macOS Server 5.4 - File Sharing Difficulties

[EdenBrackstone]

Evening all,

I've copied this post from an identical one I made on Apple's Support Communities here: https://discussions.apple.com/message/32660837#32660837

I'm afraid I don't frequent these forums but would appreciate any feedback or comments on the scenario I have documented below as it has really derailed my weekend.

Taken from the top...

The new (missing and fundamentally broken) implementation of SMB/AFP file sharing in macOS Server 5.4 is nothing short of catastrophic for anyone who's found themselves in a similar situation to myself over the past several days.

This is the first and only occasion I've deliberately and willingly downgraded from a particular version of Apple's software. Will summarise the situation in more detail below, but the net result of an entire weekend's work has been to go from macOS 10.13.x High Sierra back to macOS 10.12.x Sierra and its corresponding version of the Server app... just to regain what most would consider basic file sharing functionality.

Background

It is worth noting that the recent security update from Apple that 'broke' file sharing didn't necessarily contribute to our difficulties, as a) the update was installed after these problems occurred and b) the problems continued even following a complete reinstall of the system as you'll see below. The basic system configuration is as follows:

• The server in question is managed for a small local business with 5-10 user accounts, 3 groups, and a handful of shared folders.
• It was deployed in late 2016.
• It is a Mac mini running relatively high specifications including an SSD for primary storage.
• Other basic network infrastructure includes a gigabit switch, Time Capsule and dedicated fibre connection via an ISP provided modem and router.

Initial Issues

Cracks started to appear on site within the last several weeks, notably when the server could not be accessed via the known administrator credentials. This resulted in the Mac mini being taken off site for said credentials to be reset as we weren't easily able to connect a display, keyboard and mouse where it was located, nor were we able to access the Mac via screen sharing. At this stage of the job, the status was as follows:

• Following an administrator account reset, the server was updated to macOS 10.13.x High Sierra while it was easily accessed via dedicated peripherals.
• Remote access was restored via the new credentials and assigned to a Team Viewer account as a backup means of access.

No known cause was discovered for the credentials not working, and is most likely user error unrelated to the issues presented later.

Post-Update Difficulties

Immediately following the update to High Sierra, the client began complaining that access was sporadic, some accounts weren't working and file permissions were all over the place. We began investigating the symptoms and quickly realised this was a fairly complex issue and we again needed direct access to the server and client Macs to test the problems and find a solution. The following troubleshooting steps were taken:

• Removal and recreation of all pre-existing accounts and groups.
• Recursive and non-recursive permission adjustments both via Finder and Terminal.
• Disk repartitioned with a dedicated volume for shared data.
• Disk repaired and verified, both via Disk Utility and Single User Mode.

None of these steps resulted in a scenario where the server behaved as expected, even for basic file sharing. A partial list of the issues we ran into is as follows:

• Settings to individual Shared Folders within the Sharing pane of System Preferences (this is the new location for file sharing settings after they were inexplicably removed from the Server app) would not save, and permissions would revert to the default set upon closing and reopening the window.
• Access permissions did not translate to real-world behaviour; a connecting user would either be granted complete access to all shared folders or would fail to authenticate entirely.
• Within a given shared folder, read and write permissions were inconsistent with those set in the Sharing pane.
• Ignore Ownership on a volume seemingly had no effect on access rights.
• The local hostname would frequently fail to save or display an old and conflicting version of itself.

At this stage it was clear that whatever the problem was had deep roots and we opted to restore the boot volume with a clean install of macOS seeing as the data had been safely relocated to another volume on the same disk. Due to the APFS file system's handling of local Time Machine snapshots, we also had to remove chunks of hidden data via Terminal to free up enough space for the aforementioned repartitioning to take place. This left us with:

• A fresh install of macOS on a disk containing two APFS volumes; a 175GB boot volume and a 325GB data volume.
• Default file permissions on all files within the data volume as if they'd been created locally by the administrator.

However, this clean install left us with the same scenario where access privileges were inconsistent. This was the case for all files shared by the system irrespective of location. We tested locally on both volumes both inside and outside of the administrator's Home Folder and with an external drive freshly formatted. At this point I could eliminate the data as the culprit, as even a newly created folder dragged into the Shared Folders section of the Sharing pane in system preferences would behave as expected. Client devices of all types would frequently fail to authenticate, or make data visible to the user logging in that should have been prohibited based on the permissions that had been set.

Solution

Countless hours into what should have been a simple job and I made the decision to fall back to macOS 10.12.x Sierra. Issues restoring the disk back to a non-APFS file system notwithstanding, the reinstall went smoothly and upon a brief configuration of the 'old' version of the Server app, file sharing suddenly started behaving as it should have. Literally, with zero configuration beyond creating a single test user and shared folder the problems appeared to have been solved.

I'll stop short of drawing conclusions here as to why this happened or what motivated Apple to remove the settings specific to AFP/SMB file sharing from the Server app, but it has not been well received based on the considerable amount of reading I did online during this job.

I'd encourage Apple's macOS development team to revisit this decision as it will undoubtably affect many other administrators, perhaps to a lesser degree than it has for me this past week, but enough to erode the confidence in software that was once regarded as sound and reliable.

My suggestions to my client now include plans to augment the server with cloud-based solutions and eventually migrate towards a scenario where the local file server is no longer required.

 

[hobowankenobi]

Thanks for posting.

Sad...but not too shocking to me. Having been running Server since 10.2.1 or so, it has almost always been that a new version tends to break stuff, and file sharing/permissions have been one of the usual suspects.

And that was in a normal 10.x update...nothing as severe as a massive change to the GUI coupled with a new file system, no longer supporting AFP, etc. The list goes on.

Anyway, in a normal update year, I have learned to wait until at least 10.X.3. Sadly, sometimes it is .5 or even .6 before the nasty, flagrant bugs are squashed. There was a release or two that were never right, and required serious workarounds...or waiting for the next full release.

Based on the limited functionality, big changes, and problems reported, I doubt I will go 10.13 + Server until 10.14 is released and at about 10.14.3. And then compare and see which is best....or least broken.

So...yeah. It sucks. But after all these years, not surprising. The real questions now are:

• Will they fix (basic file sharing features) in 10.13 + Server 5.x, and if so, when?
• Or will the fix be 10.14 + Server 6?
• Or will there be something else?

Anybody holding their breath will be long dead before this gets sorted out I fear. In this day and age, it is very sad that Apple cannot release reasonable file sharing that just works. If others like Synology can, why can't they?

----------------------

As to why...could be several things.

My opinion: Apple went down the enterprise path about 2003 because they saw a need for businesses trying to get Macs running and happy in Enterprise, and playing nice with Win Server. I remember how big a deal it was when Apple rolled ACLs into the OS (about 10.5 IIRC) so that file sharing would work well with PC clients.

Same time they released all the rack mounted gear. There were precious few options for hardware that played nice with OS X, so it appeared Apple released their own to solve this issue.

Those of us using and supported mixed platforms were really excited.

Fast forward a mere 5 years, and Mac-friendly enterprise gear was coming from third-party vendors...and Apple no longer needed to make hardware (at least storage). They may have had grandiose dreams that Server OS would really put a dent in Win Server. It didn't.

In some ways, the opposite happened: enterprise became more Mac and iOS friendly, and all the new MDM options appeared. Win Server now plays nice(er) with Mac clients.

Jump forward a few more years, and Linux boxes have taken considerable share from Win Server...and cloud storage is becoming a thing. Apple invests billion in iCloud, as well as everything else happening from Amazon S3, to Dropbox, to all nearly all servers (except Apple) being moved to virtualization.

So Apple decides that their client devices—MacOS and iOS—no longer need Apple hardware/software to run in enterprise. And they start backing out of the market. Apple stopped trying to solve a problem that mostly solved itself, in spite of Apple server gear, not because of it.

