Single server as Soft AP, DC, DNS, DHCP for a small office

The server is running 2012 R2 Foundation with a wired network for internet (Comcast). It has a WiFi adapter so it can host a wireless network (as a Soft AP). The WiFi host has a static IP 1.1.1.1.
On the server I have setup AD, DNS, and DHCP services (all bind to that static IP).
All clients need to connect server and internet via WiFi, and join the domain for work.
But it looks like the DHCP/DNS services don't like the virtual adapter - although all clients can connect, they cannot get their IP.
Without AD/DNS/DHCP I can share internet connection with ICS perfectly, so I think the hosted WiFi network is setup correctly.
I tried to remove the DHCP service, and use ICS to assign IP - it works, but clients cannot see the DNS server and thus cannot join AD.
What am I missing? Thanks for your help!

It is never a good idea to run a DC with two NICS. It causes all sorts of problems. (The only exception was SBS server which was designed as a one-box solution). Also, a domain will not run behind ICS. If you are running a domain, the domain clients
must use the local DNS (on the DC) for DNS, not the DNS relay system of ICS. RRAS/NAT will work because you can configure it so that it does not run its own DHCP function. ICS is not configurable.
  Even if you overcome that problem, you still have the multihomed DC problem. It really isn't worth the effort to save a few bucks.
Bill

Similar Messages

  • Advise about setting up a permissons on Lion server for a small office.

    What is the common wisdom and advise about setting up permissions optimally for a small office using OS X Lion Server as a file server?  I thought I had this solved by setting the ACL permissions so that all users and appropriate groups can read and write all files on the server.  This works great until a new file is created.  Then it appears that the POSIX umask kicks in and takes priority over the ACL permissions.  I need to allow group write permissions on all new files.  My options seem to be:
    Make everyone an admin - not great for obvious security reasons
    Change the umask for the whole machine - also security problems, though perhaps fewer than the everyone-an-admin route above
    Write a folder action applescript to add group write permission on all new files.  This works fine if you have a static number of folders  With new folders it has the problem: How do new folders created by non-admin users get this folder action automatically applied to them - some cronjob to hunt down the new folders; an applesscrpt folder action that adds a folder action to all new folders (sounds recursively complicated)?
    Have a cron job regularly do something like  `chmod -R 664` on all files.  This will break during those between the cracks times between when someone creates a new file and when the cronjob runs - not ideal.
    Seems like this should be easier which makes me think I'm missing something obvious.
    Any help great appreciated.  Thank you in advance!

    Good-heart's advice is certainly your first step, but if you've already done that and still have the problem you've described, you might have the 10.7.3 ACL bug, particularly if your users and groups are in an OD or AD rather than being local accounts on the server. The problem is that ACL's for directory accounts are incorrectly ignored, resulting in POSIX permissions coming into play.
    I've descibed my workaround for this here;
    https://discussions.apple.com/message/18037703
    I haven't yet tried the other trick I've read about, which is to ensure your Share's data directories are at least one level down on the volume - there is a post here on the Communities that mentions this;
    https://discussions.apple.com/message/18028746
    I seem to remember that this helped with an earlier version of AFP, if using external firewire or usb storage.
    Let us know if you find a fix, it seems a number of people have problems with this.
    Regards,
    Ian

  • Intermittend DNS resolution, timeserver, group policy updates errors in client logs in Win 2012 R2 single server environement

    We recently switched hardware and server software Win SBS 2008 to 2012R2 for a small network roughly 40 clients (Win7 Pro / Win 8.1 Pro) about 16 running concurrently at a given time and one network printer with the printer queue residing on the DC as well.
    I read that a single server environment might not be ideal in particular no fail-over but that is an accepted risk in this particular network here.
    Errors:
    Error 1043: Timeout during name resolution request
    Error 1129: Group policy updates could not be processed due to DC not available
    Error 5719: Could not establish secure connection to DC, DC not available
    Occasionally but disappears after a while
    Error 134: As a result of a DNS resolution timeout could not reach time server
    Symptoms
    On Win 7 Clients
    Network shares added through Group Policy will not show sometimes
    Network shares disconnect (red X) and when accessed return access authorization error after one or two clicks on the share finally grant access again
    When the issue with accessing network shares occurs, it usually also affects Internet access meaning a 'server not responding' error appears in the browser windows when trying to open just any web page
    nslookup during the incident returns cannot resolve error
    ipconfig on client shows correct default router (VDSL Router) and DHCP / DNS Domain Controller
    Also, the Win system log shows the above errors during these incidents, however, the nuimber of incidents vary from 20-30
    On Win 8.1 Clients
    Same as above with the slight variation for network shares apparently due to Server 2012 and Win 8.1 clients managing drive shares differently. However, network share refresh does not work with this clients. In most cases only a gpupdate /force returns
    drive shares but usually only for the active session. After logoff / logon the shares are gone again.
    The issue does appear to be load related since it occurs even if there are only one or two workstations active.
    Server Configuration
    Dell R320 PowerEdge 16GB / 4TB 7200RPM RAID10 / GBitEthernet
    Zyxel 1910-48 Port Switch
    VDSL 50Mbps Down / 20Mbps Up
    Since the DC is the only local DNS and there are no plans to add another one or move DNS to another server, the DNS server is configured with this own address as preferred DNS with three DNS forwarders 1) VDSL Router 2) ISP DNS1 3) ISP DNS2
    Currently only one Network card is active for problem determination reasons.
    There appears to be no consensus concerning IPV6 enabled or disabled, I tried both with no apparent effect
    I have set all network cards server and client to Full Duplex and the same speed, also disabled Offload functions within the adapter settings. Some but no consistent improvements.
    Best Practice Analyzer Results
    DNS server scavening not enabled
    Root hint server XYZ must respond to NS queries for the root zone
    More than one forwarding server should be configured (although 3 are configured)
    NIC1 should be configured to use both a preferred and alternate DNS (there is only one DNS in this network)
    I have found some instructions to apply changes to the clients through a host file but I would rather like to understand whether this DNS response time issue can be resolved on the server for example timing setting perhaps. Currently the DNS forwarders are
    set to 3 second.
    Since a few people have reported issues with DNS but most are working with multi DNS, DC environment I could not really apply any suggestions made there. perhaps there is anyone like me who is running a single server who has overcome or experience the same
    issues. Any help would be appreciated

