[djfake]

In Workgroup Manager, go to Inspector/Config/augmentconfiguration. Edit the XMLPlist attribute and remove the following two lines:

Augmented Directory Node Name
/Active Directory/All Domains

Save the setting, reboot the 10.7 client and please let me know if the AFP home mounts.

[djfake]

In Workgroup Manager, go to Inspector/Config/augmentconfiguration. Edit the XMLPlist attribute and remove the following two lines:

Augmented Directory Node Name
/Active Directory/All Domains

Save the setting, reboot the 10.7 client and please let me know if the AFP home mounts.

It does.

[djfake]

Will Augmented User Records on a 10.6.8 sever mount a home folder with 10.7.x clients? Seems like such a straightforward question….

[djfake]

[QUOTE][u]Quote by: MacTroll[/u][p]The AD plugin was updated to handle this. I thought the functionality went as far back as 10.5… but your experience leads me to believe that my memory is wrong and it only started doing this with 10.6.

So the short answer is… 10.6 got new functionality to do this, and it won’t work out of the box for you on 10.5.

It’s feasible to cook something up on your own, but it would probably be more effort than it’s worth.[/p][/QUOTE]

Is it a bug? The problem I have is the clients become unresponsive for a period of time – maybe they’re trying to renew kerberos? – but I’m sure it’s a DNS issue.

Only thing I can think of is to manually register them in DNS.

c

[djfake]

Specifically, when our 10.6 clients bind to AD, they get forward and reverse lookup on the AD DNS.
[code]
phyb-m-2143-c2s:~ admin$ nslookup ANAT-M-581-II.ad.xxx.edu
Server: 131.193.68.141
Address: 131.193.68.141#53

Name: ANAT-M-581-II.ad.xxx.edu
Address: 10.134.25.13

phyb-m-2143-c2s:~ admin2$ nslookup 10.134.25.13
Server: 131.193.68.141
Address: 131.193.68.141#53

13.25.134.10.in-addr.arpa name = anat-m-581-ii.ad.xxx.edu.
[/code]

But the 10.5 clients, don’t seem to register….

[code]
phyb-m-2143-c2s:~ admin$ nslookup ANAT-M-7048-05.ad.xxx.edu
Server: 131.193.68.141
Address: 131.193.68.141#53

Name: ANAT-M-7048-05.ad.xxx.edu
Address: 10.134.25.242

phyb-m-2143-c2s:~ admin$ nslookup 10.134.25.242
Server: 131.193.68.141
Address: 131.193.68.141#53

** server can’t find 242.25.134.10.in-addr.arpa.: NXDOMAIN
[/code]

Does anyone know why there’s a difference? How do I get the 10.5 clients to register with the AD DNS?

[djfake]

[QUOTE][u]Quote by: Jon_c[/u][p]Thank you for the recommendations!
I was able to use the -u option with the createmobileaccount tool and specify the afp user home sharepoint where I had previously directed my AD augments ( e.g. sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -u afp://server.domain.edu/Users/username ).

After that I logged in with my AD credentials and was prompted with the option to create a portable home directory – synchronization to the network home worked flawlessly and all the mobility settings that I had previously designated for the OD group of with the AD user was a member functioned properly.

[/p][/QUOTE]

This worked for me on a 10.6 client. Do I still need the MCX setting Tom H talked about?

[djfake]

Is it possible to have a user that is both _augmented user records_ and have _portable home folder_ syncing?

[djfake]

Ditto that, would be a big help to be able to have Linux users authenticate with LDAP (easy) and mount their OS X Server Home Directory.

c

[djfake]

Upgraded to 10.4.4 and the problem went away.

Fancy that….

[djfake]

even with another port, still locks up. convinced theres a problem with sshd & password server.

[djfake]

I’m having the same problem however, it’s because some script kiddies are running a dictionary at the server. At somepoint sshd must die because no one can login and we have to hard reboot to get back up.

HELP!

Oct 19 16:38:43 comrb-24-10 sshd[5114]: Illegal user linda from 210.95.212.131
Oct 19 16:38:43 comrb-24-10 sshd[5114]: Failed password for illegal user linda from 210.95.212.131 port 60525 ssh2
Oct 19 16:38:45 comrb-24-10 sshd[5116]: Illegal user linda from 210.95.212.131
Oct 19 16:40:44 comrb-24-10 sshd[5116]: fatal: Timeout before authentication for 210.95.212.131
Oct 19 16:41:31 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:08 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:14 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:20 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:25 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:31 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:36 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:42 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:48 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:53 comrb-24-10 mDNSResponder: Unknown DNS packet type 5020 from 128.248.155.165:1951 to 10.134.24.10 :5353 on 01816000 (ignored)
Oct 19 16:48:59 comrb-24-10 launchproxy[5166]: /usr/libexec/xftpd: getnameinfo(): Non-recoverable failure in name resolution
Oct 19 16:48:59 comrb-24-10 launchproxy[5166]: /usr/libexec/xftpd: getnameinfo(): Non-recoverable failure in name resolution
Oct 19 16:48:59 comrb-24-10 ftpd[5168]: getpeername (xftpd): Socket is not connected
Oct 19 16:58:47 comrb-24-10 launchproxy[5200]: /usr/libexec/sshd-keygen-wrapper: getnameinfo(): Non-recoverable failure in name resolution
Oct 19 16:58:47 comrb-24-10 launchproxy[5200]: /usr/libexec/sshd-keygen-wrapper: getnameinfo(): Non-recoverable failure in name resolution
Oct 19 17:02:48 comrb-24-10 sshd[5225]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Oct 19 17:02:48 comrb-24-10 sshd[5225]: fatal: Cannot bind any address.
Oct 19 17:03:06 comrb-24-10 launchproxy[5227]: /usr/libexec/xftpd: getnameinfo(): Non-recoverable failure in name resolution
Oct 19 17:03:06 comrb-24-10 launchproxy[5227]: /usr/libexec/xftpd: getnameinfo(): Non-recoverable failure in name resolution
Oct 19 17:03:06 comrb-24-10 ftpd[5228]: getpeername (xftpd): Socket is not connected
Oct 19 17:03:31 comrb-24-10 reboot: rebooted by locals

[djfake]

typically I’ve logged in to a server account first on a desktop (to make sure the account is okay), then logged out and then log in on a laptop, go to system preferences and select Create Mobile Account. Tiger does it’s wonder automagically.
Syncing doesn’t work on our wireless since it’s not the same subnet.

c

[Author]

Posts