That all makes sense...except for the SMBs and smaller education markets that depend on the simpler, cheaper, no-license-needed physical servers for boring stuff like file serving or FTP. They need less and lower skilled support staff. Still a good, simple solution that folks still use and like.

I fear that outside of Profile Manager and NetBoot, this current state of Server reinforces my theory. Lots of signs along the way:

• Dropping all storage and rack mountable anything
• Dropping all hardware with any RAID
• Dropping all hardware with PCI slots or any real expansion
• Dropping all hardware with any real internal storage
• Killing AFP
• Removing features in nearly every Server release
• Not (quickly) fixing Server bugs

Too bad. Really too bad.

Before the new MP design, I had high hopes of a convertible tower; a bit smaller than the old MP tower with (perhaps) removable handles that could mount an optional rack-mount kit. Coulda been a great seller.

Been hoping this moment would not come for many more years. It may be here now: End of the road.

My next File Server at work will likely be a NAS, probably Synology. They just work. Lots of compelling features that make them more tempting than a MacOS Server...even before you factor in bugs and half-baked, unusable rollouts.

 

[iansilv]

Guys I'm reading your posts here and dealing with similar issues at work. I really want the ability for any of my employees to log on to any computer with their credentials and be able to have their desktop and settings appear. Roaming directories under Sierra was working fine. High Sierra screwed everything up.

So I am also looking at a Synology. Can I just use the Synology Active directory implementation instead of my Mac mini server and get the roaming profile behavior I want?

 

[fhturner]

Solution

Countless hours into what should have been a simple job and I made the decision to fall back to macOS 10.12.x Sierra. Issues restoring the disk back to a non-APFS file system notwithstanding, the reinstall went smoothly and upon a brief configuration of the 'old' version of the Server app, file sharing suddenly started behaving as it should have. Literally, with zero configuration beyond creating a single test user and shared folder the problems appeared to have been solved.

Strange that you wrote all of this a year and 3 months ago, but I've recently encountered what I believe to be similar behavior and so it *feels* like just 3 months ago! Hope you don't mind me dredging it up... Did you ever figure out anything further about this? Causes? Anything lost in going back to Sierra?

I have set up a couple of Mac Pro servers on 10.13.6 recently, but I am having some issues w/ a few client stations in particular remaining connected. In addition to missing Server.app features for File Sharing like being able to see the connections and more easily apply permissions, this connectivity is making me seriously consider backing up one version to 10.12 Sierra myself. It's not like these servers have to be on the latest versions anyway— I have several Snow Leopard servers still doing their thing.

When you reverted to Sierra, did you try to retain any of your previous setup (not including data, I mean, which I know you had independently of the system), or did you just wipe and reinstall, then set up from scratch again? Any caveats or tips or hindsight you can offer from the process, especially now that you've had a year+ w/ the reversion?

Thx!
Fred

 

[hobowankenobi]

Strange that you wrote all of this a year and 3 months ago, but I've recently encountered what I believe to be similar behavior and so it *feels* like just 3 months ago! Hope you don't mind me dredging it up... Did you ever figure out anything further about this? Causes? Anything lost in going back to Sierra?

I have set up a couple of Mac Pro servers on 10.13.6 recently, but I am having some issues w/ a few client stations in particular remaining connected. In addition to missing Server.app features for File Sharing like being able to see the connections and more easily apply permissions, this connectivity is making me seriously consider backing up one version to 10.12 Sierra myself. It's not like these servers have to be on the latest versions anyway— I have several Snow Leopard servers still doing their thing.

When you reverted to Sierra, did you try to retain any of your previous setup (not including data, I mean, which I know you had independently of the system), or did you just wipe and reinstall, then set up from scratch again? Any caveats or tips or hindsight you can offer from the process, especially now that you've had a year+ w/ the reversion?

Thx!
Fred

While I can't speak to your question directly (I did not roll back....stayed at 10.12), historically it was faster and ultimately easier to wipe and reinstall Server in my experience.

Hope to retire my last Server box this year. Synology all the way for file serving, backup destination, file syncing, and more.