[ghostman]

I’ll answer my own question…

There doesn’t seem to be a way to do this using the default container “users”. Our solution was to use the container “people” strictly for the company address book. It doesn’t pass the Jabber field correctly for iChat, but that is a small inconvenience.

[ghostman]

It really depends on what the server is doing.

If you are using only one IP address, you can only have one reverse for the server. This would cause problems with mail serving (many ISPs will reject email that originates from a server that has mismatching forward and reverse records). Web serving is another thing – configure Apache to listen for virtual domain by name. It also depends on whether your server is authoritative or not.

If the reverse is not necessary, then create a new zone and add a record that is an alias (CNAME record) to your original DNS entry. If you do the new zone from Server Admin, the program won’t let you create a reverse for a CNAME.

If you need the reverse to match, your best bet is to add a virtual IP (aka Multihoming) for each domain.

[ghostman]

I’m wondering if you really need to have the Linux system be a fully functional mail server.

Assuming you are using 10.3 Server, you can set up Postfix so the primary mail server runs on the Mac Server. The Linux box can have Postfix setup as a secondary mail queue. Set your public DNS to have your Mac as the MX record and the Linux box as the MX2 record. If the Mac fails, the Linux box would receive incoming mail and transfer the queue when the Mac comes back online.

The caveat – if your mail server fails, you won’t be able to read the new incoming mail until it is back online and you will have to do a SMTP dance if you need to send mail – but you won’t loose any mail.

[ghostman]

I’m still having an issue with this. My users can authenticate fine. But for some reason, when connected to one of my Open Directory Slave machines via AFP, the command line will still return unknown groups.

I’ve actually matched user and primary group IDs on my test computer to an account the OD, but I still get the error. I thought it might have been a software version issue (OD Master was 10.3.5, slaves were 10.3.3 and 10.3.4), but updates didn’t help. Doing an ID comes back correctly and shows all the groups the network user is suppose to belong to.

Thoughts?

[ghostman]

I know all too well the questions you’ve asked – I’ve dealt with them all.

First, if your client computers are or will be connecting to your server with AFP or SMB over IP, I would recommend getting an XServe or at least getting OS X Server software. The networking in Panther Server is optimized and you’ll get better file transfer speeds.

From experience, I would not recommend Apple’s mirroring to keep your data safe. Mirroring does not allow for failover – if one drive dies, the server unmounts both until you fix or replace the bad drive. And Apple’s fix is not very pretty if you are not UNIX savvy. To heal mirrored drives, you must type several intricate command lines and cross your fingers (my company track record is 1 success and 1 failure with this). It isn’t something for the faint of heart and definitely not something that an end user could do in an emergency.

If you are really trying to centralize storage, it must be robust and have fault tolerance. If it goes down and end users loose data, they will have no faith in the system and will continue to save their work locally.

I’ve have good success with RAID 5 solutions. Briefly, RAID 5 has a controller that watches the drives for faults and writes parity to the drives. You’d need a minimum of 3 drives online – two would be striped with data and the third would be a hot spare. If drive one or two fails, the controller rebuilds the data (based on the parity bits) to the third drive. You can hot swap the bad drive with a new drive at any time (the sooner the better just incase you have another bad drive).

The XServe Raid is a nice solution. But with one caveat – ATA drives. They don’t seem to be as robust at turning 24/7 and you might have to replace them more often than with SCSI or Fibre Channel drives. But they are much cheaper to replace (especially if you buy your own drives and just replace them in the Apple sled module).

You might want to look into eRaid. It is a stand alone RAID 5 box that supports FireWire 800.

[ghostman]

okay, I’ll bite.

Besides changing the local user ID to match the Open Directory UID, how do you statically map UIDs? I’ve done the change of local UID with bad results – users had no permissions. Just wondering what I missed.

[ghostman]

You would need a separate zone file for each domain and a separate reverse file also. If you are running Panther Server, the Server Admin application will allow you to duplicate and edit the zones.

[Author]

Posts