[jkonrad]

19 eMacs running 10.4.7.
12 Intel iMacs running 10.4.7

All users log in against an AD server (Windows 2003) and an OD server (OS X server 10.4.7). Their home directories are on a different OS X server running 10.4.7 and are mounted via AFP.

It is not a 10.4.7 issue since all 19 eMacs with any user at any time can restart successfully everytime, all the time with out problem. However, the Intel machines when restarted by a user, by a power failure, or by a Remote Desktop command will hang on restart about 50% of the time.

This only occurs on Intel Machines, and only when they are configured in directory services to authenticate first to AD, then to OD. Thanks for the interest, but it is clearly something about the Intel version of 10.4.7, or a mistake in my configuration, but not a 10.3 vrs 10.4 issue since it does not occur with 10.4 on eMacs.

Jon

[jkonrad]

Thanks. This did not seem to help, but it was nice to get a response! Thanks.

Jon

[jkonrad]

This is not a fix, but I found a similar discussion on Apple’s site. The workaround goes like this:

STEPS (***ON THE CLIENT***)

(1) Open the following file : /etc/hostconfig

(2) Change the line “SPOTLIGHT=-YES-” to “SPOTLIGHT=-NO-”

(3) Reboot

Spotlight will be disabled however your files should stop vanishing.
Thank you very much apple. We are happy that there is now a
workaround, people were losing work. Now we can rest easy. Thank you.

PS : TESTED ON 10.4.5 Client and Server
Upgrading to 10.4.6 Server stopped login working before this
workaround was applied to the clients.
It seems people have had mixed results with the 10.4.6 upgrade.
Be prepared to roll back to 10.4.5 if you are applying this upgrade.”

This has definately helped our lab. The full thread is here:

http://discussions.apple.com/thread.jspa?threadID=309002

Hope this some labs.

[jkonrad]

This sounds very similar to a problem I’m having. I have 12 new Intel iMacs which I would like to be bound to AD for user accounts, and OD for mcx management.

I just setup my lab (mix eMac ppc and iMac intel). The eMacs work perfectly, but the iMacs often hang during boot. Restarting multiple times will eventually get the student to a log in screen.

I have been “binding” macs to AD and OD since 10.3, however, I’m not a master of behind the scenes commands or text files. So if you have any ideas

If I am not bound to OD, how will the computers get their preferences? Will it only work with group managed preferences not machine level?

I’m used to setting up computer lists and then modifying simple things like proxy server, logon items, printers. How would this function if these computers are not bound to OD?

The client and sever software is at 10.4.7. Thanks for any help

Jonathan ([email protected])

[jkonrad]

I have the same question. I am running 10.3.9 server, and just now upgraded some of my clients to 10.4.6. I’ve had a number of problems with this new configuration.

One thing I would like to try is to “upgrade legacy groups”, from within Workgroup Manager. However, I still have many 10.3.9 clients that use this OD

Does anyone know what this does and how it will affect my 10.4 or 10.3 clients!

Thanks,

Jonathan Konrad

[jkonrad]

Just an update, if I use AFP protocol and check “mount with user name and password” it will automount. However, smb will not work. Why?

[jkonrad]

Just digging for any new help. I have now built a small program that mounts that shares for the users when executed and then placed that in the login preference in MCX and it works.

Still it would be much, much better to just use mount at login. Why does this not work under AD/OD, but did under pure OD?

[jkonrad]

Rats! This now started happening to me!! I mean after everything was working just fine.

I have AD and OD setup. The client machines work and are on 10.3.9. Yesturday all users logged in. Today many don’t. It seems random. I user will try. It will authenticate against AD, then present them with the OD group choice (if they belong to more than one group), then it will stop and give them the “unable to login at this time” error.

A different user can then sit down at that very machine and log it without problem. I’ve tried re “chown” ing their home directory and no dice. I’m still digging, but what would cause this? How can I fix it?

[jkonrad]

Curious, are the home folders on a Windows Server or a Mac server? This is very similar to problems I’ve had using afp or smb shares for home folders on OS X 10.3.9 clients.

