[dom9inic]

Hi again,

just attended an Apple London HQ Edu event and that was made clear to me, but thank you. They also confirmed that my setup is correct, so it’s off to the Win admins I go.

Cheers

[dom9inic]

Hi there,

a little clarification. All users are AD users, pulled as Groups nested into OS 10.4 Server OD Groups with MCX applied at the Computer List and Group Level.

The AD user names, when viewed through WGM and lookupd show the format firstname.lastname with no spaces. Although my account, which is the one I’m using to test (so I will check another account) has an apostrophe in it. I need to learn my UNIX shortname naming do’s and dont’s.

Having scoured through the Apple docs again, I’ve answered my own question on whether the Win AD home dir will replace a Mac home dir. The answer is no.

[dom9inic]

Does my question not make sense?

I understand that the default behaviour of the AD plugin is to mount the Win home folder specified on the AD server, but this doesn’t happen for me.

All that happens is even if I don’t have force local home, a home folder is created under the logged in user but that user does not have permissions to it.

I am prepared to go through all the troubleshooting with the Win admins if the Win AD Home folder provides much the same functionality as Mac home folders.
Anyone?

[dom9inic]

Yes, I have been impressed with boot times in Tiger Server, how interesting.

Just wanted to say what a wonderful resource afp is and by extension you guys. Apple Documentation is handy but this is where you learn what is actually going.

Many Thanks,

[dom9inic]

I thought as much, considering this is a vanilla install, software updates applied in standalone, then merely promoted to OD master in Server Admin. Nothing else touched, save editing /etc/hostconfig and /etc/hosts

Quickly setup AFP to create my NetInstall Imaging share and access works as expected.

Cheers again,

[dom9inic]

Well, putting the FQDN in both /etc/hostconfig and /etc/hosts did the trick after a reboot.

When promoting, the search base was correct and without .local. The slapconfig log looks alright, but with a few grunts about not being able to configure http.

Thanks for the help guys.

[dom9inic]

I see what you’re saying but, I do have reverse DNS setup. I can get the right infor with dig, host and nslookup. I’ve double checked with the DNS Admins.

I will try hard coding it in /etc/hostconfig to see if this makes the difference.

Very odd, especially as I’ve just sacked Jaguar server where the same DNS worked fine. Then again, I wasn’t trying to setup Kerberos.

Thanks for the input again.

[dom9inic]

So something that stands out in the initial config, is the

Computer Name
Hostname Fields

I thought that both needed to be filled with the FQDN.
When you fill the hostname in, below, outside of the field it shows that it is automatically appending .local to it and there is nothing you can do.

So, this must be normal behaviour. Now, I presume that by changing to an OD master this .local tag is stripped, but that is not what happens for me.

Or is this normal? Does anyone else have the .local appended? Should I just use “$ hostname -s my.domain.eg ?

[dom9inic]

Alright, re-imaged to my stabdalone, double checked the config file I saved out at initial install, nothing to do with .local in my FQDN.

DNS works in standalone, but hostname still using the FQDN.local tag.

Promote to OD Master. Now in the Create new diradmin box, the search base is dividing up my FQDN to include dc=local, so I change it, removing that completely and doing the standard dc for all levels of the FQDN.

Server promoted, check hostname, still with the FQDN.local

As an example

exampe.com.local

Extremely irritating.

slapconfig says

2005-12-01 15:33:12 +0000 - slapconfig -setstandalone
2005-12-06 14:17:31 +0000 - slapconfig -createldapmasterandadmin
2005-12-06 14:17:31 +0000 - Creating password server slot
2005-12-06 14:17:31 +0000 - command: /usr/sbin/mkpassdb -u xs01diradmin -p -q
2005-12-06 14:17:33 +0000 - command: /usr/sbin/mkpassdb -a -u root -p -q
2005-12-06 14:17:33 +0000 - command: /usr/sbin/NeST -startpasswordserver
2005-12-06 14:17:35 +0000 - Starting LDAP server (slapd)
2005-12-06 14:17:39 +0000 - command: /usr/bin/ldapadd -c -x -D uid=root,cn=users,dc=machine-name,dc=fqdn,dc=ac,dc=uk -w ****
2005-12-06 14:17:40 +0000 - Hostname machine-name-fqdn-ac-uk.local is from Rendezvous
2005-12-06 14:17:40 +0000 - Skipping Kerberos configuration
2005-12-06 14:17:40 +0000 - command: /usr/sbin/vpnaddkeyagentuser -q /LDAPv3/127.0.0.1
2005-12-06 14:17:41 +0000 - slapconfig -setldapconfig
2005-12-06 14:17:41 +0000 - command: /usr/sbin/mkpassdb -setreplicationinterval 86400 SyncAnytime

Think I shall install from scratch again, to see if there is anything in the initial config I can catch, but all ideas are welcome.

[dom9inic]

So, I checked the hostname and sure enough it is tagging .local to the end of my FQDN. Think I shall re-image if I get a chance today and watch my step. Not sure where it would have taken the .local from, I sure as hell didn’t specify it.

Off we go again.

[dom9inic]

Hi MacTroll,

Will have to do this tomorrow, no VPN access from home for me. I did check that DNS forward and reverse resolved to the FQDN and that the sharing pref pane showed the FQDN.

As I am new to Tiger Server I was put off and unfamiliar with the rendezvous display of hyphens replacing dots in the FQDN.

It’s no problem to go back to base install with my ASR image as I’ve only just started with this server config.

Thanks for your help though, always appreciated.

[dom9inic]

Hmm, the starred out portion of the namespace is the actual FQDN for our site, and I’ve specified the FQDN from the initial install. Not sure why this is happening.

I must admit, I was confused that the .local was tagging onto the end, but hey, that explains me not being able to login after binding to the OD Master.

Alright, back to my basic config disk image.

Cheers for that, not sure how it thinks it’s in the local namespace but there we go.

[dom9inic]

Okay, what version of client are you running? Have you checked you are getting a Kerberos Ticket?

[dom9inic]

Hi Josh,

thanks for the response. Yes, that’s what I assumed was supposed to happen, it just does not seem to be working for us here. I have been assured that the HomeDir has been specified in the Profile at the AD server. Nevertheless, doesn’t mount for me.

What about my question regarding AD users getting OD automounts and shares, do you know if that is possible?

Cheers,

[dom9inic]

You would need to set quotas at the AD machine if I understand it correctly. You cannot manage individual AD users from your OD master, only add them to OD groups and manage those groups.

[Author]

Posts