SMB makes life unbearable for AFP network directory users

Similar Messages

• MySites for non-Active Directory users

  Hi,
  we are planning to provide a collaboration farm for
  internal users (AD)
  external users (external AD, no-trust relationship)
  We plan to authenticate users via Claims/ADFS. The idea is to provide a MySite-Farm. 
  Questions
  Are there any issues with providing MySites to non-AD users?
  Are there any limitations for providing MySites to non-AD users?
  Sven

  Hi,
  According to your post, my understanding is that you wanted to create MySite for non-Active Directory users.
  Yes, it is possible to create them for non-AD users on on-premises SharePoint farms.
  You can use the ADFS authenticate to import the users to the user profile database, then create the MySite.
  If you are trusted the users to access your site or give them appropriate permissions, I don’t think there are some limitations to create MySite for non-AD users.
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• Is the new "messages" app working for your networked home users?

  I'm seeing a very odd issue where the new 10.8 "Messages" app not acting properly for users with a networked home directory.  If logging in on the server, the users' Message app works just fine.  When logging on from a client mounting their home directory over the network, the Messages app can send messages fine, but does not receive messages.  What is odd is that the app does get the signal that the person is responding to an outgoing message showing their avatar and "...", so something is being recieved, but no message ever shows up.
  Anyone else seeing this on client systems?
  Thanks,
  O

  I've got messages server running on Mountain Lion Server (fresh install) and both 10.7.4 and 10.8.0 clients are able to message each other, the 10.7.4 clients are network home users but I was forced to change the 10.8 user to a mobile home account because everytime they opened Mail all there contacts would get deleted.
  Assuming your client are on 10.8 you have probably found another network home bug, consider switching to mobile homes until it is fixed

• How do I re-set the old IPad to make it ready for a brand new user? Is it simply the Restore command in ITunes?

  Purchased an IPad 2 and will be giving my first generation IPad to my wife. What is the easiest way to re-set the old IPad to make it ready for a new user?
  Is it simply the Restore command in ITunes?

  Do a full sync/ back up of the old one first.  Then you can sync the new one to the old backup.  When you are all ready, on the i pad, goto system . General . Reset.  and select erase all content.  Turns the old one into out of the box condition.

• 2 recommendations to make life better for us all!

  Here are a couple suggestions I have based on my iPhone usage:
  1) In order to make it even easier to navigate the pages on the home screen, how about adding the ability to scroll the page number dots at the bottom of the screen similar to the way text is scrolled through (slight magnification as the cursor moves down the line), then on the release the screen would shift the highlighted page.
  2) App Store downloads: for people like me who periodically scroll through the app store on the iPhone and see multiple apps that are wanting to be downloaded, it's somewhat of a pain to have to wait for each app to install itself, and then have to re-open the App Store to download the next desired app. How about the ability to queuing app store purchases in a similar way updates are already handled, and then have them all download at once? This can't be that hard to do since it is already being done with the updated apps. This could also be applied to the iTunes store app.
  Think about it!

  Tell Apple. We are iphone users like you:
  http://www.apple.com/feedback/iphone.html

• Default preferences for every active directory users

  Hi,
  I have been searching for a solution to this for a long time and I hope somebody out there can help because I am sure that it is a common request on corporate networks.
  I am trying to configure a default desktop that provides exactly the same settings for all users that log into the machine for example the dock to be on the left hand side with program icons in a particular order from top to bottom. I would also like to set magnification preferences on the dock bar. Currently when new users log on it defaults back to a default setting e.g dock on the bottom with applications in the wrong order etc. I work with a Windows XP network (save the sighs!!)and it is easy to set this up by logging in as a default user and configuring the start menu and desktop setting etc, which would then apply the same config to all new users on the system.
  I hope I have explained the situation clearly enough!!
  Thanks
  J

  Thanks Joe,
  I recently found an article that worked for me also and didnt require me to use the command window at all. All I had to do was log in as any user, set up the dock bar to be on the left, magnification preference, icon precedence etc. Then once this was completed, all I did was copy the preference folder from the recently configured user cached account on the hard disk and paste it into the user template/english.lproj folder. I then deleted the cached user account when logged on as root and then I logged on again as a 'New' user and whoalla it worked. The dock bar was on the left with the magnification and icon precedence all in the right place.
  Thanks for your help any ways, much appreciated.
  One last thing.....(I wonder if you can help or point me in the right direction?) I have around 52 macs to install on our site and I want to streamline the whole process by cloning the hard disk of one mac to all of them. I need to install several applications including creative suite 2, add it to the active directoy domain and then configure the default desktop as solved previously. Remote desktop 3 has been mentioned as a solution, but can this clone actual hard disks of macs and put them onto clients? or is it a case of manually cloning it to a firewire/ USB 2 hard disk and then doing a clone one by one. We use ghost to image all the pc's by net booting to an image server, would it be something similar I would require e.g. a mac server of some kind or would remote desktop do this for me in automator?
  You help or anybody elses is much appreciated!
  Regards
  J

