Propagate permissions with Server Admin?

Similar Messages

• Change SMB settings (sharepoint, status, etc.) with Server Admin

  Hi. Big problems with Server Admin to administer SMB service with Mac OS X Server 10.5.2.
  When you share a sharepoint, you set the enable oplocks and enable strict locking as you want and when you save, all your settings disappear. Fix with modifying directly /etc/smb.conf.
  Worse. My server "B" is connected to an ODM "A". No problem with Open Directory / Kerberos except when I try to bind the SMB Service to the PDC. When you choose Domain Member, the setting is automatically reverted to Standalone (nothing's visible in the log with the status change). When you choose Latin 1 850, the setting goes back to Latin US 437.
  I'm lost.
  Any experience ?
  Best regards.

  I have a Leopard Server 10.5.2 and it's a PDC. Same problem with strict locking and Code Page Latin US 437.
  Doing many tests I found this solution to the code page problem that seem to be a sync problem of the Server Admin.
  Try this but remember to do a backup of your files!!
  To change the SMB Code Page, modify the smb service default configuration file:
  sudo pico /System/Library/CoreServices/SmbFileServer.bundle/Resources/ServerDefaults.plis t
  Set:
  <key>DOSCodePage</key>
  <string>CP437</string>
  To:
  <key>DOSCodePage</key>
  <string>CP850</string>
  Save in pico with ctrl+x and Restart SMB Service in server admin.

• Can I connect to server with Server Admin over vpn?

  I succeed to connect with the server over vpn, allowing me to connect to disks e.g. but I seem not to be able to connect to the server to administer it with Server Admin. Is it a matter of openingen a port?

  Thanks,
  But, Iam facing another problem.
  When I am trying to connect to Oracle 9i server database with Oracle 10g client, Iam facing the following problem.
  On my 10g client machine for the tnsnames.org file, I added configuration of Oracle 9i service. When Iam trying to connect with username, password and host string of oracle 9i server, I am getting the following error:
  ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
  Waiting for Reply,
  Satish.

• Setting workgroup backup permissions for server admin user

  I apologize in advance for what is probably a trivial question. At school I have set up a Tiger server on a PPC desktop. Open directory is implemented and managed remotely on my personal desktop machine using Workgroup manager. The local server admin account is different from the remote workgroup manager account. I have been backing up using rsync from my machine by logging in with ssh and the Workgroup manager account. Now I want to use ChronoSync on the server machine to set up a simple incremental backup routine. The problem is that ChronoSync runs under the server admin account which does not have permissions to access the group accounts. What is the best way for me to give the server admin account "global" permissions so it can backup the files and directories that were set up using Workgroup manager?
  iMac Intel Mac OS X (10.4.9)
  iMac Intel   Mac OS X (10.4.9)  

  Hi,
  User Account Control treats members of the Administrators group as standard users.
  With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the
  basis of the principle of Admin Approval Mode.
  When an administrator logs on to Windows Vista or newer, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights
  removed (filtered).
  To work around this issue, use the net use command together with a UNC name to access the network location.
  Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems
  http://support.microsoft.com/kb/937624
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• Problem with server admin connectio

  Hi,
  Im using Snow leopard server.
  I have a problem with connection to server via server admin app. It just says could not connect to server.
  At server console there is:
  2/27/10 2:58:30 AM com.apple.launchd[1] (com.apple.servermgrd[414]) Job appears to have crashed: Trace/BPT trap
  2/27/10 2:58:30 AM com.apple.launchd[1] (com.apple.servermgrd) Throttling respawn: Will start in 10 seconds
  2/27/10 2:58:30 AM com.apple.ReportCrash.Root[410] 2010-02-27 02:58:30.829 ReportCrash[410:390b] Saved crash report for servermgrd[414] version ??? (???) to /Library/Logs/DiagnosticReports/servermgrd2010-02-27-025830localhost.crash
  And that repeats.
  Any ideas how to fix this ?

  Yes it did work before. Made some changes to DNS and then server admin lost connection. Server works correctly (dns,mail,ssh access) only server admin connection is lost.
  servermgrd is running:
  bash-3.2# ps aux | grep servermgrd
  root 298 0.0 0.7 2494120 28748 ?? Ss 1:49PM 0:22.16 servermgrd -x
  root 1588 0.0 0.0 2425708 276 s001 R+ 2:29PM 0:00.00 grep servermgrd
  Is there any way to reset/reinstall servermgrd and its settings to default

• Mac OS X Server Print Sharing Issues With Server Admin

  Hello,
  I have a fresh install of Mac OS X 10.6.5, with just PaperCut and network printers added. When I open Server Admin (on the server itself) and select the Print service I can see 'servermgrd' and 'cups' using 60%+ CPU each for about 3 minutes. Then when I click 'Queues' tab the 'servermgrd' and 'cups' using go back up to using 60%+ CPU each and even if I leave it running for 12 hours it continues to stay like this, until I quit Server Admin.
  I currently have 45 shared printer queues.
  It sounds like the same issue discussed here:
  http://discussions.apple.com/thread.jspa?messageID=11895050
  Any help would be great! Thank you.
  Message was edited by: Pagemaster

  Anyone???

• Error 25308 on importing GoDaddy cert with Server Admin

  Greetings,
  We're in the process of migrating from Tiger Server 10.4.11 to Leopard Server 10.5.6. We did a clean install of 10.5.3 on a new machine, updated to 10.5.6, and started migrating user data. It's gone well, except that we can't import our GoDaddy SSL Certificate via Server Admin. We point the import process to the same certificate, private key and intermediate certificate that are used on our current server, but Server Admin says "failed", and I find this line in system.log:
  3/17/09 3:42:33 PM servermgrd[47] servermgr_info: [47] [CertificateManager importIdentity:] Error importing private key: SecKeychainItemImport (err = -25308)
  The result code means "Interaction with the Security Server is not allowed." according to Apple at http://developer.apple.com/documentation/Security/Reference/keychainservices/Ref erence/reference.html.
  Can anyone point me in the right direction? Thanks.

  Can you make a new cert via server admin and just have GoDaddy re-key it via your new information? It might be best to just start fresh with a clean install of the server.
  JL

• Can I manage custom builds of Apache and PHP with Server Admin?

  Okay, here's the deal: I have a shiny new Xserver Xeon with Leopard Server installed. I see that it comes with a number of programs that I'll need, preinstalled, but for various reasons (extensions and modules for PHP, Apache, and the like), I may need to roll my own builds of several of these programs and libraries. In this case, the main thing I'm concerned with is recompiling Apache and PHP.
  My question is, can I do this and still manage those tools from Server Admin? I'm not averse to doing it on the command line if need be, but I'd just as soon not have to, if I have Server Admin. So, what would I need to do to make sure that I can still use Server Admin with a custom PHP and Apache?

  My main interest is in using Wiki Server with the custom Apache and PHP builds. Since that's managed through Server Admin, I figured it would be best to try and integrate with the Apple tools.
  Apache I could maybe get by without a rebuild, but there are definitely PHP modules I need which the default build does not come with.

• Can connect with Server Admin and Server Prefs, not Screen Sharing or ARD

  Just set up 10.5 server on my G5, and trying to connect from 10.5 on my iMac. I have tried both with the server System Preferences set to allow Screen Sharing via VNC, and with Remote Management enabled for ARD. In both cases, I get authentication errors when trying to connect from home. I have tried with both the full username, and with the short name of the only account on the server. My assumption is that, since this is the administrator account, I don't need to setup explicit privs for it on the server.
  I can authenticate without any trouble with both Server Admin and Server Preferences.
  The Firewall is not enabled on either machine, although I am behind a NAT router at home -- is it necessary to open any special ports to enable screen sharing? Is it possible that having these ports closed would produce an authentication error?
  Thanks for any help.

  Hi
  I'm going to assume you configured your Server in Standard Configuration and not Workgroup or Advanced?
  When using Standard in setting up the server DNS is automatically configured for as well as the Server taking an Open Directory Master Role. The admin account created at the beginning is for administering the Open Directory. Unknown to you and not documented at all - as far as I can see - is the 'Local Administrator' (localadmin) account.
  You only become aware of this account if for some reason you have a problem with the Server which involves demoting to Standalone (ie not an Open Directory Master) once this happens you find you can't log on to the Server anymore or communicate with any of the Server applications because it won't accept any username or password other than root and localadmin for the name and the password defined for the original admin account you created right at the beginning.
  Sometimes it does not even take demotion to find yourself locked out of the Server. Some have experienced this problem when running the Security Update or when some other problem has occured.
  Part of the process of creating an Open Directory Master involves the creation of a 'special' directory administrator account. This account is used for administering the LDAP node. If demotion takes place this account gets blown away along with all users and group accounts that exist in the LDAP node, in fact everything to do with Open Directory is destroyed apart from Users' home folders.
  Why demote if this happens? Sometimes the LDAP database gets damaged/corrupted beyond a point where normal troubleshooting methods fail. This can happen for a whole variety of reasons but more often than not is due to a poorly configured DNS Service. You basically only have two options once you reach that stage. A server reinstall involving a format and rebuild or a demotion to Standalone. Which option would you choose? Prior to demotion you can (if you have the chance) export users and groups or even archive the LDAP database itself for restoration later on. This is a useful option as everything to do with the LDAP Server is retained - passwords, users, groups etc. The other method of saving users etc does not retain passwords.
  As time goes on and you become more familiar with your server you will find more and more of this information out for yourself. Hopefully the simple advice I've given helps you understand Open Directory a little better.
  Hope this helps, Tony

• Time Machine Permissions with Server Update 2.2

  I rebuilt our Mac Mini server and did it using the latest version of Server (v. 2.2) just released. I noticed that when I activate the Time Machine service on OS X Server that my clients could not connect in (receiving OSStatus Error (5) on those machines). So, when looking at the permissions for the "Backups" share in File Sharing on the Server (using the Server app), I noticed that there were no permissions for anyone other than the Administrator.
  I added a group of employees and then those machines are able to successfully use Time Machine and backup to the server's external Time Machine disk. The problem is that those backups do not appear with the little red "minus" sign next to them. So, someone could grab someone else's backup and copy it.
  It seems this new version of Server Update may have changed the way permissions are provisioned for clients to be able to backup to.
  Anyone else seeing this behavior or have any thoughts on this?
  Thanks,
  Bob

  Solved this permissions issue. Use the Mac's Disk Utility to format the backup drive - do not use the vendor's supplied disk management utility to format it. I am running a thunderbolt Drobo now and had the same issue using Drobo's software. Once you format the drive using the Mac's Disk Utility, you will see a group of "staff" with read/write permissions. Other network users will not have access to other time machine backups.

• Using Server Admin with Leopard 10.5 (not the server version)

  I have recently downloaded the Server Admin and would like to use the xgrid function. I am running Leopard 10.5 (not the server version). Is it possible to set up a server functions to use just xgrid with Server Admin and the Leopard 10.5 non server version system software. I want to set up a really small computer cluster between my macbook and imac. My problem is that I cannot seem to get a server started so I can select which functions I want to turn on (such as the xgrid). Thanks in advance for any suggestions.

  I tried several options from the link you suggested, by the xgrid lite seems to be for 10.4 Tiger. I have not been able to make it work for Leopard. Any suggestions?

• Server Admin 10.5.6 will not install on any of my Xserves with 10.5.6

  I too have issues with Server Admin 10.5.6 update. It will not install on either of my Xserves. I have a G5 and Intel Xserve. Anyone else with this issue. I did install the update though on both of my client workstations.

  Then you probably also are not aware that the new server admin tools are part of the server update itself (compare the version numbers of /Applications/Server/ with an upgraded client's ditto and see that they're identical…)

• What's up with the Server Admin Tools update 10.3.5?

  I keep getting the Apple update window with Server Admin Tools Update 10.3.5 checked off in its checkbox.
  When I run the installation, it goes throught the status bar, etc, and then comes back up as needing installation.
  The tools I run show 10.3 (v106) in the about window.
  What's up?
  thanx

  Cliff, I am not sure why you are getting this update, but if you are not using Apples' Server and you are not that Servers System Administrator, Uncheck it and ignore it, you do not need it.
  If by chance somewhere along the line you downloaded software that was not through the Software Update feature on your computer, you might have mistakenly downloaded some software you did not need.
  Don

• Server Admin causes servermgrd crash: "got an empty response"

  Starting a few days ago, when one OSXS system is accessed with Server Admin, the servermgrd process immediately crashes. Could there be some file that somehow got corrupted? I've run 'repair disk' and 'repair permissions', and even did a full Disk Warrior run on the boot drive to no avail. No other changes or upgrades were done to the system to prompt this.
  Server Admin[357] Server got an empty response (servermgr_info may have crashed)
  crashdump[444]: servermgrd crashed
  According to the servermgrd man page, this might mean that /etc/servermgrd/getsslpassphrase is returning a null string (which it seems to do when run manually). But it could also be that getserial_numberinfo() is returning null.
  Is there some system file I need to regenerate?
  Thx
  The crash dump has this:
  Command: servermgrd
  Path: /usr/sbin/servermgrd
  Parent: launchd [1]
  Version: ??? (???)
  PID: 424
  Thread: 4
  Exception: EXCBADACCESS (0x0001)
  Codes: KERNPROTECTIONFAILURE (0x0002) at 0x00000000
  Thread 4 Crashed:
  0 ....ServerAdmin.servermgr_info 0x0027c39c ServerSerialNumStrValidateInternal + 68
  1 ....ServerAdmin.servermgr_info 0x0027a038 getserial_numberinfo + 232
  2 ....ServerAdmin.servermgr_info 0x002695a8 getserverinfo + 132
  3 ....ServerAdmin.servermgr_info 0x00268a60 doProcessInput + 248
  4 servermgrd 0x000064e8 0x1000 + 21736
  5 servermgrd 0x00008c3c 0x1000 + 31804
  6 servermgrd 0x00008270 0x1000 + 29296
  7 servermgrd 0x00007af8 0x1000 + 27384
  8 com.apple.Foundation 0x9295d194 forkThreadForFunction + 108
  9 libSystem.B.dylib 0x9002b508 pthreadbody + 96
  Dual 2GHz PPC / 400GB / 8GB   Mac OS X (10.4.8)  
  Dual 2GHz PPC / 400GB / 8GB   Mac OS X (10.4.8)  
  Dual 2GHz PPC / 400GB / 8GB   Mac OS X (10.4.8)  

  Well, servermgrd is still crashing, 100% of the time, but the crash has "morphed" a bit:
  Thread 5 Crashed:
  0 libcups.2.dylib 0x91b224e4 ippDelete + 36
  1 ...ple.S5Admin.servermgr_print 0x00437994 doidle_zerotasks + 85716
  2 ...ple.S5Admin.servermgr_print 0x004377f0 doidle_zerotasks + 85296
  3 ...ple.S5Admin.servermgr_print 0x00433c14 doidle_zerotasks + 69972
  4 ...ple.S5Admin.servermgr_print 0x0043527c doidle_zerotasks + 75708
  5 ...ple.S5Admin.servermgr_print 0x0042b6dc doidle_zerotasks + 35868
  6 ...ple.S5Admin.servermgr_print 0x0042b664 doidle_zerotasks + 35748
  7 ...ple.S5Admin.servermgr_print 0x00424238 doidle_zerotasks + 6008
  8 ...ple.S5Admin.servermgr_print 0x004290f4 doidle_zerotasks + 26164
  9 ...ple.S5Admin.servermgr_print 0x00428b5c doidle_zerotasks + 24732
  10 ...ple.S5Admin.servermgr_print 0x00428cbc doidle_zerotasks + 25084
  11 ...ple.S5Admin.servermgr_print 0x00421194 getservicestate + 224
  12 ...ple.S5Admin.servermgr_print 0x004205a8 doProcessInput + 204
  13 servermgrd 0x000064e8 0x1000 + 21736
  14 servermgrd 0x0000619c 0x1000 + 20892
  15 com.apple.Foundation 0x92940194 forkThreadForFunction + 108
  16 libSystem.B.dylib 0x9002bc28 pthreadbody + 96
  If anyone has any ideas about what I can do, if there's a file that I might check for corruption, something I might try reinstalling, etc., that would be great.