Forum Replies Created

Viewing 15 posts - 1 through 15 (of 30 total)
  • Author
    Posts
  • in reply to: Lion OD Replica Issue #381655
    bezzoh
    Participant

    There is no workaround for this. 10.6 and 10.7 will quite simply not replicate with each other. All replicas have to be at the same OS level. This is documented on Apple’s web site.

    in reply to: OSX Homes on Windows Server #379548
    bezzoh
    Participant

    This could also be the protocol set in advanced settings in directory utility when you bound to AD. Ensure that it is set to use CIFS/SMB not AFP or the home folder will not mount. I made this mistake last week accidentally (slight oversight, i’ve been doing this for years) and Deploystudio was binding my clients, but I had forgot to change the protocol in the workflow and they all bound expecting AFP home folders.

    in reply to: Nested AD groups in ODM Groups #378203
    bezzoh
    Participant

    Anybody ever get any joy with this? I have this same issue raised in another thread.

    Neither my X-Serve nor clients can read the short name or UID of members of any AD group other than Domain Users when viewing from Workgroup Manager and therefore I cannot deploy any managed preferences to these groups.

    I have checked the permissions mentioned above and all my clients and server have the relevant permissions.

    I really dont want to get into havign to manually manage individual users as I work in an education environment where the members of my groups are changing on a daily basis.

    in reply to: Should Safari Do Single Sign On #377683
    bezzoh
    Participant

    I have this same issue, using Netsweeper proxy boxes. Its down the the version of NTLM I believe, therefore our proxy will not authenticate our Mac’s when trying to browse the web, user’s have to store their passwords in their keychain. Firefox behaves in the same way, proving it is not a browser issue, but a problem with Mac OS and your Server.

    in reply to: unable to login at this time (home folder) smb AFP #377436
    bezzoh
    Participant

    Oh yeah, just realised inadvertantly that I’ve provided the solution to the original problem described, while asking for help myself…

    Add /BSD/Local to the authentication and contents search paths in directory access to fix the login problem.. :o) (even if it shows as red) and put it ABOVE active directory and LDAPv3.

    You will notice 10.5 does this automatically and you cant remove the option. 10.4 does not.

    in reply to: unable to login at this time (home folder) smb AFP #377435
    bezzoh
    Participant

    I’m getting some of these exact errors in the logs of some 10.4 iBooks which are authenticating against AD, but ‘trying’ to download managed preferences/MCX settings via Open Directory.

    In summary.. I recently rebuild OD on my 10.5 Server due to various corruptions and the fact that the guy that set it up left Kerberos running before making it an OD master and the whole thing wouldnt authenticate to AD at all. Anyway. Thats all fixed, and a bunch of 10.5 clients on a wired lan (same VLAN) and bound anonymously are all working fine and happily pulling down managed prefs without issue.

    However, my 10.4 iBooks running wirelessly on another VLAN will bind to OD, and I am obviously using the DIRADMIN account to authenticate to create a visible account in Workgroup Manager. However, thats where it all goes wrong. The client then kicks up a load of complaints as below

    /System/Library/CoreServices/mcxd.app/Contents/MacOS/mcxd: DSOpenNode(): dsOpenDirNode(“/BSD/local”) == -14008
    /System/Library/CoreServices/mcxd.app/Contents/MacOS/mcxd: DSOpenNode(): dsOpenDirNode(“LDAPv3/10.40.149.2”) == -14002

    BSD/local shows as red in authentication & contents panes of directory access also, explaining the 14008, but this has to be present or it will not allow my AD users to log in due to using network home directories (it kicks off about them being on an SMB or AFP share).

    Anyway, I have deleted the contents of the Directory Service folder, and cleared the /config/mcx_cache in NetInfo Manager as I have been advised on various other forums, before rebooting and rebinding. All to no avail whatsoever, and the same log messages crop up time and time again.

    While I’m no network/wireless guru, could it be that the LDAPv3 port is not being allowed to communicate from the Wifi VLAN to the X-Serves, or is it just something stupid going on in 10.4 that I havent nailed yet???

    I’m desperate for a bit of help on this one, so all suggestions appreciated.

    in reply to: Forcing desktop picture on clients #377001
    bezzoh
    Participant

    No worries mate. You can pretty much add any personalisations you like in there, including licence information for apps such as iWork, etc. so you dont have to go round typing licence keys in all your machines, as its nearly all found in /Library/Preferences, or ~/Library/Preferences

    in reply to: Forcing desktop picture on clients #376994
    bezzoh
    Participant

    The easiest way to do it is to have a user group containing ALL of your users set up. I for instance have an ALL USERS group containing my Active Directory ‘Domain Users’ group.

    Firstly ensure you have the correct wallpaper set as YOUR wallaper on your admin machine on which you are running Workgroup Manager (easier on a client, than the server).

    Then in WM select your all users group and click on preferences along the top of WM. Then select details from below rather than overview. Overview shows the default icons for things you can manage, detials allows you to add specific plist files.

    Click on + (add) below this winow, then browse within your user profile to ~/Library/preferences/ and locate com.apple.desktop and select it. This will then basically deploy YOUR desktop wallpaper settings to your all users group the next time someone logs in. This is of course dependent that the exact wallpaper is in the exact same location on all of your clients.

    Hope this helps. Its pretty easy. Just make sure you have the right server admin tools installed on your admin client. No one needs to be stood infront of an X-Serve doin this kinda thing, its easier to configure 1 client with all the preferences you want to deploy, then fire them out this way.

    in reply to: Mac OS X Server Checklist #376985
    bezzoh
    Participant

    Beltin! Cheers for your help, I was pulling my hair out

    in reply to: Forcing desktop picture on clients #376980
    bezzoh
    Participant

    Do you not use managed preferences from a Mac OSX Server?

    If you do you can depict wallpapers, etc via MCX settings in workgroup manager. Simply set the relevant wallpaper on your admin-client machine that has server admin tools on it, run WM and deploy the relevant plist file from ~/Library/Preferences to the relevant user/computer group(s). So long as the image is present on all clients in exactly the same location, you’re sorted. Thats how I’ve done it for my users..

    in reply to: Nested AD User Groups #376961
    bezzoh
    Participant

    Visibly the problem appears to be that I cannot see the members (Name and ID) of my AD groups when viewing them via Workgroup Manager. All groups that is except for Domain Users. I cant even view Domain Admins, which means the admin rights depicted in Directory Utility wont take affect either. The short name is visible, but the rest of the information is blank. Not quite got my head round this one still…

    in reply to: Using AD though OD #376677
    bezzoh
    Participant

    Since my build image was upgraded to 10.5.7, dsonfigad -passinterval set to 0 AND probably more critically I incorporated the AD and OD binding into the deploystudio workflow, I have had absolutely NO recurrence of this problem in the past few months.

    My base image has never been bound to any domain, so there are NO kerberos files in the aforementioned folder.

    in reply to: Leopard server AFP no longer allows connects #376631
    bezzoh
    Participant

    Turns out its the file screening on the Windows Server, however because the log doesnt give an indication of which file(s) its failing on, I have no idea what extension(s) I need to allow. Setting the screening to passive allows my accounts to sync as normal.

    Any clues? 😥

    in reply to: Leopard server AFP no longer allows connects #376614
    bezzoh
    Participant

    I’m getting mobile account sync problems now also, however my home directories are stored accessed via a SMB share on a Windows 2003 Server.

    Up until about a week ago this was absolutely fine. When I log in with a non-mobile account I can access the home drive without an issue and all the user data is available. When creating a mobile account and on subsequent log in/out’s and manually prompted sync’s, it says “checking” swiftly followed by ‘finishing’ and no data is copied.

    The log generates the following…

    [2009/07/14 15:26:50.825] PHD:******************************************************************
    [2009/07/14 15:26:50.825] PHD:FileSyncAgent-277.10 (r?, PID:1092, OS:9F2533, ARCH:i386) starting
    [2009/07/14 15:26:50.825] PHD:LA: FileSyncAgent -uid 1102861339
    [2009/07/14 15:26:50.825] PHD:******************************************************************
    [2009/07/14 15:26:54.381] PHD:Starting manual sync of “HomeSync_Mirror”.
    [2009/07/14 15:26:54.525] PHD:-[SPeer_FS_PHD mountPeerVolume]: Remote home located at “/Network/Servers/SERVERNAME/SHARE$/USERNAME”
    [2009/07/14 15:26:54.528] PHD:Creating new store with storeID “PHD-L-DBvFDqMxxRD-username” at path “/Users/USERNAME/.FileSync/store.filesyncstatetree”
    [2009/07/14 15:26:55.932] PHD:EXCEPTION: !IF
    [2009/07/14 15:26:55.986] PHD:Peer “network” is unable to sync. Not enough peers will be available to continue syncing.
    [2009/07/14 15:26:55.986] PHD:Aborting sync of “HomeSync_Mirror”.
    [2009/07/14 15:26:56.125] PHD:Sync of “HomeSync_Mirror” encountered errors. (EnsureSSHKeysConfigured (sshkeygen.m:327): “‘((!IsValidSSHKeyDir(@”Server”, remoteHomeFileSyncKeyDir, (BOOL)1)))'”)
    [2009/07/14 15:26:56.125] PHD:Last successful sync completed at (null).
    [2009/07/14 15:26:56.125] PHD:Finished sync of “HomeSync_Mirror”.
    [2009/07/14 15:26:58.551] PHD:SIGTERMCallout: 2009-07-14 15:26:58 +0100
    [2009/07/14 15:26:59.527] PHD:Bye (PID:1092)
    [2009/07/14 15:27:07.962] ******************************************************************
    [2009/07/14 15:27:07.962] FileSyncAgent-277.10 (r?, PID:1128, OS:9F2533, ARCH:i386) starting
    [2009/07/14 15:27:07.962] LA: FileSyncAgent -launchedByLaunchd
    [2009/07/14 15:27:07.962] ******************************************************************
    [2009/07/14 15:48:48.202] Waking from sleep

    Any thoughts on this would be greatly appreciated

    in reply to: AD & OD: Trying to manage clients #376456
    bezzoh
    Participant

    What actually seems to be the issue is that if I view AD groups via Workgroup Manager, I can’t see the Long Name or User ID, only the shortname. I can however see all of the information for the ‘Domain Users’ group which is odd. I thought it was security permissions on the AD groups, however I gave authenticated users Full Control of a test group I created and the problem persisted.

Viewing 15 posts - 1 through 15 (of 30 total)