    Hello Milos thx for your reply.. my comments below
    1. What does it "switched"? You may mean migration or new installation. We do not know...
    >> Switched is probably the incorrect term, replaced would be the appropriate wording. Before, there was a HP Proliant Server with SBS 2008 with distinct domain and now there is a Dell Server with MS 2012 R2 with a distinct domain. Client were
    removed from one (SBS) domain and added to the new Server 2012 domain. Other components did not change for example same Network Switch or VDSL Router, Workstations and Printer
    2. Two DCs are better alternative. Or backup very frequently. There are two groups of administrators. Those who have lost DC and those who will experience this disaster in near future.
    >> Correct, and I am aware of that
    3. NIC settings in W 7 and W 8.1, namely DNS points to DC (...and NOTHING else. No public IP or that of router DNS.))
    >> Correct, this is how it's currently implemented. Clients point to DC for DHCP and DNS and Default Router, no public IP or DNS. The only references to ISP DNS exist on the VDSL Router itself as provided through ISP when establishing VDSL
    Link and the list of Forwarders in the DNS Server configuration. However, I have just recently added the ISPs DNS as forwarders for test purposes and will probably learn tomorrow morning whether this had any effect for better or worse.
    4. Do nslookup to RR on clients. RR branch is saying client basic info on LDAP parameters of AD.
    >> Will post as soon as available
    5. I do not use forwarders and the system works
    >> Ok, does this mean it works for you in a similar or the same infrastructure setup or are you saying it is not required at all and I can remove any forwarder in a scenario like mine? If not required can you explain a bit more why it is not
    required apart from that it does work for you that way?
    6. DHCP should sit on DC (DHCP on router is disabled)
    >> Correct, no other device is configured to provide DHCP service other than DC and DHCP is currently running on DC
    7. NIC settings in DC points to itself (loopback address 127.0.0.1)
    >> Are you sure this is still correct and does apply to Server 2012? I am reading articles stating that it should be the servers own IP but local loop or should this be added as alternate DNS in addition to the servers own IP?
    8. Use IPCONFIG /FLUSHDNS whenever you change DNS settings.
    >> OK, that was not done every time I changed some settings but I can do that next week. Reboot alone would not suffice, correct?
    9. Test your system with dcdiag.
    >> See result below
    10. Share your findings.
    Regards
    Milos
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
      Home Server = GSERVER2
       * Identified AD Forest.
       Done gathering initial info.
    Doing initial required tests
    Testing server: Default-First-Site-Name\GSERVER2
          Starting test: Connectivity
             ......................... GSERVER2 passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\GSERVER2
          Starting test: Advertising
             ......................... GSERVER2 passed test Advertising
          Starting test: FrsEvent
             ......................... GSERVER2 passed test FrsEvent
          Starting test: DFSREvent
             ......................... GSERVER2 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... GSERVER2 passed test SysVolCheck
          Starting test: KccEvent
             ......................... GSERVER2 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... GSERVER2 passed test
             KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... GSERVER2 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... GSERVER2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... GSERVER2 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... GSERVER2 passed test
             ObjectsReplicated
          Starting test: Replications
             ......................... GSERVER2 passed test Replications
          Starting test: RidManager
             ......................... GSERVER2 passed test RidManager
          Starting test: Services
             ......................... GSERVER2 passed test Services
          Starting test: SystemLog
             ......................... GSERVER2 passed test SystemLog
          Starting test: VerifyReferences
             ......................... GSERVER2 passed test VerifyReferences  
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : GS2
          Starting test: CheckSDRefDom
             ......................... GS2 passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... GS2 passed test CrossRefValidation  
       Running enterprise tests on : GS2.intra
          Starting test: LocatorCheck
             ......................... GS2.intra passed test LocatorCheck
          Starting test: Intersite
             ......................... GS2.intra passed test Intersite
    Server:  gserver2.g2.intra
    Address:  192.168.240.6
    *** gserver2.g2.intra can't find g2: Non-existent domain
    > gserver2
    Server:  gserver2.g2.intra
    Address:  192.168.240.6
    g2.intra
            primary name server = gserver2.g2.intra
            responsible mail addr = hostmaster.g2.intra
            serial  = 443
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)
    > wikipedia.org
    Server:  gserver2.g2.intra
    Address:  192.168.240.6
    Non-authoritative answer:
    wikipedia.org   MX preference = 10, mail exchanger = polonium.wikimedia.org
    wikipedia.org   MX preference = 50, mail exchanger = lead.wikimedia.org
    polonium.wikimedia.org  internet address = 208.80.154.90
    polonium.wikimedia.org  AAAA IPv6 address = 2620:0:861:3:208:80:154:90
    lead.wikimedia.org      internet address = 208.80.154.89
    lead.wikimedia.org      AAAA IPv6 address = 2620:0:861:3:208:80:154:89
    Final benchmark results, sorted by nameserver performance:
     (average cached name retrieval speed, fastest to slowest)
      192.168.240.  6 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      + Cached Name   | 0,001 | 0,002 | 0,003 | 0,001 | 100,0 |
      + Uncached Name | 0,027 | 0,076 | 0,298 | 0,069 | 100,0 |
      + DotCom Lookup | 0,041 | 0,048 | 0,079 | 0,009 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 gserver2.g2.intra
                    Local Network Nameserver
      195.186.  4.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,023 | 0,025 | 0,000 | 100,0 |
      - Uncached Name | 0,025 | 0,071 | 0,274 | 0,065 | 100,0 |
      - DotCom Lookup | 0,039 | 0,040 | 0,043 | 0,001 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns8.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
      195.186.  1.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,023 | 0,026 | 0,001 | 100,0 |
      - Uncached Name | 0,025 | 0,072 | 0,299 | 0,066 | 100,0 |
      - DotCom Lookup | 0,039 | 0,042 | 0,049 | 0,003 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns7.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
        8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,033 | 0,040 | 0,079 | 0,011 | 100,0 |
      - Uncached Name | 0,042 | 0,113 | 0,482 | 0,097 | 100,0 |
      - DotCom Lookup | 0,049 | 0,079 | 0,192 | 0,039 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 google-public-dns-a.google.com
                     GOOGLE - Google Inc.,US
      UTC: 2014-11-03, from 14:33:12 to 14:33:29, for 00:17,648
    15: 40
    192.168.240.  6 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      + Cached Name   | 0,001 | 0,002 | 0,004 | 0,000 | 100,0 |
      + Uncached Name | 0,025 | 0,074 | 0,266 | 0,063 | 100,0 |
      + DotCom Lookup | 0,042 | 0,048 | 0,075 | 0,007 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 gserver2.g2.intra
                    Local Network Nameserver
      195.186.  1.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
      - Uncached Name | 0,024 | 0,073 | 0,289 | 0,067 | 100,0 |
      - DotCom Lookup | 0,039 | 0,041 | 0,043 | 0,001 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns7.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
      195.186.  4.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
      - Uncached Name | 0,025 | 0,073 | 0,286 | 0,065 | 100,0 |
      - DotCom Lookup | 0,041 | 0,066 | 0,180 | 0,037 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns8.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
        8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,033 | 0,038 | 0,077 | 0,009 | 100,0 |
      - Uncached Name | 0,042 | 0,105 | 0,398 | 0,091 | 100,0 |
      - DotCom Lookup | 0,049 | 0,066 | 0,141 | 0,025 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 google-public-dns-a.google.com
                     GOOGLE - Google Inc.,US
      UTC: 2014-11-03, from 14:39:59 to 14:40:12, for 00:13,363

  • Server 2008 RRAS Internal adaptor causing duplicate DNS entry for host

    I have Server 2008 configured with AD, DNS, DHCP and Routing and Remote Access.  The Server is set-up with a static IP address 192.168.127.2 and the DHCP allocates addresses in the range 192.168.127.100/199 to clients.  The RRAS is automatically configured with three adaptors "Loopback" (127.0.0.1), "Local Area Connection" (192.168.127.2) and "Internal" (192.168.127.112 allocated by DHCP).
    The problem is that there are two entries created in DNS for the host, MYSERVER 192.168.127.2 and MYSERVER 192.168.127.112.  This cause a problem with the client computers when they do a DNS lookup in that the MYSERVER ip address is sometimes returned as 192.168.127.112 at logon causing network shares assignment in the logon script to fail (among others).  If the DNS entry is deleted manually everything functions again for a while until the DNS entry is mysteriously created again.
    Can anyone help???

    I agree with Bill, you should not run RRAS service on DC.
    If you need workaround
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\<Interface name>\MaxNumberOfAddressesToRegister
    Data type: REG_DWORD
    Range: 0x0 - 0xFFFFFFFF
    This setting determines the maximum number of IP addresses that can be registered in DNS for this adaptor.
    If the value of this entry is 0, IP addresses cannot be registered for this adaptor.
    OR
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface name>\DisableDynamicUpdate
    0      Enables DNS update registration
    1      Disables DNS update registration
    Please place one of above registry key for adapter that you don't want to register in DNS.
    Hope this helps.

  • DNS settings for virtual host 10.6 server

    We have just gone through a rebranding exercise, i.e. the company name has changed from 'mycompany' to our 'ourcompany'.
    For various reasons we have decided to not rename our complete setup, but rather add a virtual host for our mail server including a second primary DNS zone for the new domain 'ourcompany'.
    We are hosting our website externally, however since we added the second primary DNS zone incl. an A record (www) pointing to our external website hosts IP for 'ourcompany', workstations on our LAN can no longer access the website.
    Running DIG for 'www.ourcompany.com.au' results in the correct A record IP address being shown, but it is still not showing in any browser – we also made sure we emptied our caches.
    Although we thought this should work relatively easily, we are now totally confused as to the additional primary zones general settings... currently we allow zone transfer and provide an entry in the nameserver section.
    Any ideas as to what might be going on here would be greatly appreciated.

    Mr. Hoffman,
    Than you very much for your reply - unfortunately, despite studying and testing your advice (incl. wesbite) we seem to not get much further.
    Please find our comments inserted below...
    MrHoffman wrote:
    FWIW, both mycompany.com.au and ourcompany.com.au are real and registered domains; I'll presume they're not the domains you're migrating from or to.  Accordingly, I'll use example.org for your old stuff, and example.com for your new stuff; the example domains are RFC-reserved for this usage.
    Correct we are not using my bad example domains.
    Each host should have one A record (and one AAAA record, if you have IPv6 active), and one of the more common errors in these migrations is setting up an A record for each new domain that might arrive; each host has one A (and possibly one AAAA) record, and that's the canonical name for that host.  Externally, that'll probably be the latest name in any sequence (such as www.example.com), and all previous names (including www.example.org) will have CNAME entries.
    To clarify do you mean the following: internally we should not have more than one A record for each host... i.e. one for example.org and one for example.com and presumably any other subdomains should be CNAME records?
    2. externally we should change the A record for www.example.org to a CNAME record and create a new A record for www.example.com;
    Internally (and here's why having a different domain inside is handy) use one of the old names; use example.org, for instance.  This means you can use the public DNS services for the external web sites and resources; your internal DNS servers receive the requests for example.com hosts and go "duh, lemme ask somebody else for that", and that somebody else is the (public) DNS server your external DNS services for example.com hosts.
    Exactly what we had initially done - basically we (naively) thought we could get away with only relying on external DNS translations... however that resulted in mail clients on our LAN loosing their connection every 5-10 minutes, thus we decided to setup another primary DNS zone which fixed that problem but created the other.
    Please also note we have created a subdomain admin.example.com which properly resolves to the CMS backend - btw. from within this backend you can then preview the any page on the regular website with their non www. URLs.
    Since the current setup resolves to the correct IP address I wonder if it could be a problem with the .htaccess rewrite rules the web developer has setup to remove the www. ... or is this too far fetched?
    The usual trigger for not reaching the external A (or AAAA) records is either a stale cache on the particular client (for translations inside the Time To Live (TTL) values for the old DNS translations, or pending a local cache flush on each client), or (and this is more common) confusion over authoritative DNS servers; you have your internal DNS configured as authoritative for the new www.example.com domain, and also authoritative for the old www.example.org domain, and your external DNS is also authoritative for (probably) both domains.  Internal requests get as far as the internal server, and get an authoritative translation (possibly being "no such host"), and don't go any further.
    Safari & Firefox present with 'Server not found' errors.
    So we are still stuck thus any further advice would be much appreciated.

  • Read Dictionary Meta Data with a Single Server Connection

    Hello,
    I've Enterprise Portal 6.0 SP4 NetWeaver Stack 2 Developer Workplace Sneak Preview from https://www.sdn.sap.com/sdn/downloads.sdn running on my computer and implemented the Tutorial: "Creating A Web Dynpro Application Accessing ABAP Functions" from https://www.sdn.sap.com/sdn/developerareas/webdynpro.sdn?page=TutWD4_AccessingABAP.htm.
    During the setup of the JCo Conneciton for the WD_FLIGHTLIST_RFC_METADATA_DEST in the Web Dynpro Content Administrator in Step 3 I came across the problem that I can not use a Single Server Connection to read Dictionary Meta data.
    So my Question: Why is it not possible to read Dictionary Meta Data with a Single Server Connection?
    Regards
    Gregor

    Hi Ruth,
    Thanks for the guideline.
    I entered an entry in the etc/service file on the m/c which is having SAP WAS 6.40 J2ee installed.(let say ip address 172.16.1.38)
    for e.g.
    sapmsSA1 3600/tcp
    I restated the webAS server.
    Then from SAP GUI when i am connecting to SAP R/3 backend system and checking the 'smlg' transaction.....i can see 3 Logon groups with the same name 'PUBLIC'.
    Now i have created the BC Message server connection in SLD with this information.
    caption - SA1 01
    Message server IP = 172.16.1.242
    port 3600
    After that i specified this message server information to WD_MetaData connection in JCO content administrator.
    When i tetsed this connection it gives me error as follow.
    com.sap.mw.jco.JCO$Exception:(102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed
    connect_PM TYPE=B MSHOST=172.16.1.242 GROUP=PUBLIC R3NAME = SA1 MSSERV=sapmsSA1 PCS=1 LOCATION CPIC(TCP/IP)on localhost with Unicode ERROR partner not reached(host 172.16.1.38,service sapgwoo)
    connection refused
    can u guide me what i am missing?
    Thanks,
    Mital.

  • Users and permissions for a small home server

    Hello community,
    I have been using Linux on the desktop for many years now, but unfortunately my knowledge about servers is very limited, almost non-existent. Therefore my question is most probably equally well fitting here and into the newbie corner.
    I'm trying to set up a little home server which should be in charge of following tasks:
    - CUPS print server in the local network
    - access to shared files through NFS in the local network
    - backup (again over NFS)
    - an Owncloud server
    - maybe a mail server in the long run (NSA, paranoia, etc. )
    For now I have set up the print server, the NFS server and was working on the Owncloud installation, when Owncloud gave me some errors with users and permissions. So I was led to the idea of rethinking the users and permissions on server. So far there is only the root user who may do everything. This seems like a quite unsafe configuration. I'd like to make it safer. First, the printer, the backup and the locally shared files should be accessible from the local network only. SSH access should also be accessible locally only. The Owncloud file folder should be accessible from the internet, but of course only for the Owncloud users registered to the Owncloud server.
    What is the best way to set up users and permissions for such a set up?
    Thanks for any hints,
    PhotonX

    Hi, i think it depends who are you serving for, if you are just serving for a small office or home server or a big organization. The following quick thinking just came to me:
    I think cups set automatically a system  user of its own, and runs as it, so no trouble there. Cups also has the option to set users and it uses the system users as default, i think it depends in in how many printers/users your have in your server.Users that can manage cups are in the lp group. 
    For nfs every user should have their home, samba is also a good option if you have  windows computer in your network and it integrates better with graphical file  managers like nautilus in the clients side, but it is a hassle to configure.
    You should run the web server (owncloud ) as it own user, maybe you can manage to set something up for owncloud in the filesystem, but owncloud uses a database, and the users for owncloud are stored in there, and they are not system users.
    You can configure ssh for local use only enabling the corresponding subnets in your /etc/sshd.conf and optionally but recommended you can set a firewall and permissions. You can use iptables but i prefer ufw for simple setup.
    I think you should read the wiki:
    https://wiki.archlinux.org/index.php/users_and_groups
    and the other respective topics in the wiki.
    Also as an advice i know that arch linux is a great distribution, but you have to do more work to mantain a stable server. I would recommend debian or another more conservative distro, but of course it is your choice.
    Last edited by hydrosIII (2014-11-06 06:26:45)

  • Single Server DHCP environment - redundancy question

    I have a single 2012 R2 Server, running as Host.  Host has Hyper-V services only.  Single Guest, running Server 2012 R2, as Domain, FS, DHCP, DNS.  Small shop, 20 workstations.  IP served from DHCP to clients.  If server dies, I
    have no internet access.  We have a point of sale system, must have credit card access.  I will NOT have a second server for failover/split services (Budget will not allow.  Please take note of that.  We are a SMALL business.  All
    of our computers are lease refurbs and more than 4 years old.  Additional hardware is not a solution).  
    I am going to move dhcp to router.  It is small and cheap and I have a spare configured as a mirror of our production router.  If my cheap but functional router dies, I can replace it in less than 60 seconds.  If my server suffers failure,
    I cannot replace it in 60 seconds.  
    I welcome other suggestions, or configuration changes of my network. We have had several physical infrastructure incidences over the last 18 months that have resulted in server failure, meaning we lack the access to the internet, meaning we cannot sell product,
    meaning we do not make money to pay (my) salary.  I understand ZERO down time comes at a cost.  I'm trying to get the best reliability on the funds I have available.
    Thanks

    Thank you for not providing a single answer.  WHY does moving DHCP from DC solve nothing?  If server fails, workstations would still have access to internet, which allows my credit card processing, the problem I'm describing.  So, what am
    I missing that makes moving DHCP from the DC so bad? 
    How does a good backup solve my internet connection issue?  I have a good backup system. 
    No, I cannot work out of the cloud.  Our internet service would be jealous of a 56K dial-up modem. 
    IDH

  • Communication between the DNS/DHCP Manager and OES Server

    No communication between the DNS/DHCP Manager Console and OES server (status,start,stop)
    The screenshot shows the tab "DHCP (OES Linux)" in the DNS / DHCP Manager console
    in the bottom of the image it shows the state of the DHCP servers.
    allDHCP.JPG
    The dhcp service is started on all these servers
    You can see that the status is known only for four servers.
    The button "start/stop DHCP service" works fine on this servers and
    the dhcp service can be canceled and also restarted
    But the status of the "dhcp service" is not recognized for all the other DHCP servers
    and so we can not start or stop dhcp service on these servers.
    All servers were installed at different times (last three years) with OES11 and
    are upgraded to OES11SP2 with all patches.
    The server keto (DHCP_keto) is a new installation OES11SP2 few days ago.
    All OES servers were set up identically from me. LDAP, LUM, DMS, DHCP works fine.
    Which service on the OES server is responsible for
    communication (status indicator) between the DNS/DHCP Manager and the OES serve?
    How the status query is performed by the DNS/DHCP Manager?
    How can I test the communication to the server on the client (console)?
    Which configurationfiles I should be compare on the server?
    Thanks in advance
    Gernot

    gernot,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://www.novell.com/support and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Forums Team
    http://forums.novell.com

  • DNS/DHCP app no longer sees DNS/DHCP server.

    When I moved the majority of my Netware 6 servers to OES-NW last year, I started using iManager to handle admin duties for DNS and DHCP.
    With a planned move to OES-L coming up, I tried accessing both services using the DNS/DHCP java console.
    While I am able to log into that console, I am unable to see my DNS/DHCP server or any of the expected components for either service (DHCP pools, zone records, etc...).
    I have tried both the console that is installable from the server and the newer LDAP-based version.
    I have tried both 32 and 64-bit versions on XP and Windows 7, respectively.
    Since I want to move those services to OES/Linux and the java console is the only mechanism that can administrate the services on that platform, I am perplexed.
    My needs are simple, and I could easily move those duties to a SUSE server or even a Windows server, but that is not my preference.
    Any ideas on where to begin troubleshooting are welcome.

    On 06.08.2012 21:56, gathagan wrote:
    >
    > When I moved the majority of my Netware 6 servers to OES-NW last year, I
    > started using iManager to handle admin duties for DNS and DHCP.
    >
    > With a planned move to OES-L coming up, I tried accessing both services
    > using the DNS/DHCP java console.
    >
    > While I am able to log into that console, I am unable to see my
    > DNS/DHCP server or any of the expected components for either service
    > (DHCP pools, zone records, etc...).
    >
    > I have tried both the console that is installable from the server and
    > the newer LDAP-based version.
    > I have tried both 32 and 64-bit versions on XP and Windows 7,
    > respectively.
    >
    > Since I want to move those services to OES/Linux and the java console
    > is the only mechanism that can administrate the services on that
    > platform, I am perplexed.
    > My needs are simple, and I could easily move those duties to a SUSE
    > server or even a Windows server, but that is not my preference.
    >
    > Any ideas on where to begin troubleshooting are welcome.
    You have more than one DNS-DHCP locator object in your tree, and the
    console is picking up a/the empty one. Find the proper object (look at
    the other tab in consoleone or imanager to see if it's connected with
    servers zones and the like), and delete the superflouos ones.
    This is an *extremely* common problem when OES gets introduced into a
    tree, as it by default creates new locator objects in the server
    container, if it's not configured otherwise.
    CU,
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de

  • Do I need DFSR in a single server environment?

    I have a 2012 Host, running a single 2012 Guest.  Guest is running as a DC with AD, DNS, DHCP, and File Services.  DFSR is running, and it gives a warning every time my back runs (Backup is running on Host).  Warning is The DFS Replication
    service stopped replication on volume F:......and long message about Database, yada yada yada.  
    Do I need to run DFSR?  Again, single server, no file replication to different offices.  I'm not finding a clear answer to that question.
    Second, Server Manager should, according to TechNet, have under the Tools option the ability to turn off DFSR.  I cannot find that option.  So, IF I can turn it off, can I simply disable the DFS Namespace and DFS Replication services?  
    I would prefer eliminating rather than ignoring warnings.
    Thanks

