Mac OS X Lion Server :: How To Stop Sharing Home Directory
May 23, 2012
I've got a new Mac Mini Server that I'm using to set up file sharing for the first time. I've enabled OpenDirectory and verified that the users I'm creating are being created in (they show up in the Server app and Workgroup Manager app, but not in System Preferences | Users).Â
File sharing seems to be working fine, but I don't like the fact that each user has access to their home folder share when they connect to the server using a mac elsewhere on the network. I prefer only the shares I explicitly set up to be available.Â
Thus, a couple questionsWhy is there a home folder created on the server at all? Do I really need a /users/johndoe folder for each and every account in OD?How can I configure sharing such that I won't see the home folder when I connect from another mac on the network? I don't want to leave little "cubby holes" for my users to stuff files into
Im having all kinds of 'not found' issues with lion server but i think alot of them may stem from not being able to stop kerberos from running on Open Directory.Therefore currently im running two Kerberos realms OD and Active directory.. When I try and stop it in terminal it errors see below...Â
shutting down kadmind kadmind shut down shutting down kdc
[code]....
then on server admin it shows kereberos for OD as "running".. still so i know it hasn't worked?
So this is my first time really implementing Macs in an Active Directory environment and everything is going fairly well, except when it comes to the Home directory. All of my users are running 10.7, and with the latest patch, they can all log into the Domain without any issue. The problem is that their Home directory in the dock is displayed as a question mark. I'm guessing I'm missing something in the configuration, but everything looks right. Anyone have the 411 about how to set up a Mac user to map a Home directory to a network share on a Wiindows 2008 AD network?
Is it possible to store the user home directory on a Mac OSX Server? Such as how windows user can have roaming profiles stored on a Windows Server. I am planning to setup about 3 Macs and each user can use any machines and have there profile / home directory roam with him/her.
I have 2 new Apple TVs, I have 1 Second Gen Apple TV, I also have a new 3rd gen iPad, and a new iMac. Since I got the new iPad and new Apple TVs, iTunes Home Sharing stopped working reliably. I say this because this is when I noticed it. I had not really used home sharing much in the 2 months prior because I sold my old ipad in anticipation of the new one. When trying to access my video collection on iTunes, the iPad and AppleTVs will see my iMac's Video collection, but when selected, it thinks awhile and then the % indicator goes to 50% and stops waits awhile and then indicates that there are no videos.
The only way to get it to work again is to Stop Home Sharing on my iMac and then start it again. Then it works instantly. Less than a day goes by and bang, the problem comes again. Because I can get it to work via iTunes, I have to assume that it is a software issue and not a wireless router issue (im using an airport by the way). I don't know if iTunes is having a hard time keeping up with that many clients (the ipad and 3 apple TVs), or what, but the issue is very annoying and really ruins the Apple experience.
Whenever I access my mac though my ip, local ip, 127.0.0.1, or the part of my domain linked to it, it usually will change the url to "Imac.local". How can I stop this?
I have been unsuccessful in figuring out how to view iCal between computers at home. Can it be set so that updates on one can be viewed automatically on the other? I am wanting it so that it is running unified and not separately between computers. And/ or so that when DH logs in, he sees updates I've made from when I logged in? We have a new iMac (Leopard) and Mac OSX 10.4.11 laptop.
I am running a 10.7.3 Lion Server bound to Active Directory. There are only several local admin users on the machine; everyone else authenticates against AD. AFP connections work fine, using both local and AD accounts. SMB connections work fine if you use a local account but any AD account is rejected as having the wrong password when connecting via SMB. I've tried using the adusername trick (our AD server is named "ad") even though you're not supposed to need that with 10.7.2 and above... it doesn't help.Â
I have tried both a Windows 7 client and a 10.6 client, specifying SMB as the protocol in the Connect To Server dialog. Both fail, and they also take several minutes before reporting the bad password (the slowness in responding is yet another problem I've read as being an issue). Checking the kdc.log file on the server I see:Â
2012-02-09T09:54:22 digest-request netr: failed user=AD\dlennie DC status code c000006d 2012-02-09T09:54:22 digest-request: netr failed with -1073741715 proto=ntlmv2 2012-02-09T09:54:22 digest-request: od failed with 2 proto=ntlmv2
[code]....
I am using the full DNS name for the server, and on my test clients there are no firewalls or other network issues that would prevent connection to the server. We're mostly Macs here but the Windows users become a rather vocal group when something doesn't go their way. The confusing part to me is that AFP authenticates just fine and SMB doesn't.
On my Mac Mini, I have set up a new user because of problems with the OS. So far, it is working fine. I also have a G5 running OS 10.4.11. There is an account on both machines with the same name. However, the new account on the Mini is a different name. The G5 does not offer the "login as" (at least that I can see, so my access to the new account on the Mini is limited to a dropbox. To simplify: A is the account on both the Mini and the G5, B is the account only on the Mini. I tried extending the permissions on B's home directory, but that did not work. Using get info, I unlocked the file then tried to add A to the list of users. For some reason, nothing happened.Â
How can I give user A permission to access user B's home directory on the Mini?
I've a user who has been given a company shared MacBook Air. The account name was previously our company name, but I've sucessfully followed the guide [URL] to change this. Thus, the username is now now his firstname & lastname. The home folder is firstnamelastname. However, the old username (our company name) is still showing up as the username for some email recipients and airdrop.I'm guessing the email name might be saved localy on a few of the users contacts since he's been sending a few emails before the user name was updated. Can this be confirmed in any way?
I am trying to setup test server with following services:
DHCP
DNS
Open Directory
Profile Manager
Software Update
But not having much of success. I have installed 10.7.3 on virtual machine (Using Fusion 4) on Mac Pro and given a 4 GB of RAM. This machine is running in its own bubble, it has no communication even with host. So I have configured DHCP and DNS services which seems to be working fine (I have confirmed with another client which can get IP and DNS server address from this server).
Now whenever I have tried to run OD setup using both tools (Server App and Admin Tool), it takes forever to configure (more than 1 hour) and then it fails with error saying "check your network settings". I have checked and machine has proper IP address (tried both DHCP and Static) and also used "lookup" utility to resolve the DNS address both ways (forward and reverse).
I've recently upgraded to Mac OS Lion Server, and I'm having a big problem that's keeping me from finishing my last bit of work on a project. I've been trying to create network users so that they can sign in on any computer, and access their files via the server, but I've been told time and time again to create a Directory Administrator.Â
We have a brand new Mac Pro (12 core with 64GB of RAM) running OS X Lion Server in a corporate environment. The server is running only file sharing and software update servers, and we have around 40 users who need to be connected over AFP at all times. This company runs 24/7 and we have an XSan environment using an ATTO Celerity 8GB 4 channel fiber card (84EN) along with a 6 port 10GB Ethernet card. The Ethernet card is configured in a link aggregation bond using ports 1-4. The idea is that clients who do not have fiber cards installed on their machines can still connect to the SAN via Ethernet and this file server. They AFP connect to the share, and of course the share is the SAN. It's a single mount point and everyone has read/write access.Â
The issue is that this machine keeps crashing (multiple times per day) and I cannot find any reason why. Syslog shows nothing of value and I've called into Apple Enterprise Support who also brought nothing to the table.Â
We initially had SMB and AFP file sharing activated but as soon as a Windows 7 client connected the machine was brought down. So, I disabled SMB via terminal (sudo serveradmin stop smb) and deactivated it via the Server app for the share point). That at least allows the machine to be up for 4-6 hours before crashing again.Â
This is seemingly the simplest of setups for file sharing and I would've thought that this beast of a machine would be able to handle being a file server without issue for far more than 40 clients. I'm seeing high CPU usage, which Apple support told me was perfectly normal (around 60% on the kernel_task process and around 55% on the AppleFileServer process). It also seems to consume all 64GB of memory, though it shows 60GB as inactive, but at the same time it's paging in and out.Â
Virtually all of the clients are running Lion (10.7.4), the server itself is running 10.7.4. There are a few ethernet connected clients running 10.6 along with two running 10.5. As I mentioned I disabled SMB so there are no Windows computers connecting to this machine at this time (though it would be nice to get that functionality back if AFP can be stabilized).Â
This company simply cannot be down, especially not multiple times per day. The only way to bring things back and running from a crash is to hard boot the machine via the power button as you cannot perform a restart or a shutdown. Once the machine comes back up everything is back to working order for a few more hours until it happens again.
Info: Mac Pro, Mac OS X (10.7.4), 12 Core, 64GB, 2xSSD, ATTO 84EN
How does Apple Server work?Is it possible to just use the file sharing feature?I would like to set up a file sharing service similar to dropbox where users log in and can see there files as well as files that everyone can access. How do I set up the server is it run off my "computer" that acts as a server for the company?
I am managing a bunch of Macs and we are using Active Directory groups to assign certificates for 802.11x. I am binding the device to AD using JAMF software and was wondering if I could use a script to then add the deive to an active directory group.Â
I have several messages "Module: SystemCache Misconfiguration detected in hash 'Kerberos'" in my System Logs. Having browsed the forums, I found this most likely to be caused by User Records in the local LDAP database created with Workgroup Maager instead of Server.app. [URL]I wanted to fix these entries with the directory editor pane but the tool fails to connect toDirectory service /LDAPv3/127.0.0.1/.If I supply wrong user credentials, the message indactes a wrong username or passworf, but if I give the right credentials for the administration user of the LDAP directory, it simply sais "failed to connect (5000)". how I can convince the directory editor to let me edit the database?
1) In an environement that contains two directory servers (one master, one replica), how does a client find the replica in the event that the master goes offline?
2) Is there any command to issue from the client side that will return all available directory servers in the domain?
I have been reading through the Lion Server pages for Active Directory and came across the following question. Does the procedure listed in the URL below allow the users whose Macs are joined to the OS X server, to login with Active Directory credentials. Pass-through auth. for lack of a better term. [URL]...The procedure reads as if it is just joining the server to the domain and not configuring authentication.Â
We have a local Admin account on all Macs, enterprise wide, for local and remote administration.
All Macs are joined to Active Directory. Our users DO NOT have Admin rights.Â
On ALL our LION Macs (10.7.4), when joined to Active Directory, we lose functionality to the local Admin account.
We can log into the local Admin account, but the desktop is useless. Nothing opens. We cannot create any files/folders without getting an Access Denied error.
AND then best part... everything on the Desktop, files/folders, are gone! Almost like a bran spankin' new account. With no access to anything locally.Â
when watching a show from my itunes library on my ipad and also on my apple tv, the home share connection will just quit. then i have to restart my ipad, or the apple tv. can't figure out what is wrong. i once got an error message "-3150 " when i had to restart the home share on my main computer. but then I restarted the computer and it worked again. getting cut off in the middle of a show is no fun.
I have an OSX Lion 10.7.4 Server set up with Profile Manager and it is joined to AD.Â
I am able to see AD groups in the Profile Manager groups section. I can also see and add AD users and groups using the server app.Â
I have enabled the "Can Enable Remote Management" check box for Domain Users through Profile Manager. I have also added Domain Admins to the Workgroup group in the Server app. I'm not sure that I want or need either of these options, but they were suggestions to try. I am not able to log on to the Profile Manager or My Devices pages with AD logins.Â
I found these directions about nested groups in Workgroup Manager [URL] but I don't have a [URL] local group or any groups like are shown in the picture.Â
updated to 10.7.4 and cannot turn on my Open Directory service in Server Admin. It's there, but says it is stopped, and it won'y start.After reboot it is still the same.
Adding 10 IMACS with OS 10.7 to my active directory domain. I would like for all users to have the same basic user settings at log in. how I can configure the MAC clients.
I'm trying to do something fairly simple — allow users from an external LDAP server to access services on my Lion server. Following Apple's instructions, I can't find the "Connect to Directory" choice in the Manage menu of Server.app. I always start by turning off OD by using Server Admin to configure as "Standalone Directory". This is what I see in Server.app after doing that.
Apple's instructions say if the Manage Network Accounts option appears, you need to first set up the server to host network accounts. So I click that option, which seems the be the same thing as creating an OD Master using Server Admin, as far as I can tell.Then I try to add a new user.For some reason, the "type" dropdown list exists, and lets me choose "Imported user from directory", even though I haven't setup any other directory server. Of course, when I search for a username, it finds nothing.Apple's instructions say to now choose "Connect to Directory" from the Manage menu, but that option doesn't show up. I only have what shows in the screenshot above, sans "Manage network accounts" now. How can I get this to appear?
I'm getting ready to migrate our company server to a new server box. I'm doing a complete clean install, and migrating specific information over (we had some corruptions from the initial installation Lion Server). All our users are in LDAP, not the Local directory, and I can't seem to figure out (and don't have the ability to test) if using the Ser Admin app's Archive feature of Open Directory, will include all LDAP information. My understanding is that if I create an archive and restore to it, then all of my users and there information will be put back like nothing happen, but can't get any clarification on it.
I've upgraded to Lion and everything's fine apart from one problem: using my iPad to access home shared iTunes content on my mac no longer works when my mac is asleep. That's a change in behaviour from Snow Leopard; I used to be able to sleep my mac and then wake it over wifi using either my iPad or iPhone to access all of my home shared libraries.  The mac screen used to light up for ten seconds and then go dark again, but it served me the files.Â
Lion seems to go into a deeper sleep which it can't be woken from. Â If I attempt to wake my mac from my iPad within about ten minutes of putting my mac to sleep then home sharing seems to work and lets me use the home share libraries, but if I leave it any longer than that then the mac seems to fall into a coma and can't be woken. Â The weird thing is that I still see a "shared library" folder on my iPad, but when I click on it nothing happens. Â I think my Time Capsule is listening for wifi access and issuing the magic packet to the mac, but the mac just ain't listening. Â Â
I'm using a Time Capsule in bridge mode from an ADSL modem and I've accepted a TC firmware update last week and I'm on lion 10.7.3.  I've tried using Ethernet to connect the mac to the TC (and temporarily disabled the wifi connection) but that still doesn't work. Also, note I'm NOT suffering from the problem that 10.7.3 seems to be giving a few other people - my mac reconnects to my wifi just fine when I wake it up manually. For the record, This was an upgrade, so there's still a tick in "wake on network" in power settings and home sharing on iTunes is still configured the same as it was before.Â
I have two folders in my trash which I cannot empty. No matter how many times I try these folders will not go away. I have open the "info" link and marked them read and write without success.
