Re: LDAP internal directory service

Subject: Re: LDAP internal directory service

Date: Tue, 16 Oct 2007 22:59:25 -0400

Delivered-to: email@hidden

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:from:subject:date:to:x-mailer; bh=iHINjOm/gadUcx+xdGTYWVXL0hQvEQMLBHfGB+N0mL8=; b=eoXZaqZkTF0bPtTo8vu4BDI05qAFZQErW222tr5wmQmpc02ToSUWUPmfPRud8ZLq8Av1/avDE6M+6kIYVMTckUB/dVas6Pz8lfG/XklPGHZ2YDL97Je9LucRESLI+rDhvQsxCNUVTGI9urtXaO9EOtHm+NZgiTyxP0KSwdQb5IQ=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:from:subject:date:to:x-mailer; b=UoGnJViJ9sP0HQc5idhZ5Ov3j2Ez9F7z/abd9YYHCRT34To7WxEd4O3WTHQ+nlyH7At/Y4741aANnJ6JHhmDQeMcgCB82+ey/KpEIAOTQ0kQ/vJPlfJWaKr4s66HNcqo0Wo6wmRaNjoJRfD4NqcOogKLd6atrgf2sdEtNBh0r4s=

On Oct 16, 2007, at 9:52 PM, Jerry L. Blackmon II wrote:

On Oct 16, 2007, at 9:35 PM, david wrote:

I'd suggest reviewing the documentation, namely "User Management Admin" and "Open Directory"
Although most if not all of the material will probably be nearly identical, bear in mind these are now the 10.5 docs:
http://images.apple.com/server/macosx/resources/

I have RTFM :). Several times. Always RTFM before I get started.

Now, I'm not certain how you could point your clients at your server via Bonjour, when configuring Directory Access.
You are supposed to use the server's IP or DNS name, not mDNS name.

And they do. They're bound to the OD. But home directory mounting works when the clients can see the server over bonjour, it does not when they cannot. Correlation does not necessarily connote causation, but thats the one correlation I've been able to identify. Doesn't mean it's the cause, but that's why I came to this list.

What is the server's IP and where are the clients in relation to it (same subnet ?) - re: you're using your server as your "gateway" ...
One could "assume" you're not trying to use network homes across NAT, but you know what they say what one gets when you ass_u_me.

Same subnet, yeah. 255.255.255.0. Server's at 192.168.2.1; the clients are 20-255. Moving to static IP addresses (m-DHCP more aptly) but not there yet. That shouldn't affect this process, unless I'm missing something.

You can sidestep your bonjour issue and besides really should use the server's FQDN or IP address for fillesharing access. And you can even save that easily in the "Connect to Server" menu.

I don't use bonjour for anything; I use hostnames for everything, hence the DNS server. All of that works fine, but home folders don't mount when the clients can't see the server over bonjour. If sherlock.nat.fightcrime.org is not visible in Finder > Network > Servers, the client machine can use only local accounts.

I say, eparate your need for Bonjour from those places where you should not be using it, and then resolve it (Bonjour behavior) separately as/if needed.

What was that you said about assuming? :-). Thanks for the advice.

You left alot of room for guesstimating from with what you first provided.

What are you seeing in the logs in /Library/Logs/DirectoryService when the login failure occurs ?

Since it seems that connectivity is there, of some kind, re the fact that you can "(verify that) the server's thereby pinging, connecting to it via ARD and AFP from the affected and other machines"

_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden This email sent to email@hidden

References:

>LDAP internal directory service (From: "Jerry L. Blackmon II" <email@hidden>)

>Re: LDAP internal directory service (From: david <email@hidden>)

>Re: LDAP internal directory service (From: "Jerry L. Blackmon II" <email@hidden>)