Open Directory and Mobile Home Folders

Similar Messages

• Autherntication using Open Directory and NO home folder

  We are looking to set up an Open Directory on a Snow Leopard server in our medium sized company - we would like to use it for Single Sign On authentication but do not want to create home folders on the server. All we want OD to do is authenticate
  We have been able to authenticate using OD bound and unbound but both need home folders. Is there a way to have no home holder and still authenticate?
  thanks

  What I did was in WGM select a user account. Then select the Home tab. Click the + button to add a home folder. In the sheet that drops down, in the bottom box put /Users/username. Leave the other boxes blank. This will create a home folder locally on whatever machine the user logs into.

• Alternatives or Solutions to Mobile Home Folders

  Hello,
  I have been using Mobile Home Folders for a while and I can not stand the errors and files that it does not sync any more. Are there any solutions to fix those errrors or an alternative? Even if it just sync the Mail library, Mail is destoryed.
  Thanks,
  Steven T.

  The best option is to sync at only login and logout.
  How many computers do you have?
  An option to sync is to use a backup appliction like Archiware Backup2go. It has the following advantages:
  1.You have one list wher you can see if all computers are backed up or not. Some of my clients computers suddenly doesn't sync anymore for unknown reasons and I have no way of knowing from a central point.
  2. You can easily backup your clients portable computers when they are out of office.
  3. No more time spending logging in on AD connected computers, which can take minutes for the users.
  It is not exaclty as easy to restore a users home folder as it was, ie you need to install an application first and set it up and then restore.
  In my case I set up regular users as AD/OD mobile sync, the management who usually have less understanding of waiting times etc is set up to backup using third party applications instead. Saves my lot of headace.

• Open Directory and passwords

  Hi, I have come across something really odd someone pointed out to me with Tiger Server, and this is something I've not been able to duplicated on Panther Server, or at least I don't think I have been able to.
  The situation is this: There are three people in my workgroup who have "administrative" privileges for our small server cluster. When logging into one of the servers, it is possible for a person with administrative privileges to log into the server with any user existing user name, and use their own password, or the global administrative password to log into any account. This does seem weird to me. Is there an article somewhere that explains this? I've done a bit of searching, but am not sure on what I am looking for here.
  I am starting to work with Open Directory and LDAP sharing of login information across a series of three servers and am wonder if it might be linked to this, and why/how, etc. Anyone with any good or bad thoughts on this.
  Thanks so much.

  Hi trotter,
  In fact this is a feature called 'masquerading' by Apple which can be very helpful, particularly when when troubleshooting permissions issues on mouted volumes. It allows admins to mount volumes via afp 'as users'.
  It was first implemented for Apple servers back in ASIP 6, and the feature exists in both Panther and Tiger.
  If you don't want this feature you can uncheck Serrver Admin > AFP > Access > Enable Administrator to masquerade... I believe the box is unchecked by default so one of the admins must have checked it.
  IMHO it would also be very useful for admins to be able to have the options to masquerade to user OD/NetInfo accounts also.
  HTH,
  b.

• OXS server 3 with mavericks, it will not load up the assistant with open directory and will not allow me to use old open directory it was not a clean install just upgrade. any help or advise appreciated as i really need the server.

  OXS server 3 with mavericks, it will not load up the assistant with open directory and will not allow me to use old opeopen directory and will not allow me to use old open directory it was not a clean install just upgrade. any help or advise appreciated as i really need the server.

  I wonder if the disk being referred to is actually your iPod which is not plugged in. Maybe something has stuck thinking the iPod should be there.
  Try completely removing all the iTunes related programs according to this method.
  http://support.apple.com/kb/HT1923
  Restart you PC and see if startup improves.
  If it doesn't improve you need to consider the possibility that there is something else going on.
  If The problem goes away, hopefully a fresh install will be OK.

• Terminal Commands to clean Open Directory and Profile Manager

  Hi,
  So I've made the fun decision to move to ML Server as we are just getting services up and we should be on the most recent software to start. I have had interment luck with Open Directory and Profile Manager and was looking for a way to wipe the data bases and start clean.
  I have tried getting to the  ( usr/share/devicemgr/backend and running wipDB.sh. however the database doesnot exist.
  It would be nice to clean the databases and setting instead of doing a full reinstall of MT Lion.
  Thanks!
  ~FSU IT

  So just found the fix for Profile Manger.
  http://support.apple.com/kb/HT5349
  Thanks to this post for finding it - https://discussions.apple.com/thread/4142185?tstart=0

• Open Directory and connection to shared folders fail

  Hi,
  For testing i've setup an Open Directory Master (Leopard server 10.5.2) with shared folders and portable home directories.
  Login and synhronizing works as it should. But once logged in, when i click on the server in finder i just get connection failed. When i choose "connect as" and log in as the same user and password as authenticated at the login to the computer (authenticated to OD) it works.
  I thought it should work like a single sign on?
  Any clues?

  Hi
  If you browse the discussion forum you should find this:
  http://discussions.apple.com/thread.jspa?threadID=1251475&tstart=0
  Basically browsing using the Finder or Side Panel does not work well or breaks easily (as far as I can tell it has been like this since 10.2). In an OD environment trying to connect and getting a ticket using that method will probably fail. The workaround - or the 'fix' - is to use 'Connect to Server' from the Go Menu using the Server's IP address. In my experience it does not seem to matter whether AFP is set to Kerberos, Any or Standard for the authentication method. It also does not seem to matter whether the Server is configured in Standard or Advanced.
  I've not come across anything yet regarding Workgroup. Probably in that configuration it may not be an issue as this mode - as far as I can see - is ideal for AD-OD integration. In that environment OSX Server would not be the KDC and mac clients will be using the AD for SSO.
  Since this has been happening since 10.2 I don't see Apple addressing this anytime soon, however you never know?
  Tony

• Open Directory and AFP

  Hello, I have been having some problems setting up Tiger Server to have the clients home directory hosted on the server. When the client tries to login, it gives them an error saying they are unable to log on at this time because of afp. If anyone could help or point me to a guide it would be appreciated.
  -Bobby

  Hi
  For 10.4 Server you should really post in the 10.4 OD Forum here:
  http://discussions.apple.com/forum.jspa?forumID=713
  However it does not really matter. You may find what follows useful:
  A Simplified Method for Deploying Open Directory Services
  A centralized authentication and authorization service providing automounting home folders for network users and control for service administrators using managed preferences. Ideal for Schools, Colleges, Libraries, Universities and in some cases, Private Companies
  These instructions are for the GUI only with no manual configuration and hardly any recourse for the command line. These instructions also assume that this will be the only server on the network.
  Substitute appropriately the examples given for your situation. The example used is for a pretend school called ‘High School’
  Assuming you have installed the Server Software and on restart the Server Setup Assistant has launched. We’ll use Administrator as the long name and admin as the short name with admin as the password for the default Server Administrator account (UID 501). We’ll assign a fixed IP address of 172.16.16.254, a subnet mask of 255.255.255.0 and the router/gateway IP address offering access to the internet as 172.16.16.1. Key in any ISP supplied DNS Server IP addresses in the DNS Servers field in the Network Preferences Control Panel. The server name will be server. You will see the server name in the Sharing Preferences Pane (server.local) as well as Server Admin > Computers & Services. The Server can be reached either using this name, its IP address, its loopback address and later on, after the DNS Service has been configured, its Fully Qualified Domain Name (FQDN). Don’t start any services apart from Remote Desktop, save the configuration as a text file and restart the Server. After the restart log in using the newly created System Administrator account details. Now would be a good time to test internet connectivity as well as running Software Update and installing all the updates relevant for the server.
  Start simple file services first: AFP and if necessary Windows. If there is more than one PC already on the network switch off Workgroup Master Browser and Domain Master Browser found in Server Admin > Windows > Advanced > Services. Create a test user in the local server directory (NetInfo) and test using a client computer to access the default share points: Users, Groups, Public. Don’t be tempted to delete these folders as the server will complain. If you don’t want to use these you can simply unshare the share points and create new ones. You could for example create share points on a connected XServe RAID and share these instead. Save any changes made.
  The instructions that follow are for simple DNS Settings which will do to successfully deploy an Open Directory Master
  Click on DNS Service Settings > Zones > click the + icon > General. The Server IP address will already be there, key in the Fully Qualified Domain Name (FQDN). This can either be a real world domain name or a pretend domain name. As long as it resembles fully qualified domain names it will do, avoid using .local.
  In this example we will use server.highschool.sch.org.
  Save the changes
  Now click Start Service. You will have to click Start Service twice as Server Admin does not start the service the first time as that is when the config files are written. These are kept in two locations: /etc/host.config and /var/named. The second time you click Start Service you will get the green light. Now set the Logging level to Debug and save the changes again. Launch System Preferences > Network > Configure > TCP/IP > key in the Server’s own IP address 172.16.16.254 in the DNS Servers field and remove any other IP address. Apply and save changes. Launch a web browser and see if you can get on the internet. Inspect the DNS logs in Server Admin and you will see entries starting with createfetch as well as received control command channel status: ready. By this time you should be on the internet using the server’s own IP address instead of ones supplied by your ISP or Router. Test and qualify the DNS Service by launching terminal and issuing the host command:
  host server.highschool.sch.org
  server.highschool.sch.org has address 172.16.16.254
  host 172.16.16.254
  254.16.16.172.in-addr.arpa domain name pointer host172-16-16-254.in-addr.server.highschool.sch.org
  This qualifies the forward and reverse pointers for the DNS Service
  Remember that a properly configured and qualified DNS service is crucial to the more advanced technologies available on OSX Server. Apple themselves recommend using DNS even if the Server is providing simple file services such as AFP
  If you want the Server to issue IP addresses then consider using the DHCP Service. If your router is already doing this then there is no need to bother just yet. Once you get comfortable and familiar with the Server you could look at this later on.
  Back to Server Admin
  Click on Open Directory > Settings > Select Standalone and now select Open Directory Master. As soon as you do this you will be prompted to create the Directory Administrator account, by default diradmin. You can’t use the standard administrator account. You dont have to use diradmin as the name you can use another name, but don’t be tempted to use admin. For this example we will leave it as it is as well as defining the password as diradmin. If DNS Services are correctly configured you will see the Kerberos Realm field already filled in for you and it will look like this: SERVER.HIGHSCHOOL.SCH.ORG. As you can see it will be the FQDN but in capitalized form. The search base will be automatically filled in also and it will look like this: dc=server,dc=highschool,dc=sch,dc=org.
  Save changes.
  Launch Directory Access /Applications/Utilities and click on LDAPv3, authenticate if required to do so. Inspect the configuration setting there and you should see the Server’s loopback address 127.0.0.1 has been entered as a New Configuration. This is normal and gets added upon promotion. Now launch Workgroup Manager and select the appropriate Directory Node LDAPv3/127.0.0.1. Authenticate using the newly created Directory Administrator account: diradmin. If everything has gone well you will see the Directory Administrator user (UID 1000) already there. Create a new user called Andrew Barton, short name: andybarton, UID 1025, password andyb, click Save. Select Sharing and make sure that the default Users folder is set to share, now click on Network Mount and click the lock, authenticate using the diradmin account and set the Users home folder to automount Home Directories. Click Save. Click Accounts, select Andy Barton, click Home, verify that the Home Folder path says afp://server.highschool.sch.org/Users, select this and click Create Home Now followed by Save. Navigate to the Finder, double click the Server hard drive, double click the Users folder and verify that the folder andybarton has been created. Double clicking on this folder will show the usual set of home folders with no entry signs on all of them apart from public and sites. Carry on populating the LDAP Directory Node with desired users. Once you have finished click on the Groups tab and create a group and call it Music Class, populate this group with desired users. We will look at Managed Preferences (MCX) for this group later on.
  In this example Music Class has 30 iMacs. Use the first iMac as a model for all the others. Create an administrator account on the first iMac with a strong password. Avoid using Administrator and admin as these could conflict with the Server admin account. Don’t use a User Account already created on the Server. I will use MC Administrator as the long name and mcadmin as the short name, switch off auto log-in. Install all relevant site license software on this mac. Set the iMac’s name in the Sharing Preferences Pane to iMac01, the .local part will be automatically filled in for you, save all changes. Run all software updates available for the mac, restart the mac. You can now use this mac as the ‘Golden Mac’ – a template for all the other iMacs. You can target disk mode this first mac to the second mac and after cloning change the name of the second mac to iMac02. Or you could image iMac01 to an external firewire drive, connect the drive to the server and use Apple Remote Desktop (ARD) to push out the image to all the other macs. You could also use System Image Utility, PackageMaker and NetInstall. As you can see there are numerous ways of doing this.
  Back to iMac01
  Log in using the mcadmin account, launch Directory Access (Applications/Utilities), click on the lock and authenticate, select LDAPv3, click Configure, deselect ‘Add DCHP-supplied LDAP servers to automatic search policies’, click New and key in either the IP address 172.16.16.254 or better still its FQDN. If you are going to use the Server’s FQDN then make sure the Server’s IP address is in the clients DNS Servers field. Server discovery should be fairly quick, you will see iMac01.local’s computer in the first field and you will be prompted for a network user name and password, don’t bother with this just click OK and then continue, you will then see the Server Configuration in the Services window, click OK. Click on Authentication and verify that Custom Path is displayed, you should see /LDAPv3/172.16.16.254 or the server FQDN as the second Directory Domain displayed (the first one will be the local NetInfo node and will be grayed out). Do the same for the Contacts tab, click OK and quit Directory Access, select log out from the Apple menu and you should now see a log in window displaying the local mcadmin account as well as ‘Other’. Click Other, key in andybarton as the name and andyb as the password, you should now be logged into the Home Folder for that user on the server. Launch TextEdit, type a few words and save the Untitled document to the Documents folder, now log out. Go to Workgroup Manager, select Sharing, select Users, select andybarton, select Documents and you should see the Untitled document grayed out.
  Managed Preferences or MCX
  Select the Music Class Group, click on Preferences > Finder > Views > Always > Default View and select the smallest setting for the dock size, click Done, go back to the client and log in again as andybarton and see if the dock size has changed. The order in which managed preferences take precedence are:
  User
  Computer
  Group
  If a setting is defined in Group and also defined differently in Users, the Users setting will take precedence. Managed Preferences can be accumulative also. What can be managed for Users and Groups are the same. Computer Lists are the same with the addition of Energy Saver. Play with these settings as seems appropriate to you. If you decide to manage clients using Computer Liststhen create your own (by type and location), try not to use the default lists. The same advice applies to Network Views.
  As time goes by and you become more familiar and comfortable you can start integrating the Software Update Service, NetBoot/NetInstall, Mail Services, Print Services and any other Service that seems appropriate to you.
  Hope this helps, Tony

• Active Directory Authentication, AFP Home Folders in the wrong place!

  Hi,
  I've had this problem off and on... that is, it comes and goes, so I'm not really able to effectively troubleshoot it. My setup is this:
  -Xserve G5, Mac OS X Server 10.4.7
  -OD Master bound to AD for authentication
  -Hosts AFP and SMB shares, all stored on Xserve RAID
  On the RAID, I have a folder called Users (/Volumes/XserveRAID/Users) that is shared via AFP. The system Users folder (/Users) is not shared. In fact, nothing at all on the root drive is shared. All share points are on /Volumes/XserveRAID/. All Mac users' home directory profiles are pointed to \\servername\Users\username (in Active Directory Users and Computers application on our domain controller). Their home directories mount automatically when they log into their client machines (also bound to AD).
  The problem is this; at seemingly random times, a user's home folder will all of a sudden be created in /Users on the server, and it will not use the /Volumes/XserveRAID/Users/ folder. I will clean out /Users every now and again, but the errant home folders show back up. The only folder that should be in /Users is the local admin.
  Since /Users is not even shared, how is it doing this? Why is it that sometimes the /Volumes/XserveRAID/Users share is used (I know this because there are users' files in their folders in the proper place) and sometimes it's going to /Users? Any ideas? Thanks in advance!!
  Going slightly mad,
  Jason

  Hi there,
  Just wanted to share my make-due solution.
  I have setup the automount sharepoint at "/Data/Home".
  When I logged in or tried to use createhomedir in terminal, nothing happened but users could login (even though there was no home folder on the sharepoint for them).
  I have created the Home Folders manually "/Data/Home/username" and then logged in again. When I did this it created two folders in the home dir:
  -Desktop
  -Library
  The other icons related to the home dir on the Dock remain big "?" 's.
  So I manually added them and assigned them the propper rights.
  Now users can log in without any problems, network home folders are working.
  So essentially I got thing s to work, luckily I have only a hand full of Mac Users, Imagine having a user base in the hundreds !
  Thinking about this really makes me want to know how I can fix this problem, I have a make shift solution but this really isn't the way to go. When I use the createhomedir command, it says "creating homedir on servername.domain.net" and it seems to be busy for like 20 - 30 secs, but after that nothing has changed.
  I've checked all possible locations on the server (i thought maybe it might have made local accounts on server by accident, but it didn't.)
  If anyone has ANY idea, please share.
  Thx!!
  Have a nice day

• Open directory and Active directory

  Hello everyone.
  I am from a school in london. We currently have 8 servers (7 running Server 2003 and a recently installed Mac server running os x server 10.5)
  We have recently installed new macs into our media room and need them to be set up to work with the current domain setup.
  what we wish to do is to run the media centers computers through the Mac server but get the existing domain information from the Active directory server running windows. As i have not set up a mac server before I am having certain difficulties doing this. The first time we set up the active directory on the mac server we could log into the mac computers but could not change any of the policies to different groups to allow or deny certain applications from running. Everytime i go to save a policy for a certain group we get the error message
  "Error while saving record "Finchley\Level 1@ Error -14140
  Im guessing this is because we are trying to save that to the active directory and not onto the mac server so how can we Map the active directory to the Macs open directory so that we can customize the mac group policies?
  Sorry if that didnt make alot of sense im typing abit fast
  Thanks

  Have you been here?
  http://docs.info.apple.com/article.html?path=DirectoryAccess/1.8/en/c7od45.html
  It should be straight forward, depending on how your AD accounts are setup.
  Unfortunately, I currently see a bug in the system which is often causing the home directory share to fail to mount when I use the AD plug-in in its default configuration. I'm pleading with Apple to fix this soon.
  If you use the plug-in in "true network home" fashion, by unchecking the 'force local home' option, then you should avoid this annoying bug. This method however requires plenty of network bandwidth and space for your entire Mac home folder.

• Initial Sync and Mobile Home Creation

  Hello,
  I have been using PHDs successfully in an OD environment for some time now, but currently am having an issue with the initial sync when a user logs onto a new workstation.
  Some background: We are using PHDs as pseudo-network home folders due to limitations in Pro Tools and its inability to function while working off of a network based home. Not ideal, but it's where we are at if we want to allow users to move from room to room but without using network homes...
  Our environment:
  - AD / OD mixed environment (working beautifully at the moment)
  - Separate server acting as home folder host (we'll call it afphome)
  - Clients managed by OD via computer groups
  The basic issue is that when a user logs onto a new workstation, the initial sync only creates a local home based on the standard template, despite the presence of a sync progress bar (stating "Checking..." only) during the initial log-in. If the user logs out immediately, a sync occurs, but may preferences are overwritten during this sync (namely finder). When the user logs back in, syncs occur normally, but those overwritten preferences are here to stay.
  How can I force PHD to do a full "from server" sync when a new home is being created locally, assuming that a network home exists for the user already?
  Many thanks,
  Josh

