[steve]

I think a lot of people go through this – it certainly happens at my office (with a similar set up) all the time. Apple doesn’t seem to care about fixing this problem, it’s been around for years now! It’s hard to believe Apple doesn’t consider this a major problem – it’s hugely disruptive, especially when, like you said, you reconnect them almost immediately but still have to wait 5, sometimes 10 minutes before you can use the machine again – if it unsticks itself ever! For some of our older (still OS X 10.3) machines, one tiny network blip means a restart. Hardly the picture of stability I think Mac OS X was meant to inspire. When Windows does a better job of handling networking, you know something’s amiss.

We generally find it more expedient just to reset the machines, hard, whether we think they’ll come back up or not. Of course, if you have frequent outages you might consider upgrading your network hardware – we did that and it fixed a lot of this just by virtue of the network being more reliable. Also consider upgrading to and using Tiger’s mobile home folders, it allows you to store the home folders locally and just sync with the server – so when the network goes out, maybe the Finder will still lock up, but you can still get by in Photoshop or whatever for a little while (just don’t try to open any files).

[steve]

(: I was just having a simlar problem and ended up being able to connect and mount the server by removing an extra spurious space at the end of the afp address I copied and pasted, but still can’t see the server in the network folder

[steve]

it does actually say this in the manual.

there is a picture , and it clearly shows that you MUST put network connections in en0, before en1, therefore by default the services should be on en0, or en1 but only if en0 is enabled & connected.
personally , i think it is bloody stupid.
same with AFP, you cannot set the ‘IF’ it listens on.

Just make sure that if your OD &AFP are running , that your filrewall is also configured, and running, and you have a default “deny any to any” as your last rule.

[steve]

well don’t do anything too secure over your wireless as WPA can be hacked fairly easily.
personally I will not use wireless, and the sites i look after are all hard wired.

[steve]

yes on my fire wall i have port 548 as deny
so i would expect nmap to return “closed”

the other thing that is bothering me on the apple fire wall, is at the very end on the filre wall list

priority 65535 the rule is allow ip from any to any.

this does not appear in any of the fire wall settings, but i would presume that unless i have a rule before this set as:
deny ip from any to any
, then it is not gonig to be much of a fire wall , unless i specifically deny ports
this seems counter intuative ESP. for a fire wall, in that unles you specifically deny all, you have a hole.

[steve]

I have actually been using osx on my dual g4 for several years , and really like it., and i know how flexable the osx is .
but seriously this is turning out to be the server from hell.

AFP is deff. not routing or allowing connections from different subnets.

also my server admin & server monitor keep hanging, the server is running and providing services , but they just will not connect sometimes, and it requires a reboot to get them back on line

[steve]

sorry ,
for posting in the mail section ,I panicked.

It is sorted out , basically what happend was:

I have just put in a new xserve ,after convincing my director it was the way to go, and scrap off the novell shiteware.
we had real problems with the install, 2 days lost due to bad ram, shite manuals, nothing on usernet.
then last night i noticed that the AFP was not connecting from my home computer.( it still does not, but it used to)

so i went into AFP.CONF, and somehow got some extra characters in there and then saved it out, this messed up the remote admin, & servermonitor, by causeing them to lockup after 5 minutes when used remotely. ( still do not understand the relationship between afp & the admin tools)

anyway I managed to sort it out by disabling all services except the open directory, and working thru it logically.
I deleted the AFP.conf & restarted the services that fixed the problem.
(AFP.conf , does not always seem to be re-written on a restart of services)
however there is a bug that prevents AFP clients in different subnets from relibly connecting to the server ( which i filed with apple)

I have a temp solution which is to come in via a vpn from a linux system in the same subnet, then the afp works like a dream.

I’m at the stage of trying to get the apple VPN working, but again the documentation is crap.

I can get a vpn connection, but my traffic does not seem to be routed from the client computer out thru the LAN & WAN

I just do not understand what a “search domain” is ,
nor do i understand how i route my VPN range 192.168.2.80-90
to the afp range 192.168.2.4, or how to get my external client that comes in on 192.168.2.80-90, to go out via the wan.
and i don’t know if “network routing def”
takes my client trafic & routes it , or takes the server traffic & routes it.

I am seriously sorry I ever recommended this kit( & i have used apple since os6), and my apple re-seller has absolutly no idea.

I still do not like how AFP & samba binds to all network interfaces, and does not seem to be configurable.

Steve

[steve]

I dont think there lame I just thought that might prevoke a repsonce and it it did!

[steve]

Yes I could do that but its not really the answer Im looking for I’m hoping that someone knows the correct method to follow and could document it here….

[steve]

Hi All

The answer is 3. Duh – well now it works beautifully its obvious. By the way the javascript plug-in you can turn on in conf.pl is much nicer than the standard html.

Steve

[steve]

I’ve just read through this thread and also the AD/OD Integration white paper. I’m still a little unclear why you would _not_ want to bind your OS X Server to AD.

We’ve got a test server set up. It’s bound to AD _and_ serving as an OD Master… so we can manage the OD groups directly from WGM on the server.

In our case the server doesn’t have any other services turned on, and we’re not looking at implementing network home folders yet.

The white paper states that not joining the server to AD “keeps the directory service configuration on the OD Master simpler. Plus it makes it easier if you would like to set up cross-realm authentication between the OD realm and the AD realm.”

So… I’m not sure I understand exactly what the “cross-realm authentication” statement is telling me. And, are there other issues that may occur if I leave the server bound to AD and acting as an OD Master? Is something likely to go wrong that I just haven’t encountered yet?

Thanks for any additional details you can provide.
Steve

[Author]

Posts