[lunatica]

Solved! The Lion Server was not an OD when we attempted to get Profile Manager going. The server was just bound to another OD. Now we have created the OD while still being bound to the other OD and everything works as expected.

[lunatica]

It was never possible in Mac OS X Server to replicate an OD Master to a different server system version, regardless if newer or older. OD Master 10.6 and Replica 10.7 will therefore not work. See the following link:

http://help.apple.com/advancedserveradmin/mac/10.7/#apd1796C0F1-628D-44E7-B6C9-2003911CBF5C

[lunatica]

I can’t see that it can do that currently but it would be a huge feature, especially for distribution of volume licenses

[lunatica]

We had issues with incorrectly mounting shared folders so we have now this that works. I can’t remember what wrong with that to be honest.

Excerpt:
NET USE J: \\File-1\%username% /persistent:no
NET USE K: \\File-1\Groups /persistent:no

The first line let’s the mac user profile mount under J and the 2nd line mounts our shared groups folder under k.

Other than that we check what printers are installed and delete unused printers, but this worked fine directly.

[lunatica]

Hi playersons,

I’ve got positive results. We’re running 10.5.6 Server for SMB homes. What solved for us many problems with netlogon scripting, stability and reliable functioning roaming profiles was to:

– move all roaming profiles to the server that handles the authentication (beforehand we’ve had authentication and authorization split to 2 servers, that was the pdc handling the authentication and a 2nd file server hosting the roaming profiles, acting as a bdc.

– Outcomment the usage of darwin streams in the smb.conf

– minor adjustments of the syntax of our netlogon.bat.

Apple said that the ‘this process has forked’-messages in the log are non-critical, although I’ve seen them only in connection with the problems we’ve had. But, to my surprise, applying the changes I’ve outlined above solved all issues but the ‘this process has forked’ messages in the logs are still there, which confirms that those messages are non-critical.

What I don’t understand is why Apple is so tight-lipped about their smb-implementation and treats SMB as a stepchild in Leopard Server. That’s a mistery for me still, because during all the months of my attempts to find out why SMB was so terribly wrong in the beginning, I’ve had to rely on the experience of others confrming problems I’ve had so my impression was and still is that it could have been better if Apple puts their focus back on SMB. It’s a marketing argument if you can sell OS X Server along with an Xserve to replace all Windows servers because of a state of the art SMB implementation.

If you have further questions, feel free to ask.

[lunatica]

Yes,

all network users mount their groups folder when logging in. Didn’t thought this counts as a separate connection. How does this relate the the 150 users max. at the same time for an OD Master rule? Does it have a huge impact?

Thanks,

Alex

[lunatica]

We get the “This process has forked..” error on our PDC and BDC. I’m currently in the spring break at school and the couple of last breaks I always was working to get the roaming profiles going. In fact the non-working SMB-implementation kept me from using Leopard Server for some time. It’s a shame for Apple.

What I’ve changed the last 2 weeks:
Our setup so far was that all roaming profiles where not stored on the PDC @ /Users/Profiles but on the BDC on another share totally not @ /Users/Profiles. This break I’ve changed this and moved all profiles carefully to the PDC to it’s default location @ /Users/Profiles. This has fixed high cpu load and so far (I’m virtually alone in school) the few user accounts I know the password of, work fine!

In Tiger Server, we’ve had our win-user group for Windows Profiles. We always had to have staff as well on the profiles permissions, otherwise no Windows machine could login. In Leopard Server, staff has become the group “Open Directory Users” for what reason ever and also important: “Domain Users”. This has to be added, also don’t forget to give the network users this new group as well, otherwise they won’t be able to login.

Things working for us:

– PDC & BDC running with Latin 1 (850) Characterset if you edit the smb.conf, no gui fix yet in 10.5.6: another shame
– Reduced server load in 10.5.6 when certain Windows profiles log in, still have to see this when school restarts during high usage
– netlogon scripts work and network drives are mapped if the computer is in the domain

What’s not working:

– On certain Windows XP computers, a few users are not able to get their network drives mapped, also their access is blocked as if the whole computer is not in the domain or the user not fully authorized. But, if a nother user logins on the same machine, everything is fine..very strange.

– And yes, we get constantly broken pipe errors and then the “This process has forked..”- nightmare.

-> I’ve already checked the CIF SID and it’s correct and played around with secpol.msc and the variations that are possible there, no improvement.

It’s so ludicrous, Mac OS X 10.5 Server is soon phased out in favour of Snow Leopard but never had a working SMB implementation so far. Tiger Server worked perfectly in comparison. Why why why why? Let’s hope our SMB will hold after the spring break with the changes I’ve made.

[Author]

Posts