  Just found your post as I was having a similar problem. Our setup was with all Apple OD though.
  I had exactly the same problem with new workstations having the user setup with the default template. We also had some odd problems syncing specific files we never had trouble with before. Our issue arrived last week when our main sharing and userhomes data drive died and we had to recover from a backup. Once we recovered, everything except for sync of portable home directories came back properly.
  After doing some searching, I figured that I did not stand to lose anything if I shut off Server Admin > our server > Settings > General > Server side file tracking for Mobile Home Sync. Rebooted the server. Suddenly the clients with file troubles sync fine and creation of new users on a new workstation actually duplicates the network user.
  I'm not sure about other implications of shutting off the server side tracking but now we sync correctly again.
  -Erich

• AFP and SMB Home Folders

  Has anybody managed to find a way of using both AFP home folders and SMB folders?
  What I am trying to do is have both setup on a students/staff login so that they can access there windows based home directory and also access the Mac home directories for things like Aperture, iphoto garage band etc which require a lot of storage room. We Limit Student storage to 150mb so we need to be able to use our current promise storage to store the home folders.
  I have read a few forums with scripts on but i can't seem to get them to work.
  I have got a working magic (golden) Triangle I can login to the any Mac with the any AD login and it works I can see there windows based home folder.
  Any Help would be much appreciated.
  Our Current setup is:
  Mac OS X Server (xServe) 10.7.5 running OD as Master and bound to AD
  Mac Clients 10.7.5
  Windows 2008R2 Domain Controller

  How do you resolved the problem?

• Open Directory Usefulness for Home Server

  I'm using Mountain Lion Server primarily as a web server, but as a retired tech writer/programmer I like to fool around with things in case I ever need to return to work. I set up the Open Directory master as part of the installation process, but I'm not sure how useful it is for me. When my site was hosted on Mobileme I got about 30 visits in a day max, and about 1 comment every year or two. So my questions are:
  How useful is the Open Directory for me, and is there any point in keeping it turned on?
  Is it useful for people outside of my LAN?
  Any additional comments, or information are appreciated.

