Mac OS X Lion Server :: Windows Users Cannot Connect To SMB Service
Feb 23, 2012
I have two Lion 10.7.3 servers joined to my company's AD. These servers provide SMB/AFP file services to users. They have been working successfully until a week ago when a change in AD was made. Now Windows (7 or XP, doesn't matter) clients cannot connect to the server using the DNS name, only the IP address. Mac OS X clients are not affected by this, i.e. they can use the DNS name fine. All clients are on AD too.†What I observe from a Windows 7 client is, I open Windows Explorer, type \xserver in the address bar, hit enter, & it denies my connection immediately. If I do the same thing with the IP address (\10.0.1.10), it lets me in immediately.
For Windows clients, I have tried both the short DNS name as well as the FQDN, & neither work. The DNS name on the server itself is fine, verified by "changeip -checkhostname". Whatever changed in AD caused the Lion servers to start doing this because they both started exhibiting this behavior at the same time.†The only info I've been able to get regarding what changed in AD from the domain admins was "We changed the UPN email@example.com to Firstname.Lastname@example.com", in other words, to their email address. In the system logs, here's an attempt to connect from a Windows client using the short DNS name:
Feb 20 09:24:39 xserver rpcsvchost: sandbox_init: com.apple.msrpc.netlogon.sb succeeded
Feb 20 09:24:39 xserver sandboxd (): rpcsvchost(32619) deny file-read-metadata /Library/Managed Preferences
Feb 20 09:24:39 xserver sandboxd (): rpcsvchost(32619) deny file-read-metadata /private/var/root
Feb 20 09:24:39: --- last message repeated 3 times ---
I work remotely a lot.¬† After I upgraded to Lion server, I am unable to connect to the VPN service remotely unless I physically go over to the server (mac pro) and log into the desktop manually.¬†
Previously, if my Snow Leopard server restarted (due to power failure, etc) and it re-booted up to the login screen, I could still logon to the VPN remotely as the VPN service would always startup (at the login screen) without a user having to be logging in.¬† ¬†
Now, with Lion Server (10.7.4), if the server restarts, I cannot login back to the VPN. I have to get someone to go over to the server and manually login, then I can access VPN just fine. (I do not, and will not turn automatic login on on my server due to the huge security risk.)¬† ¬†
How do I get the Lion Server VPN service to startup before or at the logon screen even if no user is logged in?
I just wanted to add a sharing only user for my girlfriends new MacBook that she could use to connect to a shared Time Machine Volume.†If I add a new standard user, this user can connect to my server via finder (connect as...) and see the shared drives. If the same user tries to connect to the Time Machine Backup Volume via the settings dialog, it receives an error message (OSStatus-error 5). If I add a sharing only user, this user cannot connect via finder or Time Machine (same error).
The clients console states the following error message: /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent†AFP error -5018 mapped to EIO
I have a server in our DMZ that connects to Active Directory LDAP server (non-ssl over 389) but no objects actually show up in the directory editor. I get a green light in my Network Account Server, but queries against LDAP return no results. My end goal is to be able to dictate to Profile Manager what LDAP groups are allowed to enroll devices. I tested on our internal network on a test server and get the same results. Anyone have any luck connecting a Lion Server to LDAP and actually being able to view and utilize users and groups?
I am having issues commecting my late 2011 model MacBook Pro to a Windows 2003 server on my internal network using the AFP protocall. I am able to connect to the server using SMB however.¬†I have a am running Mac OS X Lion 10.7.4 operating system and the server can be found and pinged but when I try and connect to it using AFP I get the error:¬†There was a problem connecting to the server "<my server ip address here>"¬†The server may not exist or is unavailable at this time. Check the server name or IP address, check your network connection and then try again.¬†
On this network my roomate also has a late 2011 model MacBook Pro which is able to connect to the server no problem using both protocalls. He has completely disconnected his computer from the server to double check there was not at overload of traffic on the afp. The only difference in his machine vs mine is that he is running Mac OS X 10.7.2 which is pretty close in versioning.¬†
I recently installed osx lion server and I dont have the web option as a service in the server app. It isnt in the left side pane with all the others. Its just not there, nor in the menu bar.How can I activate this? Why isnt the server app offering the web service? I cannot add websites or even get started with the web service at the moment.
With Lion Server Apple killed the FTP Service & GUI to configure the FTP.†In the NET I found plenty of description how to enable to ftp, but I found nothing how to configure the sharepoint and ftpusers with the command line. Is their any instructions around.†We need to use ftp for some industrial machines we do not offer SFTP. We tried also the Rumpus FTP Server but this isn't stable enough.
