[deemery]

These are accounts that you already have, created using Tiger Server? My -hypothesis- is that you’ll have to recreate them.

What you might want to try is the following:
1. Create a temp account on the Tiger server
2. Log into it from the Leopard client
3. Then on the Leopard client, use the Users System Preferences to turn this into a Mobile account.

So if this works, what you might then need to do is -delete- the account from the Leopard client (after synching and backing up, of course), and then recreate it.

This is a guess, I haven’t tried this (yet).

dave

[deemery]

Is it just me, or do others think Certs are a big mess?

There’s been a discussion on the Fed-Users list on problems with various kinds of certs and email, web browsing, etc, where the app doesn’t pick up the -right kind- of cert. I have a lot of problem both sending and receiving encrypted email using Thunderbird.

dave

[deemery]

Group “www” (number 70) does not show up even when I do that. In fact there are about 20 entries in /etc/group that don’t appear when I enable ‘show system users and groups”.

So I’m still confused 🙁

dave

[deemery]

Just to confirm, we’re talking Networked but not Mobile accounts? On my Mobile account, I see this happen when OS X decides to synch/check the laptop with the ‘mothership’.

dave

[deemery]

The primary connection is from the D-Link WAP (which has an external antenna) to an Airport Express located elsewhere in the house. My OS X Server machine runs iTunes 24×7, sending packets via wired ethernet to the WAP and then WiFi to the Airport Express, then to an FM transmitter connected to the Airport Express’s AirTunes port, for broadcast throughout the house. (The small Airport Express and its FM transmitter are located to get maximum signal strength through the house. Most FM radios suck trying to capture weak FM signals, particularly in a a major metropolitan area with a crowded FM dial…)

The secondary connections are between the D-Link WAP and an Al PowerBook, a MacBook Pro, a PowerPC Mini and a G5, all with Airport Extreme (or better, in the case of the MacBook Pro) cards. Mostly these machines are hard-wired to a (GigE) switch in the basement (where computers are banashed per order of She Who Must Be Obeyed), but occasionally I want to use a laptop in particular somewhere else in the house.

I’ve been able to make a connection using 128-bit WEPI’d much prefer to use WPA2 for its better security. If worse-comes-to-worse, I’ll unlock the whole stupid network, pass only the AirTunes port through the WAP’s firewall, but that’ll prevent the home wireless from being used for the other Macs.

It seems that the D-Link now “loses its mind” every day or so, requiring that I power-cycle it. Fortunately, the Airport Express does automatically reconnect when this happens, but I have to manually reselect the Airport Express in iTunes.

I’m beginning to think that I”ll have to spend more $$ to replace the D-Link WAP with an Apple unit, and frankly I’d rather not have to spend the premium for Apple’s WAP if I can avoid it. (The home office is already way over its IT budget…)

dave

[deemery]

Just remind said accountant that if s/he loses the password, s/he is permantly out of luck…

dave

[deemery]

Isn’t this new Apple note relevant?

http://docs.info.apple.com/article.html?artnum=106830

dave

[deemery]

One option would be to use IPNetRouter for DHCP. (This might be doable via the OS X Server, but I happen to know it can be done with IPNetRouter)

Each machine (laptop, printer, etc) has a unique MAC address, and you set up the DHCP servers so that it only works with known MAC addresses. Thus an arbitrary machine comes up with its MAC address identity, one DHCP server responds and grants that machine a known IP address and the other DHCP server ignores the request.

dave

[deemery]

If you go over to Sustworks.com, Peter Sichel provides drivers for selected USB/Ethernet adapters. For a fairly long time, I was using a Mac Mini with the USB/Ethernet talking to the outside world (i.e. my cable modem) and the onboard ethernet talking to the LAN. I wasn’t running X Server on this machine, instead I was running Sustwork’s IPNetRouter (a -really superb product- that gave me years of great performance and substantial security with almost zero effort after I got the installation working, and outstanding tech support from Peter, too!)

The 2 problems with the Mini are

1. it’s only 100BaseT, not GigE.

2. Its internal disk is slow and it’s only FW 400 coming out.

I don’t know about the latest Intel Minis, but my original 1st Gen mini got better perfomance from an external FW400 drive; I bought one of the OWC drive cases designed to fit under a Mini.

I think the Mini will be much faster than the old G4/400, but you’ll want to make sure your Mini has at least 1gb of RAM in it.

I did have X Server running on my (PPC) Mini for a while, but moved it over to a G4/933 so that I could mount more hard drives into the server machine.

dave

[deemery]

> passwd

Does this change the Open Directory password, or just the local account password?

thanks dave

[deemery]

I think that one way to do this is to set up a drive volume solely for backups. So let’s say you have 5 users and want to guarantee each of them 20mb for backup.

Buy a 120gb drive (internal or external), hang it off your server. (You’ll need more than a 100gb drive because you don’t get a full 100gb from a 100gb drive.) Or take an existing drive and repartition it to provide a new 100gb partition.

Then you can create /Volumes/backups/user1, /Volumes/backups/user2, etc on that drive, enable a 20gb quota for each, and get the effect you want.

If you’re not running a large rack mounted RAID configuration already, consider buying one of the RAID external drive cases, such as that provided by OWC or the “Venus” model from AMS (you can Google ‘venus RAID’ to get multiple sources.)

Another really cheap option right now is that several drive makers have USB 2.0/FW400 external drives on sale cheap. Since you’re talking about this for backup, dri8ve performance isn’t an issue. (The OWC and Venus RAID cases are both FW -800-, and FW800 performance is quite nice!).

Don’t forget though, that a backup strategy that doesn’t provide for off-site storage is really not complete. (I’m guilty of this, my plan is to use two of my external drives as an offsite backup for important data, stored at a friend’s house. Every so often I’ll swap the external drives with him.)

Separate topic: I’m on the hook to write an article on ‘at-home use of OS X server’. If you’re using X Server for home/home office/really small business, I’d like to hear from you. ([email protected])

dave

[deemery]

It seemed to me that it was no good to have two users Fast-User-Switched on the same machine with the same home directory mount point.

So for my home use, my ~ is on a mount point named “u” , and my wife’s ~ is on a mount point named “u2”. (OK, so not much originality there, but no spaces in the disk name…)

All I know for sure was that I was having problems getting the second account to work right until I created a new mount point for its home directory.

Generically, that’s been my experience with OS X Server as a non-professional administrator. When it works right, it’s solid as a rock. But it can fail in strange ways and provide -no- intuition or help in understanding what just happened.

dave

[deemery]

A related question:

If I have LDAP accounts, how do I add the “www” group to an LDAP user so that s/he can access files ‘owned’ by the www group on the webserver (specifically updating them where group “www” has write access.)?

dave

[deemery]

Here’s what a friend recommends. You add this to the end of /etc/sshd_config:

Protocol 2
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePam no

dave

[deemery]

I’ve been reading about SSH PKI stuff, and see that by default, if the PKI stuff doesn’t work, SSH reverts to a password challenge.

How do I turn that off (on both X Server and X client, I’m presuming they’re the same here), so that if you cant set up the PKI session, you can’t connect at all?

thanks dave

[Author]

Posts