[richserve]

PS

What’s handy is being able to enable mobile homes per group via Workgroup Manager, so I can steadily bring them on stream and see how things go.

[richserve]

Well, that’s good.

Really, the build up of local home directories from synching will be manageable, I think, every 6-8 weeks, maybe more. Our college runs 3 terms per academic year (about 12 weeks each), approx 400 user accounts of which 60-70% are in use all year. All students have a 900MB quota, encouraging a backup to CD regularly. Staff (about 6 of us anyway) have a 2GB quota. Network homes are spread across 2 250GB Xserve volumes. The client machines hard drives have roughly 40-45GB free.

In short I think I can manage OK without blitzing the Users folder every week. The only permanent local user is the initial admin account, used for such purposes only. Plus most students tend to gravitate to the same ‘favourite’ machine even though they could login to any.

One thing I noticed is that on the first test machine (mod. mcxd.app .plist files), after several smooth login/synchs., my second test mobile account saw the prohibited folder icons for their Network Home sub-folders, bar the Public and Sites folders (the Network Home is still added to the Dock). Logging in to my second test machine (non-mod. mcxd.app) with the same account was OK for access. Synching took place correctly all the time, so I guess it’s a one-off caused by blasting the ARD ‘remove homes’ script (which seemed not to work) I mentioned earlier at the former machine.

Anyway, thanks again.

[richserve]

OK

I fixed an AFP problem with a shared folder that was being mounted at login via WGM Login prefs.

Yesterday morning no-one could login – or it was very slow and system.log showed a repeating ‘Filename to long: 63’ error. I un-shared the directory, changed the name, re-shared it, restarted server/clients. No more errors, and I can now create a home folder for the user.

Phew. Now I can begin testing mobile homes w/ ~/Library synching and get into a whole new area of madness.

Thanks all.

[richserve]

1. OK
2. OK
3. OK

I tried createhomedir -a and got a message (for each user in the home folder directory of one of the two volumes) like this:

2006-03-21 08:49:15.584 DirectoryTools[21691] copyDirectory(Non-Localizable, /Network/Servers/ourserverFQDN/Volumes/ART2/intake2005/lynseyneill) failed with 1
created (/Network/Servers/ourserverFQDN/Volumes/ART2/intake2005/lynseyneill

ART2/intake2005 is the Volume/Directoy in which I can’t create a home for the newest user ‘Mobile Test’ – this user did not appear in the result of createhomedir -a. I got no messages about my other volume ‘ART’.

Which logs could I check for errors?

thanks

[richserve]

I’ll try the PDF with a single Xserve, using the extra 250GB module backed up to tape for the home dirs.

I’ll use a 1.25Mhz G4 for the OD Master LDAP lookup for AD users in WGM. Until our Director of Information Services buys more Xserve’s and an XRAID (!!) that’s my hardware limits ….

I’ll post results/queries/probs….

cheers

[richserve]

(I think) I fixed it by unbinding (which actually accepted the AD account that WGM refused) and re-binding. I removed the authorisation/contact AD node prior to this and replaced it after the re-bind. I would still like to know why the authorisation failed in WGM – maybe after tinkering with smb.conf and re-starting Windows Services ?

Another point – Windows Service seems to have gone back to Standalone. I’ve just put it back to Domain Member. Our network has a Windows PDC.

You can probably tell I don’t fully understand implementing Windows service.

[richserve]

To add to Greg’s suggestion – an up to date (10.3.4) step by step on the requirements (in one doc) for this scenario (probably quite common):

AD users authorise on Macs (via AD bind on Xserve and Mac clients) managed in WGM groups and with Windows homes on Xserve mounted and also used as OS X homes

inc.:

troubleshooting AD bind & using dsconfigad for home mounting (e.g. bind stops ‘working’ and 14002 errors happen, have to dump Library/Preferences/DirectoryServices/ActiveDirectory.plist and restart then rebind)

AD home folders set onto Xserve AFP/SMB sharepoint – from AD users setup using AD tools and then following OS X set up in WGM+troubleshooting (AFP/SMB mount login error message, home not found etc)

Setting up Windows Service when using Win PDC not OS X server PDC.

Troubleshooting KDC – before Server setup – and after provided DNS is forward/reverse in Win to start with (i.e. KDC is OK, then appears as ‘stopped’ and you don’t want to demote to Standalone and lose LDAP 127.0.0.1 info

This guide could reference other articles (provided they’re updated).
I think alot of peolpe are trying to implement OS X.3.4 in this kind of setup and need one doc. that can at least outline AD bind, LDAP 127.0.0.1, WGM groups, AD homes on Xserve, KDC etc.

Great new site. Cheers.

[richserve]

Thanks Joel – sorry about the lengthy posts. I’m starting as a beginner with all this – the Windows guys are interested but busy overhauling the network to XP. I’m still having trouble with NTP – I’ve got the Xserve pointing at Apple’s euro server and that’s working after I checked my Firewall rules.

The Xserve is set to broadcast NTP to the desktop Macs, but they aren’t picking up Port 123 broadcasts according to the ntpq -p report.

Thanks again …

[richserve]

I’m in the UK – I’ve got telephone support with our Mac supplier’s technician, but bringing in a specialist is an option I’ve considered – it’s just a question of time and money (from the College’s point of view).

[richserve]

Joel – do have any tips for checking port 123 for network time on the server ?
I’ve opened it on the client but it’s not listed on the firewall settings on the Xserve.

I’ve found this helpful so far http://www.macosxhints.com/article.php?story=20030217004435671&query=network+drift

As in the example, my network time server’s DNS (on the LAN) appears but I have a value of 16 as mentioned both on the client and the Xserve when I execute [i:dbedf76368]ntpq -p[/i:dbedf76368].
cheers

Rich

[Author]

Posts