Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - urban420

Pages: [1]
Awesome info on both the SSL and mobile user questions. Thanks again for taking the time to post such a detailed reply.

Thanks, thanks and thanks again!

Thanks for the reply. I was reading in the scenarios of the control and collaboration book about creating a managed mobile user, but how would you handle situations where the users are already local network users, but need to be "promoted" to mobile users? (Edit To add: For example these users having been using a MacBook on the network for a year but now we are going to allow the MacBooks to be taken out of the office. They were also already set up with a local home folder on the machine.) Maybe I am missing something, or maybe it is just because I fear that I've gone too far and backtracking may be in order to do things correctly.

The other problem I am wondering about is where you talk about not mixing MCX and Profile Manager. Can you expand a little on that? I have workgroup manager installed but I don't think it was ever really used for anything. If I remember correctly I attempted to use it when I ran into some issues with creating local home folders for users, but I am not sure it was what fixed the problem. This might sound like a strange question but is there a way to tell if MCX has a hand in the way things are running?


Yosemite Server - Foundation Services / SSL Certificates with firewall
« on: April 28, 2015, 10:54:07 PM »
It's been way too long since I have posted but I think that is because your books have been so great that everything just works. Seriously, I read a few other books and nothing was as dead simple and easy to understand as your writing and the way you walk through stuff.

I have a couple of issues I am working on but I can't seem to completely wrap my mind around.

The first thing is that I want to do is to make some of my network users mobile users. I think you talked about this briefly in one of the books, but I am having trouble locating where it was. So if I have a network user and I want to change them to a mobile user is it really as simple as outlined in this article:

My network users have local home folders and I don't want to use any type of sync services, I just want to allow users to log on to a specific machine without being connected to the network. Seems simple enough, but maybe I am missing something that is supposed to be done on the actual server?

My second, possibly more complicated issue is that when I set up our server I did so with an SSL following your book. Everything worked, no problems and the world is wonderful.

At the same time I installed our server I purchased a new Sonicwall TZ 215. I'm not overly Sonicwall savvy so I work with a company that set it up and manages it for us. Really they just help me when changes are needed, but they did the original configuration. We liked the idea of the SSL VPN so we use that for remote access. When they originally set up the firewall they did not install a 3rd party SSL but rather used a self signed certificate. There are only two of us that use it so it has never been an issue.

Fast forward a year and now I am thinking that SSL certs are so cheap I should just install one for the firewall. I will also likely need it in place for PCI compliance as they are starting to fail merchants for using self signed certs. Keep in mind we don't host our website on our server and we are not currently using it as our mail server. Right now it is purely for basic server functionality.

So here is my questions:

- I have an SSL installed on our server. The SSL is set up with the server's name - The server sits behind the firewall with no public IP.

- I need to install an SSL on our firewall that has a public static IP address.

It seems like I am going to run into problems but I am not sure why. I guess I am trying to understand why there is even a need for an SSL on the server in the first place when it does not have an external IP. Plus, how does it validate without a public IP address? Or does it even matter

Long story short, if I install a SSL cert on the firewall (named that has a public IP will this cause me any issues?

I kind of feel like maybe it really is not as complicated as I am making it out to be, so I had to ask the question.

Again, thanks for the books because I can say that while I still have not completely harnessed everything that OS X Server has to offer, I'm not afraid to try things that I would otherwise never touch. Our network is solid and I rarely have to deal with any problems. It just runs like it should and I feel that that is due in large part to being set up correctly thanks to the wealth of info you shared in your books. I tell anyone that asks about switching to an OS X Server to go buy your book.

Thanks again.

Mavericks Server - Foundation Services / Re: File Share Error
« on: April 13, 2014, 01:59:30 PM »
I hate to say this, but your post gave me back a little of the sanity I have lost in the past few days trying to get things working as they should be. Not only is performance an issue, but it is like access rights are completely ignored. We just have two PC's so I think I am going to figure out a way to rid myself of SMB and set all the shares to AFP only.

I just find myself questioning why I even bought the Mini Server, or at least why I decided to make the Mini Server the file share server. I foolishly invested in a nice Thunderbolt RAID array that is attached to the Mini Server as I intended to make that our main storage. But at this point it seems like it would have been easier to go with a NAS or even a small Windows Server for the file sharing - at least for the file sharing that needs to be shared among Mac and Windows machines.

And I am cool with finding workarounds, I just hate spending countless hours troubleshooting when it is not something I can even fix. The Mini Server does so many things effortlessly, so to think that it would be file sharing that ends up being the problem is a huge surprise. You would really think that would be one of the things that would be bulletproof.

Thanks again for all the info and you certainly shed some light on many of the things I am struggling with. As I said, I hate saying it but it gives me a little bit of comfort knowing that I am not the only one experiencing these problems.

Mavericks Server - Foundation Services / File Share Error
« on: April 12, 2014, 07:23:06 PM »
I'm finally getting around to deploying our new equipment and pretty much have everything in place. As I have said before, this book was a great help to me and I don't think i could have set up our server without it. Even though it does not cover everything you need to know, it does as it title states - it covers the foundation of things. At least as far as I am concerned there simply is no book/guide out there that explains things in a way that nearly anyone can understand in a way that this book does. To anyone looking for help with a OS X Server set up - get this book.

With that out of the way, I wanted to see if others are experiencing an issue that I have come across. I've been reads some threads at Apple and elsewhere and it looks like I am not the only one. In fact, it looks like it could be a bug with recent updates.

As I said, I am rolling our equipment out and we are pretty much all Apple equipment with the exception of a couple PC's. With that said when I set up file shares I chose to allow AFP and SMB protocols. So the problem I am seeing is when a file or files are copied to a share on the server an error is presented that states:

"The Finder can’t complete the operation because some data in “filename” can’t be read or written.(Error code -36)"

I have been working on our set up for a couple months and when I tested the file sharing previously I did not see this, so I suspect it is from a recent upgrade and it seems that others are saying the same thing. I found a couple threads on the Apple Support Site that discussed the issue so I chatted with Apple and apparently the issue is known, the fix has been developed and it will be forthcoming sometime soon.

Here are a of the couple threads:

I am just wondering if any of you guys have experienced the issue and what, if any workarounds you are using.

I also wanted to get your thoughts on the overall state of what I call the whole SMB Mess. I've read a lot about it and read why Apple says they had to move to a different, seemingly more proprietary SMB protocol, but they have had since Lion to get it together and it just seems it is still a mess. I guess I never saw these issues because I have always worked in a Windows driven environment and the Apple computers we had played well with MS Servers and AD.  But now that I have transitioned us to a Apple server I am seeing more and more of these issues. That is not to say Windows does not have their own issues, they just don't seem to be revolving around a pretty important thing like file sharing. But also the hardware manufacturers have not had a couple of years to get their stuff fully compatible and for whatever reason it is not happening.

For example this week I was moving our Canon multifunction copier to our new Apple network and I quickly found out that the Canon would not talk to the OS X Server. We scan documents to a network drive and I ended up having to use FTP, which is less than desirable. It is my understanding this goes back to when Apple made changes in Lion regarding the type of SMB. Our Canon is a few years old, so I went looking for a new machine thinking it would not be an issue with new hardware, but I found that very few multifunction devices will work well in a network environment with OS X. To be clear, I am talking about a small/medium business level multifunction unit and not a consumer grade machine, for example our canon is an ImageRunner. I am not sure how the larger business type models are set up but I think they have far more options and utilize internal HDD.

As I mentioned above we have to keep a couple of PC's around for our shipping department and I continue to run into issues there as well. Getting a Win7 PC to play well with OD has been a nightmare. In fact, I have all but given up on trying to bind it to the OD and simple things like connecting to shares on the OS X Server from the PC is a pain. It works, it just does not seem to be anywhere near seamless.

Sorry for the lengthy post, I just needed to vent. At this point I am more than a little displeased with the level of integration between all of the various pieces of hardware. It just seems like in the year 2014 we should not be dealing with these types of issues and it really should to be a bit easier.

I updated our server last week and everything seemed to go as it should, but I did notice the new group that was created - "Deprecated Profile Manager Access Group".

Being new to OS X Server and not yet using Profile Manager on our server I am a little confused by the info you guys have posted regarding this group that was created. Am I correct in assuming this group can safely be ignored, but you now need to use the Profile Manager portal to grant or revoke access to services?

Kind of funny how Apple just assumes there is no need to tell users about this change. This might have been something to include in the release notes?

Awesome info as usual and the book has been extremely helpful for me as well. You were not kidding when you stressed the importance of DNS and I am glad you had it well broken down.

You mentioned something interesting in your post:

When you create your users, I would suggest creating them all as None - Services Only accounts.  When you do this, the account will be missing an NFSHomeFolder and Shell attribute and no home folder will be created for the user.  If you are not planning on doing mobile accounts on your workstations, then the NFSHomeFolder path is not needed.  If you don't plan on using the accounts for remote shell (ssh) or FTP access, then the Shell attribute is not needed.

I have been testing user setup in the past week and there is some weird stuff happening. I decided I did not want to set up networked home folders as it seems like it could lead to trouble down the road. So after doing some research I chose the option when setting up a user to allow the users to only have local home folders - I think it is "Local Only". I assumed this would restrict the user to only having a home folder on the machine they logged in to, and this is what I want since each machine is dedicated to a user.

But when I set the users up I noticed that the server app created a home folder in the user folder on the server. Keep in mind the users never actually logged in to the server, so I found this strange. When I logged into one of the workstations with network user it does in fact create a home folder. But I noticed the home folders on the server are actually available as a shared folder to the users even though they are not listed in file sharing in the server app.

To me the whole thing is a bit strange and I originally thought about using the "None - Service Accounts Only" option but then could not figure out how to create a home folder for the users on the clients.

Anyhow, your tip about the user setup was interesting to me and I am definitely awaiting your second book.

Mavericks Server - Foundation Services / Re: RAID
« on: February 11, 2014, 08:16:57 PM »
I just wanted throw another question over your way. I've finally gotten around to getting our new server prepared and was trying to set up RAID mirroring on the drives. I know there are a few different ways to go about it, but your directions were pretty short so I tried that route.

The strangest thing happened when i went to restore the DMG image. Once I hit restore the system acted like it was going to start and then stopped and displayed an error with the following info:

"Could not restore. Operation not supported."

Very strange because once I removed the RAID and put the drives back the way they were I was able to use the image to restore to one of the drives without any problems.

Just wondering if you have ever come across this.

Thanks -


Mavericks Server - Foundation Services / Re: RAID
« on: February 02, 2014, 01:27:44 PM »
Awesome stuff. Your Swiss army USB hard drive is a great idea.

The help is much appreciated and the info on the hard drive monitoring will come in handy.

Thanks again. 

Mavericks Server - Foundation Services / Re: RAID
« on: February 02, 2014, 12:20:51 AM »
Thanks taking the time to reply with such a detailed response. What you said just solidifies what I was thinking. Working with Windows servers it's never been whether to RAID or not, but rather what level of RAID and what controller.

It is funny, much of what you said in the beginning of your book is so true. When I started to work on this project I was just floored by the lack of being able to deploy what I viewed as a real Apple server. I never worked with any of the previous server hardware from Apple so I was introduced straight to the Mini Server. I was like "yea right" and started to look for a refurbed Mac Pro Tower or some other solution because I just did not believe it would be possible with a Mini Server. But the more I researched the more I realized the Mini Server can be a good solution for many applications.

And your suggestion to have a second Mini Server for redundancy is actually something I was planning. I actually think I saw that there is some sort of rack mount solution for two Mini Severs, so it is obvious others are utilizing this setup. For the price of the Mini you really can't beat the option of having a second one on hand if something goes wrong so you can send the Mini in for service without being out of service.

Your info on the features you lose when you set up the drives in the Mac Mini Server is exactly what I was looking for. I've been a Mac user for years but I just could not figure out what the ramifications of not being able to have a recovery partition would be down the road. I think I was just trying to over-complicate things because like you pointed out you can easily boot over the web.

One question, Apple talks about installing recovery partition on an external drive, but you have to install it from a system with an existing Recovery System. You mentioned using an SD card and installing/cloning the OS to it to boot from if you ever needed. Is this essentially the same concept, but a step further? And would you create this SD card before you set up the drives to mirror (before the loss of recovery partition) or would you do it after? Or does it not really matter?

I am totally with you as far as RAID on a server and to me redundancy is everything. Drives fail, sometimes we are lucky and other times we are not, so being able to reduce downtime is of utmost importance. Now if only monitoring the drives were easier!

It is great that you have put your real world experiences in your book so that others can learn. It seems like there are a lot of people know how things should work or can work, but not as many understand how the actually do work.

Thanks again for your help.

Mavericks Server - Foundation Services / RAID
« on: January 31, 2014, 11:58:49 AM »
Hello -

I just purchased your book and while i have only read the first few chapters thus far the information has been helpful already. But I had a question on the matter of whether or not to RAID a Mac Mini Server.

I am installing a Mac Mini Server at our office to replace a Windows server. When I decided to go the route of an Apple server the one thing that bothered me was the ability to run a RAID set up on the server. Coming from the world of Windows servers I am used to RAID controllers and multiple hot swap hard drives.

Over the past few months I have spoken with numerous people who all seem to be against running RAID on the Mini. Their solution is always to clone or Time Machine from one drive to the other and to me this leaves the possibility for lost data and does not really provide for redundancy. I think a lot of people shy away from RAID because they don't fully understand it, and they view it as a backup when in fact it is about redundancy and the backup is completely separate.

So on to my question, initially I wanted to RAID the Mac Mini Server but as I said above after I spoke to several people and researched on the web I was left with the impression that Apple discouraged RAID mirroring. It seems like when you RAID the volumes that you will lose some features that may be important. In fact in the book it briefly describes the fact that with RAID you lose the ability to have a Recovery volume and to use FileVault.

So my question is, what exactly do you lose when you set up RAID? And what does the loss of these features really mean?  I see there is an Apple support article that says:

"Recovery offers on-disk recovery tools, allows you to restore from Time Machine backups, reinstall OS X via the Internet, or set a firmware password."

Is there any way to prepare for the loss of these features? For example the Apple support article on RAID says:

"you should consider using the Recovery Disk Assistant to create an external recovery disk before creating your RAID volume."

Is this step something you recommend?

Over the years my experience has always been to try to adapt to the way Apple designed something rather that trying to adapt the hardware/software to the way I have always done it in the past. Obviously this is not the case in every situation, and sometimes Apple designs something to be easy so that just about anyone can manage it.

I'm not sure how much others would benefit from some clarification on these topics, and maybe the short blurb in the book really is enough information. I just know that having researched it previously it seemed like there was a lot more to it.

Overall I can't say how much i appreciate your book. For someone like myself who has always dealt with Windows servers but have been using Mac notebooks and workstations for years, the book has thus far been a wealth of information. I am really looking forward to future books and can't wait for the next release.

Thanks -


Pages: [1]