[tbone]

I have run it to check only.
The names match, there is nothing to change.

I’ve now broken all ability to update the database even with the old server online by mucking with the old server attempting to restore it from an older backup.

I notice kerberos isn’t running on the new one and I can’t kerberize it. This is not good because of the large number of users and groups. This may not be an issue because kerberos wasn’t running on the old server either. I stepped into this migration on a contract. Doing a tcpdump reveals it is still trying to contact the old server when I click to make any changes in WGM. I did promotion by the OD manual, I can’t understand what is lingering or why.

[tbone]

Get not authorized error unless old server is reachable.

[tbone]

Well I thought I had solved but I it seemed solved because I powered the old server up. So even though I’ve made the old server standalone and made the new server OD master I can’t change anything in OD without the old server reachable by the new one. There is nothing in Directory Access so I just don’t understand why this is.

[tbone]

Try something like

[code]dscl /LDAPv3/ldap.company.com -read /Users/[/code]

[tbone]

This was the response to me on this same subject some months ago.

Thursday, June 30 2005 @ 01:16 PM CDT
The VPN needs MSChapV2 password hashes to work. We can’t get that out of AD, so for the most part, no, the VPN will not work with AD.

There is the outside option, new under 10.4, to auth to your VPN using Kerberos. An interesting idea, but for this to be effective you’ll need to get krb tickets first. Which would require exposing your AD system to the public net. Something that you usually get fired for.

[tbone]

One thing I know it did was it fixed the broken snmpd binary.

[tbone]

guess we are just out of luck on this one.

[tbone]

Is that any different than doing Kerberos based auth from my samba3 box to our AD? If not then it should be doable. Know of any docs on that?

Thanks.

[tbone]

According to my Apple contact, this is not possible due to Apple’s VPN server auth implementation.

[tbone]

I wouldn’t image the whole thing unless you plan on using that image in a DR type restore mode. I would backup only the files you want to keep. You should be running replicas of directories user info and dumping that data to raw text and backup it up. You should back up all customer data, web pages, scripts, logs, etc. But if the system truly bites the dust I would think you would install a fresh system, suck down a replica, restore some data files and be back in business.

Trent

[tbone]

Well it had disconnect issues with 2 different units over several years and several versions of Retrospect. It got the job done for a few years but some days you’d come in and backups wouldn’t have ran b/c comm. was lost for no apparent reason.

Trent

[tbone]

Under 10.3 we accomplished updates with

“30 11 * * * /usr/sbin/softwareupdate –install –req “

Aside from rolling our own Quicktime updates to bypass the popups that worked fine.

Trent

[tbone]

hello? Am I the only one here running 10.4 server and client??

[tbone]

I had lots of issues with the VXA-1 SCSCI losing connections with Retrospect. The drive frequently lost communication while running and the only way to go ahead was to reboot both the computer and the tape drive. The VXA finally died.

[tbone]

Tell us what you’ve done to troubleshoot so far. Looked at the AFP log? system log? Applied any updates lately? Rebooted?

Trent

[Author]

Posts