Does mac server 3.2.1 open directory support object class "sambaSamAccount"?

Similar Messages

• Mac os x server 3.0.2 open directory master disappear from list

  Hi, There is a very funny Mac OS X Server 3.0.2 issue.
  After I updated my mac os X server from 3.0.0 to 3.0.2. as my host name is conflict with other Mac mini, I changed X server's Mac mini's host name, computer name and localhost name. When I restart my x server. My defined "Open Directory Master" disappear from my server list.
  Actually, I need to change some setting from UI, as it disppeared from UI, I can't do any about it. Is there any way to delete it from command line? or How I can enable it appear again?

  As can't find the defined open directory server master, have to delete it from terminal command line as:
  sudo slapconfig -destroyldapserver
  and then add a new open directory master.

• MAC Server & iTunes : Does MAC Server support central iTunes repositories?

  I need some help
  Problem:
  I have a family of "5" who are all MAC users - all alas have different MAC iTunes repositories. I want to create a central MAC Music repository to ease the pain on my checkbook. Three people bought Nora Jones new Album... one person pays - me
  Setup:
  Potential Server:
  BIGMAC1:
  Dual Proc Power PC G4 1.25 Mhz, 1 gb RAM
  Gig Ethernet Connectivity with 4 Terabytes of RAID storage.
  Clients:
  5 MAC's... (Mac Mini, 24" iMac (intel), 2 Mac Book Pro's (Intel), and a 12" Power PC)
  Current Setup:
  I use symbolic links from the desktops to BIGMAC Music repository.
  Mount BIGMAC1 Disk via network
  Open System preferences
  Open Accounts
  Open login items
  Drag BIGMAC1 to login items
  Open iTunes
  <Backup iTunes music directory>
  Select preferences / advanced
  Turn off “keep itunes organized” and “copy files to itunes” on all clients
  Exit
  For each user
  Delete <User>/Music/iTunes/”iTunes Music”
  ln –s /Volumes/”BigMAC1 Disk”/Music ./<User>/Music/iTunes/”iTunes Music”
  Copy any purchased music to BIGMAC1
  Open iTunes on Client
  Delete Music library in iTunes
  Select add to library
  Select /Volumes/”BigMAC1 Disk”/Music
  Once complete your all using the same repository
  Issue: If someone adds new music you have to know and add it to you your library…
  This works but every so often some family member does something that duplicates all the files in iTunes. I suspect this is something to do with consolidate music library options. "Picture Homer Simpson looking frustrated"
  Help: Is their Recommended Solution?
  The above sort of work but is not perfect and I am not a "nerd". I need to maintain my social skills and would love to know if I can just install MAC Server or something equivalent and fix this.
  In short: Does MAC Server solve this or does something else?
  Hey Apple: I would line up and buy a solution if one existed...
  1. MAC Server in basement… access to music from PC around house. Music ordered is stored on basement PC and backup automatically…
  2. The ability to add a fourth child under account (MAC limit 5 machines to one iTunes Account)
  Apple: I am not breeding until you allow me to purchase another person to the family music account…. You would stunt their childhood if this is not fixed...
  TechnoPhobe!

  Your solution is as good as any to let you share iTunes tracks, especially ones purchased from the iTunes store amongst multiple users on a single computer.
  If you had multiple computers, you could use the built-in sharing function of iTunes and then access them from the other computers, but the other computers would also need 'authorising' to play the protected tracks.
  However there is something else you could consider. Have all the music and protected files on one computer, share it using iTunes, and access it using the new TV box. You could have multiple TV boxes and they would not need authorising to play the protected tracks. They would also not modify your iTunes files causing the problems you have occasionally experienced.
  There are other similar approach devices like the Roku Soundbridge, Sonos ZonePlayer, SlimDevices Squeezebox but none of those support tracks purchased from the iTunes store whereas the TV does.

• When i integrate Mac client to the domain open directory, he don't ask me account DirAdmin, Why ?

  When i integrate Mac client to the domain open directory, he don't ask me account DirAdmin, Why ?
  I don't want all people can integrate mac client to the open directoy without authentification
  I want he ask me account diradmin for integrate client mac os x to the domain open directory of Lion Server
  I have made a magic triangle
  Thanks

  Malik-O wrote:
  When i integrate Mac client to the domain open directory, he don't ask me account DirAdmin, Why ?
  I don't want all people can integrate mac client to the open directoy without authentification
  1 ) I want he ask me account diradmin for integrate client mac os x to the domain open directory of Lion Server
  Authentication (with open directory admin username & password) is off by default. In Mountain Lion there is no longer a GUI to manage that and some of the other binding options. In Lion, I think you could use Server Admin (or was it Workgroup Manager) -- I can't remember, but there were little checkboxes.
  To make authentication mandatory in Mountain Lion, you can use this on the Server:
  sudo slapconfig -setmacosxodpolicy -binding required
  Use the following to check the binding policies:
  slapconfig -getmacosxodpolicy
  You might want to check the slapconfig man page, you'll find some of the other options that were in Server Admin in Lion, e.g. disable cleartext, block man-in-middle, etc.
  Edit, I just saw you're still using Lion Server, not Mountain Lion. I'm pretty sure the above commands will work on Lion Server as well.

• Trouble binding 10.5 Server to 10.6 Open Directory

  After a recent power outage one of my 10.5 Servers lost its connection to the OD Master. I am unable to get this system to re-bind to an Open Directory Master (10.6 Server). I had to force un-bind the 10.5 machine (via Directory Utility) because it could not contact the OD Master. After force unbinding the 10.5 Server system I checked Open Directory settings in Server Admin and the role was "Standalone Server".
  Steps to reproduce problem:
  1) Change role of 10.5 Server to "Connects to a Directory System" and rebooted the system.
  2) Launch Directory Utility, click add server and enter the FQDN for my OD Master. SSL option is not checked.
  3) Directory Utility tries to communicate with the OD Master for a few moments...displaying "verifying server address", then comes back with the error "there was no response from SERVER. Please check that the address you entered is correct".
  (where SERVER = the FQDN for the OD Master)
  I Checked that DNS was working and that the system (10.5 Server) could resolve the FQDN of the OD Master. When the above steps did not solve the problem I went to the OD Master and (from Workgroup Manager) deleted the previous entry for the 10.5 Server. This had no effect on the problem. Not sure what to try next?

  Hi,
  Welcome to the    Discussions
  10.5 Server and specifically iChat Server has it's own forum
  http://discussions.apple.com/forum.jspa?forumID=1235 (for Export)
  10.6 Server has Forum called Collaboration Services for iChat Server (And a few other bits)
  The Forums are within Categories.
  Technically each is within it's own OS Category but Tiger, Leopard and Snow Leopard are all shown in this "Master Category" here
  The reason I am posting these links is that I don't know enough about the Server version of iChat.
  The chances are that someone in the 10.6 Server > Collaboration Services forum knows how to Export the list from 10.5 Server and input it in to 10.6 Server.
  Hope this helps.
  7:53 PM Monday; July 19, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• What is a mac client joined to a Open Directory server supposed to show?

  ... at login?
  I mean, does it usually show a list of every open directory user, so that the user in front of the machine choose its corresponding profile, insert the password and goes straight away, just like with local users?
  Or does it show a couple of blank fields with user name and password?
  Either way, can you configure that to best suit your needs and taste?
  Thank you.

  I generally deliberately have very few local users on the client, and they're generally also marked as being hidden from the login displays. Most users are domain users. And I tend to use the user-n-password box setting on the clients, possibly with a banner message.
  Preferences, LOGIN it says "These setting cannot be managed for users", the same with workgroup.
  You need to manage this via the client computer or computer group entries, and not a per-user or user group entries. It's the computer and not the user that establishes these preferences. (It makes sense, once you grok the logic here. But that existing diagnostic message could more helpfully be phrased as how you can do this, rather than how you can't. As "Hey, admin-dude, go tweak this knob over in computers or computer groups, kthnxbye" or some such, and not as this "I'm sorry Dave, but I can't do that" message.

• 10.6 iCal server using 10.5 Open Directory

  Has anyone had any experience with getting a 10.6 server's various collaboration services working with a 10.5 Open Directory? I have the web services working fine, but I'm having trouble getting iCal running correctly. First, 10.5 clients trying to connect to the 10.6 iCal server won't work via Kerberos. The other problem, is when I connect via digest mode (or whatever the unsecure mode is), the iCal clients don't seem to get anything back from the server. I can create events and I see them via the web interface, but events created or edited via the web interface don't get pushed back to the client.
  Thanks for any help...

  I don't think 10.6 does the enabling stuff the same as 10.5 if I remember correctly. A lot of it is done via the web interface. I know creating a wiki in 10.5 meant creating a group in WG manager and setting it up through that. In 10.6 you go to the wikis part through a browser and hit "Create new wiki". Permissions are setup via the settings page on the wiki.
  I'm not sure if the same goes for calendaring because we haven't ever used the iCal server to the full extent but I think it might be a similar change. When you sign into your "my page" on a 10.6 web server, it creates a calendar for you that you can edit via the web interface or iCal. Wikis also have calendars created, but I'm not sure how to get them in iCal.
  Hopefully that helps some...

• Server 3 / SSL Certificate / Open Directory - Problem!

  We've updated from Server 2 to Server 3 / OS X 10.9.
  We have an SSL certificate for server from Comodo.
  Under Server 2, all worked just fine, with the SSL certificate being used to secure all services (configure via Server app).
  Under Server 3, all works just fine, but Open Directory will not accept certificate - so Certificates / Settings in Server 3 app shows "Custom Configuration" for Settings - and on inspecting this it is because Open Directory set to be not secured but everything else is using SSL.
  I've tried setting the Open Directory to use the SSL, but when ever I do it simply bounces back to being unsecured.
  Does this matter?  Presumably it should be possible (as the standard setting appears to try and set Open Directory to use the SSL certificate), but not sure whether trying to fix is simply a fools errand.
  Anyone got any clues as to whether to fix or not, and if to fix, how?
  Thanks in advance.

  Have you check to see that the certificate is indeed "Trusted" by your server?
  Above, you stated that they're in the etc/certificates folder, but that doesn't mean that the server likes them.  You can create a "Self Signed" Certificate and still have certificates in there.  That doesn't mean that anyone else on the planet has to trust them.
  Open Keychain Access in your utilities folder.  Depending on how you have it configured, you may have to look around to find the certificate in question.  It may be under login, or System. 
  When you select your Certificate, if it's there, does it show as trusted?
  Another thing you can check...  Often times Certificate authories, use Intermdeiate certificates.  Since anyone can sell a certificate, in order to have it trusted, you need to have it signed by someone else.  A good example is Godaddy.  They sell both SSL and Code signing certificates of all flavours.  In order to get them to be trusted, the "Intermediate Certificate" needs to also be installed in the keychain.  My Godaddy cert looks to be trusted by Verisign via an intermediate.
  Have a look here...  https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1182
  Not sure if it's directly relevant, but there it is.
  The point is, I think you need to verify that your certificate is trusted by your server.  OD won't use an untrusted certificate. 
  --an afterthought--  Anything in the logs?
  Open up your server window where you try to select the certificate for OD.  Also, in another window open up the terminal.  In terminal, type:
  tail -f /var/log/system.log
  In the server window try to select the certificate and click done.  See what the output in terminal says.

• Open Directory deleted objects

  Hi,
  I am familiar with performing ldap searches on Active Directory. I was wondering if the Open Directory has support for tombstone objects like AD or does it have other method to store the deleted objects which can be retrieved using an ldap search?

  The article is still valid so you can refer to it and apply what is mentioned.
  Of course, it is always recommend to try changes in a test environment before going to production.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Does Mac Mini's HDMI-to-DVI cable support analog DVI monitors?

  The Apple website shows that the new (late 2012) Mac Mini comes with an HDMI-to-DVI adapter cable in the box :-)
  The DVI video connector standard supports both analog and digital video signal modes, but not all models support both modes.
  I have an old PC monitor with a DVI connector, which is probably analog only.  Will this work with the new (late 2012) Mac Mini?  
  In other words: does Apple's HDMI-to-DVI adapter cable support all DVI monitors, or only those with a digital input?
  Many thanks!
  - Martin

  Your right about the DVI standard support both analogue and digital. The three types are
  DVI-A (analogue only)
  DVI-D (digital only)
  DVI-I (supports both)
  In this case the HDMI to DVI adaptor will only support digital DVI. This is because the HDMI port only supports digital.
  Generally monitors with a DVI port support digital DVI, if you compare the socket and pins layout on the monitor to the one on the Mac adaptor if they are the same layout then that should indicate the monitor indeed supports digital DVI.
  Note: The maximum resolution supported by the Macs HDMI port is 1920x1200, if your monitor supports a higher resolution then you should get a Mini Displayport to DVI adaptor or if needed a Mini Displayport to Dual Link DVI adaptor (for the highest resolutions).
  The following may help http://en.wikipedia.org/wiki/Digital_Visual_Interface

• Can not join a Windows XP machine to OS X Server 10.5.3 Open Directory

  I have setup an OS X Server for testing before we deploy it to the network for production. And I trying to join the Windows XP machine to the Domain which I set up in Server Admin under SMB and I get an error "A domain controller for the domain "DomainName" could not be contacted". I have setup WINS, DCHP and DNS. I ping the OS X Server using the it's Fully qualified domain name and I can see the server under network neighbourhood but I can not login into.

  Hi Guys,
  Here is more info on my SMB configuration, I still can't join a Windows XP machine to OS X Server 10.5.3 PDC. Hope this configuration helps in anyway.
  smb:realm = "GRIDIRON01.OT.GRIDIRONINTERNAL.COM"
  smb:logon drive = "H:"
  smb:logon path = "\\%N\profiles\%u"
  smb:workgroup = "pctopia"
  smb:wins support = yes
  smb:map to guest = "Never"
  smb:enable print services = "yes"
  smb:wins server = emptyarray
  smb:security = "USER"
  smb:server string = "gridiron01"
  smb:ntlm auth = "yes"
  smb:netbios name = "gridiron01"
  smb:max smbd processes = 0
  smb:os level = 65
  smb:preferred master = yes
  smb:add user script = "/usr/bin/opendirectorypdbconfig -c createuseraccount -r %u -n /LDAPv3/127.0.0.1"
  smb:lanman auth = "yes"
  smb:domain logons = yes
  smb:domain master = yes
  smb:use spnego = yes
  smb:use kerberos keytab = yes
  smb:adminCommands:homes = yes
  smb:adminCommands:serverRole = "primarydomaincontroller"
  smb:adminCommands:ldapRole = "1.1 - hosting a master LDAP directory server\n"
  smb:auth methods = "odsam"
  smb:dos charset = "CP437"
  smb:enable disk services = "yes"
  smb:log level = 1
  smb:add machine script = "/usr/bin/opendirectorypdbconfig -c createcomputeraccount -r %u -n /LDAPv3/127.0.0.1"

• Join an Ubuntu client to a mac server

  I have a server with SL server and many client, some are macs and some others are pc with Ubuntu 10.10.
  Is there a way to make those ubuntu clients join the directory service on the Mac server?
  Via samba, open directory or active directory or else?
  Any hint?
  Thank you.

  Sorry, but have you tried the Mail Service Administration pdf at http://www.apple.com/server/documentation/ ? It explains lots of details there.