My home sharepoints were created on an OS X server and I found that if I just had empty home shares that the users had full access to they could mount them after login, but they could not be used as a true home folder (with the disable local home switch in the AD plugin). I even found that if I took an old or local home folder and copied it the network share location and then chown ownership to the user it still would not work. I needed to make new home folders using the template home folder, and then copy all the old data to the new home. Then it acted like a true home folder and would mount during login and stop giving the “home folder is located smb/afp” message.

The basic commands done on the OS X server were:

sudo cp –r /System/Library/User Template/English.lproj /Volumes/SERVER/Home/username

and then:

sudo chown –R username /Volumes/SERVER/Home/username

Oh, sorry, reading your logs suggest it is a windows server. Still it should be possible to copy the default home template to windows share points. The other guys helping you know way more, but I suspect that when you force the share to act like a Mac home folder it needs to have a certain set of folders inside with the proper permissions. Unlike windows, I don’t believe the Mac clients will create them if they are not present.

[jkonrad]

I am now using inspector and the MCXsettings directly. I’ve changed the url to “smb://server/sharepoint” and it still will not mount at logon.

After logging in the student can use “Connect to Server …” from the finder and type the exact url and they will mount the share without being asked for their username and password.

Any ideas? I’ve also tried the url with the IP address of the server in case it’s a DNS thing. Still no dice.

I know the student is connecting to the OD server and getting MCXsettings becasue I can change other preferences and the changes are reflected on the next login (like allowed programs)

[jkonrad]

Another thing to check is how you created the home folders in the first place. Did you use:

sudo cp –r /System/Library/User\ Template/English.lproj /Volumes/SERVER/Home/username

and then:

sudo chown –R username /Volumes/SERVER/Home/username

There are good scripts out there to help do this for lots of users. I found the homes would not show up untill I built them this way. I could mount them after login as you described, but something in the preferences or ownership wasn’t perfect till I built them this way.

[jkonrad]

Thanks for the help. The edu.mit.kerberos file are identical on each of the clients. It is properly created by the AD plugin and works if AD is the only authentication method.

I’ve finally given up. If I clone a working machine over a non working machine and then change the settings it still works. I hate not knowing why something doesn’t work, and now i have to clone about 30 machines, but hey it works. Thanks for all the people who read this and tired.

Jon

[jkonrad]

Sorry to keep posting more of the problem, but I’m just hoping to trigger a useful thought out there.

I’ve now checked the system clocks, the ethernet cords, the ethernet switches. I’ve deleted all the files from /Library/Preferences/DirectoryAccess and then recreated them by setting up AD and OD. I’ve even zapped the PRAM! All clients work with AD only in the authentication tab, but when I enable or add OD to the authentication half the computer lab fails.

The computers that fail will still loging to local accounts or accoutns I setup on the OD master, but stop working with AD accounts.

I’ve held up the school year in the computer classes making them just use local logins for now, but I need this to work. It should and I just don’t know why it is not. Even if you don’t know the answer is there anything I can try? Like when I use the kerberos GUI from MIT it shows an old kerberos server in the favourites. Where is this preference file? Maybe that’s it but I don’t know where to find that.

[jkonrad]

Again, sorry for another self post, but the problem is evolving and I’d like help getting it fixed.

I setup a brand new client and it all works! However, I can’t format and install all 120 of my Macs, so I think what must be happening is my old server LDAP settings are somehow stuck in the machine. I suspect this because when I ran the Kerberos GUI tools my old Kerberos server appeared as a real favorite even though it is nowhere in me edu.kerberos.mit file.
How can I clean out all traces of Kerveros on a client and start fresh?

[jkonrad]

Sorry to double post, but I want to add some info. When a client Mac is bound to both OD and AD, if a user I define only in OD logs on it works. It’s only when an AD user tries to logon that it hangs.

I have disabled Kerberos on the OD master following Apples instructions in article http://docs.info.apple.com/article.html?artnum=300765

It still might be with Kerberos. If I kinit an AD user it works if I use my domain in all caps, but not if it’s small. If I open edu.mit.Kerberos the realm is listed in small letters so why do I need the all caps?

[Author]

Posts