• Create a timer to make a variable for pause length from user input

  I have an external task that varies in time based on the machine I am using, yet once that value is determined, it will remain the same while on that machine. I need to have an Applescript perform a task based on that time variable. This a repeating loop script that will need user input for the first iteration of the loop. How can I get this time variable to use in the script? I would like it to be something like this.
  --script clicks OK button in the app (this is already scripted)
  --timer started
  --script throws up a dialog instructing user to click OK when hardware specific task is completed (has a cancel option to cancel script as well)
  --when dialog box OK is clicked a time value is determined between the timer started and the dialog OK click
  --time value is now a variable to call for pause between loop cycles, requiring no more user input (except an overall script cancel if needed)
  is this possible?
  PowerBook G4 Titanium 500 Mhz   Mac OS X (10.4.2)  

  Yeah, it's possible. There are probably a couple ways to do it. Here's a quick one that uses a unique hardware ID. Properties persist between runs, reboots, etc. but not compiles.
  click here to open this script in your editor<pre style="font-family: 'Monaco', 'Courier New', Courier, monospace; overflow:auto; color: #222; background: #DDD; padding: 0.2em; font-size: 10px; width:400px">property delay_time : missing value
  property last_mac : missing value
  set test_mac to primary Ethernet address of (system info)
  if test_mac is last_mac and delay_time is not missing value then
  -- performclickhandler()
  delay delay_time
  else
  set start_time to (current date)
  -- performclickhandler()
  display dialog "Click OK to set the timer..."
  set delay_time to (current date) - start_time
  set last_mac to test_mac
  end if
  -- rest of your script
  </pre>

• How can I set a different proxy server for different networks in user.js

  I need to automatically set the proxy configuration depending on the network I am connected to. Can this be done through the user.js?
  Simple logic would be:-
  if IP=10.20.30.0 use proxy A
  if IP=172.18.19.0 use proxy B
  else DIRECT
  Thanks
  Leon

  No, you can't do it that way.<br />
  You could create a set of files user.js and use a bat or cmd file to copy the file with the proxy setting that you want to use to user.js and then start Firefox.
  <pre><nowiki>cd <path to profile folder>
  delete user.js
  copy user-proxy1.js user.js
  start "" "C:\Program Files\Mozilla Firefox\firefox.exe"
  </nowiki></pre>
  You can also use an extension.
  *FoxyProxy: https://addons.mozilla.org/firefox/addon/2464
  *QuickProxy: https://addons.mozilla.org/firefox/addon/1557
  *SwitchProxy: https://addons.mozilla.org/firefox/addon/125

• Can I change the default AFP Network name "My Network" on OS X 10.4 Client?

  I can't find a place to change the text "My Network" that appears in Finder for my small office network. Does anyone have any thoughts or suggestions?

  No, "My Network" is for AFP networks. If you have multiple directory access protocols enabled, like SMB/AppleTalk/AFP, they can all show up under different folders, maybe for the rare instance you have two machines with the same name, broadcasting. For instance, I have SMB with a network name of HIGHLANDS from a machine named connor, the same machine hosts AFP and broadcasts using mDNSResponder as connor. So, in the network pane, two machines with the same name would conflict, so they are put into different folders, "My Network" for AFP and the workgroup named folder for SMB/CIFS.
  Hope this helps and good luck.

• Netboot, diskless clients, and Open Directory users?

  Hi, I've been reading through the System Image pdf & maybe it's me but a couple of things aren't clear.
  I want to set up diskless clients and allow users to log on to their network home folder using their OD login. Is this possible and where would be a good place to start with instructions on setup?
  thanks, Patrick

  Ok, I got it.
  But what if I want the OD user to have some configuration data on the local client?
  Let me explain that a bit better. The configuration I would like for my network and users is as follows: the server works only as an authentication server, I do not want roaming profiles or homes directory on the server; I just want the server to authenticate users when they log in to several client machines amongst the lan.
  For documents sharing, in fact, I much rather prefer using Dropbox, which allows my users to share on a WAN-instead-of-LAN basis.
  But a home local directory is needed for OD users to keep libraries, preferences files and so on.
  Back to the old Windows server (PDC) time, I used the server as a name server authentication only, still the client created a local profile for the user of the server.
  Does OD works this way too or am I missing something?
  Thank you.

