ClickView – Check it out!
Jun 182008
Part 2…
With all Mac access completely offline and LDAP authentication for some odd (and at this point unknown) reason not able to hold a constant connection, I decided to use and configure the Directory Services Active Directory (AD) plugin. I could see the advantages and disadvantages of using the AD authentication method. However, my main concern at this point was to relieve the pressure on me from the powers to be with a quick-fix solution.
The main advantages would be a single set of user credentials for all computers (Mac & PC) in the school and easy (mapped) access to the users Windows hosted home folder. The disadvantage was that with the time constraints I was unable to find a way to map the users Windows home folder, Mac home folder and possible other AFP mappings at login. The workaround I used was to create a shortcut to the servers AFP path on all the Mac computers, which allowed users to list the directories that they had access too. During the coming holiday break I will be investigating further to find a solution.
So, I bound the XServer to AD without any hassle, opened Workgroup Manager, selected AD as the search path, authenticated and the users populated from AD. My colleagues and I then went to each Mac one by one and bound them to AD using a unique name. The only problem we ran into was that AD requires that the time on the client computer be the same (or close to the same) as the Domain Controller. With the occasional hassle, we synchronized the time settings on all Mac clients to our Domain Controller, which then enabled us to successfully bind.
With that all done I am now waiting for a full class login to occur to test the server reliability and authentication method. We will be purchasing a copy of Leopard server in the not too distant future and with the installation of this server upgrade, I am contemplating rolling back to the LDAP authentication as it allows for more flexibility and customisation considering the somewhat unique options our Mac network requires.
This is definately not the last I have seen of this issue…
Jun 172008
Recently our OS X Server crashed and burned. A Mac tech. and I tried put our heads together and attempted to bring the system back life and restore its previous state. The file system and user data was all intact however, we could not consistently keep the network services (AFP, Open Directory, etc.) running. We even went as far as trying a complete rebuild on an alternative XServe then restoring the OD and Directory Services settings but this was also to no avail. Let me give you some background as to how our Mac network WAS setup;
We are primarily a Windows based domain. The only pocket of Macs we have are for our Photography and Visual Arts departments (and an odd Mac Book here and there). The original setup was conceived well before my time at my current company so up until I was thrown into the guts of the Mac network when the whole system went down my knowledge of the server setup was on a need to know basis. The XServe had a Directory Services LDAP connection to our Windows 2003 LDAP server and had a custom binding to pull user information from Active Directory. I never completely explored the custom mappings but from what I have been told it was a fairly intense setup to provide the out of the ordinary needs at the time.
This is my first job where I have had to support Macs so my knowledge was very limited but from the start I found the setup to be somewhat odd. The Macs would always take a considerable amount of time to startup (which I worked out later was due to Directory Services taking an age to authenticate), user accounts would randomly stop working or be denied access to applications. The main method behind the madness was to allow users to maintain their Windows based home folders, but also have a network mapped home folder on the Mac server when logged into a Mac computer. I had always wanted to reconfigure the server myself but without the necessary time or expertise I stopped myself from opening that can of worms. But with the server now down for the count I was forced to commission my plan…
More blabbering to come….
Dec 032007
We are currently port monitoring a number of ports on one of our HP switches as we are evaluating a new content filtering software. We decided to use port monitoring as to not disrupt our current filtering software (thanks to ACCUCOM for your assistance setting this up). This was achieved by doing the following:
- Both the monitored port and monitoring port must be on the same switch.
- Browse to the IP address of the switch containing the ports as explained above in your web browser.
- Navigate to the Configuration tab and select Monitor Port.
- Select the Monitor Selected Ports radio button and select the Monitoring Port from the drop-down list.
- Select the ports to monitor from the listed ports (multiple ports can be selected) and click the Apply Changes button.
- All traffic from the selected ports will now be mirrored to the monitoring port.
Follow Me!