Sunday, May 31, 2009

OSX Server bonding issues

We had some crazy issues with our OSX server setup. When we had clients join the server we had odd permission problems, synchronization issues with passwords etc. After much mucking around it turns out it was mostly our fault. Our OSX server is also a target for SSH from the outside (not on the normal port 22 and requiring certificates). To support logging in I had created some local user accounts on the OSX server machine, and for convenience I had given them the same names as the server accounts.

DONT DO THAT

OSX server gets very confused if you have local accounts with the same names as the server accounts. And you don't need the local accounts anyway as you can enable the server accounts to login/get a shell through the admin tools. Deleting all the local user accounts and enabling the ones we needed to login helped a lot of the issues.

The Leopard client still does odd things when you're looking at group/user permissions (and ACLs) on network shares. Seems that Apple messed this up in the UI in Leopard so that if you look at them you see things that just don't make sense as the users/groups are not getting copied over from the server and displayed correctly. Under the covers of the UI the right things seem to be happening but it can be confusing for the users.

0 comments: