Permissions Issue: Tiger Clients on Panther Server

Similar Messages

• Leopard clients on Panther Server - locked files/folders

  Since I migrated my client systems to 10.5.2 I have a very annoying problem. I am running 10.3.9 server.
  Every Time I create a folder on the server I am locked out as a client. Can’t even change the rights as a client! Have to go to the server and set proper rights.
  If I create the Folder on the client and copy it all seems ok!?
  For examole if I use my Tax program and try to make a backup within the program it automatically creates a folder on the server volume where it tries to save the copy but it can not because of missing rights.
  And so on …
  Any help? Thank you
  Willi
  PS: If the solution is: upgrade server to Leopard any donations are welcome

  I have the same problem:
  In my network we have some clients: 4 PowerMac G5 with 10.5.2, and several PowerMac G4s and a PowerMac G5 with 10.4.11.
  All these clients connects to an Xserve G5 with connected an Xserve RAID 1TB with some common network share.
  Xserve has 10.3.9 server.
  Since I updated 4 clients to Leopard, when I copy (or create) a folder to the Xserve, permission become immediately 700 (in unix style, so rwx------).
  Even with [cmd]+ I cannot change its permission, I have to ssh to the server and than chmod that folder to make it available to other clients.
  I tried several solutions: I thought it was something related to the global umask but it was set to 0022, so permissions should be 755 (or rwxr-xr-x).
  Strangely, this didn't happen when I try to copy some files either in the share or in an existent folder.
  If I try copying files or folders from a Tiger client, everything goes well.
  Can anybody help me???
  Thanks.

• Upgrade from Tiger (client) to Leopard Server

  Hi all,
  I have a client with an existing dual G5 box they have running Tiger. They use it as a file share primarily but want the extra functionality of the server OS (viz Leopard server). Is there an upgrade path from OS 10.4 client to 10.5 server or is it a backup/format/restore process for the data? Thanks in advance for any replies.
  Cheers
  Si

  Well, I can offer my opinion on best practice, other opinions may vary.
  In the past, you have been able to upgrade client versions to server. I believe this creates a new System folder. In any event, the client OS and the server OS are not the same thing with different features, There are some functional differences. So if you plan to use the Mac as a client and a server, I'd really recommend against that. I'd also recommend erasing the HD and installing the Server OS on a clean HD.
  Jeff

• Tiger (10.4.3) netboot image from Panther Server (10.3.9) odd permissions

  System config:
  Panther Server 10.3.9 on Xserve G5 running Netboot services
  New 2.3GHz Dualcore G5 client machines (require Tiger boot image)
  Created a 10.4.3 boot image on the server from a FireWire drive. All seems to work okay, except for strange issues with permissions when copying files from Users' home folders (e.g. Desktop, Documents, etc.). If copying a folder from Desktop to a server share, we get the error:
  "The operation cannot be completed because you do not have sufficient privileges for some of the items."
  If there are no subfolders, the contents copy anyway. If there are subfolders, the first subfolder is created but is empty and nothing else is copied.
  This does not occur if logged-in as the administrator user for the netboot image.

  Found the solution on afp548.com
  Same issue also affects non-netboot Tiger clients who are not local admins.
  fixed by running serveradmin command in Terminal on the server:
  sudo serveradmin settings afp:noNetworkUsers = yes
  Credit to MacTroll on afp548 forum

• Mounting remote AFP volumes on Panther Server from Tiger client.

  Has anyone else had this problem....
  When connecting to a remote AFP share hosted on a Mac OS X 10.3.9 server I receive a message "Mount Failed, Could not mount volume “sharename.”. This happens when I enter the FQDN followed by the share name, for example "afp://servername.domain.co.uk/sharepoint". The client is part of an Open Directory domain and automounts work fine during boot as the home directory sharepoint works with local and remote homes. I have setup many 10.3.9 servers and have never encountered this issue on a Panther client.
  Any help would be much appreciated and its driving me to distraction!
  Regards
  James.

  We are not using the server for users' home directories, but thanks for that tip.
  Today we have also started having issues at another site with a 10.3.8 server and Tiger clients. The behavior is a little different: when connecting to the Pather server with Tiger clients using a keychain-saved password, the client machine will freeze and must be rebooted. The server is showing no process crashes. Deleting the keychain and entering the password each time fixes the problem.
  At the other site, the server is 10.3.9 and when Tiger clients tried to connect using a keychain password, their machine would get a spinning beach ball, but they could get out of it.

• Tiger clients on a Panther server ?

  Can Panther Server serves Tiger clients ?

  There were some ldap schema changes in tiger, but those were added in the 10.3.9 server update. Tiger server is, of course, more featureful.

• How can I share a Tiger server's User database to a Panther server?

  I need some help to set this up. Keep in mind I do not have a DNS server.
  I have a Tiger server with Xserve and an older Panther server, both on the same local network. I have a whole bunch of users setup on the Tiger server. The Panther server does not have any users setup on it. I do not want to have to type in all the users all over again in the Panther server. What I'd like to be able to do is somehow share and syncronize the user database on the Tiger server with the Panther server.
  I looked into the Open Directory settings but I do not understand what to do. How do I configure the Tiger and Panther servers respectively so the Panther server can sync with the Tiger server's users database. Is this possible? It seems like it with Open Directory, one being the Open Directory Master and the other being the Open Directory Replica? But I just don't understand how to set this up. Also the Panther OD settings seem quite different than Tiger's in Open Directory.
  Any help would be appreciated.
  Message was edited by: robocub1

  Hi
  It may be best to set up your 10.4 Server as an Open Directory Master first and then use Directory Access on your 10.3 Server to connect to the Tiger Server so as it can use the same User Database. This should be possible. OD Master/Replica relationships are not possible if the OS versions are different, even if the Master was 10.4.11 and the Replica was 10.4.10. You have no chance when its 10.4 and 10.3.
  http://images.apple.com/server/macosx/docs/OpenDirectory_Adminv10.5.pdf
  The link is for 10.5 but the basics are the same. This is a recent post that describes how to set up an OD Master:
  http://discussions.apple.com/thread.jspa?threadID=1377046&tstart=0
  I'm guessing that your 10.4 Server is Standalone and is serving simple file services only (AFP and possibly SMB/Windows). If this is the case (and I can't see how it can't be) then your users will be in the local NetInfo node. This will be the default node that is presented to you in WorkGroup Manager. You always get a warning that your are working in an invisible node (if you have not disabled this) when working in the Server's local node. Don't worry there is nothing wrong with the warning. WorkGroup Manager on Panther (10.3) Server works the same way.
  You could if you wanted to simply export the Users and Groups from WGM in 10.4 and import them into WGM on 10.3. This should save you having to key them all in again. If the prospect of configuring internal DNS Services and all that goes with it seems to much for you then this is probably the simplest option. How do you do this? Launch WGM (its the same for both versions), select the Server Menu and select Export after first selecting desired users. Do the same for Groups. Use the same procedure in reverse. The Users and Groups files are not very big and can easily be transferred using a memory stick etc.
  There are differences between the two versions which are mostly to do with Server Admin. In 10.4 Server there are more services. One of the Services will be Open Directory. In 10.4 Open Directory will only show a green light by the side of the service if it is in any role other than Standalone. Server Admin on 10.3 Server will always show the green light by the side of the Open Directory Service. This does not mean that it is an OD Master, you have to click on Settings and inspect the Role to see what it actually is.
  You should be able to connect to a 10.3 Server with 10.4's Admin tools but don't be tempted to use Server Admin to configure/change anything on the 10.3 Server. You should not be able to go the other way 10.3 > 10.4 using the same tools.
  Internal DNS Services are a requirement for LDAP Services (and pretty much everything else) on Servers generally, although for simple file services not absolutely necessary. Internal DNS Services do not have to be configured on the Server itself just as long as they are configured on another server, for example, on the same network. If these are the only two servers on the network then you will have to configure DNS Services on either one or both of them depending on what you want.
  Not available on your 10.3 Server but is on your 10.4 Server are Access Control Lists (ACLs). This is a permissions model that is in addition to the standard POSIX permissions. Think carefully about how you provide permissions to your network clients if there is a mix of client OS, 10.3, 10.4 etc.
  Hope this helps, Tony

• Leopard (10.5.5) client not login on Tiger (10.4.11) Server

  Subj.
  New iMac with 10.5.5 not login on server. Just message:
  "You are unable to log on in to the user account "name" at this time.
  Logging in to the account failed because an error occurred."
  On this imac i can logon as local user or diradmin. But after login as diradmin i see this message:
  "The home folder for user "diradmin" is not located in the usual place or cannot be accessed.
  The home or User folder may have been moved or deleted. If the home folder is located on the network, the server may be unavailable temporarile. If you continue to have problem, see you system administrator."
  Home folder for users created on Mac OS X Server:
  afp://serverIP/Users
  Path:
  username
  Home:
  /Volumes/Users/username
  WT??
  Tiger clients login properly.
  I'm search all forum and not find answer..
  Please, help me or point me on related topic!

