+ Post New Thread
Page 4 of 4 FirstFirst 1234
Results 46 to 56 of 56
Mac Thread, Uncheck 'Force local home directory..' causes serious delays in Technical; DNS seems to be working ok - all macs and PCs can lookup and reverse lookup with no issues. Dig ...
  1. #46
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,317
    Thank Post
    115
    Thanked 90 Times in 60 Posts
    Rep Power
    29
    DNS seems to be working ok - all macs and PCs can lookup and reverse lookup with no issues. Dig (-x) also resolves ok on the Macs

    I might try the demotion of the server, but that might have to wait until the holidays as its in use at the moment!

  2. #47
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,317
    Thank Post
    115
    Thanked 90 Times in 60 Posts
    Rep Power
    29
    Just to make sure I'm reading this right....

    The hostname in your example (fizz.eatonvalley...) - is that the OD Server, or the client mac?

  3. #48

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    fizz is our OD Master (XServe). Fizz is connected to our AD in a Magic Triangle setup. All of the services are kerberised using the AD realm.

    Having just gone through my entire klist again, I don't have a single entry that has the OD Master realm. This server was built using 10.5 and upgraded in place to 10.6 and is not residing on 10.6.8.

    If you have to demote the OD master, it's not too bad to rebuild. The hardest part is reconfiguring the managed preferences if theres a good number of them. The users are easy as you will be pulling in the users from the AD and so the UIDs will be the same. The OD groups and any OD users can be imported back in once the server has been re-installed. Just use the WGM tool to export the users and groups.

    Make sure that any other items that have been configured are either backed up or noted so that these changes can be re-done.

    Edit: Klist -kt will only show the data for the machine it has been run on as far as I'm aware, which is why i was a little confused over yours but you edited the post with new info.
    Last edited by HodgeHi; 30th May 2012 at 02:43 PM.

  4. #49
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,317
    Thank Post
    115
    Thanked 90 Times in 60 Posts
    Rep Power
    29
    I was looking at the mit.edu.Kerberos file in \Library\Preferences on the OD Master and the default_domain was set to ODMaster.domain.org.uk -I manually edited this and changed it to just domain.org.uk which I'm thinking is correct as it should be referencing the AD Realm, not itself?

    Anyway - saved the change and rebooted and klist still shows the two realms - the actual AD realm and the OD itself!

    Very odd.

  5. #50

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Theres also the krb5.keytab file stored in the /etc folder.

    Just had a look at this file. It looks like the list of services kerberised and the server names associated with them. If you decide to touch any of this file you may want to make a backup first. You may also need to convert it to an XML file first as well.

  6. #51
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,317
    Thank Post
    115
    Thanked 90 Times in 60 Posts
    Rep Power
    29
    Quote Originally Posted by HodgeHi View Post
    Theres also the krb5.keytab file stored in the /etc folder.

    Just had a look at this file. It looks like the list of services kerberised and the server names associated with them. If you decide to touch any of this file you may want to make a backup first. You may also need to convert it to an XML file first as well.
    Is the krb5.keytab file generated by the OD Master? - mine shows as a binary file so I'm not keen to mess about with it whilst the server is in use

  7. #52

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    I think it is. It is usually generated from a default file.

  8. #53
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,317
    Thank Post
    115
    Thanked 90 Times in 60 Posts
    Rep Power
    29
    I've tried again - flat install of 10.6.2 and upgraded to 10.6.8 with the combo. Added no applications and joined to the AD domain and then OD. Logged in and within 10 minutes I see the smb_iod_sendall error in the log.

    So I guess unless we upgrade to 10.7 (not worth it IMO) we're going to set these up as Windows 7 machines and ditch OSX for the time being. I might revisit this in another year and see if apple have managed to sort this out. Oddly enough - getting Windows 7 to work on these was considerably easier than I thought. Perhaps MS aren't so bad after all :-)

  9. #54
    ste1988's Avatar
    Join Date
    Jan 2012
    Location
    West Midlands
    Posts
    176
    Thank Post
    77
    Thanked 24 Times in 23 Posts
    Rep Power
    13
    Quote Originally Posted by Sheridan View Post
    I've tried again - flat install of 10.6.2 and upgraded to 10.6.8 with the combo. Added no applications and joined to the AD domain and then OD. Logged in and within 10 minutes I see the smb_iod_sendall error in the log.

    So I guess unless we upgrade to 10.7 (not worth it IMO) we're going to set these up as Windows 7 machines and ditch OSX for the time being. I might revisit this in another year and see if apple have managed to sort this out. Oddly enough - getting Windows 7 to work on these was considerably easier than I thought. Perhaps MS aren't so bad after all :-)
    Mountain lion will be nicely patched by then, and you can skip lion all together

  10. Thanks to ste1988 from:

    mac_shinobi (1st June 2012)

  11. #55
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,317
    Thank Post
    115
    Thanked 90 Times in 60 Posts
    Rep Power
    29
    Whats after that? Sleepy Lion!?

    I managed to get rid of the double realms in the kerberos - by deleting the krb5.keytab file on both client and server.Both now show a simple list of services kerberized only by the AD domain. Has made no diffence to the lock ups but I do seem to get more lockups for users on one particular server. Whether this is anything relevant or not I don't know as the frequency is variable anyway.

    Working fine with Windows 7 though

  12. #56
    ste1988's Avatar
    Join Date
    Jan 2012
    Location
    West Midlands
    Posts
    176
    Thank Post
    77
    Thanked 24 Times in 23 Posts
    Rep Power
    13
    Quote Originally Posted by Sheridan View Post
    Whats after that? Sleepy Lion!?

    I managed to get rid of the double realms in the kerberos - by deleting the krb5.keytab file on both client and server.Both now show a simple list of services kerberized only by the AD domain. Has made no diffence to the lock ups but I do seem to get more lockups for users on one particular server. Whether this is anything relevant or not I don't know as the frequency is variable anyway.

    Working fine with Windows 7 though
    No i think they should leave the cat family alone after the next release, maybe elephant next

SHARE:
+ Post New Thread
Page 4 of 4 FirstFirst 1234

Similar Threads

  1. Force local homes
    By _Bat_ in forum Mac
    Replies: 3
    Last Post: 26th October 2011, 10:46 AM
  2. Replies: 0
    Last Post: 24th May 2011, 02:44 PM
  3. Replies: 12
    Last Post: 6th May 2010, 09:33 AM
  4. Replies: 19
    Last Post: 20th June 2006, 03:53 PM
  5. Replies: 9
    Last Post: 16th June 2006, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •