OS X 10.5.8 Leopard Server & SMB authentication problems

Similar Messages

• Leopard Server / Windows / ACL Problem

  We have this problem that came up sense we upgraded our servers to Leopard. When Windows users are accessing files (over SMB), the POSIX permissions seem to override the ACLs. This is a problem because applications like Excel will change the permissions.
  This worked perfectly in Tiger. The windows user would modify the POSIX permissions all they want, but it wouldn't matter because the ACLs were what mattered.
  Does anyone know of a solution. This is a real problem.

  Since your issue is caused by OS X Server, you may want to post your question over in the OS X Server forums:
  http://discussions.apple.com/category.jspa?categoryID=96

• Cisco ISE AD (Windows Server 2013) Authentication Problem

  Background:
  Deployed two Cisco ISE 1.1.3. ISE will be used to authenticate wireless users, admin access to WLC and switches. Backend database is Microsoft AD running on Windows Server 2012. Existing Cisco ACS 4.2 still running and authenticating users. There are two Cisco WLCs version 7.2.111.3.
  Wireless users authenticates to AD through ACS 4.2 works. Admin access to WLC and switches to AD through ISE works. Wireless authentication using PEAP-MSCHAPv2 and admin access wtih PAP/ASCII.
  Problem:
  Wireless users cannot authenticate to AD through ISE. The below is the error message "11051 RADIUS packet contains invalid state attribute" & "24444 Active Directory operation has failed because of an unspecified error in the ISE".
  Conducted a detailed test of AD from ISE. The test was successful and the output seems all right except for the below:
  xxdc01.xx.com (10.21.3.1)
  Pinged:0 Mins Ago
  State:down
  xxdc02.xx.com (10.21.3.2)
  Pinged:0 Mins Ago
  State:down
  xxdc01.xx.com
  Last Success:Thu Jan  1 10:00:00 1970
  Last Failure:Mon Mar 11 11:18:04 2013
  Successes:0
  Failures:11006
  xxdc02.xx.com
  Last Success:Mon Mar 11 09:43:31 2013
  Last Failure:Mon Mar 11 11:18:04 2013
  Successes:25
  Failures:11006
  Domain Controller: xxdc02.xx.com:389
      Domain Controller Type: Unknown DC Functional Level: 5
      Domain Name:            xx.COM
      IsGlobalCatalogReady:   TRUE
      DomainFunctionality:           2 = (DS_BEHAVIOR_WIN2003)
      ForestFunctionality:           2 = (DS_BEHAVIOR_WIN2003)
  Action Taken:
  Log on to Cisco ISE and WLC using AD credentials. This rules out AD connection, clock and AAA shared secret as the problem.
  2)     Tested wireless authentication using EAP-FAST but same problem occurs.
  3)     Detailed error message shows the below. This rules out any authentication and authorization polices. Before even hitting the authentication policy, the AD lookup fails.     
  12304  Extracted EAP-Response containing PEAP challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store - AD1
  24430  Authenticating user against Active Directory
  24444  Active Directory operation has failed because of an unspecified error in the ISE
  4)     Enabled AD debugging logging and had a look at the logging. Nothing significant and no clues to the problem.
  5)     Tested wireless on different laptos and mobile phones with same error
  6)     Delete and add again AAA Client/Devices on both Cisco ISE and WLC
  7)     Restarted ISE services
  8)     Rejoin domain on Cisco ISE
  9)     Checked release notes of ISE 1.1.3 and WLC 7.2.111.3 for any open caveats. Nothing found related to this problem.
  10)    There are two ISE and two WLC deployed. Tested different combination of ISE1 to WLC1, ISE1 to WLC2 etc. This rules out hardware issue of WLC.
  Other possibilities/action:
  1)     Test it out on a different WLC version. Will have to wait outage approval to upgrade WLC software.
  2)     Incompatibility of Cisco ISE and AD running on Microsoft Windows Server 2012
  Anyone out there experienced something similar of have any ideas on why this is happening?
  Thanks.
  Update:
  1) Built another Cisco ISE 1.1.3 sever in another datacentre that uses the same domain but different domain controller. Thais domain controller is running Windows Server 2008. This works and authentication successful.
  2) My colleague tested out in a lab environment of Cisco ISE 1.1.2 with Windows Server 2012. He got the same problem as described.
  This leads me to think there is a compatibility issue of Cisco ISE with Windows Server 2012.

  Does anyone know if ISE 1.1.3 p1 supports AD DCs running 2012, if not which patch is required ot version?
  Worryingly when ISE joins a 2012 DC it states it's connected successfully, and if another 2003 DC is available in that datacentre it will perform the auths against that DC whilst actually advertising (Connections in the GUI) that it's connected to the 2012 DC. We ended up mapping 8 PSN IP’s to another datacentre which has one Win2003 servers whilst the old 2003 DC is being promoted back, the 8 ISE servers started working, even though they still advertised they were connected to the 2012 DCs in the original datacentre - I performed a leave and join on one PSN and only then did it advertise that the node was connected to a DC in a different datacentre

• Leopard Server beta testers:  Anyone have it actually working?

  I am beta testing Leopard Server 10 client version for only $499.
  Anyone have Leopard Server running without problems?
  Just want to know if anyone out there has gotten server to work for them?
  Thanks

  I gave Leopard server a try today. Here's my experience:
  I use SoftRaid 3.6.4 as the raid driver on my G4 XServe with 4 ATA drives in the server and two external FireWire drives. Two of the internal drives are one Raid 0 volume and the 10.4 boot drive.
  I used SuperDuper to make a backup image of my OS X Server boot drive, which is one logical volume on two physical disks.... in a RAID 0 configuration internal drives on the XServe. The backup is a single disk in a firewire external Granite enclosure. I booted from the cloned copy and ran for a while just to make sure the clone was good. No problems yet.
  I then booted the Leopard Server CD and was able to do an UPGRADE install on the external firewire drive image. This process went smoothly with no problems.
  Unfortunately, Leopard server is another story. The upgraded system isn't doing well: I couldn't get Apple Remote desktop from my laptop to connect to Leopard nor was I able to get the IMAP email server to work. Client machines just sat and "spinned" trying to make a connection. Had to monkey around with permissions to get 10.5 web pages working using Safari running on the Server. These pages worked perfectly on 10.4 with the same permissions. When trying to access the web pages from a client on the same subnet, was unable to connect. Web services were running fine and the firewall settings seemed OK so I'm not sure what is going on. So I powered down the external drive and will wait a and think about trying the upgrade again. Kind of wasted 4 or 5 hours today hoping this upgrade would be smoother.
  I'll probably start over and do a clean install and export and import settings to 10.5. Not a particularly fun prospect.....
  Leopard client was a simple process to move from 10.4 to 10.5. Leopard Server looks like a lot of work and hassle to me at this time.

• Leopard Server 10.5.4 + SMB + Windows XP Clients

  Hello!
  I got quite some interesting problems with my Xserv under Leopard Server 10.5.4 with Windows XP Clients.
  The server runs as an open directory master and a standalone server for smb.
  Shares are setup for AFP and SMB clients, ACLs are set up with read+write access for the user's group. So far everything works, users can connect from their Macs (OS X 10.3.x - 10.5.4) without problems.
  My problem are the windows clients.
  Connecting works fine, and apart from one permission bug (more on that later) they can access all files and do everything the macs can do.
  Problem 1:
  Users cannot rename files if they don't have write permission at the POSIX-level as either owner or group on the enclosing folder. ACLs do not matter at this point, if the user connects through SMB he cannot rename files or folders.
  No big problem, I just put all users into one group and set this group as the POSIX-group and do a chmod -R g+w on all shares.
  Inheritate this settings for SMB-connections works.
  But not for AFP-connections. Every new folder a mac-client creates comes with permissions 755. So I changed UMasks on the clients to 002, and at least folders created by the finder now have the right permissions of 775.
  Folders created by "new folder" on most applications load/save dialogs still come as 755 which screws up renaming for windows-clients.
  Folders created when expanding a zip-file also behave this way.
  The only solution I found for this was to make a cronjob that does a chmod -R g+w on the shares. Not that great.
  Another "fun" feature with POSIX-permissions and SMB:
  Files inside a folder. Files+Folder have an ACL set up that specifically denies deleting files+folders for a user. This users group has POSIX-permissions with write access to the enclosing folder. Window's explorer will let that user delete files and folders without any complaint about missing permissions to do so. They even disappear from the explorer-window, but are not actually deleted.
  If you refresh the view, the files+folders are there again.
  If the user instead has no POSIX-permission that grants him write-access, but an ACL that grants him delete, explorer happily deletes the files the user wishes to. And these files actually get deleted.
  If the user has no write POSIX-permission and no ACL-permission to delete files, explorer complains about missing rights to delete files/folders.
  I tried adding "acl check permissions = no" to smb.conf, but that didn't change this behaviour.
  Problem 2:
  Sometimes, when copying "large" files to a server share with windows explorer (from 50 MB upto 3 GB), the user immidiately gets an error message: "Cannot copy. The specified network name is no longer available."
  The copied file shows up at once in the destination directory and has the correct file size, but only contains "garbage". Half a second later the same copy works and the file is actually copied successfully.
  Sometimes this error shows up while a large file is copied and if you browse through other shared folders while the copy takes place.
  Most often it will show up when you copy&paste with explorer.
  I am stomped and have no idea where to search for a solution to this one.
  I tried changing ethernet cables (premade and selfmade), the network switch, ethernet port of the Xserv ... connected a workstation directly to the Xserv - no change.
  DNS works, all clients+Xserv have static IPs and the same settings for DNS-Server. Name resolution works, as does reverse resolution.
  I even tried using a windows server 2003 as a WINS-Server without success for this problem.
  There are no event log entries on the clients when this happens, and smbd.log on the server shows
  read failure for 4 bytes to client 192.168.1.137. Error Connection reset by peer
  I used wireshark to monitor what exactly happens when this shows up, but it just happens out of nowhere ... the clients just sends a TCP_RST. No unusual things before or after the TCP_RST.
  I ran some tests with samba 3.0.32 and samba 3.2.x under linux 2.6.x - no such errors at all.
  I tried installing Leopard Server on my Mac Pro, same behaviour.
  I ran some batch-scripts that would copy large and small files in excess from/to the server from 4 different windows xp clients for a whole weekend 24 hours - not a single error. As soon as I use windows explorer to copy a file this error has a chance of showing itself.
  Problem 3, more of an application bug:
  Adobe InDesign CS2 (Windows again ;)) cannot export a PDF to a shared folder if the filename is longer than 8 characters. It starts exporting and after reaching 100% it just stops with the error "PDF cannot be exported." If the filename is shorter than 8 characters, all works fine. Exporting locally or to other samba servers (linux) or windows servers (2003) works fine. Copying this files to the share works, too.
  Exporting any other filetype from IDCS2 (eps, inx, jpeg ...) works regardless of filename length. So does saving InDesign-files.
  InDesign CS1 and CS3 do not show this, so I guess it's safe to assume this one is Adobe's problem
  Did anyone experience similar problems or even better has a solution to some of these?
  The real showstopper is problem #2, at least for us.
  Thanks in advance and excuse my poor english skills!

  I tried several new approaches, but nothing worked so far.
  The update to 10.5.5 made things worse. Connections are dropping all over the place, when saving from Adobe programs in particular.
  Printing from clients to a Xerox Phaser 5500 works, but choosing a different paper size than the default chosen in the cups admin interface goes all wrong and either prints on the default paper size, but down/upscaled to the chosen paper size or prints on the chosen paper size and down/upscaled as if you were printing to the default paper size. (e.g. default paper size is A4, you choose A3 with an A3 document. Document prints on A4 and is downscaled to A4, or prints on A3 and is downscaled to A4.)
  There is no way I can keep this thing in production much longer. I tried reinstalling again, but that did not change any behaviour. Another nice "feature": InDesign disables "edit original" when the path to the linked file contains any directoryname with more than 8 characters in length.
  Coupled with a sometimes disappearing "dirserv" (it just stops working until I reboot the whole computer) the decision stands to move away from the Xserve.
  Leopard Server 10.5.x just does not seem to work well with windows clients.
  We will migrate to a windows server 2003 running ExtremZ-IP for the macintosh clients this weekend. Too bad that Apple does not allow Bootcamp to work on Xserves, at least the hardware would have been useful then.
  (As a nice finishing touch, the harddisk partition where all data resides did become corrupt over the weekend. "The volume Daten could not be repaired."
  Disk Utility and first aid did show nothing on friday ... saturday after no work being done on the partition this error shows up. The only solution I could find was to reformat the partition and restore from a previous backup. Another weekend down the drain. Sorry for the rant, but 6 weekends in a row is enough.)