• SMB access for Active Directory users

  Hi there,
  My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
  When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
  [2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
  adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
  [2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
  Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
  I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
  My smb.conf file is as follows:
  ; Configuration file for the Samba software suite.
  ; ============================================================================
  ; For the format of this file and comprehensive descriptions of all the
  ; configuration option, please refer to the man page for smb.conf(5).
  ; The following configuration should suit most systems for basic usage and
  ; initial testing. It gives all clients access to their home directories and
  ; allows access to all printers specified in /etc/printcap.
  ; BEGIN required configuration
  ; Parameters inside the required configuration block should not be altered.
  ; They may be changed at any time by upgrades or other automated processes.
  ; Site-specific customizations will only be preserved if they are done
  ; outside this block. If you choose to make customizations, it is your
  ; own responsibility to verify that they work correctly with the supported
  ; configuration tools.
  [global]
  debug pid = yes
  log level = 1
  server string = Mac OS X
  printcap name = cups
  printing = cups
  encrypt passwords = yes
  use spnego = yes
  passdb backend = odsam
  idmap domains = default
  idmap config default: default = yes
  idmap config default: backend = odsam
  idmap alloc backend = odsam
  idmap negative cache time = 5
  map to guest = Bad User
  guest account = nobody
  unix charset = UTF-8-MAC
  display charset = UTF-8-MAC
  dos charset = 437
  vfs objects = darwinacl,darwin_streams
  ; Don't become a master browser unless absolutely necessary.
  os level = 2
  domain master = no
  ; For performance reasons, set the transmit buffer size
  ; to the maximum and enable sendfile support.
  max xmit = 131072
  use sendfile = yes
  ; The darwin_streams module gives us named streams support.
  stream support = yes
  ea support = yes
  ; Enable locking coherency with AFP.
  darwin_streams:brlm = yes
  ; Core files are invariably disabled system-wide, but attempting to
  ; dump core will trigger a crash report, so we still want to try.
  enable core files = yes
  ; Configure usershares for use by the synchronize-shares tool.
  usershare max shares = 1000
  usershare path = /var/samba/shares
  usershare owner only = no
  usershare allow guests = yes
  usershare allow full config = yes
  ; Filter inaccessible shares from the browse list.
  com.apple:filter shares by access = yes
  ; Check in with PAM to enforce SACL access policy.
  obey pam restrictions = yes
  ; Don't be trying to enforce ACLs in userspace.
  acl check permissions = no
  ; Make sure that we resolve unqualified names as NetBIOS before DNS.
  name resolve order = lmhosts wins bcast host
  ; Pull in system-wide preference settings. These are managed by
  ; synchronize-preferences tool.
  include = /var/db/smb.conf
  [printers]
  comment = All Printers
  path = /tmp
  printable = yes
  guest ok = no
  create mode = 0700
  writeable = no
  browseable = no
  ; Site-specific parameters can be added below this comment.
  ; END required configuration.
  Any help would be much appreciated!!
  Thanks.

  I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
  [2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
  setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
  [2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
  adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
  [2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
  Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
  Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
  When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
  Not feeling the Mac OS X love tonight.
  Bill
  System is bound to active directory - green light in Directory Utility

• Auditing for AFP and SMB

  Hello,
  I had post this same question before, but it has been archived. So I bring this back:
  We need to implement Auditing in File Sharing level. H
  Does anyone knows a tool besides the server logs?
  We prefer an opensource one, since Casper costs.
  Regards
  Kostas

