Good morning,
I have been having numerous issues over the last 3 weeks or so. I would write it all down here but instead could i refer you to this thread where i have already done so:
Apple - Support - Discussions - AD Users auth Ok but cannot log into ...
Hope someone can help me here or even confirm that they are experiencing similar issues so i know i am not going insane.
Thanks,
Mark.
What are the permissions on the root of the XRAID partition? I believe that you need other execute on it, along with the root of the sharepoints.
I've had issues with this in the past, and it's always been permission problems.
HodgeHi (3rd September 2009)
So the root of the XRAID should be something like rwxr-xr-x?
I am completely unsure about how the permissions should be in all honesty. I had a fully working system before and now all hell has broken lose since i rebuilt the XRAID and finding information on the process to build a RAID array is near impossible to find i.e. do you use terminal with sudo or disk util under an admin account or should you use root's?
I managed to get it half-working at one point but finder took around 2-3 minutes to load. I think this also to do with permissions but things seem to work ok after everything loads. i gave the AD user posix permissions for their home dir and chmodded them to 700. Is this the norm?
Hope you can help and thanks for the info given already. I will check the permissions on the XRAID o Monday.
having just finished doing the Apple server essentials course (and passing) the trainer advised us not to use them together due to issues with the permissions. if your sharing for windows users then just use SMB as both will have access to the folders.
the first rwx is the owner the second the group and the third is for everyone else
HodgeHi (3rd September 2009)
I have since re-installed Leopard server on a test bench mac mini. The version was 10.5.4. I went through the AD-OD paper as i have done before. I used an OS X 10.5.8 client, a server 2003 r2 server (installed natively on another mac-mini) and also an XP sp3 client (also installed natively on a mac-mini).
Now, the AD-OD paper used a share called homes$ on the AD Server and a share called homes on the OD Server, shared using AFP.
The outcome was that logging in was still slow compared to when i used 10.5.0 -10.5.7.
I also had some issues when trying to access the shares. Permissions related i think, and also when logging into the OS X Client for the first time, it keeps adding everyone deny ACLs to some of the folders. This never happened before.
I also found that i needed to start SMB service before i could change the home folder path in Server 2003 for he users. It does not say this in the AD-OD paper but i can't recall having an issue before?
So still at the starting line. I just need to test SMB now...
So i tested SMB for the protocol to mount the home shares instead of AFP. I was presented with an error stating that the Home dir was deleted or access in denied. I checked to see what was happening and for some reason i had to authenticate to get access to the home dir. S it seems that kerberos isn't working for SMB but it does work for AFP?????
I think i'm about to jump off a bridge
Here's what i have after a re-format of the XRAID array:Originally Posted by DMcCoy
Code:OD_server:~ admin$ ls -la /Volumes/Data total 2004192 drwxrwxr-x 13 admin staff 510 Aug 24 11:01 . drwxrwxrwt@ 4 root admin 136 Aug 24 12:44 .. -rw-rw-r--@ 1 admin staff 6148 Aug 24 12:45 .DS_Store d-wx-wx-wt 3 root staff 102 Aug 24 12:44 .Trashes drwx------ 6 root staff 204 Aug 24 12:44 .fseventsd drwxrwxr-x+ 9 admin staff 306 Aug 19 11:19 ComputerImages drwxr-xr-x@ 4 admin staff 136 Aug 17 17:08 DeployStudioServer_v1.0rc13 -rw-r--r--@ 1 admin staff 1026122687 Aug 5 17:53 MacOSXServerUpdCombo10.5.8.dmg -rwxrwxrwx@ 1 admin staff 1055 Aug 17 17:03 Users.command -rw------- 1 admin staff 925 Aug 18 08:39 com.apple.desktop.plist -rwx------@ 1 admin staff 272 Aug 21 13:05 re-create_userdir.sh OD_server:~ admin$
Where are the users home folders stored?
They were in a folder called UserHomes. I will re-create the folder with share permissions and post those...
This is the XRAID currently. The folder UserHomes is the shared folder for auto-mounting.Code:Last login: Mon Aug 24 13:57:56 on ttys000 OD_server:~ admin$ ls -la /Volumes/Data total 3559008 drwxrwxr-x 16 admin staff 612 Aug 24 14:56 . drwxrwxrwt@ 4 root admin 136 Aug 24 14:54 .. -rw-rw-r--@ 1 admin staff 12292 Aug 24 14:56 .DS_Store drwx------ 3 root staff 102 Aug 24 13:04 .Spotlight-V100 d-wx-wx-wt 3 root staff 102 Aug 24 12:44 .Trashes drwx------ 6 root staff 204 Aug 24 12:44 .fseventsd drwxrwxr-x+ 9 admin staff 306 Aug 19 11:19 ComputerImages drwxr-xr-x@ 4 admin staff 136 Aug 17 17:08 DeployStudioServer_v1.0rc13 -rw-r--r--@ 1 admin staff 1026122687 Aug 5 17:53 MacOSXServerUpdCombo10.5.8.dmg -rw-r--r--@ 1 admin staff 796055279 Aug 13 01:00 MacOSXUpdCombo10.5.8.dmg drwxrwxr-x 3 admin staff 102 Aug 24 14:55 UserHomes -rwxrwxrwx@ 1 admin staff 1055 Aug 17 17:03 Users.command -rw------- 1 admin staff 925 Aug 18 08:39 com.apple.desktop.plist -rwx------@ 1 admin staff 272 Aug 21 13:05 re-create_userdir.sh OD_server:~ admin$
How are the folders for students arranged, and where are the sharepoints.
