OS X Server HELP me b4 i go bald!
Anyone here can help me out with configuration of OS X Server?
Specifically
#1
Our Xserve is set up to be PDC (Primary Domain Controller) for Windows users, when win user authenticates to the domain (open directory) all is well and working, users have their home folders, and all that...
People can browse ONLY their own home folders.
BUT
When windows user authenticates locally to his/hers computer, then goes on to browse network, they can do whatever they want with home folders on XServe. All permissions are ignored. All i can say is one big WTF, i mean really WTF ?!
#2
People using OS X can have their accounts set-up as "mobile", which means their home folders are located on their local machine, and synced with a copy on the server, so they can login when disconnected from a network.
Here's the question (and i guess it's more windows question than OS X, but hey maybe someone here knows...)
How do i set-up mobile windows users with Xserve as PDC, they can't login to the domain when disconnected from the network. I can set them up not to use the domain and just authenticate locally, but then what's the point of having a domain with single sing-on etc...
And since i'm writing this, here's how apple cares about their enterprise customers:
We have purchased our Xserve from repo company, previous owner purchased OS X maintenance license for that machine (it gives you free OS updates for the period of 3 years for $1500 CAD, flat rate), they never registered it. When i called apple to register that i was being bounced back and fourth between different departments for almost a week. (!!!) Finally a really helpful person in their "enterprise something" department helped me out by talking to various people within apple for me, unfortunately it turns out IT CAN'T BE REGISTERED by anyone else but original owner.
WTF ?!?!?!, They got their $$$ for it, yet to refuse to register it. Why?
So here i am i got my OS X Server unlimited clients 10.2, and thinking... OK fvck 'em, i'll just bite the bullet and purchase the upgrade to 10.3 and get it done. You know what THERE'S NO F**** UPGRADE for unlimited clients version, you can upgrade from 10 clients 10.2 to unlimited 10.3, but you cant go from unlimited 10.2 to unlimited 10.3!!! My next idea was to purchase that F**** maintenance plan AGAIN so i can get my current OS and at least i will have less to worry about for the next 3 years, gues what... to purchase that you have to be current on your OS version !!!! So basically i have to purchase FULL OS X unlimited clients ($1600) AND on top of that maintenance (another $1500), or i will be forced to spend another $1600 when 10.4 comes out.
Thank You very much apple.
Yesterday i called them about that PDC/permission problems i have, and all i got was:
- PDC, we can't help you with that, it's windows.
- Yes, but uhm isn't it part of OS X ?\\
- Yes, but we can't help you, post your problems on our boards and maybe someone will help you out.
- Is there any way i can get in touch with someone at apple who works with that?
- Yes you can buy support per incident
- Great, how much would it be?
- $600
- ?!?!?!?!?!?!?!?!?!?!
- $600
- Any other options?
- Yes, there are 3 support levels for Xserve, blah blah blah... from $1500 to something like $20,000 /year
- Thank you, bye
WTF ?!?!
And so happens we're buying some stuff from IBM, not that much really, we've got couple of their iSeries servers, and bunch of desktops, but these were purchased over the last few years, so really no big $$, yet they always call me asking if i need anything, or if there's anything they can help me with.
I called them couple of times for software related support and they have always helped me out. Actually i just got a phone call from these guys yesterday, and here's the e-mail which followed: (names and # changed):
Przemek, thank you for taking time out of your busy schedule to speak with
Kellie and myself today. We look forward to working with you and the Tayco
team this year. As per our discussion I have included both Kellie's and my
contact info, please do not hesitate to contact either one of us if we can
be of any assistance.
Kellie Someone
Intel Solutions Sales Specialist
IBM Canada Ltd.
105 Moatfield Rd.
Toronto, Ont
Tel: 416-555-5555
Cel: 647-555-5555
Fax: 416-555-5555
Sincerely
Peter Someone
Business Development
IBM Canada Ltd.
Phone#(555) 555-5555
Toll Free 555-555-5555 x55555
Fax 555-555-5555
[email protected]
APPLE, you're trying to get into the enterprise? WATCH AND F**** LEARN!!!!!
...needed to vent, sorry...
so frustrating.!!!!
Specifically
#1
Our Xserve is set up to be PDC (Primary Domain Controller) for Windows users, when win user authenticates to the domain (open directory) all is well and working, users have their home folders, and all that...
People can browse ONLY their own home folders.
BUT
When windows user authenticates locally to his/hers computer, then goes on to browse network, they can do whatever they want with home folders on XServe. All permissions are ignored. All i can say is one big WTF, i mean really WTF ?!
#2
People using OS X can have their accounts set-up as "mobile", which means their home folders are located on their local machine, and synced with a copy on the server, so they can login when disconnected from a network.
Here's the question (and i guess it's more windows question than OS X, but hey maybe someone here knows...)
How do i set-up mobile windows users with Xserve as PDC, they can't login to the domain when disconnected from the network. I can set them up not to use the domain and just authenticate locally, but then what's the point of having a domain with single sing-on etc...
