression is turned off

Thanks,
Dave

[Anonymous]

Hi Joel,

Appleshare would be fine. The remote mac is an older PowerBook with OS9.2.2 and will be at a remote office with a cable modem.. The XServer OSX 10.2.6 is at our main business location with a T1 line. How would I configure the connection?

Thanks.

Scott E.

[Author]

Posts