+ Post New Thread
Results 1 to 13 of 13
Mac Thread, Updating to 10.9 in Technical; Hi All, I've been asked to update the macs in our music classroom (19 iMacs and a MacMini server 10.8 ...
  1. #1

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    81
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Updating to 10.9

    Hi All,

    I've been asked to update the macs in our music classroom (19 iMacs and a MacMini server 10.8 which uses WGM to lock down student permissions & they are also binded to AD so students log on with their windows credentials) to 10.9 in order for them to use the updated version of Garage band.

    Can you see any problems arising from this, will the WGM settings still apply when updated to Mavericks? Will I need to update the server also, if so will the settings be saved does WGM run on 10.9 or will i have to go to profile manager?

    Any help would be much appreciated.

    Thanks

    Mike

  2. #2

    abillybob's Avatar
    Join Date
    May 2013
    Location
    Shropshire
    Posts
    2,433
    Thank Post
    209
    Thanked 306 Times in 227 Posts
    Rep Power
    192
    Quote Originally Posted by mike86 View Post
    Hi All,

    I've been asked to update the macs in our music classroom (19 iMacs and a MacMini server 10.8 which uses WGM to lock down student permissions & they are also binded to AD so students log on with their windows credentials) to 10.9 in order for them to use the updated version of Garage band.

    Can you see any problems arising from this, will the WGM settings still apply when updated to Mavericks? Will I need to update the server also, if so will the settings be saved does WGM run on 10.9 or will i have to go to profile manager?

    Any help would be much appreciated.

    Thanks

    Mike
    Update server first and then the clients, you should be perfectly fine! Although make sure you update all the applications also such as iPhoto, iMovie etc... All our setting on Workgroup Manager just migrated over it all worked very well but remember server first!

  3. Thanks to abillybob from:

    mike86 (8th July 2014)

  4. #3

    Join Date
    Dec 2013
    Location
    North East
    Posts
    51
    Thank Post
    15
    Thanked 19 Times in 12 Posts
    Rep Power
    5
    We left our server on 10.8 for the foreseeable, upgraded clients to 10.9 with a fresh image and used deploystudio to roll it out, we are full mac over here though so this was for a wide-scale update process over a few hundred machines.

  5. #4

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    81
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks, looks like either way is good then...Did you find when leaving 10.8 on the server that WGM settings applied to machines?

  6. #5

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Mavericks has an issue that cripples ACLs on the server-side, rendering the files inaccessible by the domain admin. To make matters worse if the user account does not have a home directory pre-populated with the mac home dir structure, the mac client will fail to create it also causing the files to be inaccessible but the domain admin.

    If you're macs are not bound to the AD then the issue is non-existent.

    Beware of Mavericks when bound to a 20087/2012 server. 10.9.3 also does not resolve the issue.

  7. Thanks to HodgeHi from:

    mike86 (10th July 2014)

  8. #6


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,757
    Thank Post
    221
    Thanked 2,629 Times in 1,938 Posts
    Rep Power
    779
    Quote Originally Posted by HodgeHi View Post
    10.9.3 also does not resolve the issue.
    Have you tried 10.9.4? I can't imagine it would make much of a difference however.

  9. Thanks to Arthur from:

    mike86 (10th July 2014)

  10. #7

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    I don't think the issue is going to go away to be honest. Apple could develop their implementation further and then tomorrow MS could release an update. the SMB protocol seems to be being developed quite quickly at the moment at MS. Not sure how well the Open Source version of SAMBA is doing with regards to compatibility.

    You can check the issue by going to a mac client that is bound to the AD, opening the get info pane and changing the ACLs. On 10.9.2 the server-side ACLs will disappear from the list. But they also disappear from the Security tab on the windows server too.

  11. Thanks to HodgeHi from:

    mike86 (10th July 2014)

  12. #8

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    81
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for that, was just about to install the update too...Could you explain this a bit more please? Our macs are bound to AD & the users get their windows home directory plus another drive is mapped from the share on the OSX server. From reading your post I imagine that when the users log on their home drives would become inaccessible by the domain admin & the user...Starting to think may be worth just updating the clients and leaving the server on 10.8.

  13. #9

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Its the clients that cause the issue more so than the server, but the server would have the same issue since it is basically Mavericks with an app chucked on top.

    The issue is seen with a mac client being connected to the AD and the shares on the windows servers, predominantly server 2008r2/2012 (not sure about 2012 r2 but i would take a stab guess that as well).

    If a mac client is NOT bound to the AD then the problem doesn't arise. However, as soon as that client is bound to the AD the mac client can then edit ACLs in the Get Info pane that it should not have access to. The user gets a warning but the damage occurs anyway.

    You also don't need to login using AD credentials either. You can log on to the mac as the localadmin, Use connect to Server to mount the share and authenticate as a standard AD user. This also replicates the problem.

    In 10.9.3 this does not happen in the get info pane, but the creation of Home Dirs continues to fail. This may not sound like a problem, but then how do you create all of the new home dirs for the new Yr7s coming in in September?

  14. Thanks to HodgeHi from:

    mike86 (10th July 2014)

  15. #10

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    81
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0
    thanks for that mate, starting to be a bit clearer...Sounds like that could cause a lot of damage...although would they only be able to destroy their home folders? Can you see any problems with having a 10.8 server and 10.9 clients?

  16. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Ignore the 10.8 server. The issue is with 10.9. Clients or otherwise. The Mac server being 10.8 is irrelevant. You can remove the mac server from the set up completely and the issue with the AD file shares still remains.

    You can test the problem if you like. Simply upgrade one client to 10.9 and test with what I said above. Create a test share with some test data though. And yes the issue should be contained in the individual home dir. It only affects shares where the user has full control/ read/write access.

    Some say that a workaround is to remove the change ownership rights, but this could potentially cause more issues.

  17. Thanks to HodgeHi from:

    mike86 (10th July 2014)

  18. #12

    Join Date
    Mar 2012
    Location
    Cheshire
    Posts
    81
    Thank Post
    34
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Will give that a go...all this just for the new garage band!!

  19. #13

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Garageband is worth it though

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 15th March 2013, 03:30 AM
  2. Applying Updates to Servers
    By Outpost in forum Wireless Networks
    Replies: 35
    Last Post: 30th July 2007, 10:58 AM
  3. Should I upgrade 10.3 server to 10.4?
    By sidewinder in forum Mac
    Replies: 3
    Last Post: 1st May 2007, 07:51 AM
  4. Mark Minasi's Update to Mastering Server 2003 out soon.
    By ChrisH in forum Books and Manuals
    Replies: 23
    Last Post: 20th December 2006, 10:40 PM
  5. Replies: 11
    Last Post: 20th October 2006, 04:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •