Permissions on NFS Rehares in Leopard Server

Similar Messages

• Why can't Firefox set permissions for Snow Leopard Server Web-Site Wikis

  I've established a web-site for collaboration of planning for a state-wide NGO and a local citizens-government oversight commission.
  I'm using Snow Leopard Server v10.6.4, to drive the web-site, which includes the use of wikis.
  In creating a wiki and setting permissions, I find that I cannot set permissions for users or groups to 'read only' from the default 'read & write' while using Firefox. However, I CAN set them to 'read only' using Safari. And, once the permission has been modified in Safari, THEN it can be modified in Firefox.

  Solution found at http://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
  It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
  Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
  Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
  After much head scratching it turns out to be a sACL (Service Access Control List) issue.
  This thread solved the mystery!
  http://discussions.apple.com/thread.jspa?threadID=1654864
  To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
  Open Server Admin on a computer (any), and connect with the local admin to the machine.
  Select the server and authenticate.
  Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
  If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
  Save.
  Try logging in again… should be a good one!

• Apple please fix OS X Leopard server permissions/privilges issues!!

  I am having constant issues with OS X server permissions.
  Users running OS X Tiger/Leopard create a folder on the server.Other users can open files from within this folder but when they save changes to a document it says the file is in use or locked. Doh! when it isn't!!
  The folder in question has read/write privileges for users concerned.
  The group in which the user lives has read/write access.
  ACL's are set to inherit the parent folder, so it should carry on through subsequent folders. Posix is set to read and write. I have propogated the permissions.
  I have read loads of issues with Leopard with clients as well as server for this problem. Is this a known bug? Help please!!

  This is so frustrating! Yesterday, one of my Windows users reorganised one of the main folder structures we use, and now no one can perform any action requiring write permissions in these directories! So - no saving to any of these folders or subfolders etc. This is unbelievable.
  When acessing our Leopard Server (running on a Mac Pro) I am unable to ascertain anything that I can change (although I am completely new to running a server) to fix this. It appears that when I am logged in as the sysadmin I can view the applied permissions when I 'Get Info' on the folder causing problems, so they are set to:
  Everyone: Read & write
  Workgroup: Custom
  In File Sharing System Preferences, the shared drive that contains these directories indicates that all users can read & write. But they can't!
  If I can't find a fix for this then I think my server is going to be unusable within the day.
  Help!?

• OS X 10.5.8 Leopard Server & SMB authentication problems

  Hi all,
  I am in charge of a OSX Leopard server. The platform has Windows XP /Windows Vista / OSX computers and as the server has a high capacity NAS it seemed logical to share it using SMB.
  The initial set up was done having in mind just the MACs, and they have no issues connecting to the SMB shares. The problem is on Windows side.
  Windows machines are supposed to use the SMB shares with Open Directory Accounts. But whenever we create an SMB share, there is a strange behaviour: files could be uploaded to the server, but once copied, they can't be copied back to windows machines, triggering the error (more or less, as the error text is in spanish): "File operation could not be completed, source file could not be found"
  For debugging purposes, we have just created a share, step by step , identify which the problem is:
  1 - Create a user from Workgroup manager, no admin capabilities.
  2 - Create a folder under "Shared Items" Folder.
  3 - Disable "Enable Spotlight Search"
  4 - Disable AFP, FTP, NFS (leaving just SMB as sharing protocol)
  5 - SMB protocol options: Disable "Allow guest access", Asign permmissions as follows: Owner: RW, Group R, Everyone R.
  6 - We then go to permissions and choose user created at step 1, set him ACL permissions as RW.
  7 - Save changes.
  After that, we reboot our Windows test machine, flushing its dns cache previously.
  Then when trying to connect to the share,an error message on our XP box says that we have no permissions to connect to the sahre (using our test user credentials). SMB log displays the following:
  +setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.+
  +[2009/10/23 12:05:20, 2, pid=29029] /SourceCache/samba/samba-187.9/samba/source/auth/auth.c:checkntlmpassword(319)+
  +checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER+
  Thanks in advance and best regards.
  Message was edited by: javierspn

  Edit:
  I can now connect with the new user. Something to do with DNS cache and opened sessions on the SMB server that I manually closed.
  However, same problem: I can upload files but whenever I try to copy one from the server to any XP workstation:
  http://yfrog.com/3oerrorjkj
  Basically meaning in plain English that the source file could not be found.
  Regards.

• Can't rename folders on Snow Leopard Server

  I have 10.6.8 Snow Leopard Server running on a new Mac Mini server. Attached I have a Pegasus Raid storing all my files. I have a sharepoint set up for every project we work on but a couple act strangely. Users can create and delete folders but can not rename them once created. In order to rename they must drag the folder onto the desktop, rename and then replace the folder on the server. All permissions are set up identical to the other sharepoints which work fine. I have had a couple so-called "experts" look at the permissions in both the terminal and Server Admin. Everyone seems stumped. Any ideas?

  Thanks for the input but I finally soved the problem. Here is what I found...
  Although I had given users/group the ALLOW/FULL CONTROL premission with a sharepoint, I discovered that in Server Admin if you double-click on the User or Group name under the ACL permissions that a drop down box appears. This box allows you to fine tune the ACL but it appears that by default all of the boxes are not checked even though I granted the user Full Control. After checking all of the boxes I was able to create and rename folders in my share as expected.
  This also had an similar effect if I denied Full Control. Some of the boxes remained unchecked and it left holes in my system where denied users could still access some files. Again by checking all boxes these holes were closed.
  Does anyone know how to change the default so that all boxes are checked when assigning the Full Control permission?

• I transferred files from a NAS server to the Mac Mini Snow Leopard Server and now some of the files have Custom Access and can't  be opened by some users.  How do I fix this?

  We're setting up our Mac Mini Snow Leopard Server, and in the process transferred files that had been stored and accessed from our Blackarmor NAS server over to the Mac.  These files were all created on PC's and are Office Excel files, WordPerfect files or PDF's.  When you look at the files on the Mac from the Mac and bring up Get Info for the affected file, it says that the file has Custom Access.  The files that work properly don't have that configuration.  I can access and open the files on some computers, but some users can't open the files from their computer even though they can see it.  We're all using PC's and they get the Error:  Access Denied-Contact your administrator--or something similar.  I've seen on the web similar issues and it may have something to do with ACL permissions.  I don't know enough about Mac OS to understand this, but what is baffling is that they can be opened from some PC's but not others, and all of the Users have the same accessibility to the files.  Thanks for a solution!!

  Oh, on the losing Internet, try this...
  Make a New Location, Using network locations in Mac OS X ...
  http://support.apple.com/kb/HT2712
  10.7 & 10.8…
  System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
  10.5.x/10.6.x/10.7.x instructions...
  System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
  The interface that connects to the Internet should be dragged to the top of the list.
  Instead of joining your Network from the list, click the WiFi icon at the top, and click join other network. Fill in everything as needed.
  For 10.5/10.6, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
  208.67.222.222
  208.67.220.220
  Click OK.
  PS. Your English is quite good & completely understandable.

• Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

  Summary:
  After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
  Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
  Configuration:
  Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
  Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
  -> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
  DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
  en0: fixed public IP address -> controller.example.com
  en1: 192.168.1.254 -> controller.cluster
  -> 18 agents with AFP and Xgrid agent activated:
  en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
  VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
  _*Detailed problem description:*_
  After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.201
  Subnet Mask:
  Router: 192.168.1.254
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
  The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
  After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
  Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.202
  Subnet Mask:
  Router: (Public IP address of my VPN server)
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
  I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
  Any help is welcome!!!

  I would suggest taking a look at:
  server admin:vpn:settings:client information:network route definitions.
  as I understand your setup it should be something like
  192.168.1.0 255.255.255.0 private.
  at least as a start. I just got done troubleshooting a similar issue but via two subnets:
  http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

• Thank you, Pterobyte: You restored my faith in Leopard Server!

  I set up a new installation of Leopard Server 10.5.6 and accepted the base configuration. I wanted to test a mail server setup on VMware Fusion 2.0.2. No issues during the installation but once I started the mail services and setup my first user account, I kept getting IMAP errors in the logs.
  After much searching and trying this and that, I found a post with Pterobyte's answer as seen below...I tried his recommendations and suddenly mail worked. My question is this, why would Leopard require this manual configuration/changing permissions when it clearly isn't stated in any of the manuals for mail services or anywhere else for that matter?
  Lesson learned? You bet! Seeing is believing and the "It's so easy a caveman can do it" isn't quite the case with Leopard's postfix implementation. I wish Apple would fix the easy mode stuff so that it really does work as advertised. Again, I didn't alter the base installation. Love to get your feedback folks. I still don't know what went wrong but I re-installed the server 3 times and observed the same behavior.
  Pterobyte's Recommendations:
  Try:
  sudo chown -R _cyrus:mail /var/spool/imap
  sudo chown -R _cyrus:mail /var/imap
  Next check if the user has the necessary access privileges in Server Admin -> "Servername" -> Settings -> Access
  Then issue:
  sudo postsuper -r ALL

  Hmm - My test-leo-server did NOT have to have any permissions changes done - the default values from Apple was correct.
  So the question is why your specific installation was bad?
  As a curiosity - would these permissions be corrected by running a "Disk Utility: Repair Permissions"?
  PS.: I always use the "Combo updates" when they exist, not sure if that's relevant for this secific problem…

• Moving accounts from Snow Leopard Macs to Mac mini with Snow Leopard Server

  I got my brand spanking new Mac mini today with Snow Leopard Server! So far, we (at home) were managing our accounts on individual iMacs and a MacBook Pro. While I will be getting into the innards of account migration, management etc. I thought I'd post a quick question here; Currently I have an iMac with three user accounts on it (wife and two kids). I also have my own personal MacBook Pro with my account (the only Admin account) on it. We'll soon be getting another iMac for our daughter (who currently has an account on the existing iMac). My idea in getting the Mac mini was to move to and centrally manage all the user accounts in the household on the Mac mini server. What is the best way to accomplish this? What is the best way to move the existing accounts on to the server?
  Additionally, I'll be looking into connecting the two stationary iMacs with Powerline Ethernet (where one runs Ethernet over existing electrical wires in the walls). My other option would be to rely on wireless network (I don't think this would be a good idea for if I am going to be placing the user accounts on the server and there needs to be a constant on, reliable connection between the server and the client computers as they will be talking to each other a lot!). Any thoughts on Powerline? (I am not looking forward to installing Ethernet cabling behind walls :o))
  What say the wise men of Mactopia?!
  Thanks,
  Kenneth.
  P.S. I had earlier accidentally posted this in the corresponding section of Mac OS X instead of the Mac OS X Server forum.

  Ok so the esiest way to explain this is to tell you what i just went through.
  I have 3 user accounts. All the accounts are network Users meaning that there home folder are kept on the server. I was having a problem with Time Machine giving me error 41 and error 11. After scratching my head for 2 days I ended up copying (Drag-n-Drop) the Home Folders to an External Hard Drive. I then proceeded to erase both of the internal hard drives on the mac mini and did a fresh local install of the Server OS.
  Everything was fine at that point. Now this is where Snow Leopard stopped being nice.
  I went and Created the user account again using WGM. I let WGW create the home folder and the 9 folder inside. I made sure the short names were the same and the passwords were the same as they were previously.
  However, once i Copied files from the external drive to the home folders the permissions copied as well, Which i guess should be expected. So now at this point apparently the UID's of the newly created users wasn't the same as they were before the clean install. I have multiple instances of root listed in the ACL for several folders and also had several instances of System listed sporadically.
  Now, This isn't to say that you can't drag n drop because now That I have it all squared away and everything is now working ok, I would probably still drag n drop the home folder off to an external disk, but only because I now know what to do to clean things up.
  if you drag and drop be sure to use the CHOWN command and theCHMOD commands afterwards. Take a look at this MacFixIt article: http://reviews.cnet.com/8301-13727_7-20013630-263.html?tag=mncol;title
  If you copy your local imac users to the home directory on the server you may want to follow the steps on the URL I gave plus you will most likely also have to do the following. In a nutshell you are going to use the chmod command to strip all the ACL Permissions then you are going to use the chown command to re-specify the correct owner and the correct permissions for the network user.
  !) Go into ServerAdmin and click on Sharing
  2) Go to the users folder you are using and select the user you are going to work with.
  3) Click on the Permissions option
  4) click on the +sign at the bottom (this will open the users & groups list to the right)
  5) Drag the current user from the users list to the owner permissions line under posix section
  5a) Click Save
  6) Click on the Gear button at the bottom
  7) Check the box for Owner Name and Owner Permissions.
  8) Uncheck the box for Access Control List then click ok
  Once you've gone through that rigmarole you can go back into ServerAdmin and fix the permissions for public and Sites folder which should only take a minute or so.
  So the moral of this story and as I found out when i ended up calling Enterprise support is that the act of dragging and dropping user home directories from one server to another, or as in your case, from a local machine to a the server isn't anything that apple recommends or supports. you might want to read through the man pages for "Ditto" or so apple tells me, but honestly now that you know, the steps above aren't all that bad. It's true Knowing IS half the battle!
  have Fun!
  P.S. FWIW If you run into problems and have to call Enterprise Support be prepared for them to tell you to refer to the user Guides. So reading those would be to your advantage even though they aren't the easiest things to understand unlike apple's consumer products user guides

• Leopard Server 10.5.4 + SMB + Windows XP Clients

  Hello!
  I got quite some interesting problems with my Xserv under Leopard Server 10.5.4 with Windows XP Clients.
  The server runs as an open directory master and a standalone server for smb.
  Shares are setup for AFP and SMB clients, ACLs are set up with read+write access for the user's group. So far everything works, users can connect from their Macs (OS X 10.3.x - 10.5.4) without problems.
  My problem are the windows clients.
  Connecting works fine, and apart from one permission bug (more on that later) they can access all files and do everything the macs can do.
  Problem 1:
  Users cannot rename files if they don't have write permission at the POSIX-level as either owner or group on the enclosing folder. ACLs do not matter at this point, if the user connects through SMB he cannot rename files or folders.
  No big problem, I just put all users into one group and set this group as the POSIX-group and do a chmod -R g+w on all shares.
  Inheritate this settings for SMB-connections works.
  But not for AFP-connections. Every new folder a mac-client creates comes with permissions 755. So I changed UMasks on the clients to 002, and at least folders created by the finder now have the right permissions of 775.
  Folders created by "new folder" on most applications load/save dialogs still come as 755 which screws up renaming for windows-clients.
  Folders created when expanding a zip-file also behave this way.
  The only solution I found for this was to make a cronjob that does a chmod -R g+w on the shares. Not that great.
  Another "fun" feature with POSIX-permissions and SMB:
  Files inside a folder. Files+Folder have an ACL set up that specifically denies deleting files+folders for a user. This users group has POSIX-permissions with write access to the enclosing folder. Window's explorer will let that user delete files and folders without any complaint about missing permissions to do so. They even disappear from the explorer-window, but are not actually deleted.
  If you refresh the view, the files+folders are there again.
  If the user instead has no POSIX-permission that grants him write-access, but an ACL that grants him delete, explorer happily deletes the files the user wishes to. And these files actually get deleted.
  If the user has no write POSIX-permission and no ACL-permission to delete files, explorer complains about missing rights to delete files/folders.
  I tried adding "acl check permissions = no" to smb.conf, but that didn't change this behaviour.
  Problem 2:
  Sometimes, when copying "large" files to a server share with windows explorer (from 50 MB upto 3 GB), the user immidiately gets an error message: "Cannot copy. The specified network name is no longer available."
  The copied file shows up at once in the destination directory and has the correct file size, but only contains "garbage". Half a second later the same copy works and the file is actually copied successfully.
  Sometimes this error shows up while a large file is copied and if you browse through other shared folders while the copy takes place.
  Most often it will show up when you copy&paste with explorer.
  I am stomped and have no idea where to search for a solution to this one.
  I tried changing ethernet cables (premade and selfmade), the network switch, ethernet port of the Xserv ... connected a workstation directly to the Xserv - no change.
  DNS works, all clients+Xserv have static IPs and the same settings for DNS-Server. Name resolution works, as does reverse resolution.
  I even tried using a windows server 2003 as a WINS-Server without success for this problem.
  There are no event log entries on the clients when this happens, and smbd.log on the server shows
  read failure for 4 bytes to client 192.168.1.137. Error Connection reset by peer
  I used wireshark to monitor what exactly happens when this shows up, but it just happens out of nowhere ... the clients just sends a TCP_RST. No unusual things before or after the TCP_RST.
  I ran some tests with samba 3.0.32 and samba 3.2.x under linux 2.6.x - no such errors at all.
  I tried installing Leopard Server on my Mac Pro, same behaviour.
  I ran some batch-scripts that would copy large and small files in excess from/to the server from 4 different windows xp clients for a whole weekend 24 hours - not a single error. As soon as I use windows explorer to copy a file this error has a chance of showing itself.
  Problem 3, more of an application bug:
  Adobe InDesign CS2 (Windows again ;)) cannot export a PDF to a shared folder if the filename is longer than 8 characters. It starts exporting and after reaching 100% it just stops with the error "PDF cannot be exported." If the filename is shorter than 8 characters, all works fine. Exporting locally or to other samba servers (linux) or windows servers (2003) works fine. Copying this files to the share works, too.
  Exporting any other filetype from IDCS2 (eps, inx, jpeg ...) works regardless of filename length. So does saving InDesign-files.
  InDesign CS1 and CS3 do not show this, so I guess it's safe to assume this one is Adobe's problem
  Did anyone experience similar problems or even better has a solution to some of these?
  The real showstopper is problem #2, at least for us.
  Thanks in advance and excuse my poor english skills!

  I tried several new approaches, but nothing worked so far.
  The update to 10.5.5 made things worse. Connections are dropping all over the place, when saving from Adobe programs in particular.
  Printing from clients to a Xerox Phaser 5500 works, but choosing a different paper size than the default chosen in the cups admin interface goes all wrong and either prints on the default paper size, but down/upscaled to the chosen paper size or prints on the chosen paper size and down/upscaled as if you were printing to the default paper size. (e.g. default paper size is A4, you choose A3 with an A3 document. Document prints on A4 and is downscaled to A4, or prints on A3 and is downscaled to A4.)
  There is no way I can keep this thing in production much longer. I tried reinstalling again, but that did not change any behaviour. Another nice "feature": InDesign disables "edit original" when the path to the linked file contains any directoryname with more than 8 characters in length.
  Coupled with a sometimes disappearing "dirserv" (it just stops working until I reboot the whole computer) the decision stands to move away from the Xserve.
  Leopard Server 10.5.x just does not seem to work well with windows clients.
  We will migrate to a windows server 2003 running ExtremZ-IP for the macintosh clients this weekend. Too bad that Apple does not allow Bootcamp to work on Xserves, at least the hardware would have been useful then.
  (As a nice finishing touch, the harddisk partition where all data resides did become corrupt over the weekend. "The volume Daten could not be repaired."
  Disk Utility and first aid did show nothing on friday ... saturday after no work being done on the partition this error shows up. The only solution I could find was to reformat the partition and restore from a previous backup. Another weekend down the drain. Sorry for the rant, but 6 weekends in a row is enough.)

• Leopard Server 10.5.2 hosed after Security Update 2008-002 v1.1 Server

  I am running Leopard Server 10.5.2 on a Mac Pro 2x3.2 GHz quad core xeon. I did a software update today which included Security Update 2008-002 v1.1 Server. I did disk verify and permissions repair on as usual before the update. Afterwards, I found that I could not log into my local user account with administrator privileges. I can log in as "root" using the local administrator password. All my users can log in. But all the groups have disappeared, and so have the wikis associated with these groups. The data seems to be there in /Library/Collaborations, however.
  This was a simple server configuration with 5 users - I was essentially using only the groups wiki function. The server had no client machines. Its not like I had a complex configuration. I am absolutely mystified - spent an hour on the phone with Apple support and they took all the server logs for analysis. I was wondering if anyone else had this update go wrong in a similar configuration.
  I would be very grateful for any advice!

  I had the same thing happen. It took me a while to figure out why because I installed the update before the weekend and then came in on Monday and nothing worked. I've searched around quite a bit and found some people had the same problem but haven't found a solution. Right now my server is sitting there useless, even after reverting to a backup before the update.
  Did you or anyone else find a solution to this?

• Mac Mini 2009 vs Leopard Server

  Hi all...
  I am hoping to get to the bottom of this asap, as I am looking forward to just getting on with things.
  The issue is installation of Mac OS X Leopard Server 10.4 on a Mac Mini (Early 2009)
  First of all.... Yes I have read the *Article HT3479* http://support.apple.com/kb/HT3479 and yes it allows you too boot your mini, however....
  When you go through the installation process and are entering your information, there are several key steps missing from the interview[Server Assistant]. The main question missing is, "What type of installation" Standard, workgroup or advanced.
  Another key set of questions missing is Network Setup.
  So suffice to say the HT3479 does not address the issue i am experiencing.
  Here are the methods I have attempted to use to install Server on this mini...
  HT3479. {The result is that I can not run Server Preferences... Apparently the computer is in advanced mode and can not be reverted to standard}
  The above method has been tried in the following examples...
  * Install Mac OS X Client (10.5.6 from client disk)
  + Apply updates (at the time it was pre 10.5.7 so up to and including all updates to that time10.5.6)
  + Run Server installation from 10.5.4 Server Disk
  + Apply patches before rebooting
  + Run through shorted setup questions (See above)
  + check for updates before launching anything
  * Install Mac OS X Client (10.5.6 from client disk)
  + Don't apply updates
  + Run Server installation from 10.5.4 Server Disk
  + Apply patches before rebooting
  + Run through shorted setup questions (See above)
  + check for updates before launching anything
  I tried the above methods several times having no success
  I contacted Apple support where I was asked to just try it again! and was told that nobody else was having these issues.
  Great... 60Gb download capped reached so I had to wait for this month to continue.
  10.5.7 update was released recently, so i thought I may be in luck.
  So this month I have tried the above methods several times with the same outcomes.
  In desperation I tried the following method...
  Boot the Mac Mini in Target Disk Mode and running installation from an iMac targeting the disk in the mac mini. {The result is that during Boot up and Shut down verbose mode is invoked and there are numerous error messages in the log files, secondly I am experiencing several issues with DNS names etc.... won't accept SERVERNAME.local}
  Anyway, this method gave me the most joy but still far from ideal.
  Seemingly unfair it let me glimpse what leopard server can do, and yes i like what i see, but I really need to be able to install leopard server normally and have no issues.
  *Hardware Configuration*.
  Mac Mini (Early 2009) A1283 (2.0\1X1G\120\SD\AP\BT)
  Upgraded RAM from 1GB to 4 GB (yes it works fine, full hardware test performed)
  Upgraded HDD from 120GB to 320GB 7200 rpm (Caviar Black)
  Samsung 22" monitor
  Apple Keyboard (Aluminium with keypad) A1243
  Apple Mightymouse A1152
  Network
  ADSL modem PPPOE
  Apple Airport Extreme
  Wired direct from rear of AEBS to Mac Mini
  AEBS setup in DHCP, but reserved IP address for Mac Mini's Mac Address
  Software
  Mac OS X Server Version 10.5.4 [0Z691-6214-A] (Full retail version)
  Mac OS X 10.5.6 Disk version 1.0 [2Z691-6344-A]
  I am sure that others are experiencing the same issue, as many have listed similar issues to the above, however many are open ended with no resolution. I hope that if a solution is found or it is determined that there is an issue that news can be posted by apple so others are better informed before investing money in both products hoping to achieve a working network server.

  I recently purchased a Mac Mini 320 GB model and OS X Server (Leopard). Before I purchased them I asked a couple of the Genius guys if I could run OS X Server normally on one of the new 320GB Minis? And the concensus among several Apple Store employees, was that yes, there should be no problem whatsoever...
  So I bought the pair, and went through the install process numerous times, and was never able to get the standard installation until I resorted to dire measures which I have outlined below.
  I tried to boot from OS X Server 10.5.4 on several machines at the Apple Store, and it does not boot any of the new machines (as of 2009.06.02). The normal install (use the os x server disk to boot) works perfect on an iMac 2.4GHz machine, and on a G4 Mirrored Drive machine, and on both of these machines the process is simple. Pop in the os x server disk, go get a sandwich, come back, answer a few questions, you are up and running, and life is great. It doesn't get any better...
  The problem with the newer machines is that you must install the standard os x, get all the updates, insert os x server disk, and install os x server. The unfortunate part is that by the time you install OS X Server several items have already been set, OS X Server senses this and skips about 17 screens that allow for {"standard", "workgroup", "enterprise"} setup, and goes right into the "enterprise" mode.
  One of the big conveniences with the standard setup is that quite a few things are created for you. Once you use the "standard" setup you can promote the installation to the "enterprise" mode by opening it with "Server Admin" which provides infinitely more control, but using "standard" setup to start with simplifies life considerably.
  If you figure out how to do the "standard" install bear in mind that when it asks you for your administrative user account info it really wants :
  name : Directory Admin
  shortname : diradmin
  password : astrongpassword
  This will allow you to go from LOCAL to LDAPv3/127.0.0.1 when using Workgroup Manager
  When it asks if you want add more users you can add one user, the "Local Admin" :
  name : Local Admin
  shortname : localadmin
  password : astrongpassword (you will have to reset this password after you login as diradmin)
  You can reset the "Local Admin" password via "System Preferences ---> Accounts"
  and you can create the other users via the Workgroup Manager ---> LDAPv3/127.0.0.1 domain once you get DNS and Open Directory working.
  if you use "standard" or "enterprise" the first thing to setup is DNS, everything else depends on DNS being configured correctly. "standard" really shines here because it won't let you screw up DNS.
  You will need private DNS even if you have a provider handle public DNS for you.
  If you are using standard you will be asked for, and can enter something like the following :
  domain : crystal-palace.mac.private
  machine : crystal-palace
  if you are doing the "enterprise" mode you will also have to enter crystal-palace.mac.private in one more field,
  Each machine will have a fixed PRIVATE IP address in the form of "192.168.1.n" and a "Computer Name" that was unique within the ZONE (the group of machines) via "System Preferences ---> Sharing".
  Once you switch to the "enterprise" mode you can add more machines (using the "Computer Name" above) with their respective private ip addresses.
  If you are using the "enterprise" mode, You want to setup Open Directory initially as "standalone", once that is working promote it to "Directory Master" via the "Settings" Tab. If you are using the "standard" mode, the Open Directory is setup automatically as "Directory Master" but there doesn't seem to be any way to add to the DNS, I think you have to use "Directory Utility" to do this. But if you've gotten this far it is easier to promote the setup mode to "enterprise" with "Server Admin".
  I have a 1TB drive partitioned into 8 logical drives , the first seven standard partitions are named BUP_1 through BUP_7 and are provide 93 GB each. They are setup as test drives. The last partition is named TM_1 which is used for Time Machine backups and it provides close to 280 GB of backup storage.
  On the first partition, I installed OS X 10.5.7 along with some basic applications that I normally use. I then created a dmg installer that I saved to TM_1 using disk utility and used that to install the image on the remaining six partitions (BUP_2 ... BUP_7).
  The seven standard partitions then have OS X 10.5.7, which I basically use as test drives. It is here that I attempted different things trying to get this to be a simple deal. If one attempt didn't work I moved on to the next partition...
  The BUP_n already have USERNAME setup as localadmin, not admin CHECK step ( 4 ) below. Also note that the dscl commands all have a dot following them.
  Steps that worked for me, that allowed me to select the setup mode for os x server.
  ( 1 ) Boot mac into single user mode by holding down (CMD-S) during startup until you see text scrolling on the screen.
  if the text on the screen stops, and you don't get the "root # " cursor, you may have to hit return once in order to get it. Once you get the root cursor you will need to enter the following commands very carefully. On the paths you can type part of the path and hit tab for auto completion. Everything is case sensitive...
  NOTICE that USERNAME needs to be substituted with the correct shortname from step ( 4 ) in steps ( 6 ), ( 7 ) and ( 8 )
  ( 2 ) $ mount -uw /
  ( 3 ) $ /bin/launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist &
  ( 4 ) $ dscl . -list /Users
  ( 5 ) $ rm -R /Library/Preferences/
  ( 6 ) $ rm -R /Users/USERNAME/
  ( 7 ) $ dscl . -delete /Users/USERNAME
  ( 8 ) $ dscl . -delete /Groups/admin GroupMembership USERNAME
  ( 9 ) $ rm /var/db/.AppleSetupDone
  ( 10 ) $ rm -R /var/db/dslocal
  ( 11 ) $ mkdir -p /var/db/dslocal/nodes
  ( 12 ) $ cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/Default /var/db/dslocal/nodes/
  ( 13 ) $ cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/dsmappings /var/db/dslocal/
  ( 14 ) $ passwd
  ( 15 A) $ shutdown -h now (if you want to reboot outside of single user mode)
  OR
  ( 15 B) $ exit (if you want to continue booting in single user mode)
  I think that to make this an easy install, there should be a small script from Apple that you can run once OS X, and OS X Server are installed, and updated, that reset everything to pristine, so that after running the script everything that needs to be removed, or reset is done so that you can go through the normal 17 screens that allow for simple setup of OS X Server, just like if you had been able to boot from the OS X Server disk.
  The answer I got from Apple Support is that when new machines come out it takes a while to get the correct drivers and release an installer disk for OS X Server. The unfortunate part is that there is no simple way to allow the installer to select which mode they need for the particular installation. They are forced to take the "enterprise" mode...
  I am not SURE whether the steps I have outlined above cover everything, that is why I am suggesting that if would be far more accurate if Apple provided an installer script when they have NON_BOOTABLE versions of OS X Server Installer.
  After three weeks and about 150 hours worth of work, I finally gave up and took the Mac Mini and OS X Server back and bought another iMac 24. Whenever a newer version OS X Server that is bootable on the newer machines comes out, I will get it another shot...
  The guy I dealt with at the Apple Store kept saying, it works, you're just not installing it correctly. He also said "I've installed OS X Server on a Mini". But everytime I asked him, "Was it a new new Mini?" and he would respond, "Well, NO!". I also asked him "Were you able to boot the Mini from the the disk ?", he responded "YES!"
  I ran into some other issues, for example one night I shutdown the server, and the next morning none of the passwords would work, not even the root password. So I came up with the following, hope this helps.
  PROBLEM :
  This morning for some reason the Mac Mini would not allow me to log in, neither as the Local Admin, nor as the System Admin. The database containing the login info must have become corrupted.
  FIRST LEVEL REPAIR ATTEMPT
  I started the machine using the Apple Install DVD, holding the "C" key to force the CD to boot
  Once the installer screen came up, hit return and select :
  ( 1 ) Menu Utilities -> Disk Utility -> Select the Drive -> Repair Permissions
  ( 2 ) Menu Utilities -> Disk Utility -> Select the Drive -> Repair Disk
  ( 3 ) Quit out of Disk Utility...
  ( 4 ) Menu Utilities -> Reset Password
  ( a ) Reset the password for the root user
  ( b ) Reset the password for the local admin user.
  ( 5 ) Quit out of Reset Password...
  ( 2 ) Menu Utilities -> Startup Disk
  ( 6 ) Select the correct disk to use for re-start.
  ( 7 ) Re-Start
  ( 8 ) I tried this several times, but could never get the new passwords to work after re-booting.
  There must have still been some corruption in the database.
  SECOND LEVEL REPAIR ATTEMPT
  ( 10 ) reboot and to hold the CMD-S to boot into the single user mode.
  At the root prompt, type in the following commands. I might have to hit return, if there is a white cursor that appears to be hung up waiting for input, just hit return, then you should see the root prompt.
  First try :
  ( 11 ) root # fsck -f
  ( 12 ) root # mount -uw
  ( 13 ) root # passwd
  ( 14 ) root # exit
  ( 15 ) when the login dialog appears try to login as root
  ( 16 ) if you can login, go to :
  ( a ) System Preferences -> Accounts and reset the password for the Local User in question.
  ELSE
  ( b ) Go to step ( 20 ) below
  THIRD LEVEL REPAIR ATTEMPT
  This is the command set to reset the local DB on the server
  20. $ reboot and to hold the CMD-S to boot into the single user mode.
  21. $ mount -uw /
  22. $ mv /var/db/dslocal /var/db/dslocal.old
  23. $ mkdir -p /var/db/dslocal/nodes
  24. $ cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/Default /var/db/dslocal/nodes/
  25. $ cp -Rp /System/Library/DirectoryServices/DefaultLocalDB/dsmappings /var/db/dslocal/
  26. $ passwd
  FOURTH LEVEL REPAIR ATTEMPT
  ( 31 ) Shutdown the machine with the problem( we will call it the pm for problem machine)
  ( 32 ) attach a firewire cable to the pm on one end
  ( 33 ) attach the other end of the firewire cable to a good machine (call it gm)
  In my case the gm uses firewire 400, and the pm uses firewire 800, so I had to get a cable that had firewire 400 on one end, and firewire 800 on the other,
  ( 34 ) start up the pm while holding down the "T" key until you see a large image floating around the pm screen. This put the pm into the "TARGET" mode, now it will behave like a drive, and you should see the drive on your gm desktop.
  ( 35 ) You can now copy anything you need from the pm to the gm.
  ( 36 ) Make sure you BACKUP anything and everything you want from the pm to the gm
  ( 37 ) IF YOU ARE WORKING ON A MACHINE CONTAINING OS X SERVER :
  At this point, if nothing else has worked you will have to erase the drive and
  ( a ) re-install OS X, and
  ( b ) re-install OS X Server on the pm
  ( 38 ) IF YOU ARE WORKING ON A MACHINE CONTAINING OS X :
  At this point, if nothing else has worked, from the Install DVD you can
  ( a ) Archive and re-install OS X on the pm
  Another interesting thing that has happened several times now, is that I always install standard OS X on the first partition of the disk, and OS X Server on a different partition, and after installing OS X Server the machine would no longer boot from the standard OS X partition. This has happened like four different times, not sure what could be causing this problem. Booting from the install disk and running Disk Utilities to repair the disk (which comes back OK), and repair permissions always comes back with an internal error,and cannot be completed.
  I have no clue what could be happening. I always had to reformat the drive and instal OS X all over again.
  I have no clue what could be causing this to happen ?

• Best Practice - Leopard Server and a Windows Server/Application

  Our family owns an accounting practice in Northern California. We all use MacBook Pros running Leopard as our client machines.
  Our customers all use QuickBooks for Windows for their accounting software. We currently host and store our customer's QuickBooks company files on a Windows 2003 SBS Server. Our staff connects to the Windows Server to launch QuickBooks and perform our accounting services. We do not use any of the features of the Windows Server besides the ability to log in with multiple user sessions to launch QuickBooks from both internal and remote office locations.
  Since we all use MacBook Pros, we'd like to use Leopard Server and implement mail, calendaring, wikis, etc. My dilemma is figuring out if this is technically possible because we need to continue to log into a Windows PC, Server, etc with multiple staff's sessions to perform our accounting services with QuickBooks for Windows.
  Can someone suggest a way we can do this? I'm not very technical since I am an accountant! We're hoping this can be done somehow!
  Thanks for any suggestion and assistance!
  John

  We also have Quickbooks as our legacy Windows app.
  Quickbooks files for several companies are stored on our Mac OS X Server, which is accessed by a Windows 2003 Server.
  I considered using Parallels or VMware, but the administrative overhead seam excessive. (One installation of Windows is too many). Windows Terminal Services seamed the best fit. Additional client access licenses were required from Microsoft as Windows Server only comes with two administrative RDP licenses.
  Our staff and staff from accounting and tax consulting firms connect to Quickbooks on the Windows server via RDP. Internally, we have a couple of diskless thin clients, and iMacs with RDP software installed. Externally, both Windows and Mac OS X clients connect to our 10.5 server IPSec VPN, and then to the Windows server, again via RDP.
  Performance is acceptable, as here in Australia we now have ADSL service with 1-2Mbps upstream. On my 23" display (Mac OS X 10.5), situated 1200miles away, a RDP connection at 1280x1024 works seamlessly.
  On the Mac Server side, we have recently upgraded to Leopard Server, and thus haven't implmented all the fabulous new features such as calendar sharing and wikis, but we are using network spotlight, and of course the Mail server. Additionally, we have a Fujitsu SnapScan which scans documents that are then automatically OCR'd, and made available by network spotlight. All very cool.
  Further work to be undertaken;
  - Have the Windows server logins authenticate with our Mac OS X Open Directory. Currently account credentials are duplicated.
  - Implement public key cryptography for the VPN, so that we can revoke individual client VPN installations
  - Implement two factor authentication (probably CryptoCard)
  - Batten down the permissions on the Windows server. The default Quickbooks installation required an unacceptable level of user rights.

• Restoring snow leopard server

  Hi
  I'm hoping for some advice as I'm newish to managing servers and not exactly an IT head (but it's my job!).
  Running Snow Leopard Server (up to date version, 10.6.7) on a Mac Pro tower (few years old now - dual Intel 2.66 I think). It has two 1 TB drives that are set to mirror each other, and some other smaller hard drives just for LAN time machine backups from other office computers.
  At some point over the weekend, the server had an issue which meant nobody could log in (the server didn't appear on the network at all), and I just got the coloured spinning wheel when I came to log in to the machine. Switched off the server and started up again -- but it just sticks at the grey screen with the circular lines. Resetting P-RAM and running Disk Utility from the install dvd doesn't change anything.
  My back-up made with Carbon Copy Cloner won't boot up either (I also have a Time Machine back-up -- haven't tried that yet) -- but therefore I have all the files.
  What is my best option?
  I'm starting to think that I'm going to have to reformat the drive, and reinstall the server software. Then hopefully I'll be able to restore the Groups and wiki files without too many issues (any thoughts on this? -- I'm worried I may encounter lots of permissions trouble here).
  Any better options?
  I would be thankful for any opinions/advice.
  Cheers

  Boot off DVD and restore machine from last know good time machine backup.

• My Problems with Netboot, PPC iMacG5, 10.5.6, Leopard Server-Solved

  Several contributors steps helped me out, in this archived thread:
  http://discussions.apple.com/thread.jspa?threadID=1649502
  I have added my own steps, for record, as I could not add to the archived thread.
  Problem: OSX 10.5.6 Server, set to an "Octopus" configuration,
  ( Standalone server, hooked into a Cisco 2950 Switch, switch manages DHCP, keeps all traffic localized)
  Hooked iMac G5 clients into switch. Set Server to netboot a PPC Leopard 10.5.6
  image made from same iMac G5 client. Hooked six iMac G5's into the switch,
  one fired off successfully, five all failed, going to Kernel Panic after first one
  kicked off successfully. Tested scenario with 3 Intel MacBooks imaging
  an intel MB 10.5.6 image, same server and switch, all deployed successfully.
  Following a combination of Brian Neeson's and Kellefson's Steps:
  1. Stop Netboot Service on Server.
  2. Disable Netboot Shares, save changes
  3. Launch Activity Monitor, stop nfsd service. ( Force Quit) It auto starts again
  4. Re-enable Netboot Shares
  5. Start Netboot Service, select PPC Image, Set to PPC Achitecture only, save changes
  6. Reboot Leopard Server.
  Issue is now resolved, and images deploy successfully, testing 2 PPC iMac G5s without fail.
  Posting this so I can set a subscription to it ( so I can find it faster, I cannot set
  a subscription to the archived post) and to help others with same issue.

  Ok, I finally had some time to come back to this
  and try out a few things.
  One of the things that kept perplexing me about this was that only
  PPC White iMac G5's, 1.6ghz models, were constantly affected by this issue.
  I tried it looking at it from the server end: Recreated the Netboot NFS share point,
  recreated the 10.5.6 image as a gold master, made sure all nbi's were in their proper
  locales.
  I tried looking at it from the iMac itself: swapping out Hard drives, Logic Boards,
  Zappring PRAM, replacing and swapping out Ram, etc.
  Finally after stepping away from it for a week to look at
  InstaDMG, it dawned on me......
  Josh, ( I believe) in his webinar, said that to build your
  image using instaDMG, you should use Leopard 10.5 Retail disc as the
  base of choice, and then put everything in as a package deployment
  on top of that.
  +So that got me to thinking, what if 10.5.6 was problematic for deployment,+
  +but not so for updating the system in general?+
  That got me to remembering that that wouldn't be the first time Apple
  has released an update that screwed up NetInstalling
  ( 10.5.2, 10.4.10, and 10.3.4 come to mind).
  *So I then decided to try a new test:*
  I went back to a good known working no problems White iMac G5 PPC 1.6ghz machine,
  wiped the HD, and installed 10.5.0 on it, and then put all my apps back on it.
  I then updated every app and patched the Apple essentials ( Quicktime, Airport0
  but did not update the OS.
  I then Target FW'd it to my Xserve, and used Apple's SIU to create the image.
  Then, I deployed it back to three iMacs in a row through the network.
  Success! no KPs and the iMacs all flawlessly deployed.
  I then tried another set of three, and success again....all three had no KP
  at booting into Netinstall, and all three deployed successfully.
  *So I believe that I have fixed my issue!*
  My next test is to create an image that will post deploy the 10.5.6 combo update
  to the iMacs after the 10.5.0 image is deployed, but even if I run into
  problems there, My workaround will be just to deploy 10.5.0, and then
  ARD out 10.5.6 combo after the machines have restarted and booted successfully.