OSX Server Add Computers To Domain

[DoFoT9]

Hey all,

I feel like some sort of idiot posting this question - but a intense google doesn't give me the answers I am after!

I have a VM of OSX Server, and I would like to trial adding some real computers (such as my MBP running 10.5.8, thus having a UUID) to this virtual machine.

Here is a basic rundown of the network.
10.0.1.1 (router address, Time Capsule)
10.1.1.3 (iMac address)
->10.0.1.21 (OSX VM) - this is running on the iMac.
10.1.1.4 (MBP address)

I would like to test adding my MBP into the domain of the virtual OSX server. Is this possible? I presumed that because the MBP and VM are on the same network that I could just create a new computer via Workgroup Manager (add machine name, UUID etc), reboot the MBP and then attempt to login from the MBP using a user account created from the VM. Is this not possible? Do I have to tell the MBP to connect to the OSX domain like on a Windows machine?

I do not have OSX server giving out DHCP - because I have a router to do that, does this matter?

Any help is greatly appreciated

DoFoT9

 

[calderone]

Yes, you have to bind the machine to the OS X Server. Even if the Server knows about a machine with those attributes, the client has no idea that it should be looking in another directory.

I am assuming you have DNS running on the Server? And you are pointing your clients to the server for lookups? DNS is crucial for directory services.

If that is already setup, and you have tested the clients ability to lookup your server. Then you can bind the machines via Account Preferences (10.6) or Directory Utility.

What is required to bind will depend on what you set up in Server Admin. For example it may be set up to require authenticated binding.

When you add a server, it typically will automatically add the search policies. In your case it will something like /LDAPv3/domain.example.com, where domain.example.com is your domain name.

Once the machine is bound, you will be able to login assuming the network user has a home folder defined. This can be local or network based, but it must be defined in WGM.

 

[DoFoT9]

Yes, you have to bind the machine to the OS X Server. Even if the Server knows about a machine with those attributes, the client has no idea that it should be looking in another directory.

I am assuming you have DNS running on the Server? And you are pointing your clients to the server for lookups? DNS is crucial for directory services.

If that is already setup, and you have tested the clients ability to lookup your server. Then you can bind the machines via Account Preferences (10.6) or Directory Utility.

What is required to bind will depend on what you set up in Server Admin. For example it may be set up to require authenticated binding.

When you add a server, it typically will automatically add the search policies. In your case it will something like /LDAPv3/domain.example.com, where domain.example.com is your domain name.

Once the machine is bound, you will be able to login assuming the network user has a home folder defined. This can be local or network based, but it must be defined in WGM.

i do have a DNS server but had decided not to use it thus far - i didnt think it was important.

i have setup the computer in WGM - if i then add the servers address into the DNS part of the client, should that work? if not, could you explain what Account Preferences are? is that on the client side or server side (i couldnt find the application on either).

i have already assigned a test user with a home profile etc, it can be logged on from the server so i know that its operational (and defined in WGM).

any further help would be great! thanks so much for your time

 

[calderone]

i do have a DNS server but had decided not to use it thus far - i didnt think it was important.

Yes, it is important for directory services. You need a DNS server, whether it be OS X Server or some other DNS Server.

i have setup the computer in WGM - if i then add the servers address into the DNS part of the client, should that work? if not, could you explain what Account Preferences are? is that on the client side or server side (i couldnt find the application on either).

No, that is not sufficient. The client still has no idea that is should be using your server for directory access. Adding the address to your DNS server on the client only instructs the client to perform lookups off your server.

The client must be bound to the server.

Account Preferences refers to the Accounts Preference Pane in System Preferences on the client. In 10.5, Directory Utility was used for this and it was located in /Applications/Utilities. In 10.6, Directory Utility was moved to /System/Library/CoreServices, but the ability to join a Network Account Server was added to the Login Options section of Account Preferences.

i have already assigned a test user with a home profile etc, it can be logged on from the server so i know that its operational (and defined in WGM).

any further help would be great! thanks so much for your time

If everything else has been setup properly, you should be able to log in.

 

[DoFoT9]

Yes, it is important for directory services. You need a DNS server, whether it be OS X Server or some other DNS Server.



No, that is not sufficient. The client still has no idea that is should be using your server for directory access. Adding the address to your DNS server on the client only instructs the client to perform lookups off your server.

The client must be bound to the server.

Account Preferences refers to the Accounts Preference Pane in System Preferences on the client. In 10.5, Directory Utility was used for this and it was located in /Applications/Utilities. In 10.6, Directory Utility was moved to /System/Library/CoreServices, but the ability to join a Network Account Server was added to the Login Options section of Account Preferences.



If everything else has been setup properly, you should be able to log in.

thank you very much for that clarification cal! everything that you just said makes so much sense , now that i think about it anyway!

i shall have a look when i get home from work/uni today and report back! thanks

 

[calderone]

In 10.6, you can still use Directory Utility, and you should if you want to setup more advanced options lie custom search paths, etc.

 

[DoFoT9]

In 10.6, you can still use Directory Utility, and you should if you want to setup more advanced options lie custom search paths, etc.

ok that makes sense. currently my laptop only has 10.5.8 - any real drawbacks to this? as long as it logs on i dont care.

question time!: so i have various computers in my house, dads ibook, dads imac etc - then my imac, my MBP. if i add say, dads imac - can he still logon using the local account that he has? and then can i log him out (via fast user switching for example) and log myself in using the server domain? im hoping so

also: once "added" to the domain, on the login page is there an option like in windows to choose the domain? im still roughly 7hrs from getting home just finished work!

