[ingenious7]

Thanks Tony – I wasn’t aware that Leopard did any time sync as a part of the update, though I still think it should be able to manage 8 hours!

I did see the ntpd command so I will look in to that. Did you use Lingon to get the daemon to work? For now I’ll stick with the Windows change – I’d rather change the beast.

[ingenious7]

Hey,

So the problem was definitely time related. I tried syncing the time from Leopard using a startup daemon and running the ntpdate -b but no luck – I might be doing something wrong. What has definitely worked was setting the way Windows stores time to UTC in the registry:

[code]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
“RealTimeIsUniversal”=dword:00000001[/code]

Windows then needs to be rebooted. From then on it seems to be fine when we image Leopard from the Net Book server it authenticates to AD every time, even through multiple boots to Windows and back again. For computers that we don’t want to reimage, we just need to log in to OS X, make sure the time has synced or force a sync, then remove all AD Directory Utility configs and re-add them.

I am really not sure why Leopard by default wouldn’t do a time sync on startup! It seems utterly confusing. Does any one know if Snow Leopard does a time sync on startup?

[ingenious7]

Thanks for that. Radmind looks very good. I am going to start looking at that to automatically deploy software. Seems like a project with a lot of potential. I still pray that Apple may integrate better deployment features for large scale Mac setups into any ARD 4 version that may arise in the future!

[ingenious7]

I did purchase a certificate, but had major problems getting it installed to the server. I didn’t realize you had to install the cert to the local server system keychain. I was trying to install it from Server Admin. I’ve since put the certificate to good use on my Ubuntu Apache Moodle server.

I have had no problems using a self-signed certificate with the RADIUS server, except for when I forgot to set the trust correctly.

[ingenious7]

Hi MacTroll,

Thanks for your reply. I want to have both servers running at the same time to increase redundancy especially if nobody from IT is here to switch on the secondary service.

Current lease time is set to 1 day. I am under the impression that the DHCP servers should be intelligent enough not to issue an IP address that already exists on the network and has been issued by another DHCP server.

The servers won’t need to be configured to “talk” to each other to share information?

[ingenious7]

I had this same problem. When I set it to always trust it worked fine.

[ingenious7]

[QUOTE][u]Quote by: bomek[/u][p]I’m also getting a lot of issues using MacOSX 10.5. This version seem to be totally broken when used in a windows environnement. If you select the box “Password must be changed at next login”, the user is asked to change his password over and over if he logged on a replica!!!!

And the fileserver stop responding from time to time. Support for streams is whacked, etc, etc…[/p][/QUOTE]

Hi bomek,

I am still seeing this issue! Mac OS X clients are able to change password fine when it is forced – Windows gets stuck in an infinite loop of forcing password changes. Funny thing is that users can actually change their password once logged in. We have possibly linked this to a corrupt index in the LDAP tree and plan to do a rebuild of the index to see if this makes any difference.

As for profiles: All servers are now running Mac OS X 10.5.6. We have three BDC and one PDC. Two of the BDC have no issues for users downloading their roaming profiles. Never get error messages and it works super fast.

The other BDC occasionally has issues, though not as often as it used to. The error we get is that “The specified network name is no longer available”. It is like the server is being overloaded and dropping connections. We adjusted some group policies for computers using the System Policy Editor to try and increase the timeout before the workstation uses a local profile as we thought that maybe this particular BDC was under heavier load than the others. If anyone is having different error messages when trying to download profiles we made changes using the System Policy Editor to redirect Windows Desktop to H:\Desktop and also set a policy to not create “thumbs.db” which for some reason causes profiles not to download correctly.

I really find this quite a cryptic problem – as two BDCs work fine – always have under 10.5.4 and 10.5.6. The only difference is that I didn’t put them on 10.5.5 after the problem with the BDC we did put on 10.5.5.

[ingenious7]

We use RADIUS served from OS X 10.5. I don’t know if this will help with your setup, but to get users to authenticate before logging on to the system I added a “Login Windows Profile” under System Preferences > Network > AirPort > Advanced > 802.1x > + > Add User Login Profile. I then enter the SSID details and it makes a connection.

When the MacBooks load to the login window, it shows network access reading “Network Access Available on Logon”

Again, not sure if this will work in your setup.

[ingenious7]

I’m “glad” to hear that I am not the only one with this problem. Everything was working really well with 10.5.4 and I really don’t know how it could have gotten broken so much.

I don’t know what you have concluded, but we seem to think that there is an issue with smb dropping connections, possibly due to an issue with WINS. we have changed some of the WINS settings and it seems a little better, but still a few issues. I did see in the list of improvements for 10.5.5 that Apple “fixed” PDCs and BDCs so they would work properly together.

[ingenious7]

In addition, here are the smb logs when the profile is being copied over

KieranB closed file s1997/KieranB/Application Data/Thunderbird/registry.dat:AFP_AFPINFO:$DATA (numopen=48) NT_STATUS_OK
[2008/09/19 14:50:02, 2, pid=1597] /SourceCache/samba/samba-187.8/samba/source/smbd/close.c:close_normal_file(399)
KieranB closed file s1997/KieranB/Application Data/Thunderbird/profiles.ini:AFP_AFPINFO:$DATA (numopen=47) NT_STATUS_OK
[2008/09/19 14:50:06, 0, pid=1645] /SourceCache/samba/samba-187.8/samba/source/lib/util_sock.c:set_socket_options(261)
Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
[2008/09/19 14:50:06, 0, pid=1645] /SourceCache/samba/samba-187.8/samba/source/lib/util_sock.c:set_socket_options(261)
Failed to set socket option TCP_NODELAY (Error Invalid argument)
[2008/09/19 14:50:06, 0, pid=1645] /SourceCache/samba/samba-187.8/samba/source/lib/util_sock.c:get_peer_addr(1224)
getpeername failed. Error was Invalid argument
[2008/09/19 14:50:06, 2, pid=1645] /SourceCache/samba/samba-187.8/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=PRINT name2=W-JS-STU24
[2008/09/19 14:50:06, 2, pid=1645] /SourceCache/samba/samba-187.8/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=print remote=w-js-stu24, name type = 0
[2008/09/19 14:50:06, 0, pid=1645] /SourceCache/samba/samba-187.8/samba/source/lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 10.133.168.82. Error Broken pipe
[2008/09/19 14:50:06, 0, pid=1645] /SourceCache/samba/samba-187.8/samba/source/lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Broken pipe)
[2008/09/19 14:50:06, 2, pid=1646] /SourceCache/samba/samba-187.8/samba/source/lib/module.c:do_smb_load_module(64)
Module ‘/usr/lib/samba/auth/odsam.dylib’ loaded
[2008/09/19 14:50:09, 2, pid=1655] /SourceCache/samba/samba-187.8/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=10.133.168.200 name2=ENDEAVOUR-IMAC5
[2008/09/19 14:50:09, 2, pid=1655] /SourceCache/samba/samba-187.8/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=10.133.168.200 remote=endeavour-imac5, name type = 0
[2008/09/19 14:50:09, 2, pid=1655] /SourceCache/samba/samba-187.8/samba/source/lib/module.c:do_smb_load_module(64)
Module ‘/usr/lib/samba/auth/odsam.dylib’ loaded
[2008/09/19 14:50:09, 2, pid=1493] /SourceCache/samba/samba-187.8/samba/source/smbd/close.c:close_normal_file(399)
HaydnTS closed file Desktop/Windows Media Player.lnk (numopen=2) NT_STATUS_OK
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.
The process has forked and you cannot use this CoreFoundation functionality safely. You MUST exec().
Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug.

[ingenious7]

Check out http://www.bombich.com and look for a program called NetRestore.

[ingenious7]

Thanks for the reply. I noticed that I could set the self-signed certificate as always trust on the clients, but shouldn’t the certificate I have purchased be showing that it is trusted already? My biggest issue is that the certificates do not install the way in which you would expect using ServerAdmin.

[ingenious7]

Are you running the latest version of the OS – 10.5.4? We suffered with this issue until 10.5.3 was released (i think it was 10.5.3) anyway if you are running on an old server version I would take a guess and say that is the issue.

[ingenious7]

Hi,

I’m guessing you are using your Mac OS X Server as the Print server with all of the queues set up on there. What you could try is setting up two queues to the same printer. Then load up the CUPS web interface on the Mac server by typing localhost:631. You should be able to see all of your printer queues in there. We use this to set up all of our queues as it gives much more flexibility than the ServerAdmin.

Anyway, once your are in the web interface, there are options to change settings on a print queue – and within there one of the settings should be to restrict to greyscale printing only.

let me know if this works for you.

[ingenious7]

Sounding very similar to what we have done. We have never run a Windows Domain before, but have always used Mac OS X as the file server for our users. While most of our workstations are Mac OS X, there are a number of Windows based computers.

As you would know, with users logging in to many different computers, the headache of using complicated scripts to map drives and copy folders because everything is local on the Windows computers is a real headache.

We decided to bring in Primary and Backup Domain Controllers served from Mac OS X 10.5 using Samba. Roaming Profiles have given us back a lot of control. While the initial setup may not be as friendly as Windows Server, it isn’t too hard and once you overcome the initial hurdles it runs exceptionally well, and there isn’t much of a performance loss.

To those who are missing the Group Policy stuff – look for a small and obscure program from Microsoft called System Policy Editor. This is pretty much what you will need to use to control policies based on the registry in a Samba domain environment. It takes a bit of getting used to but is fairly simple and gives you control over most Windows settings that Group Policy does. I don’t know how familiar you are with it, but if you save your output as an NTConfig.pol file and store it under /etc/netlogon you will claw back some of that control that Windows sysadmins love.

[Author]

Posts