Archive

Archive for the ‘OS X’ Category

Snow Leopard Client And Active Directory

June 18th, 2013 Comments off

In the midst of our migration to Active Directory, we’ve run into a snag…

To set the stage – We were forced to stand up a “temporary” AD Domain (running on Server 2008 R2)¬†for a copier project with the understanding that our “real” AD Domain would take over duties for the temp. No biggie. After the fact, we’ve had a consultant on-site working with us to help plan out our migration. While testing Mac client binding with the Server 2008 domain, we ran into issues binding Snow Leopard clients to the domain. Trying to bind through the GUI gave us this lovely 5102 error:

aderror

Google was no real help with the error itself and any fixes we did find, did nothing to help us resolve the issue. Mindful of the fact that we would be running AD under Server 2012, our consultant suggested we try joining the domain he had set up in a VM on his laptop which was running Server 2012.

We go through the steps and Voila! Successful bind to 2012. Okay, no worries. Or so we thought.

We setup our new domain, running on Server 2012. There have been no major policy changes except to relax the password policy (due to our crappy existing passwords, which will be changed). Tried binding a Snow Leopard client and we’re back to the 5102 error. Try binding the same client back to the VM on our consultant’s laptop and it still works flawlessly.

We’re stumped. Sure, we could bring our OS up to speed on over 1,000 clients… If we had the time to do that, which we don’t.

So, here’s my cry for help. If anyone has run into this issue and found a fix, let me know. This one is making our consultant scratch his head and he’s pretty damn smart.

Obviously, if we do get it worked out or if someone has ideas, I’ll be posting them here to share with the next guy who runs into this problem.

(UPDATE 3/25/14 a.k.a. “Way After The Fact”)

The problem wound up being our content filter which sits between our clients and our DC. It had been patched to address a UDP attack vulnerability and stopped our 10.6 clients from correctly communicating with the DC. Our filter provider resolved the issue for us.

Speaking Of Xserves

August 18th, 2011 Comments off

We’re still running Zimbra at work and it’s still providing us with what we need as a collaboration suite. Unfortunately, we’re running on Leopard Server and still stuck on version 5 due to Apple’s unwillingness to fix the bugs in their server software.

Which is why we’ll be migrating from the Xserve to an Ubuntu server*. I have a conference call with Zimbra’s Professional Services people to begin the planning of the migration. I put the call into them due to the fact that we’re migrating hardware and software at the same time, as well as upgrading the storage system that mail resides on. Looking forward to the challenge and keeping my fingers crossed that all goes well.

*A server that will not have an HP logo on it.
Categories: OS X, Servers, Zimbra Tags: ,

On A Happier Note

August 18th, 2011 Comments off

I finally got our authentication/home directories deployed. Running on Xserves.

The same Xserves that Apple discontinued 8 months ago.

<Sigh>

Categories: OS X, Servers Tags:

Call For Assistance

August 5th, 2009 Comments off

If there are any OS X Server gurus out there, I’m having issues with Tiger client Netinstall images and Leopard server.

They just don’t work!

The machines netboot just fine and look like they’re going to image properly but the installation ends after 3 seconds with a “Software successfully installed” message. The only thing that’s happened is the machine name has been changed.

If anyone can point me in the direction of a solution, give me a holler!

Thanks!

Categories: OS X, Servers Tags:

Just Curious

August 25th, 2008 Comments off

This one is for any other sysadmins that happen to stumble across this blog…

Our school district has the worst data management possible. We have had active email accounts for people who haven’t worked for us in years.

It’s that bad. Actually it’s worse (although I don’t know if this counts as worse)…

We have no directory services in place – For each system or application we have that requires authentication, that system or app has had it’s authentication information maintained manually. It’s been a nightmare to say the least.

We’re finally implementing directory services (Apple’s Open Directory) and we’re planning on having it drive everything authentication-related. But we still have a problem with the data we get (or don’t get) from our HR department. A plan has been fashioned to use a PHP/MySQL customised system to give multiple people access to the data in our directory and update it as needed. I’d go into more detail, but I’ll be honest – this thing seems like it’s grown to monolithic proportions and I’m at a point where I A) don’t really know anything about it, B) don’t even think I understand it anymore, and C) don’t even have access to it.

So… my question is… is it wrong that I feel extremely hesitant (borderline refusal) to allow that much access (pretty much everyone in district – user password changes will theoretically be handled by this system) to the directory data?

Or am I just looking at it from a ‘Chicken Little’ point of view?

Categories: OS X, Servers Tags:

Zimbra

August 3rd, 2008 Comments off

One of the projects I’m involved with at work is implementing a new email system. We’re going to be moving approximately 2100 users from Squirrelmail to the Zimbra Collaboration Suite. As part of the transition we’re not going to be moving user’s mail, instead choosing to go the fresh slate route. All of our users will still have access to their old mail for some time to get what they really need out of their mailboxes. We’re also going to be moving completely away from using mail clients, opting instead to have our users access their mail through the ZCS web UI and utilize all of it’s features. We didn’t make these choices lightly, but honestly our users have a habit of using their email for jokes, shopping, and more jokes – none of which I feel like moving. As for the mail client decision – anyone who’s ever migrated 3GB worth of email from one computer to another can probably see where we’re coming from.

In terms of the user experience, moving from Squirrelmail to Zimbra is akin to trading in a Ford Model T for a Dodge Viper. Zimbra has a beautiful AJAX UI that, while being easy on the eyes, is also extremely functional. Users essentially have all the functionality that they would expect from a locally installed client. One nice thing about Zimbra is that you’re not locked into using the AJAX interface – you can choose to use a standard HTML interface which is a stripped down version of the UI, but still a million times better than what we’re moving from.

One of the things I’m hoping to do with this blog is provide information on our Zimbra implementation that other admins may find useful. I’ve spent hours trying to find solutions to problems we’ve run into already (syncing Zimbra’s internal LDAP server with an external OD server and auto-provisioning new email accounts for instance) and if I can save another admin the hassle, I’ll be satisfied that I accomplished something.

Categories: OS X, Servers Tags: , ,