• The Windows SMB feature has file locking if multiple users are accessing the same file.  Does Snow Leopard Server File Sharing (AFP) provide similar features?

  The Windows SMB feature has file locking if multiple users are accessing the same file.  Does File Sharing (AFP) on Snow Leopard Server provide similar services?

  Were you ever able to solve this problem. I'm having similar issues since upgrading to snow leopard. Four macs connect to a Windows Server 2003 for shared files. Each user has full permissions & when we "get info" it shows read & write permissions. Two of the computers were running 10.4, two were running 10.5. Everything worked properly until upgrading to snow leopard. Some files let me copy, move, delete. Others either just hang up or we get a "no permission" error. Also getting a "pdf is in use" error, even when the file/folder doesn't contain a pdf. We had our IT rep check the server who said everything is in working order. They don't represent macs any longer but feel that it's a mac problem. I would have to agree since this problem only started after the upgrade, and the one machine that was not upgraded (still running 10.5.8) is not dealing with these problems.
  Lastly, I would install 10.5 back on all of the computers if I could, but the leopard disk that came with one of the computers wouldn't work with the 2 machines running 10.4 and I didn't see it available at the apple store. I'll buy it if it's still available, but why wouldn't the disks that I have work?
  Thanks for any help

• Leopard Server PPTP VPN and Airport, can connect VPN but not AFP/SMB/VNC

  I have on several occasions enabled a PPTP VPN service on Leopard Server and forwarded the appropriate ports in my Airport Extreme with this result: Outside clients can connect to the Leopard Server, but trying to connect to the server with AFP, SMB, Screen sharing or Remote Desktop over this VPN just times out.
  The VPN seems to be working OK, but after establishing the VPN I can't use it. The client (iMac with Mac OS X 10.5.3) gets an IP, DNS, Router etc. from the network's DHCP.
  I have tried setting the server as default host with no effect.
  Everything is running the latest available updates.
  Is there any bug/problem with PPTP VPN passthrough an Airport Extreme on the Server side? Is there anything that needs to be configured other than forwarding port 1723 on the Airport?

  I had a similar problem. Hope my solution can help you.
  Check if the routers on both sides of the VPN connection use the same ip address style (ie. 10.0.0.x, 192.168.1.x). If they both use the same style then they conflict.
  I have a Airport Extreme at home and was VPNing to a server behind a time capsule. Both were using the 10.0.0.x style IP. I switched my home IP style to 192.168.1.x and everything worked right away.

• Discoveries while trying to setup Leopard Server - Help! What am I doing ??