Are you using AD for user accounts, and do AD users only have one home folder that is the one on the mac server? Are you using augmented records in OD?
The sharepoints are on the OD which is the UserHomes folder. I was going to use the UserHomes folder to store both the Staff and Pupils as opposed to last year where i had a separate share point for staff and pupils. I started experiencing the issue that you mentioned in another thread where if a student logged on and then off, a member of staff (mounting a different share-point) could not log on until the system was restarted.
I thought doing it this way would alleviate the problem since they were all in one location. We only have around 250 users in total.
We are using AD for users accounts and the way i am setting it up is to have the Home dirs stored on the OS X Server, with Active directory redirecting the XP docs into the Home dir docs on the OS X Server thus merging to 2 together.
Their XP profiles are stored on the AD Server, mandatory for Pupils and roaming for Staff. This is how i had it last year. The only issue i had with this was AFP losing files
Last edited by HodgeHi; 24th August 2009 at 04:19 PM. Reason: spelling
Create a new test sharepoint on the normal server drive. Alter a user to use this sharepoint for their home folder, you will need to create the folder and assign full control by hand for the moment.
Have the share as
Users/TestUser
or something similar with just one level below the home folder. For now set the owner of the folder as the AD users, and set full control for owner, acls can be later.
I have tried creating an OD User and created a sharepoint for his home dir on the os drive. I set the share up so everyone had read/write access and full control over the share. I propagated the permissions and created the users home folder. I logged in and still finder took an age to load.
There are several issues.
The AD users folder need to be create manually
The Unix permissions need to be set on the folder
The AD ACLs need to be set on the folder.
Try these settings with a test user:
The DOMAIN\user may have to be done as user@domain.com in 10.5.Code:mkdir /Volumes/RAID/Shares/Users/Students/04/test04 chmod +a "DOMAIN\test04 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Volumes/RAID/Shares/Users/Students/04/test04 cp -r /System/Library/User\ Template//English.lproj/ /Volumes/RAID/Shares/Users/Students/04/test04/ chown -R test04:administrator /Volumes/RAID/Shares/Users/Students/04/test04/ chmod -R ug+rwx /Volumes/RAID/Shares/Users/Students/04/test04/
You can probably skip copying the default profile, 10.5 is less prone to crashing without the default folders.
HodgeHi (3rd September 2009)
@DMcCoy
I haven't tried your commands yet, but i did run my own script to create the AD users' Home Dirs. This is what i used:
It's a bit rough but better than nothing since i know diddly squat about scriptsCode:#!/bin/bash # userlist.sh #Exporting the Usernames dscl /Active\ Directory/All\ Domains -list /Users UniqueID| awk '{print $1","$2}' > $PWD/Users.txt #Setting UIDs variable as the list of names in the Users.txt UIDs=$PWD/users.txt #Change the HomeDir variable to the location of the Users Home Dirs. HomeDir=/Volumes/DATA/UserHomes/ #Create the User Home Dir location folder #sudo mkdir $HomeDir #Creating the name variable with the names from the users.txt file (UIDs variable) for name in $(awk 'BEGIN{FS=","}{print $1}' < "$UIDs" ) #for name in $(awk 'BEGIN{FS=","}{print $1}' < "$UIDs" ) # Field separator = : ^^^^^^ # Print first field ^^^^^^^^ # Get input from password file ^^^^^^^^^^^^^^^^^ #Run through the users.txt creating the home directories for each user do sudo mkdir $HomeDir/$name sudo cp -R ~/Desktop/English.lproj/ $HomeDir/$name #chown each Home Dir to the users who owns it sudo chown -R $name $HomeDir/$name sudo chmod -R 700 $HomeDir/$name let "n += 1" done sudo rm -R /Volumes/Data/UserHomes/guest sudo rm -R /Volumes/Data/UserHomes/krbtgt sudo rm -R /Volumes/Data/UserHomes/support_* sudo rm -R /Volumes/Data/UserHomes/administrator sudo rm -R $PWD/users.txt exit 0
Could you see this presenting any issues with regards to permissions?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