    Sorry, one more time.  I have a single server environment, there is NO upstream domain controller, no replication between DC's.  There is ONE DC.  So, this is digressing into two questions.  One, why do I need to run DFSR (again, lots
    of articles talking about how to turn it off, and not as a discussion of temporary turn off https://msdn.microsoft.com/en-us/library/cc753144.aspx) in a single server, single domain, non-replicating environment.  
    Second, how do I address the warning I receive during my backup?  It appears to be caused by a replication error to downstream servers, since there is no downstream server, I should be able to resolve it by turning DFSR off.  I would like some
    documentation discussing the issue of turning it off in a non-DFS environment.
    The DFS Replication service stopped replication on volume F:. This occurs when a DFSR JET database is not
    shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication. 
    Additional Information: 
    Volume: F: 
    GUID: 65E46942-B9D6-11E3-9400-00155D325402 
    Recovery Steps 
    1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due
    to unexpected conflict resolution during the recovery of the replicated folders. 
    2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig
    class. For example, from an elevated command prompt, type the following command: 
    wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="65E46942-B9D6-11E3-9400-00155D325402"
    call ResumeReplication 
    For more information, see http://support.microsoft.com/kb/2663685.  
    Jeff Ferris

  • Random Services Stopping (DNS, DHCP, SMB, etc)

    Hello,
    I have been trying to wrap my head around this, but we have a single Xserve 10.5.4 and it runs the the majority of the services here in the office, like DNS, DHCP, AFP, SMB, Web, Software Update, Open Directory, and more. The problem I've been having is that over the weekend some of these services just stopped. Not all of them, and in the most recent case SMB, DNS, DHCP, and Software Updates stopped. The server was up the whole weekend, people were in the office saturday working just fine but not on sunday. So where do I even begin to look on this? Some other things you might want to know is that we are dealing with an internal packet loss issue due to cabling, we have been troubleshooting out various bad lines in this office and preparing to have these lines repaired, but to be honest, I can't see how packet loss would cause services to stop on this machine. What do you think?

    Oct 6 15:42:59 server com.apple.AppleFileServer[93]: MDSChannelPeerCreate: (os/kern) invalid argument
    Oct 6 15:44:01 server kernel[0]: 192.168.2.1 sent from address 00:17:f2:92:fa:81
    Oct 6 15:44:01 server kernel[0]: en1 duplicate IP address 192.168.2.1 sent from address 00:17:f2:92:fa:81
    Oct 6 15:44:19: --- last message repeated 53 times ---
    Oct 6 15:44:19 server kernel[0]: t from address 00:17:f2:92:fa:81
    Oct 6 15:44:19 server kernel[0]: en1 duplicate IP address 192.168.2.1 sent from address 00:17:f2:92:fa:81
    Oct 6 15:44:49: --- last message repeated 9 times ---
    This is what shows up in the log. I have not seen this in the log before as I have been digging through it to troubleshoot the issues here (I'm new to this company and have been trying to wrap my head around their issues)
    I checked into where that MAC address belongs and I have found that it belongs to the server itself, which seems strange that it's reporting that the duplicate IP is being sent from the server that's reporting this error, it shouldn't be reporting itself as a duplicate correct? I feel like I'm reading that wrong, but in looking there are no DNS errors like the ones you mentioned. I turned up the log reporting for DNS to be more verbose, hopefully that will turn something up.
    Thank you for responding so quickly.

  • Configuration of standard server, 10.5.4 install disk, small office, DNS

    I've reinstalled more times than I care to count.
    Been on the phone with support people- no one seems to know how to install standard in my config.
    I have a fixed business class IP-
    it connects from their modem to my Apple Extreme basestation N gigabit
    which then connects to a 24 port gigabit ethernet switch.
    The server is manually mapped by MAC address to 192.168.0.2
    In the standard setup-
    It asks for login to Apple Extreme basestation N gigabit- I provide- password- then configure manually (rest of computers use DHCP)
    I supply.
    Manual configured ip at 192.168.0.2
    subnet 255.255.255.0
    router 192.168.0.1
    left DNS blank.
    Standard install.
    The ethernet is configured to run through an ethernet card from my xserve- since the internal one doesn't seem to register.
    I used the MAC address for the machine in the Basestation to route to this mac address and reserve .2
    once it gets completed- it whines: server cannot connect be found on the network check that the server hostname
    etc.
    System prefs> Network settings- DNS I've tried with 192.168.0.1, I've tried with 127.0.0.1 and with 127.0.0.1, 192.168.0.1
    nothing works. I've even tried with 192.168.0.2
    It can't find server.name.lan (note I changed my actual 3 letter name for "name" in this example)
    it can find 192.168.0.2 sometimes - but slowly.
    I've reinstalled this about 50 times now.
    I've even done it with someone on the phone-
    at no time have we had:
    Jabber working at server.name.lan
    server.name.lan resolving to the wiki page
    calender working
    and vpn enabled.
    I've lost countless hours with this-
    My employees haven't been able to work at times (like tomorrow morning- because we keep all our files shared on this server).
    this is getting to be uber ridiculous.
    suggestions?
    The last install- I tried it name.private
    going to terminal- it still says to repair dns.
    There is a spot in the airport Internet settings for domain name- should I put in name.private or server.name.lan?
    I've also tried the disconnect the ethernet cable routine- that one tech had me do-
    I now know how to go into terminal and check- using sudo ipconfig -checkhostname
    where I have not been able to get the two entries- always get the message to repair dns.
    This shouldn't be that difficult.
    Thanks in advance