  Kostas B wrote:
  Hello,
  I had post this same question before, but it has been archived. So I bring this back:
  We need to implement Auditing in File Sharing level. H
  Does anyone knows a tool besides the server logs?
  We prefer an opensource one, since Casper costs.
  Regards
  Kostas
  The only tools I have seen merely 'analyse' (i.e. don't really) and/or summarise the information in the Apple logs. As the Apple logs are almost completely useless for this purpose they do not help at all.
  For those unaware, the Apple logs for AFP and most other services record activity like this.
  1. User logs in, this is time stamped in the log and lists the user name and the MAC address of the computer logged in from.
  2. User then does activity on the AFP file server, this activity is also time stamped but only lists the MAC address and not the user name. Every single file open command, etc. can be recorded which if your using network home directories results in a vast number of entries.
  The result is that if you want to find who deleted a file, you need to find the log entry listing the file deletion and then laboriously read back through potentially tens of thousands of lines in the log(s) until you find the matching login for that MAC address so you can then determine WHO deleted the file rather than which computer. As these entries can span across more than one actual log file due to the logs being rotated when a size limit is reached this is a nightmare to do.
  In other words, the logs are almost completely useless for auditing.
  I have a law firm also looking for a similar solution.
  The best I can say so far would be to stop using Mac OS X as a file server and switch to something else which offers proper auditing.
  Note: This situation is a result of Apple not addressing the Enterprise market historically - with some justification. It would still be nice to have a solution especially now that Enterprise is taking Apple (a little bit) more seriously.
  PS. To make things worse, I am currently implementing a Mac terminal server, this will have multiple logins running at the same time which will be in turn logging in to a Mac AFP server. As these sessions are all running on the same physical (terminal) server, as far as the AFP server is concerned they will all have the exact same Ethernet MAC address! This will make it literally impossible to tell which user did an operation using Apple's current feeble logging.

• I'm using iphone 4s with ios6, but why can't make facetime over the cellular networks?thanx for the answer

  i'm using iphone 4s with ios6, but why can't make facetime over the cellular networks?thanx for the answer

  Depends on your carrier and data plan.
  With ATT in the US for example, you can FaceTime via ATT's cellular network if you have a shared data plan only.

• I would like to make my phone to use it for any network?

  I recently purchased a new phone and I like to be able to use it for any network.  At the moment is contract.  But I am sure there is something apple team could help me. 

  Hi there if you could ask the apple team I m sure they would be happy to help.
  But I was in the same situation as you are right at the moment. I was on an optus contract and wanted to use other networks. But in my case I couldn't they couldn't help me and I had to wait for the full two years to be over before I could use a different network.
  You could try to ask the apple team this is just a suggestion.

• Stumped on AFP network home directories.

  Heyo,
  Been RTFMs on File Services, User Management and Open Directory. Also looked in www.AFP548.com but didn't find anything helpful.
  We have a mixed environment and windows users aren't having any problem with network domain logins or using smb shares. Mac clients can mount the network shares with afp but network homes are a no go.
  Made the changes needed for the firewall and tried it with the firewall off just to be sure.
  The /Home share is automounted (not using the default /Users).
  Guest access is on in Sharing and AFP.
  Network Mount for /Home is set to Enable network mounting, AFP and User Home Directories.
  SMB Windows Homes are in the same directory and run without problems.
  Directory Access on the Client saw the server and looks ok.
  Only ref. I can find for the login attempt is under Open Directory Password Service Server Log:
  Apr 23 2006 16:42:31 RSAVALIDATE: success.
  Apr 23 2006 16:42:31 USER: {0x00000000000000000000000000000001, netadmin} is the current user.
  Apr 23 2006 16:42:31 AUTH2: {0x00000000000000000000000000000001, netadmin} CRAM-MD5 authentication succeeded.
  Apr 23 2006 16:42:31 QUIT: {0x00000000000000000000000000000001, netadmin} disconnected.
  and OD LDAP log:
  Apr 23 16:42:31 ci slapd[81]: bind: invalid dn (netadmin)\n
  Nothing in the AFP log.
  Any thoughts on what I should try or something obscure I may have missed when setting up MacOS client network home directories with AFP?
  Thanks
  Mitch
  Server: 10.4.6
  Workstations: 10.4.6

  Getting closer.
  Kerberos wasn't running and the ODM wouldn't Kerberize.
  This thread sorted out the issue:
  http://discussions.apple.com/thread.jspa?messageID=2186542&#2186542
  Kerberos is running now but still canna login for mac clients.
  hostname and sso_util info -g both resolve properly.
  but when i run:" slapconfig -kerberize diradmin REALM_NAME "
  all looks good until the command (with the proper substituions)
  "sso_util configure -r REALM_NAME -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 all"
  automatically runs and I get a list of:
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  and "sso_util command fialed with status 2"
  the sso_util command by itself spits out
  Contacting the directory server
  Creating the service list
  Creating the service principals
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  etc...
  even though the login/pass are good
  any thoughts on what i should check or where i should go next?
  Thanks
  Mitch
  iMac G5   Mac OS X (10.4.6)  
  iMac G5   Mac OS X (10.4.6)