Info: MacBook Pro 17, Mac OS X (10.7.2), 8 Gb RAM, 750Gb HD
I have a Lion server and am not able to connect over "ssh" from the public ip address side. At some point I think I heard that "ssh" had to be turned on in terminal in order to work. Is this correct? And can anyone provide the terminal command as I have been unable to find it.
I'm running Mac OS X Lion Server 10.7.4 on a Mac Mini Server with a Promise Pegasus disk array attached. I'm using one of the logical drive of disk array to store the service data of Mac OS X. I had a power failure last night, and I had a problem with the automatic reboot after a power loss. It takes about a minute for the pegasus to start so the mac can't see the service data volume at boot time. Most services weren't able to start or lost their data. Is there a way to make the system/mac waits until the disk array is ready before booting?¬†
Info: Mac mini Server (Mid 2011), Mac OS X (10.7.4), Promise Pegasus R6
Recently my Mac Pro running OS X 10.7.3 refuses to connect to any Google service. I have tried with Chrome, Firefox, Safari and Camino web browsers with the same result. "Unable to connect" etc. etc. Every other site that I normally go to works fine. I'm pretty sure I don't have the virus because I didn't install flashplayer pkg. I also ran the check to find out if I had accidently ran the pkg with negative results. That being said I also read some of the answers to similar problems and ran a few checks on my own. I opened my network configuration and renewed my DHCP lease, restarted my cable moden and my router. I have also ran a ping on [URL] which came back normal but when I tried a lookup service to [URL] I got the folllowing: Lookup has started†Trying [URL] Truncated, retrying in TCP mode.Trying [URL] Received 28 bytes from 192.168.1.1#53 in 3 msTrying [URL]Host not found: 5(REFUSED)Received 28 bytes from 192.168.1.1#53 in 4 ms¬†It sounds like I have a permissions problem but I'm not sure which playlists to fix in my library. Maybe it's something else entirely.
I have¬† problem with a clients windows laptop. It used to be able to connect to their companies mac server. But since he got back from a trip the laptop doesn't connect anymore. I can ping the server. And when I try to redo the network drive I'm prompted to enter my credentials. But whatever I enter it doesn't work.I already tried to use SERVERNAMEuser.... and also check security policies.
I have a Mac Pro that is running OD to create users. My problem is that the users that I have to give macs to, need rights on their machines to install programs because of all of the development software that these individuals need.†I don't want them to be able to make a local user so that they cant unbind these machines from the OD server.
They still need access to terminal. I don't want them to be able to boot into the recovery partition or terminal to get super user rights (thus changing passwords or adding/deleting users). I have restricted their rights to access "Users & Groups" through OD Policies but that's about all I have done.
I bought a Mac Mini Server yesterday and set it up successfully (Set OD, etc). Everything was working great until I went back and tried to create new users via the server app. As of now, it gives me the error "SEUserErrorDomain error1" and tells me that it cannot create the user. Even though it says that, it will still show up in the user list with the "blue globe" (that I believe is from OD?) but disappear the moment I drill into it and try to save anything. Workgroup Manager will allow me to create the user, but it does not show up in the user list in the server app so I cannot enable certain services for the user (i.e. assign folders for share point, etc). ¬†
P.S. Apple tech support had me reinstall the 10.7.4 combo update - no help. They also had me use disk utility to repair permissions - no help.¬†P.S.S. On a side note, I did install Samba 3 on the server via mac port to try and help with LDAP auth (I ended up going with pGina for my windows users), but I have no clue how to uninstall it.
Today when we started trying to add users to our server (we use it only for afp access at this time), we noticed that new users belonging to a group "storage" were unable to login from client machines via afp (clients both 10.7.2 and 10.6.8). ¬†
When we tried editing the users accounts to change which groups they belonged to, it would appear in workgroup (and server preferences) that the changes would take but there was still no access.¬†
As a test case, we modified an existing user who had no issues logging in to belong to a diffenent group and have different sharepoint access. The changes looked good in workgroup and server prefs, but when the user logged in, he was only able to acces his old sharepoint and not the new one (and since his permissions to the old were removed, he shouldn't have access to that sharepoint).¬†
Also, for some reason users cannot be deleted within workgroup manager any more. The login used was the diradmin account.
Im running a golden triangle setup.. a very basic and simple one..
-OD Master running 10.7.3
-clients running 10.7.3 as well..
-AD running windows 2008 server.
