[Anonymous]

[quote:a84a116abb=”matt riley”][quote:a84a116abb=”Obey Panther”]So I was able to make the necessary changes to LDAP today that remedied this whacky problem.

I edited the “passwordserver” and “ldap-replica” objects using the Inspector tab under workgroup manager. Those objects apparently tell services where to look for the password server. Then I rebooted the server (probably could have just started and stopped all of the directory services to fix it…but hey…clean reboot).[/quote:a84a116abb]

What exactly did you edit with the Inspector tab? I’m not seeing any entries like that for my users.

-Matt[/quote:a84a116abb]

Nevermind… I found it in the pop-up menu under Config. Thanks for the tip, though… I think it solved my problem. My forehead thanks you (now to find a towel to wipe the blood and sweat from the desk where my forehead has been banging the last day and a half…). 🙂

-Matt

[Anonymous]

[quote:f90df04999=”Obey Panther”]So I was able to make the necessary changes to LDAP today that remedied this whacky problem.

I edited the “passwordserver” and “ldap-replica” objects using the Inspector tab under workgroup manager. Those objects apparently tell services where to look for the password server. Then I rebooted the server (probably could have just started and stopped all of the directory services to fix it…but hey…clean reboot).[/quote:f90df04999]

What exactly did you edit with the Inspector tab? I’m not seeing any entries like that for my users.

-Matt

[Anonymous]

Hi,

On a 10.3.3. client, in terminal, as root user, type “dsconfigad -localhome disable” (no quotations).

Your Mac’s Home folders (Desktop, Docs, Library, etc) will be setup within your Windows home directory.

Pretty neat!

Waz

[Anonymous]

Use PPTP. IPSec/L2TP doesn’t work over NAT (yet).

In a nutshell, get PoPToP, PPP, and a recent Linux kernel. Get the MPPE patches from here: http://www.polbox.com/h/hs001/ . Patch, build, install, and reboot with the appropriate support enabled in the kernel config.

My /etc/pptpd.conf file looks like this:
name pptpd
option /etc/ppp/options.pptpd
localip 10.0.2.1
remoteip 10.0.2.2-254

My /etc/ppp/options.pptpd looks like this:
name pptpd
require-mschap-v2
mppe required,stateless
proxyarp
ms-dns <primary DNS IP here>
ms-dns <secondary DNS IP here>

My /etc/ppp/options looks like this:
lock

My /etc/ppp/chap-secrets looks like this:
user1 pptpd user1password *
suer1 pptpd user2password *
(etc.)

Fire up pptpd, turn on packet forwarding, and nat:
iptables -A POSTROUTING -t nat -o eth0 -s 10.0.2.0/24 -d 0/0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
pptpd -c /etc/pptpd.conf

Make sure you have your firewall config right. You need to open port 1723 to the appropriate clients [b:604f8171fc]AND[/b:604f8171fc] pass Proto #47 packets. E.g., a couple sample ipchains rules to do that, might look like this:

ipchains -A input -p tcp -s <client-ip-here> -d <server-ip-here> –destination-port 1723 -j ACCEPT
ipchains -A input -p 47 -s <client-ip-here> -d <server-ip-here> -j ACCEPT

With this config, you should have both Panther and WinXP clients connecting easily, even at the same time behind the same NAT!

Phil 😉

[Anonymous]

I used the second script, set up per suggestions…. and my amavisd *still* won’t start at startup. If I restart the mail server for any reason, I still have to launch amavisd manually via terminal.

Help???

[Anonymous]

I found references to the old server IP address in
/Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig.plist
on client and server.

The IP shows up in the value for the “Replica Hostname List” and “Writeable Hostname List” keys.

I presume this is what is causing the problem, or is at least another symptom of something I did wrong.

Due to other, unrelated problems associated with the current project to reconfigure the network IP structure, we have reverted all settings. Things are now working as they were before.

However, this is but a reprieve. If anyone could still comment on the problem I created for myself, and how I might avoid it next time, I would still greatly appreciate the advice.

Thanks,
Adam

[Anonymous]

Saw that this morning. I’ve said it before….for all you want to talk about United and their international profile [url]http://order-education.fateback.com/[/url], they really seem to do business the right way. I’m interested to see just how much Kenyon had to do with these results, so next year will be interesting.

[Anonymous]

Hmmm,

So changeip runs through LDAP and changes all of the IP entries?

I guess the question that I’d have is: Does changeip ONLY change entries in LDAP. If it does, then what I effectively did was manually do what changeip already does.

[Anonymous]

[quote:305420e6a1=”bcirvin”]were there any new home folders? if you try to run apps on the newly modified user acct, do you get strange errors?[/quote:305420e6a1]

Can a user have more than one “home” folder? There are three users, so I guess there are only three home folders. Let me state this another way…in the Users folder, there are 4 folders, one is called “Shared” then the other three folders are the names of the users.

Since I changed the UserID back to 501, I have used that account with no problems. It seems to be totally normal.

[Anonymous]

[quote:374b5c2c01=”bcirvin”]

try looking in the users folder of the main machine to see if another folder has been added for your user – if the machine could not access the old home folder due to differing user id numbers, than it would probably make a new folder for that user.

let me know what you find.[/quote:374b5c2c01]

I looked on the main machine…there are no new users. Before I changed the USERID, there were 3 users on the machine. I changed the userID to 2000 then changed it back to 501 and now there are still 3 users.

Is that what you were asking?

[Anonymous]

So I was able to make the necessary changes to LDAP today that remedied this whacky problem.