  I have documented 2 scenarios and i would like some help with proper build procedures. Until today I have been using the host record I asked my ISP who also hosts Pri/Sec for my company domain to setup. It wasn't until this morning that I realized that they didn't setup a PTR record so because of that I did a RDNS lookup on my static IP and today I programmed that into the host/domain fields thru my build so that there was proper RDNS for the setup. Which looks like this rrcs-0-0-0-0.central.biz.us.rr.com zero's being an actual static IP.
  Scenario 1- Install Leopard onto MacMini with Standard install and use Apple Airport extreme for NAT firewall/router. Ok so I have done this about 4-6 times to try and get this right.
  A. Install Leopard and let OS auto config Airport-N for port mapping.
  B. Airport WAN is static IP from ISP and LAN is 10.0.1.1, Mini LAN is 10.0.1.2 Airport is DHCP provider on LAN.
  C. Mini hostname is set to rrcs-0-0-0-0 and domain is set to central.biz.us.rr.com
  D. After the system was rebooted after install I immediately got an error because the server prefs told me it could not find server rrcs-0-0-0-0.central.biz.us.rr.com which was weird because it is a brand new build. but since I setup the computer name to be mac-srvr I was able to remove the FQDN and input mac-srvr.local and then I could sign in. ---- I think this happened because when I am trying to log into the server prefs it's going out and performing a lookup and returning an error because from inside the FQDN reverse is actually the WAN interface of the Airport and not the LAN of the mini even though I told the mini to be the FQDN. Hope that makes sense and someone can tell me if I am right and then how to fix it .
  E. When I connected the MacBook and setup a user on the LAN side and then immediately disconnected from LAN and performed Dialup to the internet I was able to use the VPN for the first time which is great but but but the ichat would not work as I kept getting certificate errors and the ical from what I remember was good.
  So major issues here in this scenario is that internally the server is setup as rrcs-0-0-0-0.central.biz.us.rr.com and services don't seem to be able to find that computer. And second ichat does not accept the default certificate and or cannot connect to the ichat server.
  Scenario 2 - Install Leopard onto MacPro with Standard install nic0-wan with static ip 0.0.0.0 and nic1-lan with static of 192.168.1.1
  A. Install Leopard and set hostname=rrcs-0-0-0-0 and domain=central.biz.us.rr.com with computer name of mac-srvr.
  B. Upon server reboot and the second interface is not giving out IP's, I found that the range was from 192.168.1.2-254 and the default search domain was example.com because I Ieft that field blank during install and so I had to stop DHCP and setup someting like company.office and restart and all is was good.
  C. Once Macbook was on LAN and services setup properly I then disconnected and I was not able to VPN into the network like on the macmini unless I opened up the server admin and went the vpn console and then enabled pptp with another range. I could then PPTP vpn but not L2TP which should have worked out of the setup. But when I do PPTP I cannot gain access to server resources via smb://192.168.1.1 which is what the server automatically creates when you run server gateway assistant.
  D. The ichat and or L2TP VPN does not work unless I actually go into the Server Admin and disable it which I have another posting in VPN/Networking support about this for a 3rd build showing the same issues.
  So major issues here are that services such as ichat, L2TP does not work unless I disable firewall, PPTP does work but does not pass traffic onto the LAN or I can't log into the server shares.
  So if anyone has any insight, I am about 20 rebuilds in trying to get just one working properly over the past 3 days. And if anyone has a step by step that would be even better lol. I have all the Apple Server Docs as I attended a training seminar recently so I am well versed in the generic documentation but there is nothing in the server admin or any other apple doc that states this is what you need and how to do it as far as setup goes with setting up your Leopard server if you don't have external DNS and or if you just want to have a fake dns setup like fakeserver.fakedomain.office as we do with SBS. So any help would be good.

  Found that if I clean up DNS for my domain with PTR and A then everything started working properly after a rebuild.

• Error configuring services from Snow Leopard Server to Mountain Lion Server

  I am trying to upgrade a Snow Leopard Server Mac Mini to Mountain Lion Server.
  We have two Mac Mini servers at our office (production and backup) so I migrated the everything from our production server to the backup using the migration assistant when setting up the backup computer.
  I now have the backup at home trying to upgrade it to Mountain Lion Server.  I have downloaded and installed Mountain Lion as well as the Server App version 2.2.  I basically followed the simple directions found in the Apple documentation.
  I started the server app and it got to the part where it said "Upgrading services".  After running for a few minutes, I get a window that states "An error occurred while configuring your server."  It also sayd "The following actions failed or were not attempted:" with a red dot next to "Upgrading services".  The other three items:  "Authenticating to local directory", "Reading directory configuration" and "Authenticating to local directory services" have gray dots so I'm sure they were not even attempted.
  Our Snow Leopard server is setup for SMB file sharing, LDAP services, FTP, Web, DNS, DHCP.
  Can someone point me to where I can figure out what exactly is failing?  Are there specific log files I need to look into?
  Thanks

  Have EXACTLY the same issue - also tried reinstalling mountain lion server fresh and still had the same problem...

• Windows 7 (Client) map a network drive VPN Snow Leopard Server

  Hi,
  I have a Mac Mini Snow Leopard Server and are using a VPN service.
  My services on the mac os x sls server are: AFP, DNS, Firewall, Open Directory, SMB and VPN.
  I can connect the VPN from Mac clients and Windows 7 clients, but I can only map a network drive/share point on Mac´s.
  On Windows 7 I get an error: path or name not found ( I am sure using the correct path, same from Mac client that works).
  When I am using my internal network LAN I can map a network drive using Windows 7 and Mac but outside over a VPN not (only Mac works).
  The only service, at this moment,  that I need is File Sharing outside my network LAN using a VPN.
  How can I map a network drive from a Windows 7 client using a VPN, is there any Firewall rules / SMB rules / File Sharing rules that I missed on the server side?
  Thank You.

  I really don't know what are going wrong with my settings. As you said/write it must be an easy setup.
  I'm using a Time Capsule and used the Server app to add VPN to the port forwarding also.
  When I am connected thru the VPN I tried to ping the Server IP and got no answer from it, from W7 client!?
  My Mac's are just working fine with AFP and SMB share points thru the VPN.
  I think I have missed some settings from the SMB or Firewall services for VPN with W7 client's or it is a Windows issue.....

• Question about changing a Snow Leopard Server network settings

  We have an Xserve running Mac OS X Server 10.6.8, the primary services running on it are afp, smb, dhcp, dns, jabber and the calendar sever.
  Right now we have a router connecting two networks together, 192.168.0.0/24 and 192.168.1.0/24. The Xserve has a static IP address in the 192.168.0.0/24 range.
  In order to combine two phone systems into one I am required to combine the above networks, this will involve removing the router and changing the subnet mask on every device from 255.255.255.0 to 255.255.254.0, any device that is currently part of the 192.168.1.0/24 network will also need to have it's router setting changed from 192.168.1.1 to 192.168.0.1. That part should all be easy.
  However, this is my first experience expanding a network past a standard class C and am wondering if there is anything I need to watch for on my Snow Leopard Sever.
  Specifically I wonder about dhcp settings, right now there are two dhcp servers, the Xserve which provides dhcp for 192.168.0.0/24 and the router that provides dhcp for 192.168.1.0/24. Once the router is removed the Xserve will need to provide dhcp for the entire network.
  Looking at the Xserve dhcp configuration right now I have one subnet defined providing addresses 192.168.0.5 to 192.168.0.125.
  Can I simply click the + to add another subnet and add for instance a range of 192.168.1.5 to 192.168.1.125?
  Will it simply give out all of the ip addresses in the first range and then start with the 2nd? Or do I need to find a single range of ip addresses large enough to meet my needs? (e.g. 192.168.1.5 to 192.168.1.225 or something).
  Is there anythign else to watch for after making this type of network setting change?
  Thanks in advance.

  Thank you for your very detailed reply.
  I understand the problems that can arise using 192.168.0.x and 192.168.1.x and if this were a new project I would definitely switch to something else, however in this case we have been using these ip ranges for years (they were in use here long before I started) and I don't want to have to redo all of my dns settings at the same time I make these other changes so I'm going to stick with the same ip's we are using at least for now. Anyone here needing vpn access has already dealt with this issue but we  have very few vpn users so it has not been a major problem for us to date.
  My biggest question is about increasing the size of the dhcp pool. For instance, after I change all the network settings and set up a /23 network is it possible to have a single dhcp pool that includes some ip's in the 192.168.0.x range and others in the 192.168.1.x range? I guess what I am asking is when I am in Server Admin and click on DHCP one of the tabs across the top is "Subnets". Right now there is a single "subnet" configured that provides addresses from 192.168.0.5 to 192.168.0.125.
  Ideally I would like one dhcp pool that provides ip's in the range of 192.168.0.5 to 192.168.0.125 and then if all of those are used up, moves to 192.168.1.5 to 192.168.1.125. Can I do that by simply adding another "Subnet"  so there are two? Or do I have to find one larger single range? (e.g. 192.168.1.5 to 192.168.1.225?) You may have already answered this indicating I have to have a single larger range but I just want to be sure.
  The parts about changing subnet masks, and routers and all that I think I have a pretty good understanding of.
  Your last paragraph is something I have been worried about, I do have a feeling that after making this change there will probably be unforseen issues that will need to be resolved, I'm just hoping it is not too many. For the scope of this thread I will just focus on issues that may arise with the Snow Leopard Server however.
  Again, thank you for your help.

• File Sharing Speed with Leopard Server/ Windows XP

  Went from Panther Server to Leopard Server. Panther worked fine. Leopard Server we've had a lot of problems with Windows XP clients. We run data files from the server. Using Panther the file sharing speed was comparable to putting the data file on the PC itself. When we moved to Leopard the speed went through the floor. 8 seconds on the PC and 4.5 minutes on the Server. The server is a substantially stronger machine with a lot more resources - but we've had to stop using it for it's intended purpose.
  Help?

  Same problem but almost the reverse. 10.5.2 server, windows clients file browsing, opening and saving speed is great, but our 4 iMac clients (Leopard also) really, really slow to generate thumbnail views of files and open them. Happens across several shares, seems to be a problem with AFP, although now after disabling AFP on some of the shares, it is happening on SMB as well. I have read several other discussions on this forum that attempt to deal with AFP performance issues, but none provide a real solution. Now that it is also happening with the SMB protocol as well I am getting a bit concerned.
  Any advice or even a link to more info would be greatly appreciated.

• AD users not downloading user template from AD+OD Leopard server

  I have an OD master Leopard server that is also bound to AD for user accounts. The AD users are added to OD groups. The OD groups have managed preferences including mobile account settings. When I log into the AD+OD bound Leopard client as an AD user, the user template is not copied from the Leopard server to the client. The user template does get copied down to the client if I log into the Leopard client as an OD user in the same OD group. I noticed that the home folder path of an AD user is set to use SMB instead of AFP. I have tried to change this in WGM to use the AFP path but the setting does not hold after I click save. Always reverts back to the SMB home folder path which is the same as the AFP path except for the SMB at the beginning for example: smb://servername/networkusers/username instead of afp://servername/networkusers/username. I have set the AD plugin on the clients to use AFP but that still did not work.
  Has anyone had any luck with this? Using a Leopard OD master server also bound to AD to host synced mobile accounts. On Leopard clients the user template is copied down to the clients from the server when the AD user first logs into the client?

  Hi Fred,
  That worked! I thought it was something on the AD side not knowing the correct afp home folder path. And I thought the mobile account settings were enough using WGM. Never thought of also needing to set create mobile acount on login for the AD plugin but that makes sense.
  Thanks again for your help.
  -Bob

• Making Snow Leopard Server services accessible through Time Capsule

  Sorry, this will be a fairly long explanation. I think this is the right forum but the question kind of spans several component elements.
  During the setup of Snow Leopard Server I let it configure the Time Capsule for services that it is providing, which I want to make available to both the local network and to computers coming in from the Internet. However, there seem to be some conflicts between Time Capsule ports and Snow Leopard ones.
  First my set-up: I have Verizon FIOS and have set up my Actiontech Router into bridge mode to the Time Capsule so that the Time Capsule grabs the public IP address. The Snow Leopard Server has a dedicated private IP from the Time Capsule through the DHCP reservation. I have a dynamic DNS setup which consistently points to the public IP address assigned to the Time Capsule. After starting services on Snow Leopard Server, I can see the port mappings created on the Time Capsule by the server allocated to the server's dedicated private IP address. However, the File Sharing (AFP, SMB) entry can't be enabled because the ports used for those services conflict with the ports opened by the Time Capsule to enable backups from client Time Machines (TCP Ports 548, 139). Therefore, any external access to those ports are going to the Time Capsule and not routed to the Snow Leopard Server.
  Two questions:
  1. Should I map the DNS hostname to the Time Capsule on the Hostnames screen on AirPort utility? While this will enable remote access to the Time Capsule (so that if my client computers are outside coming from the Internet), will this mess up remote access to the Snow Leopard Server?
  2. How do I get around the problem of the port conflicts between what Time Machine needs to get to the Time Capsule for backups versus enabling the ports for AFP and SMB on the server?

  I actually found an Apple support tip and am posting it here to answer the question:
  http://support.apple.com/kb/TS2963
  Bottom line: you can't have both devices doing file sharing unless you set up VPN access.

• Server Admin. file sharing lion client to Snow leopard server

  I'm running Lion on my client Mac and my Server is Snow leopard 10.6.8.  I have to use Server Admin 10.7 on Lion but there is no "File Sharing" tab to set up or edit the file sharing options on my 10.6 server?.  I understand this is correct for Lion Server, but how do I get round it for Snow leopard Server??  On the Apple website compatibility page (http://support.apple.com/kb/HT1822) it states:
  "Mac OS X Server v10.6
  To administer a Mac OS X Server v10.6-based server, you can use the Server Admin Tools 10.6 on a Mac OS X v10.6 (client) computer. You should match the version numbers of the server, tools, and admin workstation as closely as possible; for example, use Server Admin Tools version 10.6.8 on Mac OS X v10.6.8 to administer Mac OS X Server v10.6.8. You may also use the Server Admin Tools 10.7 on an OS X Lion computer to administer Mac OS X Server v10.6."
  So, How do I administer file sharing???

  To configure File Sharing on a 10.6 server using 10.7 Server Admin, click the service (AFP, SMB, NFS, etc.) then click the Share Points tab.