[darkstar]

If you don’t already have one, get yourself an IP Address calculator. I like SubnetCalc.app, or ipnetmonitor.app has one. You can also find Web sites that offer IP address calculators online.

Familiarize yourself with the different address combinations and results in terms of available IP addresses by altering the subnet mask. I use 255.255.128.0 and we have plenty of addresses plus room to grow.

If all of your machines and devices use addresses from your DHCP server, you should be able to change the subnet mask and once everything reboots you will have a larger pool of addresses.

If you have a bunch of machines with manually-entered IP addresses or are doing something special with wireless access points then it becomes more complicated and you’ll have to run around and change a lot of things manually.

I prefer to have the router distribute DHCP addresses, but it sounds like you have two different things going. Are you using a dual-WAN capable router?

Assigning IP addresses based on MAC addresses is OK, too, but it won’t help much if there aren’t enough IP addresses to go around. Plus, maintaining the MAC address database can be time consuming as machines come and go. It does prevent unauthorized devices from gaining access to your network, though.

[darkstar]

Just curious……does it work using a certificate created using your own certificate authority?

There’s a really great step-by-step guide to creating your own CA and rolling certs right here on this site. It’s pretty easy if you haven’t tried yet. Only thing I would do is change is the name of the CA, which is “demo” unless you change it in the /System/Library/OpenSSL/openssl.cnf before you start.

ON a related note, has anyone set up their own CA and been able to get it to show up as one of the CAs or the default CA when using the certificate assistant in the keychain program?

[darkstar]

I can second that. I set up an address book server about a year ago with their software and it is pretty slick. Except for a bit of LDAP-related hair pulling, I learned quite a bit more about LDAP in the process.

Since then they’ve come out with a little sync control app that resides in the system prefs page on your machine. I haven’t used that part much, but from what I saw it works well, too.

FWIW, I set my address book server up on a regular 10.4 client. It can be done on a machine running Tiger Server and Open Directory, but I haven’t attempted that yet.

If you’re looking for an out-of-the-box solution, Kerio’s mail server does a great job syncing up with Tiger Server and OD. (And addressbook and mac.com, too.)

[darkstar]

I have user pictures and group pictures mapped and it works great. Last time I checked it doesn’t work with jpegs.

Make ’em .tiffs and be sure they’re .tiff files with two fs. It doesn’t like just one f. Beware of Photoshop — it uses one f instead of two by default.

[darkstar]

Try this: https://www.afp548.com/forum/viewtopic.php?forum=18&showtopic=11925&highlight=slapd

[darkstar]

No, the edu file is different. The other one is here: /var/db/krb5kdc/kdc.conf

It’s not really difficult, but I crashed and burned a lot of server configurations before getting to that point. Your mileage may vary.

[darkstar]

The max_life and max_renewable_life lines in the kdc.conf determine how long your ticket will last or how long you may renew it for.

MIT’s Mac Kerberos site has some pretty good documentation.

http://web.mit.edu/macdev/KfM/Common/Documentation/documentation.html

If you’re going to mess with your kdc.conf file you might check out the password dictionary option. At the very least it’s a way to get rid of the “No dictionary file specified, continuing without one” error message every time Kerberos starts up. Pay attention if you’re running any replicas. You’ll probably have to update the replica configurations by hand to match whatever changes you make to the master

[darkstar]

I have an HP2200dtn and haven’t had any Filemaker printing issues at all.

In my setup I gave the printer a static IP address and a corresponding DNS entry (with PTR) in 10.4.1 server. Connecting vis IPP. It has worked great since day one.

[darkstar]

That’s what I needed to know. Thanks.

[darkstar]

The answer is probably rightin front of me, but I do not see where I do this.

I tried renaming the ldap from a dns to 127….. but that didn’t do the trick.

[darkstar]

OK, thanks.

Is this something I configure in workgroup manager with inspector, or do I do it in directory access? Is the entry field called server?

This brings up another setup question that has been bothering me. This was a clean install and I didn’t ever migrate from netinfo to ldap, but rather I started with ldap and all of the core stuff — users such as mail, etc – remain in netinfo.

Did I miss the boat somewhere? Should the netinfo data be transfered over to ldap up front?

[darkstar]

Thanks for the pointers. I’m not sure exactly what is different, but I used that example and presto, it works.

I ended up giving each domain its own ns entry with an individual IP address, too.

WHat about client computers?

Anybody have any thoughts on whether clients on the network should be configured beyond the localhost? So far it seems to work fine the way they are, but configuring them shouldn’t be too tough.

Now it’s on to set up open directory and an ldap server

[darkstar]

I hava a nagging little DNS problem that is driving me nuts.

I’m running 10.3 server on a G5 behind a multi DMZ router/firewall using the router’s 192. address scheme. The server has multiple IP addresses and multiple domains, but right now just one is running unril I solve this.

I decided to start using the DNS server because I was tired of numbers. Initial config went great and all the machines on the network arrive at the server using the name,

The problem is with subdomains.

I can not get mail.example.com to work or any others. I’ve tried them as CNAMEs, I’ve tried A listings and darn near every combo, yet they just won’t resolve. I have reverse pointers, I’ve reordered the file and and read nearly everything on this site about DNS and elsewhere with no luck.

It’s probably really simple, but it has me stumped. Any tips on how to make this work?

[Author]

Posts