And since i'm writing this, here's how apple cares about their enterprise customers:
We have purchased our Xserve from repo company, previous owner purchased OS X maintenance license for that machine (it gives you free OS updates for the period of 3 years for $1500 CAD, flat rate), they never registered it. When i called apple to register that i was being bounced back and fourth between different departments for almost a week. (!!!) Finally a really helpful person in their "enterprise something" department helped me out by talking to various people within apple for me, unfortunately it turns out IT CAN'T BE REGISTERED by anyone else but original owner.
WTF ?!?!?!, They got their $$$ for it, yet to refuse to register it. Why?
So here i am i got my OS X Server unlimited clients 10.2, and thinking... OK fvck 'em, i'll just bite the bullet and purchase the upgrade to 10.3 and get it done. You know what THERE'S NO F**** UPGRADE for unlimited clients version, you can upgrade from 10 clients 10.2 to unlimited 10.3, but you cant go from unlimited 10.2 to unlimited 10.3!!! My next idea was to purchase that F**** maintenance plan AGAIN so i can get my current OS and at least i will have less to worry about for the next 3 years, gues what... to purchase that you have to be current on your OS version !!!! So basically i have to purchase FULL OS X unlimited clients ($1600) AND on top of that maintenance (another $1500), or i will be forced to spend another $1600 when 10.4 comes out.
Thank You very much apple.
Yesterday i called them about that PDC/permission problems i have, and all i got was:
- PDC, we can't help you with that, it's windows.
- Yes, but uhm isn't it part of OS X ?\\
- Yes, but we can't help you, post your problems on our boards and maybe someone will help you out.
- Is there any way i can get in touch with someone at apple who works with that?
- Yes you can buy support per incident
- Great, how much would it be?
- $600
- ?!?!?!?!?!?!?!?!?!?!
- $600
- Any other options?
- Yes, there are 3 support levels for Xserve, blah blah blah... from $1500 to something like $20,000 /year
- Thank you, bye
WTF ?!?!
And so happens we're buying some stuff from IBM, not that much really, we've got couple of their iSeries servers, and bunch of desktops, but these were purchased over the last few years, so really no big $$, yet they always call me asking if i need anything, or if there's anything they can help me with.
I called them couple of times for software related support and they have always helped me out. Actually i just got a phone call from these guys yesterday, and here's the e-mail which followed: (names and # changed):
Przemek, thank you for taking time out of your busy schedule to speak with
Kellie and myself today. We look forward to working with you and the Tayco
team this year. As per our discussion I have included both Kellie's and my
contact info, please do not hesitate to contact either one of us if we can
be of any assistance.
Kellie Someone
Intel Solutions Sales Specialist
IBM Canada Ltd.
105 Moatfield Rd.
Toronto, Ont
Tel: 416-555-5555
Cel: 647-555-5555
Fax: 416-555-5555
Sincerely
Peter Someone
Business Development
IBM Canada Ltd.
Phone#(555) 555-5555
Toll Free 555-555-5555 x55555
Fax 555-555-5555
[email protected]
APPLE, you're trying to get into the enterprise? WATCH AND F**** LEARN!!!!!
...needed to vent, sorry...
so frustrating.!!!!
Comments
#2 - My MS Laptop Users have to enter username password and domain to login. They need to choose the domain (PDC or local) depending whether they are on our network or not. Some MS users always login as local and authenticate again the domain when connecting to e-mail and servers.
Sorry I can't be of more help.
Dobby.
Originally posted by dobby
#1 - Isn't this a trusted domain issue. I thought there was a setting telling the server not to share to trusted domains (or was it on the SMB share?).
#2 - My MS Laptop Users have to enter username password and domain to login. They need to choose the domain (PDC or local) depending whether they are on our network or not. Some MS users always login as local and authenticate again the domain when connecting to e-mail and servers.
Sorry I can't be of more help.
Dobby.
Thanks Dobby,
#1 i have tried pretty much everything, still no luck..
#2, When your users authenticate to the domain, which home folder are they using? server-based, or did you change it to be local, by specifying this in their profiles?
If they are using local home folders when not logged in to the domain, and server-based homes when they are logged in, aren't they bug you all the time with questions like: "Oh what happened to my files, i was working at home on this really important yadda yadda yadda... and now it's gone" ?
Thanks.
For our laptop users we only have local home folders. We have 3 folders on the laptops called 'To do' , 'Work in Progess' and 'To file'. The users know that they need to copy new files to the 'To do' folder, move them to the 'WIP' when being worked on and put into 'To File' to be moved back to the server which they have to file manually.
Its certainly not elegant but it is simple and the onus is on the user to use it correctly.
I used to auto sync the files with a perl script but I got burnt after some twat started updating the server based files and my script updated the wrong way losing days of work. Now its the users who control their own file destiny.
Dobby.