 

[calderone]

There should not be any drawbacks to using 10.5.8 in regards to network accounts.

Yes, he can still log himself in. However, be aware that if you are using network home directories, two network users cannot be logged in at the same time. Thus, fast user switching is a no no in a network home directory environment.

All you are doing when you bind the machine is telling it: "Hey, look at me for user accounts too."

You are not required to choose a domain in OS X. It will query all the network account servers, for example the local, OD and AD until it finds the account.

If, for example, there was a local and OD account with the same name, the login window will alert you and let you choose which you want to use.

 

[DoFoT9]

There should not be any drawbacks to using 10.5.8 in regards to network accounts.

wonderful! can you have the same user logged onto multiple computers at the same time?

Yes, he can still log himself in. However, be aware that if you are using network home directories, two network users cannot be logged in at the same time. Thus, fast user switching is a no no in a network home directory environment.

i see - i would only have 1xlocal + 1xnetwork logged onto the 1 machine at any time. is that acceptable?

All you are doing when you bind the machine is telling it: "Hey, look at me for user accounts too."

You are not required to choose a domain in OS X. It will query all the network account servers, for example the local, OD and AD until it finds the account.

If, for example, there was a local and OD account with the same name, the login window will alert you and let you choose which you want to use.

aahh i see now! great explanation thankyou

 

[calderone]

wonderful! can you have the same user logged onto multiple computers at the same time?

Yes.

i see - i would only have 1xlocal + 1xnetwork logged onto the 1 machine at any time. is that acceptable?

Yes, but remember, the issue is only when using network homes. If the network accounts are assigned local home directories, it wouldn't be an issue to have more than one network account logged in.

aahh i see now! great explanation thankyou

No problem.

 

[DoFoT9]

ok so setup OD and DNS. have come across this error when trying to logon

i can see that the users account is there and being shared etc... maybe a simple reboot of the client is needed? that doesnt seem logical though...

 

[calderone]

Was the AFP share setup as an automount share for home directories?

Also, at the login window click the computer name and keep clicking until it shows the status of network accounts. Does it say "Network accounts available?"

 

[DoFoT9]

Was the AFP share setup as an automount share for home directories?

hhmmm. i setup an account share myself. see attached image, is that it?

Also, at the login window click the computer name and keep clicking until it shows the status of network accounts. Does it say "Network accounts available?"

yup it says "network accounts available" with a little green dot

 

[calderone]

No, in Server Admin, the share has to be setup as an automount point.

 

[DoFoT9]

Wirelessly posted (nokia e63: Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE63-1/100.21.110; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413)

oh I Aww.... I will report back in an hour

 

[calderone]

In Server Admin, highlight the sharepoint and click the sharepoint tab. Check that the "Automount" option is checked and is setup for AFP and user home folders.

 

[DoFoT9]

In Server Admin, highlight the sharepoint and click the sharepoint tab. Check that the "Automount" option is checked and is setup for AFP and user home folders.

OH OF COURSE!!!

i was looking through there before but was in the wrong tab!

i have enabled "enable automount" for the /volumes/Mac HD/Users share - however i have just realised that the user accounts that i create automatically go to /Network.Servers/gallery.com/Users/"username". do you think that it will be shared? im at uni so cant test right now

 

[DoFoT9]

hmm ok this is confusing me.

i have created a user - and the home folder has been saved to /Network.Servers/gallery.com/Users/"username".

i then tried the alternative, saving to /Network/Services/gallery.com/Users"username" but the same error comes up.

totally confused here, i thought users would be saved into /Users/"username".

hmm i think i may know now.. trying...

that didnt work either. when i attempt to logon from a client computer - it creates the user folder in the users/"username" directory! but then continues to chuck up that error.. hmm

 

[calderone]

There are errors on the path names you have given, so it us tough for me to help.

I can tell you that it should be /Network/Servers/example.com/Users/username for the full path in WGM.

At this point you should check the client logs and the server AFP and OD logs.

 

[DoFoT9]

There are errors on the path names you have given, so it us tough for me to help.

I can tell you that it should be /Network/Servers/example.com/Users/username for the full path in WGM.

At this point you should check the client logs and the server AFP and OD logs.

they arent errors.

checking logs now

well i dont know where im looking - but i cannot find one single thing..

 

[DoFoT9]

ok so tried pretty much everything i could think of.

have even went as far as setting AFP to allow all users to access it (via System Admin). i still keep getting the same error, very confusing. DNS is working, and this is happening on multiple computers....

ill keep trying i guess. might be worth resetting the server?

 

[DoFoT9]

Update

SUCCESS!

i can now login using one account only from my ethernet on my MBP. using the same account on my wireless iMac it does not work!

everything appears to be setup the same, but it refuses to work.. i am continuing to troubleshoot.

 

[calderone]

Congrats. Hope you are able to get the iMac working.

 

[DoFoT9]

Congrats. Hope you are able to get the iMac working.

haha you are an A class stalker jks

its very odd. wired clients seem to work, and wireless ones wont. is there a setting for that somewhere?

when adding the computer into WGM - i put in the ethernet ID MAC, the MBP can login using ethernet. if i put in the airport MAC, then it refuses to work. hmph.

 

[calderone]

No setting that I know of.

I have wireless clients working just fine here. Is the machine actually connected to Wi-Fi when you are trying to log in?