• Server 4: open directory entry for server reports wrong IP address

  I'm running Server 4 on a Mac Mini (late 2012) running OS X 10.10.
  The server is configured as a stand-alone machine providing services to users connecting over its fixed IP public address.  The server uses Open Directory to keep record of authorised users of the services provided (mail, calendar, wiki, contacts, some file sharing), and the machine is configured as an OD master.
  I've noticed that the entry relating to the server on the Server 4 panel for Open Directory (the only entry showing by the way) lists three IP addresses below the name of the machine.  My concern is that these IP addresses are not related to the IP address being used by the machine, and there does not appear to be any simple way to change them.  The IPs reported are 10.37.129.2, 10.0.1.2, 10.211.55.2.  The server's fixed IP is in the range 45.146.x.x and the local network running below our router that the server connects to has IPs in the range 192.168.1.x.  So It is not clear where these IPs might be coming from.
  What do these numbers relate to?  If they are important, should they point to the IP address occupied by the server?  If so, how do I make this change in settings?
  Thanks a lot in advance for any help that you can provide.

  <bump>

• Mac Open Directory and Sun Java DS

  We have Mac Open Directory Servers running on OSX 10.4.x domain. I am thinking about moving this domain by implementing Sun Identity Management solution. However, I am not able to find the Mac Open Directory in the IDM Supported standards. My Sun Directory Server synchronizes with the Windows AD using IDSYNC but I am not sure how a similar environment can be implemented for Open Directory. Is there a product from Sun for synchronizing accounts with Open Directory from the Sun Java DS?

  Mac Open Directory supports the LDAPv3 protocol so you could use Sun IdM's LDAP adapter to manage entries in Mac OD. I would probably set up Sun IdM to perform the synchronization. You configuration would depend on what source was authoritative.
  The tough thing is that Active Sync would probably not work for Mac OD so automatically doing a synchronization based on updates in the Mac OD would not be feasible unless you created and Active Sync adapter. If done it before. It's not too difficult.

• 10.6 Client and 10.7 Server Open Directory

  I´ve got an Mac Mini running Lion Server. It´s configured as an Open Directory Server.
  And I´ve got some 10.6 Clients running on the same local network.
  All Clients have the Mini Server as DNS Server.
  And now I want to use NetworkAccounts form the 10.7 Server on the 10.6 Clients.
  I´ve connected the 10.6 Clients to the Server (without SSL) and all Clients say "Network Accounts available".
  But if I try to log in on the Client it just shakes the login window. I´ve tried it on all my Clients with different Accounts but nothing worked.
  It just won´t work! But why? Can you please help me?
  What I´m doing wrong? Or is the combination of 10.6 Clients and 10.7 Server not Supported by OpenDirectory on 10.7 Server ?
  Thank you !

  Check your authentication against the server from one of the clients using the following command:
  dscl /LDAPv3/<server name or IP> authonly <shortname of an account that cannot login>
       The server name should be the same name or IP you used when binding your 10.6 client to a 10.7 server.
  If you get the response "Failed to authenticate user <shortname> (tDirStatus: -14103)" you are having the same issue I was having. I found an answer to this, but you are not going to like it.
  Apparently Workgroup manager and Server.app deal with accounts differently. If you are using Workgroup Manager to import a long list of accounts, don't. Server.app needs to write an addition setting that is not part of Workgroup manager or in Passenger I doesn't work correctly with accounts that have home folders that are not local. Here are the steps I used to resolve the issue:
  Export all your accounts and groups
  Using Server Admin, demote your OD to a standalone directory
  Once the demotion is complete, use Server.app to promote your server to an OD Master
  Update: I've not found it to make a difference if you use server.app or Server Admin to configure your Open Directory Master.
  Once the server is again an Open Directory Master, import the users that you exported using Server.app instead of Workgroup Manager.
  If you are importing groups, set the Home Directory by editing the account in Server.app before importing groups to avoid overwriting your group settings. Thankfully, you can select multiple accounts at a time.
  Import your groups using Server.app
  Verify group membership and test the loginsIf you test the login using the dscl command from above, you should get no error after entering the password, but as long as you have a bound client, you should be able to login at this point.
  Hope this reaches you in time to help.