[Flash]

It seems that something in WinXP SP2 broke digest authentication. It insists on sending credentials with the Windows domain prepended to the username (ie WORKGROUP\username). Nonetheless, I cannot even make this method work consistently.

As for the Dreamweaver CS3 problem connecting to Basic authenticated realms, there is a fix which worked for me.

http://www.adobe.com/go/kb402079

Thanks to Paul Suh (www.ps-enable.com) for these insights.

[Flash]

AES just called a gave me a cryptic answer. They didn’t answer the question as to whether this would do damage to my 10.4 OD, rather gave me these steps to use:

-bind 10.5 server to 10.4 domain as “connected server”.
-leave 10.5 server bound to 10.4 domain in Directory Utility.
-change role of 10.5 server to OD master.
-then enable wiki and blogs for pre-existing 10.4 groups

Not sure how this works because the local directory would be destroyed when changing the server role. Can anyone elaborate on their experience?

[Flash]

Ah, lpadmin was all I needed. Here’s a bit more info I just found. Thanks Joel.

http://www.mactech.com/articles/mactech/Vol.22/22.10/CUPS/index.html

[Flash]

[QUOTE][u]Quote by: jbnlsd[/u][p]

The last bit I have at the moment is that it seems to only be users who are located on one particular Xserve.

Is Guest access allowed in AFP? Are you excluding Guests from idle-disconnects? Mounts occur at startup as Guest as far as the server is concerned. Authentication as a real user doesn’t actually occur until the user logs in – the share must already be mounted as Guest for homedir to be correctly attached. For instance, a machine that fails to correctly map a homedir – what do you see in Network/Servers/ before restarting? You should see all server mount points. Just a thought.

[Flash]

Well, for lack of a better solution, this works:

1. Disallow access to Mouse, Keyboard and Universal Access Panes.
2. Create these two plist files as desired (com.apple.driver.AppleHIDMouse.plist & com.apple.universalaccess.plist), these include all mouse settings and F-key settings.
3. Under Details Tab of Group Prefs, add pre-made plist files.

[Flash]

OK, I guess I deserved the comical response. To be more specific, slapd on the OD Master pegs the CPU’s when 20 XP machines log in at once, whereas it would take 200 concurrent logins from OSX clients for slapd to peg the CPU’s. Odd.

[Flash]

[QUOTE][u]Quote by: stepansae[/u][p]
But some SW is not network login friendly, such as Digidesign ProTools, or we have some workstations with such a specific audio/video hardware that having network login is just a pain.
[/p][/QUOTE]

I’m not familiar with the software you mention, but I’ve also had my share of struggles with multimedia apps which are unstable with network homedirs. I’ve gotten around most of them, but it does take a lot of planning. Redirect as much as possible to your local client machines. Use NHR to redirect user caches – which uses an ingenious login hook, reduces server overhead and storage. Build your network homedir template such that the movies folder, Microsoft User Data, even Application Support dirs redirect to some local shared location. These sorts of things will typically make those multimedia apps more stable.

[Flash]

[QUOTE][u]Quote by: dragonmac[/u][p]Well unfortunately I have to wait on Apple to fix my Mac Pro problem (see post above). Still no Link Aggregation and no one can figure out a workaround but it might be hardware so. Apple is aware of the problem.[/p][/QUOTE]

I believe Small Tree may have your solution, though not for free.

http://www.small-tree.com/solutions/linkaggregation.htm

[Flash]

My Cisco engineer has just further enlightened me on my load balancing statement above. LACP can load balance in some sense. The bonded ports can be configured to round-robin load balance by host or client MAC or IP address. The default on Cisco switches is to load balance by client MAC address. What this means is that each new client connection is assigned to one of the bonded ports for the duration of the connection. So it load balances by client connections, NOT by bandwidth consumed, which would be more ideal. Nonetheless, I stand corrected, LACP does have load balancing capability by client connection.

[Flash]

Figured it out. I switched the AFP authentcation method from Kerberos to Standard. Now netboot clients are mounting the afp volume, saving shadow files to it, and the local volume can be unmounted as expected in diskless mode. Now to figure out why Kerberos is broken…

[Flash]

[QUOTE][u]Quote by: Vegan_admin[/u]
is it not possible to give the diradmin local rights aswell?
[/p][/QUOTE]

Sure, you can, but I don’t think it’s a default setting for a diradmin.

[Flash]

Access to sharing tab requires that you log into WGM as a local admin, not a diradmin.

Are you opening WGM from the server where the share resides or remotely?

“Vegan_admin”, gotta love it, me too.

[Flash]

[QUOTE]
Are there AFP sessions for NB users when you boot the clients?[/QUOTE]

No, and I was curious as to why not. Nonetheless, clients do create the shadow files on the server. So, perhaps my problem is related to AFP sharepoint, not diskless netbooting. Thanks for pointing me in the right direction.

[Flash]

Glad to see so many are diving into link aggregation. I’ve been using it successfully since Xserve G5’s first hit the scene, initially with Small Tree’s multi-port cards and software. I would like to caution you on a few poorly documented side effects.

1. Link negotiation at startup is very slow (at least with my Cisco switches), so if your server is an OD master or replica, the default replication at startup will fail and you’ll see errors like “Password service not found” in replication logs until a running replication occurs.

2. Further, if you happen to restart more than one replica and/or OD master at the same time, I’ve often seen the authserver-replicas files become corrupted on one or more of the restarted servers. This can cause the dreaded continuous replication phenomenon along with repeated replication errors “merging conflicting replicas lists”. Demoting to standalone, then back to replica has been my only brute-force fix for this. If the box is also a BDC, do your homework before demoting – there can be unexpected anomalies.

3. As we all know, OSX server is very dependent upon DNS. It’s always best practice, but particularly with LACP, make sure you’re running DNS on the box. If you don’t, the slow negotiation at startup will cause non-localhost DNS lookups to fail and the box will revert to its “server.local” hostname, rather than the desired “server.domain.com”. I’ve seen this result in malfunctioning of homedir automounts where automount path becomes “Network/Servers/server.local/Volumes…” rather than that defined in LDAP, “Network/Servers/server.domain.com/Volumes…”.

4. Lastly, realize that LACP does NOT support load balancing in the true sense. Cisco docs indicate that the second bonded port won’t even get used until the first port is saturated or experiencing some threshold of latency. Look at your switch port stats, you’ll see what I’m talking about.

All that aside, I highly recommend LACP, throughput and latency in high traffic environments will be noticeably improved.

[Flash]

[QUOTE][u]Quote by: MacTroll[/u][p]What makes you think you’re actually doing a diskless netboot beyond the fact that it’s checked in the interface? 😀 [/p][/QUOTE]

I used the following command to retrieve netboot settings; both the images appear to be in diskless mode. Shall I look somewhere else?

$ sudo serveradmin settings netboot

netboot:netBootImagesRecordsArray:_array_index:0:SupportsDiskless = yes
netboot:netBootImagesRecordsArray:_array_index:1:SupportsDiskless = yes

Interesting however that the gui refers to the images as index 2 & 1, but appear above as 0 &1.

[Author]

Posts