Recent Posts

Pages: [1] 2 3 ... 10
El Capitan Server - Foundation Services / Update Radius
« Last post by isthatyourbag on January 18, 2017, 09:31:07 AM »
Is it possible to update the radius package in Server 5.2 and Sierra 10.12.2? Server is using version 2.2.9 but FreeRadius is current at 3.0.12.
El Capitan Server – Control & Collaboration / Re: OD SERVER WITH AWS ACTIVEDIRECTORY
« Last post by Pierre on January 14, 2017, 03:00:39 PM »
Hey Reid,
Thank you for your answer. Yeah..right... with 5 people you can really type all by hand.. But then.. I want to learn too. This is my company but I like to fiddle around. Actually I already upgraded to macOs... also totally unnecessary... but then.. Now I hope that I do not touch the darn thing for at least two years.
But my switch to AD would never happen. It is just something I was looking at because I tested AWS as a filemaker hosting thing.. Since they only offer Windows 12 Server with AD... I asked myself IF this AD would not ask my OD server here..
But hey.. you are right.. I am faaar away in investing in any new AD or Server or Hardware stuff.
Nice if you have a Server since 10.6.8 up running.. That's where you really create value for the customer..
El Capitan Server - Foundation Services / Re: Is a .local domain name OK if...
« Last post by Reid Bundonis on January 13, 2017, 08:35:34 PM »
Thanks for joining.  I hope the books are working out well for you.

I am not against private domains.  Just against .local domains.  .local is the Bonjour name space.  If you are doing anything where you are linked client devices to the server, you really want to avoid the use of .local because the system can too easily confuse server.local with server.lan.local. 

I fully understand the compliance issues.  But to protect yourself from potential issues, just make up a private domain for the LAN that does not conflict with Bonjour.  For example, or cyborg.lan.  By doing so, you will need to roll some DNS but now it is private DNS with no need for split horizon.  The server can be and this will allow OD to build properly as well as Kerberos.  Now, when binding your workstations, you will properly participate with kerberos and your mobile accounts or roaming accounts will be happy.

Hope this helps.
El Capitan Server - Foundation Services / Is a .local domain name OK if...
« Last post by CyborgSam on January 13, 2017, 03:46:19 PM »
the server will never be accessed from outside the LAN? My client must be HIPAA compliant, so their LAN is inaccessible except via VPN.

Their network infrastructure isn't great, I'd rather not rely on a local DNS server.

The server is mainly for roaming home directories and file sharing.

The server and Macs will all be running El Capitan.
El Capitan Server – Advanced Services / Upgrade 5.17 to 5.2 and macOS
« Last post by Pierre on December 14, 2016, 03:48:07 PM »
Hi Reid,
I finally managed to register... would have guessed..
I would like your opinion. I have a mini 2011 Server with El capitan and 5.17 Server running.
I run also Filemaker Server 15 with Reverse proxy and Zulu Calendar (a filemaker iCal Implementation) on the thing. It does filesharing, OD, DNS, Profile manager.
Whenever I change something I takes me a lot of time and right now everything is working just fine.
Is it worth to upgrade the machine to macOS Sierra and Server 5.2?..
Normally Serverdeployments are more conservative I think.

I use RAID and this comes working out of the box again I hear (I used the terminal commands) .
Anyway.. I really like your books and have reread them many times and used for cosulting.
I run a Cosmetics company with 15 employes and 5+ accessing the server.
When do we  see "Sierra Server, whats new"  or similar?
That is sounding a little backwards.  Are you on Sierra?  I am behind on my investigation with Sierra but I know a number of things have changed.

If I follow, you are defining groups and then setting SACLs on the groups.  Once this is done, you are creating users and adding them to the groups.  Is it the Workgroup group that is causing the issue or are you seeing the group flipping SACLs?
Apologies for the forum chaos.  I was getting hit with so many automated bots that I had to do something to stem the tide.  I will look at that again.

As for your project, have you looked at Okta?  We've been doing some Okta integration for O365 deployments where OD remains a requirement of the LAN.  Or what about JumpCloud?  If you are using OD for only user names and passwords, then there is not much that OD is offering that a cloud LDAP can not replace.  Might be worth looking into.

It is funny that you are having these debates in a 5 person location.  We have a customer that is over 200 users and everything is still all Apple based.  Xserves are still the file servers with a bunch of minis creeping in.  They are still on 10.6.8 if you can believe it.  As they say, it if ain't broke...  Anyway, we are at the point where OD needs repair and restructuring so we looked at all the options from OD to AD to cloud to hybrid solutions.  In the end, to stick with OD and use Okta in the middle seems to be the most affordable and flexible solution.  Time will tell if we got the right, but I guess we got the 10.6 deploy right.

El Capitan Server – Control & Collaboration / OD SERVER WITH AWS ACTIVEDIRECTORY
« Last post by Pierre on November 14, 2016, 11:00:32 AM »
Hi Reid,
I finally managed to log into yours forum. The letters are inteligable and nobody nows this 42 joke even IF one has read the book..
I recently tried to fiddle around with Amazon webservices.
I run a El Cap server for a 5 person manufacturing team since 5 years. We have 4 Mini2013 and on 10.7 mini late 09 which I never managed to bind properly.. I just gave up and typed in all by hand.
The OD is also read by our filemaker server for login and the RADIUS for wifi.
I was thinking of putting our filemakerserver on an AWS share (newest hardware, 99,99 uptime, no Wind Server 12 cost....
But I would rather not have ACtivedirectory of the win12 server take over my OD installation. Is there a way the Amazon EC2 instance could read my OD share?
If you have any ideas I help would be appreciated.

Sorry my ranting.. I looove you books.. but your forum login is just .....
El Capitan Server – Control & Collaboration / User and Groups Service Access
« Last post by isthatyourbag on October 29, 2016, 04:36:15 PM »
Followed along in the Groups and Users chapters. Made groups first, and set access appropriately. Then created users, and added users back to groups, and the access controls were all off.

1 - creating a new user seemed to give them access to everything.
2 - new users became part of the Workgroup, which also had access to everything.

So, I removed all access from the Workgroup and access from each individual user in order that the Group's access would work.

Seems like a very backhanded way of doing things. Isn't there a better way?
I did a test with a different machine running El Capitan 10.5.6 and joined it to my network. The process asked me if I wanted to trust the certificates, and when I said Yes, the Open Directory CA and code signing certificate appeared in my key chain.

The server machine is running Server 5.2 on top of Sierra.

Pages: [1] 2 3 ... 10