[Moofo]

The script is on the admin account desktop. We’re executing it prior binding.

Script:

sudo rm -fr /var/db/krb5kdc
sudo /usr/libexec/configureLocalKDC
sudo diskutil enablejournal /
exit

I guess there would be a better way to do it, but this works…

[Moofo]

I upgraded.

It wasn’t smooth, but so far it works !

All my problem were solved by backing up and restoring OD

[Moofo]

see my post…

http://63.246.25.250/thread.jspa?threadID=2177670&tstart=0

You’re trying too hard…

[Moofo]

First of all, in 10.5 and in 10.6, if you use netrestore, the destination disk of the machine you will restore will end up as “HFS+” not “HFS+ Journaled” which causes some problem with reliability on hard reboots. For this reason, there was always a script on the admin desktop of the image to:

Reset the KDC
Enable Journaling

My script seems to work on 10.6, execpt that it seems that it doesn’t replace the certificates in the system keychain. To avoid the “overwrite” problem you had, there is a simple fix

Before shutting down your master machine, go to the keychain and flush all entries in the system keychain. I would also flush /var/db/krb5kdc.

You can them create your image, however when you use it to restore a machine, remember to execute /usr/libexec/configureLocalKDC which seems to repopulate the system keycahin with a new seed.

You won’t have the “overwrite” problem anymore.

I still have to do a little dance to bind them though, the direct method seems to fail.

Oh and my diradmin probelm solved itself by simply backing up the OD and restoring it…

[Moofo]

Sorry for the late reply….

I’m binding manually using Directory Utility

this morning, I found that i can’t use diradmin anymore in my server with workgroup manager….

[Moofo]

I got this error as well.

I think I fixed it by making it a standalone machine, rebooting then creating the replica.

[Moofo]

10.5.2 server does not fix the problem 🙁

Dammit, when will they fix these major issues ?

[Moofo]

I have a case open with Apple for this.

There is a bug in 10.5. ACL are not respected in the SMB shares. and worse: if a user has more than 16 groups assigned, he doesn’T get all the permissions that are assigned to him: everygroup after the 16th is ignored.

Result: SMB server is badly broken in 10.5.

If the effective permission inspector says it’s OK, it should be OK. However it’s not…

[Moofo]

I left a case with Apple Engineering

I expect a Call back…

By the way, I found another bug: The inherit permission from parent option is broken. You can work around it easily with ACL’s

[Moofo]

Hmm Seems to me it’s a bug with the server admin interface.

If I go in the config files manually at /private/var/samba/shares and I put the strict locking=yes, then everything seems to be OK. However, Server Admin never shows the modified setup…

[Moofo]

Yep, on leopard server….

If you tell me it’s normal…

[Moofo]

Well.

“id” works pretty well…

[Moofo]

To check if directory services are working from command line

You know:

Lookupd -d

userwithname: jdoe

[Moofo]

And If I bind clients to the domain and then add replicas, would that mean that the I will have to rebind clients for them to have the infos about the replicas ? Or this info is refreshed on the clients periodically ?

[Moofo]

HI !

I had a request fromn the sysadmin here to install Norton Antivirus for Mac on our Xserve machine. Namely, we have G4-G5 Xserves and one Intel Xserve. Many PC’s are connecting to them and we had several viruses on the server themselves. Thing is, the PC workstations are AVID workstations, and we can’t install Antivirus Software on them, as reckless as it may sound for Windows machine.

The software performed so badly on the mac workstations that I had to take it off. By this experience, I must say I’m very reluctant to install it on server machines.

What is your opinion ? Anyone tried it ?

[Author]

Posts