I edited the “passwordserver” and “ldap-replica” objects using the Inspector tab under workgroup manager. Those objects apparently tell services where to look for the password server. Then I rebooted the server (probably could have just started and stopped all of the directory services to fix it…but hey…clean reboot).

I verified that everything was communicating over the primary interface in two ways:

1) I unplugged the backup network and started our mail services. Whalla…authentication continued to work and mail delivery continued.
2) I checked netstat and saw that, to my chagrin, the backup network interfaces were no longer listening and/or established.

Much better.

But lord, what a hassle.

Who the hell knows, maybe changeip would have solved this. I have to admit though, I was reluctant to run this since the backup interface was in LDAP, but not configured anywhere else on the server.

I’m still trying to figure out why this occurred in the first place. I am guessing that the PCI (backup) interface was on the top of the list in the network preferences (hence preferred interface) during server build. That’s the only thing that I can think of that might cause the server to configure in such a whacky manner.

Any ideas as to why this could have occurred would be great. I wouldn’t want anyone else to encounter this.

-Obey (nPlusOne Group)

[Anonymous]

The php module is enabled…I’ve haven’t found any references to any other modules that are required by Squirrelmail. Also, most of the other modules are enabled by default.

A little more info. I can telnet to localhost port 143 and it shows Cyrus IMAP loaded OK. However, when I attempt to log in, I get the error:

NO Auth method not enabled

and nothing shows up in the IMAP logs. It’s looking more and more like an IMAP authentication problem. Both Squirrelmail and the server are set for “Login” authentication.

[Anonymous]

I had come across this solution:

http://www.smalldog.com/newsarchive/techtails_display.php?id=193

[quote:84b1f1c973]Network Home Folders

Have you ever been in a situation at work or school where you normally
work on one computer but for various reasons need to use another? Did
you wish to have all of your files, bookmarks, etc., available on your
temporary computer? While not trivial, this is possible to do if you
have more than one computer on your network. For those of you who enjoy
a challenge, the following will show you how to “roll your own”
solution.

WARNING: WHILE CONVENIENT, THIS IS NOT SECURE. MAKE CERTAIN THAT YOU
TRUST YOUR USERS AND THAT YOU ARE BEHIND A FIREWALL. There are more
secure ways to do this, but that’s for another Tech Tails.

Let me begin with a little theory. The files that you typically see on
your desktop–documents folder, music folder, etc.–are stored in a
folder called Users/YourUserName on your hard drive. While this works
well with one machine, things get complicated when you have many. It is
possible to store the information that is in the YourUserName folder on
one computer but access them from a second as if they were on the
second computer. To make this work, two things need to happen: One
computer needs to share the Users folder to others, and a second
computer needs to be told how to access that folder as if it were on
the local hard drive.

The first step is to set up sharing on one computer. For this I
recommend selecting the computer that you usually work on and that is
on most/all of the time. You’ll need to download a program called NFS
Manager .

Install NFS Manager. Open /Applications/Netinfo Manager and click on
the Enable Root User. MAKE THIS PASSWORD VERY SECURE, SINCE ROOT CAN DO
ANYTHING TO YOUR SYSTEM. Quit Netinfo Manager. Open NFS Manager. Click
on NFS Shares. Click on Add Entry. Now locate the folder you want to
share which in this case is /Users. Select Only Computers from a
specified list. In this, enter the IP of the second computer. To find
the IP, go to Apple Menu>>System Preferences>> Network and copy the IP
Address. Set Treat Root Account as user root and check off Accept
connections to folders inside the shared folder. Click on Activate
Shares. Finally, create an account for the user that you want to share
if you have not done so already. Open Netinfo Manager again and go to
the users section. Select your user and look for the UID tag. Change
its value to 2000 and add 1 to subsequent accounts.

Now go to the client (second) computer. Go to Apple Menu>> System
Preferences>> Accounts and create an account with the same name as the
account on the other machine that you want to access. Download and
install NFS Manager and also again enable root in Netinfo Manager. Open
NFS Manager and click on the NFS Connections tab and click on Add
Entry. In NFS Server, type the IP Address of the other computer. In NFS
Server type /Users. In Mount Point, check off In Network folder. Select
Allow user to interrupt server, Postpone connection, and Use secure
communication ports options. Now finally type activate connections.
Open Netinfo Manager and go to the users section. Select your user and
then search for the UID Property. Make certain that it is set to 2000,
which was the numeric value on your other machine. Close Netinfo
Manager. Restart your computer. At the login screen, select your user.
If all works well, you will see your desktop and other files as if they
were on the machine that you are working on, although they actually
exist on the other.[/quote:84b1f1c973]

But when I changed my UID tag to 2000 on my main computer and then logged in, I found that all my user setting were no longer there…it was like I was a new user. I then when back into Netinfo and put back the original number (I think it was 503) and all my settings returned.

So I could not get it to work.

[Anonymous]

im having probs. with samba on our xserve too.

im trying to replace an old NT 4 domain, with samba on the xserve. I keep getting errors that seem to be around the roaming profles side of things.

lots of prf*.tmp file errors (writing of file) errors about paths being too long.. basically, users log out, takes either 1) forever (15+) minutes to log out, or 2) they get lots of errors, and any changes to the profile are lost.

anyone else witht these probs?

thanks

[Anonymous]

If I understand your problem correctly, you cannot have an account with exactly the same name as a network account. If you do, it will log on to the local account first. One or the other must be different.

When I had that problem we decided to migrate the users’ home directories to the server and remove all accounts from the client machines except an administrator account.

[Author]

Posts