  John-
  Just realized I didn't answer your question.
  For the /Users directory, I have no ACLs set.
  However, for an individual user directory, I did the following:
  - select the user directory in the left pane under Share Points
  - click the Users/Groups button (bottom center of WGM window) to expose a slide-out window containing available users.
  - dragged the owner of the user directory to the ACL window
  - set "Allow" and "Full Control" permissions for that user
  - then propagated the permissions (drop-down from the little gear in the bottom right corner).
  I now have no issues logging in from Leopard clients. Hopefully this is helpful and more completely answers your question.

• Leopard Clients Take 10 Minutes to Connect to Tiger 10.4.11 Server

  I have a single Tiger server OS X 10.4.11, on a LAN with 5 Tiger Clients and 2 Leopard clients, all with up-to-date patches.
  My problem is, that ALL of the Tiger clients can access any of the server shares almost instantaneously, but when I try to connect a Leopard client the the server, it initially takes a minimum of 10 minutes! If I just click on the server <as displayed on the Finder SHARED tab>, the connection eventually fails. However, if I click on the "Connect as" button, after about 10 minutes, I get the user/password login, and the Leopard client connects immediately, and all the data on all the share points are accessible.
  But, if I don't actually mount a share point (i.e. see a the Network drive icon on the desktop), and use finder column mode to navigate through the shares, if I click on a local drive in the same finder window, I have to go through the whole 10 minute wait again before I see the user/password login.
  So my question:
  Why is it taking a minimum of 10 minutes for the Leopard clients to connect, where as the Tiger clients connect immediately?
  So, if anyone can help me trouble shoot or resolve the server settings so that the Leo clients can connect as quickly as the Tiger clients, I would be extremely grateful.
  BTW - I followed the setup instructions precisely as per the Linda.com *+Mac OS X Server v10.4 Tiger Essential Training+* CD.
  TIA
  Gary
  All the shares are setup as:
  General:
  Share this item and its contents.
  Access:
  Owner=Root (Read & Write);
  Group=Staff (Read & Write);
  Everyone (Read Only);
  No ACL
  Protocols:
  Apple File Settings:
  Share this item using AFP;
  Allow AFP guest access;
  Custom Name=<unique name>;
  Default permissions for new files and folders=Use standard POSIX behavior
  Windows File Settings:
  Share this item using SMB
  Allow SMB guest access
  Enable strict locking
  Default permissions for new files and folders:
  Assign as follows: Owner=Read & Write; Group=Read & Write; Everyone=Read Only
  FTP Settings
  Share this item using FTP
  Allow FTP guest access
  Common FTP name: <same unique name>
  Network Mount
  Where: LDAPv3.127.0.0.1 (locked)
  AFP is setup as follows:
  General:
  Enable Bonjour registration
  Access:
  Authentication=Standard
  Enable Secure connections
  Client & Guest connections=Unlimited
  Logging:
  (Everything); Archive every 7 days
  Idle Users: (nothing checked
  All staff members are defined as part of the "staff" group.

  Windows File Settings:
  Share this item using SMB
  Allow SMB guest access
  Enable strict locking
  Default permissions for new files and folders:
  Do you have any Windows clients on your network? If not turn OFF the SMB server and change the settings here so there is no SMB sharing.
  FTP Settings
  Share this item using FTP
  Allow FTP guest access
  Common FTP name: <same unique name>
  Do your users access this sharepoint with FTP from inside your network? If not, stop the FTP server and change the settings to not share this via FTP.
  General:
  Enable Bonjour registration
  Turn this off for all sharepoints. If you have no Bonjour-only printers -like some of those POS HP color Laserjet 26xx or 36xx series- enter this in Terminal.app or through the 'Send UNIX command...' in ARD to all of your Leopard clients:
  launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
  user should be root if sent from ARD, prepend 'sudo' (without quotes) if in Terminal.app or if you're using an admin username from ARD. This turns off Bonjour.
  Also, in WGM, look at each individual user account and see if the 'Primary Group ID' is listed in the 'Other Groups' list. If it's not, click the '+' sign and drag the user's primary group into the 'Other Groups' list and then save. You can 'shift-click' and select groups of users and add the group to them all at once if they are all in the same groups.
  Access:
  Authentication=Standard
  Change the access to 'Any Method'. If your clients are all bound to the OD master and the sharepoints are listed in the directory (meaning Kerberos SSO works for all clients and users), the clients will try Kerberos first and anything else -like DHX authentication- if that fails. Also, if you are managing your clients with MCX you should have those shares mounting before log-in -meaning at startup- using guest access or at login with the username/pass.

• Tiger clients having difficulties accessing Snow Leopard update server

  Greetings! I have about 500 Macs in my network, running Tiger, Leopard, and Snow Leopard. I just installed a transparent Snow Leopard (Mac mini, 10.6.7) software update server. The update server sits within my network, with my internal DNS server directing all requests to it. The update server uses an external DNS server, so it is able to access the Apple server without any issues and download the updates. Leopard and Snow Leopard clients are able to access it with no issues and download updates.
  My Tiger clients, however, are not. When a Tiger client tries to access the update server through Software Update, it displays the message "A networking error has occurred: Error NSURLErrorDomain - 1100 (-1100). Make sure you can connect to the Internet, then try again." I tested this on about a half dozen Macs on different VLANs, including one set up on the same VLAN as the server. Several things: 1) the Tiger clients CAN access the network, network resources, and browse to the software update server's index.sucatalog file using a browser; and 2) the update server has no log entry indicating a connection was attempted by the Tiger client. (It does, however, show plenty of activity by Leopard and Snow Leopard clients.)
  If I enter the following command on one of my Tiger clients, it CAN access the update server:
  defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "http://swscan.apple.com:8088/index.sucatalog"
  And the update server posts a log entry acknowledging the access. However, I get a message on the client that the software is up to date. The software is not. I tried to update a PowerPC G4 with a fresh installation of 10.4, and I KNOW it needs updating! I copied and enabled all update packages to my server, and I have seen the necessary updates in the list. My clients are unmanaged.
  So, after a morning of testing, trial, error, and digging around log files, I've concluded the following:
  1. My software update server is not automatically redirecting Tiger clients appropriately (the network error message)
  2. The server's index.sucatalog either does not contain the updates list for Tiger clients, or the Tiger clients are not processing it correctly.
  So, my questions are, what do I need to do on my server to redirect the Tiger clients appropriately (because it totally defeats the whole purpose of networking to touch every client and change the software updates .plist file), and what file do Tiger clients need to be directed to to get the appropriate updates list? I've looked at the swupd.conf file; it does not have a redirect for Tiger clients, so I added one (directing it to index.sucatalog), but it did not make any difference.
  At this point, I am perplexed. Does anyone have any suggestions? I have read the Mac OS X Server System Imaging & Software Update Administration Version 10.6 Snow Leopard manual, and it was not helpful. I've also searched extensively on Google and found little helpful information.
  Thank you for any assistance you can provide.

  Searching on the net brought me to the same solution that Mr. Hoffman found as well, I was a bit skeptical at first but since he recommended it, and all my other attempts failed, it was a last resort and I have some additional notes of my own for a successful solution. Read the two links below first before doing anything, as they contribute to the solution in tandem.
  http://forums.macrumors.com/showpost.php?p=7221295&postcount=20
  http://forums.macrumors.com/showpost.php?p=9081641&postcount=28
  I should probably just create an entirely new post with all of the steps that worked for me, but it's rather straightforward nonetheless.

• Can Leopard Server update Tiger clients?

  Can anyone tell me if Leopard server can update the OS of Tiger clients? I know Tiger server can't update Leopard clients, but the other way around?

  Hi
  Not true. I have a 10.4 OD Master with a managed group using the SUS Service on a 10.5 Server. The 10.5 Server is connected to the 10.4 Directory. DNS Services for both servers are on the 10.4 Server as is the DHCP Service. 10.4 and 10.5 Clients that bind to the 10.4 Server are updated using the 10.5 SUS with no problems at all. The only issue I've seen is 10.5 clients occasionally can't use the 10.5.2 Combo Update on the SUS Server. There is the 'cant expand package properly' error message. At first I thought this was because the latest Intel iMacs were able to update but not Leopard installed PPC models. One solution was to keep a manually downloaded .dmg of the 10.5.2 update on the Server and push it out using ARD or copying it locally and installing it that way. However earlier Intel models - occasionally - are also not updating - pre-dominantly first generation macbooks and macminis but every now and again some of the later Aluminium model iMacs.
  This is an intermittent problem though and may be due to the small bandwidth that the SUS server is having to use to access apple's downloads server (1MB). When the SUS was on the 10.4 Server with a higher bandwidth connection (4-5MB) there was never any problems with the downloads but quite a few with the Service stopping itself and having to be restarted using the command line.
  The amount downloaded for 10.5 SUS is greater (approx 13-16GB) than 10.4 SUS (approx 10-11GB) - obviously. It took 4-5 days for the 10.5 SUS to make available all the downloaded updates - obviously due to the 1MB connection but also there were problems with accessing the updates server at that time. I think this was because Leopard Server had not long been made available and like a lot others it was in a testing environment where all the services were being tried to see what was worked and what did not.
  Tony

• Tiger Server can't be replica from Panther Server?

  I had an error message when tried to make a replica from my Panther Server in my new Tiger Server... so I search in Google and found some people with the same problem.
  Server Admin began having trouble getting the status of running services after I was messing with Software Update settings. I logged out and back in and the status recovered from spinning wheel. Looked like a problem connecting to open directory server. Tried to do a replica and got error "incompatible software versions" (my directory master is 10.3.9) so it won't replicate to 10.4.
  Is there any way to solve this?
  Thanx a lot.

  The LDAP database formats are not compatible between 10.3.9 and 10.4. All of the replicas must be on the same base OS.

• AFP securely from Tiger client to Leopard X Server

  I originally posted this just after New Years. I'm hoping now that more people are back from vacation that I can get an answer. Please help!
  We recently upgraded our X Server to Leopard. We can't seem to determine how to transfer files securely over AFP from a Tiger client machine to the X Server. Has anyone figured out how to do this?

  I suggest posting to the Server Products forums.

• Directory Security Strange Permissions Issues (Windows Server 2003 running Active Directory)

  I have a user that all of a sudden was not able to open 70% of her files located on a file server, Windows Server 2003 running Active Directory, from her laptop. The same user can access all the same files from a different machine, logging on with the same
  credentials. Just looking for a point in the right direction and a possible theory as what could cause this problem, an why all of a sudden. I did go back through the logs but nothing sticks out. For the most part the logs on the server and the laptop are
  pretty clean. 
  Both machines are Latitude E5420s running Windows 7 Enterprise Service Pack 1. Both machines are 64bit and connect to the network via hard-wire, not wireless.
  Thanks in advanced.
  Grajek

  I would recommend proceeding that way:
  Check that your DCs are in a healthy state and AD replication is fine: It might be that the user is member of security groups and the membership is not getting replicated properly which can cause this random behavior. You can use
  dcdiag and repadmin for checks and you can refer to my recommendations here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  Make  sure that the file server is reachable from the user client computer. Start with
  ping and nslookup. Also, you need to make sure that the traffic between the client and the server is not blocked or filtered. You might want to temporary disable security software for testing
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Leopard server, Tiger clients, 'IP address in use' error messages

  I am really at my wit's end here. We have about 100 iBooks running 10.4.11 and a couple hundred MacBooks running Leopard. I took away the job of DHCP from my Windows Server 2003 servers because it couldn't seem to keep the Tiger clients straight, and now the Leopard server is doing the same thing. The laptops are shut down and booted often 10 times a day for use in different classes by different students in different segments of the building, but all the same subnet. Very often, iBooks get an "IP in use by [some other Mac's MAC address], server [IP address of Xserve]" it looks just like this: http://podfeet.com/NosillaCast/NC2006_05_21/iperror.jpg
  In addition, when I go to look up the client list on the Leopard server via Server Admin, it shows several instances of the same computer name, same MAC address, different IP address, as well as same computer name, different MAC address, same IP address, and, of course, same IP address for two or three different computers. This is as bad as, if not worse, than Windows server! But it's only the Tiger clients, and I can easily see the duplications in the list, why can't the server see that and do something about it?
  I am going to be moving to SL server, but not soon enough. Apparently, it's much easier to assign static IP assignments in SL server than Leopard server. I need a resolution for this now, though. I have Googled quite a bit, but nothing I've found matches my situation. And it causes chaos. After the students clear away the IP conflict box, they often cannot log in until a local admin logs in and "renews IP address" or they restart and clear the error boxes until it gets an IP address it will accept.
  I can paste in some console logs if that would help, but essentially, the client refuses the IP address offered by the server, so that suggests that it arps the address itself and determines it's already in use. This whole system, which should be so intelligent, seems so clueless. Why doesn't the server realize it's giving the same IP to different computers, listing the same computers twice with the same and different IPs, etc.? Why doesn't the laptop keep trying to get an IP address? It's extremely frustrating for teachers and students alike.
  I really thought this would get better using Leopard server instead of the Windows server, but it actually seems worse now. I've done tests to see if there is a different DHCP server somewhere, but none ever shows up.
  Anyone with insight, I'd appreciate it. Thanks

  MrHoffman wrote:
  One big 172.16.0.0/12 subnet? Ok. Not my first choice.
  It's /16, but still was not my choice either. With about 50 printers and servers with static IPs that would all need the mask changed, I put off clipping the subnet mask since VLANs were in the works anyway.
  MrHoffman wrote:
  The network traffic for a DHCP lease or a lease renewal is negligible.
  Figure a few messages at intervals of half the lease time for each client.
  There already appears to be a DHCP failure here.
  I tried many different things with the 2003 Servers, usually two at a time handing out IPs (same subnet, different range, i.e. one serving 172.16.2.1-3.254/16 and the other 172.16.4.1-5.254/16), and the iBooks would often sit for minutes without getting an IP at all. I'd have to turn on the Xserve's DHCP server to hand out an additional range in the subnet (172.16.6.1-254/16), and the iBooks would then snap up IPs and authenticate to AD.
  MrHoffman wrote:
  And as for the weirdness, I'd be wondering if the DHCP traffic is being filtered by some of the devices present in this network; it's very easy to have a DHCP server active on a WiFi device (which is why most larger sites have them all configured as APs) and it's also easily feasible to have a rogue WiFi around.
  Thanks, all good ideas, but I don't think the problem here. I have all Airport Extreme base stations in Bridge Mode. I regularly do scans for rogue APs, and the iBooks would not associate to one anyway - they only know the school network and need admin access to change. In fact, so inflexible is Tiger that when I started changing to WPA2 from WPA, same SSID and password, the iBooks would not associate to the WPA2 networks without local admin login and manually choosing the SSID (and the password was still in the keychain and worked). I then brought some iBooks back to an area with just WPA (older firmware on older Airport could not do WPA2) and the iBooks were once again stranded. Leopard laptops moved seamlessly between the same APs.
  I've also done some testing for rogue DHCP servers, but nothing was found, and I've not seen any wierd IPs coming up.
  MrHoffman wrote:
  Subnetting and vlans are options. If this is a decent-sized network, I'd definitely look to subnet it; you're already in line for subnetting now, what with what is probably mixed faculty and student traffic.
  The reason that VLANs are on hold was that I told admin that with our limited wireless network (1 SSID, Airport not VLAN-aware), when they were not in an office with their laptops on ethernet, they'd only get Internet through the wireless (which would be on student/teacher VLAN), no access to admin servers or printers. I was surprised at the vociferous response.
  MrHoffman wrote:
  I'd probably toss a monitor onto different parts of the network - if you've not already tried this - and go hunting for "surprises". (If you're spec'ing out for bids on an upgrade, having packet-monitoring capabilities and rogue detection is really handy. That'll tell you if you have a rogue, or if DHCP traffic is pushing you over the edge.)
  I have an old PC catching syslogs and it has Wireshark, but I haven't turned that on in a while. If I have time, I will see if I can capture anything. I did get bids on Cisco and Procurve wireless and network infrastructure upgrades last year, and pretty much got the 'no way, talk to the hand' response (and a few more Apple APs).
  MrHoffman wrote:
  Go talk to the finance folks and to the school board, and tell them that their servers and their network traffic are all exposed to the students. If they're not running encryption, they're toast. (And they're potentially toast even if they are.) That discussion both for reasons of budget, and to cover you, as this looks to be the textbook network configuration case that eventually "blows up" on the IT staff.
  We're a medium-sized independent high school with a strapped budget. I have requested and explained everything, but it hasn't sunk in. Last year, I made everything work. This year, without all the special qos settings and tweaks to the switches I made last year to keep things mostly together, things are much more wonky (I stripped out all the qos settings over the summer while preparing for the VLANs, which I assumed was a no-brainer to happen. Unfortunately, I didn't document the settings before I cleared them, and I can't quite achieve the same balance this year). And, by the way, IT staff is pretty much me.