Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with Groups and Home Folders

Thanks for your informed reply. Let me go through this step by step because I am getting pretty thoroughly confused.


On Friday, February 18, 2005, at 04:51 AM, Ed Crelin wrote:
Ira,
You do have a good authenticated reverse lookup from your DNS for your OD server right? That right there is THE most important. It is also the DHCP server as well?

Yes, I am supposed to have good forward and reverse lookup for the server. However, the DNS and DHCP functions are being done by the university's servers. I am only running AFP at the moment.

You are only using LDAP on your directory access clients? You are NOT using NetInfo at all? Did you set your directory access authentication to manual instead of "automatically supplied by DHCP server"?

It is LDAP on the Directory Access. But, yes, I also have NetInfo checked because it does not appear to function properly without having this checked too. (I've tried it.)
Yes it is manual and not automatic. But I've been told (by Apple) that that shouldn't matter because it will check anyway.
It's possible that I have a lookup problem but I cannot get anywhere in the bureaucracy with this. They say it's ok and I am not in a position to argue with them. It's the old "It's a Mac problem," syndrome.


I made my server its own DNS, DHCP and OD LDAP server, it goes nowhere else for its reverse lookup or anything, gave the clients internet access by putting other DNSs in their network settings to go "around" it to the net but all OD access is directly to and from the server alone.
Apple techs were clueless and it took me a long time to figure it out and fix it.
Good luck, you're not too far away, let me know how you make out,
Ed Crelin
MacInsight, Inc.
Technologist
802-446-3636

I have been in touch with Apple about my network problems for the last 6 months but they have not really been very forthcoming with what's going on. A couple of their network engineers supposedly ssh'ed in to the server and one of my clients (I set this up for them, gave them accounts and access for everything) to try and diagnose things but I never heard back from them. That was in September. I gather that all their efforts are being put into Tiger and Panther related problems do not have a high priority. This does not surprise me.

But thanks for your reply. I'll try things without using NetInfo but I suspect I'll still have connections problems.

Ira Friedwald
FPA Media Arts Center
Portland State University


------------------




On Feb 18, 2005, at 3:03 AM, if wrote:

I run a relatively small graphics lab (40+ stations) with a mix of older client machines (several G3s, a dozen or so G4 450s, and the rest either mirrored doors DP G4s or 867 G4s). We have a DP G4 >> XServe.

We have about 900 students and faculty in our db with the bulk of them assigned to a workgroup called University (univ). We are running network home folders for everyone.

I started all the computers out with 10.3.1 (10.3.2 for the 12 Final Cut Pro stations) and tried to upgrade them to 10.3.4 last Spring. Big mistake. The network home folders stopped loading and the log in just sat there forever.

For most of last year we thought (Apple included) that it was a DNS timeout issue. The DNS server was taking too long to reply to the client and the client was missing the very short window for accessing and mounting the home folder.

Subsequent OS updates failed to fix this until 10.3.8. Now I have done some small experiments with 10.3.8 on a few of my stations and it seems to work. But...

Now I am planning a new lab, all G5 iMacs with a G5 server acting as a replica. These machines all will have 10.3.8 on them, as well as a fresh build of all our apps and drivers. My problem is that none of my users can log in to the new G5 clients, either through the replica or directly through the master directory server. The only exception to this are users with NO GROUP AFFILIATION.
That is, if I assign a user a group to be in, even if there are no preferences set for that group, that user cannot log in to the new G5 clients. If I remove the group affiliation, bingo! the log in succeeds and the home folder mounts correctly.

BTW, I can reproduce this error from scratch with the new server. As a test I used the new server -- fresh from the box -- as a directory master, added some new test users, created a new group, gave some of the users the group affiliation and bingo! same set of results. remove the group affiliation, the new users mounted their home folders ok. And I used a brand new iMac fresh from the box with only the Directory Access file set to point to the new server.

Has anyone seen anything like this? I am really stumped as to what it could be. I'm thinking now that my earlier problem was not a DNS timeout error but was related to this group affiliation block on the home folders mounting correctly. But I have no idea how to fix this. Even Apple doesn't know what to make of it.


Ira Friedwald
FPA Media Arts Center
Portland State University

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/ email@hidden

This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.