[Zeheeba]

Hey There. If your problem with slow logins etc is indeed caused by serious lag in receiving DNS query responses, then placing slaves in each of the buildings could help.

Regardless, depending on the number of users you have hitting this dns server, slaves would be a great idea. Just make the Existing server the master, and if your G4’s at the branch locations are not already overburdoned, make them slave servers.. The master will automatically update the slaves when changes are made.

Of course implementing this isn’t quite as easy typing that last paragraph, but if you have a basic sense of how bind works, you should be fine.

I dont’ see any problems that could arrise from this. Good luck!

Regards,
Z

PS- I’ve done this a bunch of times, if you have questions or problems, give me a hollar.

[Zeheeba]

Hey There.

Make sure the user credentials you are using to bind to the AD domain actually have the proper permissions to perform such an action. It looks like this might be your problem.

Good luck…
Z

[Zeheeba]

I believe that if the hang is happening on the blue screen before the startup process status bar, then the problem could be hardware related since the OS actually hasn’t loaded up yet. Hopefully someone can clarify this…

Z

[Zeheeba]

Hello Siemaszko,

Boot up your server and read your /etc/hostconfig file. It should have many lines reflecting what services are enabled as well as setting host names etc. I’ve had a problem before when serveradmin was reporting no server at the proper IP address and not being able to manage the server. The problem was this file was empty. How this happened, who knows, but check that file. It should have entries such as:

# /etc/hostconfig
##
# This file is maintained by the system control panels
#Network Configuration
HOSTNAME=your.server.com
ROUTER=-AUTOMATIC-
# Services
AFPSERVER=-YES-
APPLETALK=-en0-
SERVERMANAGERSERVER=-YES-

There are many more lines. If you have another server on the same version as the trouble server, check out that servers /etc/hostconfig. I can’t post a full one right now, but someone else may be able to.

Hope this helps.

Regards,
Z

[Zeheeba]

You may be having this problem because Your ISP’s dns server has a server that is responding much quicker. If you are using the schools dns server, it might be overloaded and slow to respond. If you point the main forwarder to your ISP’s dns server, you can enter in a zone entry into your named.conf like this:

zone “nyu.edu” {
type forward;
forwarders ” xx.xx.xx.xx; “;
};

The “nyu.edu” would be the base domain for your school or organization. And of course the xx.xx.xx.xx would be the ip of your schools/orgs dns server. Then when ever your dns server recieves a request for xxx.nyu.edu it will seek a response from your schools dns server. All other requests will be directed to your ISP’s dns you specified in the main forwarder.

This setup allows you to have the speedier lookups for the internet without losing the ability to access your internal site.

Hope this helps…

Regards,
Z

[Zeheeba]

Hey There,

You wrote:
“I then setup the SMB service for the Home folders, but when I finished modding the smb.conf file, the Windows role had changed under Server Admin from standalone todomain member. The article says this shouldn’t happen, but I just put it down to the fact I was using Tiger and not Panther Server.”

You are correct. You shouldn’t need to hand edit the smb.conf file in Tiger as you needed to in panther to have the SMB service show as a Domain member. Apple did this all for us with Tiger. If there are some settings that need to be changed by hand, I haven’t seen them yet.

I didn’t quite follow your description of how you are trying to add AD users to local groups on the OSX server, but you can do this buy launching WGM, making sure you are looking at your local directory and not AD via the drop down menu under the “Admin” , and hit the “New Group” button. Name the group and give it the ID you want. To add AD users, click the the plus button next the member list to open the users/groups drawer. At the top of the drawer, make sure you select your AD from the drop down list. This should populate the list. Once the list is done loading, simply drag users from the drawer to the members pane. This should add them to the local group.

Hope this helps.

Regards,
Z

[Zeheeba]

Hello Jeff,

Since there have been no responses, I might as well throw some thoughts into the mix.

From what I see, you are receiving a “Permission denied (13)” error 5 times. Is your AD setup to deny access, or lock accounts after a certain amount of failed logins, etc? Often the count is 5 when this setup is enabled. If so, perhaps the 5 failed attempts to mount or access this directory are disabling any further attemps, giving you the “Operation timed out (60)” errors. You mentioned getting the spinning beach ball when trying to log in. This could be explained by a timeout as well. Either you are not being permitted to authenticate, or perhaps your communications are becoming disrupted somehow.

Just a thought. Another thing to look into is the time frame your kerberos tickets remain valid. If the time is really short, perhaps the ticket is expiring and therefore giving you the errors. I believe you can check the Kerberos ticket times via /System/Library/CoreServices/Kerberos.app. Then again, the tickets may be renewed automatically after you try to use this access again, I’m not sure, but its an idea. : )

Hope some of this may help or shed some light on your issues.

Regards,
Z

[Zeheeba]

I’m loving this site/board!! This topic deals with something that I’m trying to tackle. We have a iPlanet LDAP server that our OSX server authenticates against. It works great on the AFP side, but I can’t get Windows to authenticate against it.

I’m wondering if this article about setting up our server as a Domain Controller might solve the problem. Has the updated version for 10.2.3 been released yet? I would love to get my hands on it.

Thanks!!

Regards,
Zeheeba ( Dan )

[Author]

Posts