OD Master is bound to AD and i can see all the AD users and groups..the problem im facing is i cannot add AD users to OD groups under workgroup manager eveytime i add an AD user to the OD group, it shows as "NOT FOUND" and it shows aa weird ID "0433BF34-"
We have an exiting network of approximately 50 Macs running anything from Lion to Leopard. Obviously there are existing local accounts on these machines.What I'd like to do is to administer these users and machines through Lion Server so that I can use the existing user information for all of the services provided by Lion Server, but to do so without altering the way the end user operates and without any data loss.I am having difficulty finding any information on this, but surely someone has installed Open Directory into an existing Mac network.
I'm trying to make it so that my students have the ability to log onto our iMacs (all running Lion) through our Mac Mini Server (also Lion).¬† I recently had to go through drastic changes in order to simply create a directory administrator, yet it still persists.¬†The active directory isn't binded onto the server yet.¬† When I try to bind the my Active Directory with the Mac Mini, I get the following popup after logging in as the Directory Admin:¬†
I have (3) 10.7.4 servers, one is the master and the other two are replicas (192.168.123.127 and 192.168.123.129) When i add new users thru server.app or workgroup, no users are showing up on the replicas†in the log of the server i get this error many times per minute:
i have linked up my AD environment to my Lion server. I have all my users populated perfectly and i have added a few email address values for users. When i try and login via webmail to my account it will not login. When i look in the logs it shows that its trying to authenticate to the local server and not the AD server for the user.¬†how i can fix this so that it uses my AD credentials and such for email also?
I have a small business with 4 computers. I'm wondering if I can keep all the user directories and shared files on a Mini with OS X server and also have the users share the applications that are on OS X server? Is this possible or can you only share the actual files, not the use of programs? I don't quite get why you'd have the user directories on the server rather than each computer.
I have Intego VirusBarrier X6 in several macs. When using it with normal/local/mobile users, I do not have any problem. However, when logging as network user (I have a mac mini with lion server 10.7.4), the macs hang after a while. At the beginning, I tried everything: permissions, firewall, sharepoints, etc on both the client and the server. Only when I uninstalled the software on the client, everything works again normal.¬†
We had everything working perfectly with an earlier version of Lion Server. The update to 10.7.3, or 4, seems to have opened access to all files for all users. Much to our surprise, this wide-open access started without warning.¬†¬†
- We have an external drive that contains all of the company's archives¬†
- We had set access for one employee to get to the files he needs, and different access for another employee. Neither saw sharepoints outside of their access settings.¬†
After an update, each employee can see and log in to all sharepoints. There doesn't seem to be a way to limit access for each employee now. I can set 'read' access for one employee, but it doesn't stop the other employee from accessing that sharepoint/folder.¬†
I have a problem with Network Users defined on my Lion Server accessing the server through VPN or Profile Manager (via Safari) ... I keep on getting authentication errors. Is this because they are network users or am I missing something else?
This works: when I logon to my Lion Server with either local or network users everything seems to be OK including home directory synchronisation.
I tried the following for VPN:my local server account can logon to the server (ie my secret key, user account/password combination are OK ("chap peer authentication succeeded for ...")when I try the same with two of my network accounts I keep on getting authentication errors (VPN) but I'm sure I use the same userid/password combinations as above ("chap peer authentication failed for ...")
I get similar results when I access the Profile Manager (url..)my local server account can logon on to the Profile Manager and sees as all the informationwhen I try this with one of my network accounts (which has devices assigned) I keep on getting 'incorrect user name or password
Hi. I've enabled web, wiki and opendirectory in lion server, but I can't enable users to change their passwords, because the option to modify my default web site in the Web pane in server admin is greyed out.'ve read the documentation, but I'm stuck at this point.
I'm in IT at a shop that is 98% Mac based.¬† At this point in time, we would like to use Lion Server to provide Time Machine backups and software updates to our users.¬† The environment is as follows:¬† We are all using laptops, connecting to our network and the internet using wireless only.¬† The mini has an ethernet cable attached and wireless will not be enabled for it.¬† All Time Machine backups and software updates will be done wirelessly.¬† The backups will be mostly text files, although in some instances there will be large amounts of said files.¬† Of course I will limit and exclude certain folders and file types from backup and I would like to have the user do their first backup via firewire/thunderbolt so the largest amount of data will not be pushed over the air.¬† I'm currently running tests with a few users doing just Time Machine backups to the Mini and all is going well, but I'm curious as to how many people I will be able to place on one Mini before it becomes too much.¬† We have about 70 users now and could be close to 100 by the end of the year.¬† We are a company that will continue to grow too.¬† Anyone have thoughts or experience with a large user base doing backups to a Mini like this?¬† How many users could I fit on each Mini? Would I be better off just going for the Mac Pro?