I had this problem with one client, but i didn’t get to spend much time troubleshooting it. I ended up switching it to a replica and didn’t have the issue and I never went back to figure it out.
But I have done the same setup about 100 times other places and have never seen this. If it helps the server was just doing (Master, PDC, and VPN).
Well if you’re using AFP network home directories on a Windows server properly, you’re going to run into problems since the default AFP on AD servers is outdated and unstable. If your home directories are just mounting as a share and your accounts are local you may be able to get away with AFP 2.x. If not you need Extreme ZIP, this will give you AFP 3.1.
If you did your AD integration correctly you shouldn’t even be able to edit the home directory location on the OD server. The users would be from AD and not be editable. You point the home directory in Active Directory not OD. I’m either confused by what you are really trying to do or your not doing a AD/OD integration.
ExtremeZ-IP is only needed if you plan on hosting the home directories on the AD server over AFP. If your hosting home directories on a OSX server ExtremeZ-IP is not needed.
MCX has nothing to do with where the home directories are. You need to figure out how you plan to manage the MCX. You can manage by user, group, or computer and depending on how you want to manage will determine what need to be done.
Without the ability to select a drive letter in the profile path and putting in the home directory path you will not be able to do this as far as I know. This should not be against policy as the xserve is just a domain member now, so its just another windows server as far as the AD admins are concerned. Your not changing attributes, you’re simply defining the home directory location. I can see the concern for extending the schema but this has nothing to do with that.
So clients are auth to a AD server and then are manually connecting to your OSX server and using another password? Or do you have your OSX server bound to AD server and clients are using the same login and password?
If it is bound to AD why not make it a Member Server of the AD server and part of Kerberos, if the server is not bound to AD it should be.
I missed that you said you had other 10.4.7 machines. Try verbose mode and see where its hanging (Command, V on boot). Check the consol logs and see if you have any strange system errors on boot. One of this has to tell you whats going on… I have only seen these hangs when DNS is messed up or directory services. Was this an image or all machines configured the same?
I would say its a 10.3.9 and Tiger that is the difference and not Intel macs. Did you check the logs or do Single user mode to see where its hanging. A lot has changed in the AD plug-in since 10.39, maybe if you described your setup a bit more it would help… SMB home dirs? Network homes or local cached user with home mounting? OD master is for managing prefs?
Have you tried to checked “Prefer the domain server” under the Active Directory advanced options in Directory Access? I have found with large AD domains and connectivity issues doing this helps… Also unchecking “Allow auth from any domain forest” and defining the right domain under the authentication tab in directory access helps as well.
Is it a PDC? To be honest I don’t trust more the 40-50 connected windows users at a time, seems to be all that one server can handle. Now I have seen where deleting the secrets.tdb file from “/var/db/samba/” and rebooting and setting up the PDC again, resolved some windows connectivity issues. Its really hard to say if this would work for your situation.
– OD server is a Master with DNS (reverse and forward) working.
– Create your home directory share with networking mounting enabled (automount) on your OSX server.
– Bind your clients to AD and OD, but AD would be first under authentication,
– On the AD server select a drive letter and the path would be “/servername/share/username”
– In directory access on the client go under the advanced AD plug-in settings and uncheck “Force Local Homes” and change the network protocol to AFP.
The only time I have seen something like this is when a server was being used as a PDC and the master had home directories stored on it. Is this your case? How many simultaneous connections (windows/afp)?
Third party RAM is always your fist check. I see nothing but issues with certain RAM, to the point where we only recommend certain RAM that we trust. If it still crashes with the original Apple RAM, it could drive problem if the copying is causing the kernel panic… Can you copy from drive to drive from the server itself?
Recent Comments