  <bump>

• DNS, Open Directory, and wow my head hurts

  OK, I’m slowly pulling my ear hairs out over this.  My comprehension of the DNS world is modest at best (I know enough to get into trouble). I did not set up most of this (not the DNS parts anyway), and I’m trying to unravel what exactly is going on.  Maybe it’s exactly as it should be; but it seems awfully convoluted to me, so if you’re bored and want to show off your expertise and ability to explain it to a kindergartener, please read on…
  Let’s say my Domain is mydomain.com. (You can probably figure out what it really is, but I’d rather not sprinkle a post with it.)
  Our firewall is a Sophos UT320. It obviously supports forwarding of DNS info from our ISP.  While it’s own documentation says it does not have a full-fledged dns server, it does have something called “Static Entries” which seems to be a bare-bones dns server of sorts. I can set any static domain name (myserver.mydomain.com for example), point it to a server on our lan, and everyone internally can get to that server by using myserver.mydomain.com instead of 192.168.blah.blah.  It also supports reverse DNS, so if I issue a host 192.168.blah.blah command from my computer, I get “blah.blah.168.192.in-addr.arpa domain name pointer myserver.mydomain.com.” My guess is that it’s only serving up A records.  No one from outside our LAN can access these servers or records (unless they’re on a VPN of course).
  Now, in our lan, we have a bunch of Mac Servers.  Our Open Directory server has DNS service enabled on it, and the primary zone is set to od.mydomain.com.  It has some A records pointing to myserver.mydomain.com, myotherserver.mydomain.com, etc.
  Another server, located at, myserver.mydomain.com, has a DNS service who’s primary zone is mydomain.com (yes, it matches our external domain name). It contains A records for itself, the OD Server, and others.
  Reverse lookup works fine throughout the lan.
  All DNS Servers’ Forwarders are our router.
  I did a test where I turned off all these internal DNS servers (yes, there’s more) and pointed all the servers to the router. It seemed fine at first, I could issue HOST commands to and from every server to every other one and resolve both names and addresses.  The router seemed to be doing fine.
  After a day or so (I assume after the TTL elapsed), people started getting permissions errors on the servers, so I turned it all back on.
  This is with 10.6.8 Servers (one is running 10.9 but it doesn't seem to have DNS running).
  So here’s my questions:
  Why would my OD Server’s DNS Service’s primary zone be “od.mydomain.com” and not just “mydomain.com”?
  Does it make sense (or even matter) to have these DNS entries ending in mydomain.com when that’s our website’s address? (We host our own site and email server, btw.)
  Why would OD not work after all these DNS Servers were turned off, when HOST command shows it can get to every other machine and they can get to it?  What else, besides the A record and reverse lookup, could be included in the full-blown DNS servers that wouldn’t be in the Sophos bare-bones one, but still allow reverse lookups to function?  What else does OD want from DNS??
  Wouldn’t it be better, even if this all was necessary, to set up a single internal DNS Server (ok, maybe plus a backup)?  Why would this service be running, with a variety of A records, on almost every server we have?
  Is there a site that can explain DNS, and actually define every acronym, abbreviation, etc it uses?  Every time I try to learn something I go down a wiki rabbit hole.
  Thanks!
  Jeff

  OK, the answer to this seemed to be to not rely on Sophos' "Static Entries" DNS functionality.  Even though it allows "HOST" commands to work for both reverse and forward lookups, OD and/or Kerberos needs more.  Once I made a zone on our OD Server that listed itself, our replica server, AND our email server (which uses Kerberos), and made what I think is now a proper secondary DNS server on our replica server, and pointed the OD server's DNS to itself, the replica to itself, and kept the email server using the Sophos for DNS, it worked.

• Setting up Open Directory and iCal server.

  Hello:
  I'm new to open directory - please help or point me in the right direction. I'm trying to set up a OSx server 10.5 running on a PowerMac G4.
  I need iCal/DNS/FS/VPN/WEB/Open Directory as services enabled.
  For testing purposes I've set up a small network with three machines all running 10.5.6.
  I've tired over and over to do this via an advanced server but have not be able to get everything to work so I did a basic server allowing the server set up to input all my settings. Everything built and started up without issue but I could not get iCal to work. I let the set up sit over night and when I returned the next morning the MacMini screen had a window saying that a directory server has been found that offers these following services ...WEB - iCal etc. Do you want to configure your workstation. I did and everything worked as aspected. I thought that I finally got it!
  I wanted to see the all of the settings so I converted the server to an advanced server and everything still worked. ( From the one workstation ).
  I imported a users exported file from the server I'm trying to fix then the groups file. Everything still worked from the Mac Mini but I could not connect from the other workstation.
  I never received the Open Directory message about services being offered etc.
  Both machines have identical network settings ( Fixed I.P. pointing the DNS to the server.) AFP sees the server from both workstations but I can not login from the third workstation using any known good user name and password not even the admin or the Macmini account and password that works from the Mac mini. I don't really know anything about open directory, do you need to register the computer name with the server or something to that effect.
  Why would it take hours for that original service offering to go out to the first workstation?
  Thanks for any help you can offer. All of my OSX server experience has been setting up file servers never any of the other offerings.
  Thanks,
  Rick

  Sorry,
  I posted this to the wrong forum. I re-posted in Open Directory.
  Thanks,
  Rick