    The most obvious problem from your posted details is:
    left DNS blank.
    You can't do this. You HAVE to have working DNS somewhere.
    For the initial setup this could be a DNS server managed by your ISP. If you're configuring internal DNS then it could be your internal DNS server (or even 127.0.0.1), but not until that server is up and running.
    I used the MAC address for the machine in the Basestation to route to this mac address and reserve .2
    I don't understand this statement. MAC addresses don't (or, at least, shouldn't) come into the picture at all.
    System prefs> Network settings- DNS I've tried with 192.168.0.1, I've tried with 127.0.0.1 and with 127.0.0.1, 192.168.0.1
    nothing works. I've even tried with 192.168.0.2
    192.168.0.1 won't work - that is your base station and your base station is not a DNS server.
    127.0.0.1 won't work until you configure and start up the DNS server in Mac OS X Server.
    192.168.0.2 won't work either - for the same reason as 127.0.0.1. It will work once you configure the DNS server on this machine.
    So it sounds to me like your first order of business is to setup the DNS server. During the installation process you were asked which services to run. Make sure you enabled DNS then use Server Admin to configure your DNS zone.

  • DNS entry for DC not dynamically updating (Server 2008 R2)

    Windows Server 2008 R2. I've got a single DC (I'm preparing to install the 2nd in the next few days). The host (A) record for the DC shows to be static for some reason. I changed the name of the DC recently, then brought down the Exchange server and rebooted
    and it successfully connected again. I might have entered in a static DNS entry for the new server name before renaming the server, but I'm not sure.
    I've tried to delete the static DNS record for the DC and then reload, but it continues to appear as a static entry. The mail server's DNS record still appears as a dynamic entry.
    What am I doing wrong?
    Noel Stanford Oveson
    jeremyNLSO
    MCTS, MCITP, CCENT, CNE, MCSE, CLSE
    Berlin, Germany

    Hello,
    Like Mike suggested, it is normal that it is a static record.
    However, if your DC with its new name is not updating its DNS record, check that "Register this connection' addresses in DNS" is checked on the DC's adapter and then run
    ipconfig /registerdns using an elevated prompt.
    This
    posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
    Microsoft
    Student Partner 2010 / 2011
    Microsoft
    Certified Professional
    Microsoft
    Certified Systems Administrator: Security
    Microsoft
    Certified Systems Engineer: Security
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft
    Certified Technology Specialist: Windows 7, Configuring
    Microsoft
    Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

  • DNS required for NAT and DHCP services?

    I have a 10.6.2 server with a static IP, domain name, working as a gateway (I have my reasons) as well as providing some services inside and outside. My ISP has a PTR setup so the domain points to the static IP.
    My question is, do I need the DNS service running on the server? Based on some of the docs it tells me to put my ISPs DNS servers in both of my servers ethernet port settings, as well as in the DHCP profile to give out to clients on the network. When I do this, clients cannot resolve names. I can ping IPs from the client, I can even ping my ISPs DNS servers from clients, but I can't resolve names. When I try to dig anything it just hangs there with a blinky cursor.
    When I have the DNS service running it's all happy. The only thing is, clients on the LAN experience some serious lag when accessing services on the server, UNLESS I configure the DNS for my domain on the server with both internal and external IP addresses. Is that how it is supposed to be?

    In the server zone files, the dedicated IP address should point to the machine name, as in name.someserver.com. The local IP address should point to name.local. If you have more than one domain name, the zone files should show their network IP address, not the dedicated IP address, which should only point to the machine name.
    As a side note, I strongly advise against connecting a server directly to the Internet. It should be behind a router with DMZ/NAT/firewall capabilities. By the time you realize why, it will be too late.

Maybe you are looking for

  • MacBook Pro - iMac as second screen

    Hi everybody, I was wondering if I could connect my MacBook Pro to a iMac so that I can use the iMac as a second screen? I read something about a firewire cable... Thanks in advance

  • Solaris 10 and Oracle 10g

    I found several references pertaining to setting up oracle 10 on Solaris 10. We have setup the oracle.user projects and modified the shm-max-memory, but we are having an issue with the memory being segmented out into 4 segments via one key: ipcs -a I

  • Import Word Documents and Merging Projects

    Please look at this link

  • Shared_servers=1 in default DBCA installation?

    Hi all! does the default DBCA installation creates the database with shared servers and not dedicated server? These are the parameters in this brand new installation. shares_servers =1 and dispatchers is set to something.. I have to set them to 0 and

  • Update part of the string

    Hello, please, I have million of records and I need to replace LAST THREE characters, regardless of what they are,  in column that is always of the same length e.g.,1234abc need to be: 1234000 i.e., to keep first four characters! thanks