PDA

View Full Version : The following computers running Mac OS X server have been found




c123b456
Apr 18, 2011, 11:03 AM
na



lythium
Apr 18, 2011, 02:07 PM
Hello,

I have set up a 10.6 server on my companies network and all is working perfectly apart from when we start up a brand new computer and connect it to our network, we are prompted with the dialog "The following computer running Mac OS X Server have been found. You can set up this computer to use services from a Mac OS X Server on your network."

Is there any way i can change a setting on the server to stop this window appearing during the initial computer set up?

I know i can leave everything black and press continue but this is a step that is not in our setup documentation and i do not want to rewrite this

Thanks

If you don't want to run any services on your server, you shouldn't have bought a server.

c123b456
Apr 18, 2011, 02:19 PM
na

Krevnik
Apr 18, 2011, 02:45 PM
It is because it has OpenDirectory setup. I'm not sure exactly how to turn off this specific feature though.

Is the server actually providing login services to other machines (other servers) to provide single sign-on capability?

c123b456
Apr 18, 2011, 02:55 PM
na

Krevnik
Apr 18, 2011, 03:00 PM
It is not providing services to other servers but it is providing our clients with network logins. I guess this is a downside of making things too user friendly.

The two workarounds are not to enter anything and press continue or at the pervious set up window choose that the computer does not connect to the internet but as i stated in the original post these two things would alter (only a little but enough) how we initially set up our machines to be an issue

Are these network logins used for anything other than this server? If so, you don't need to be setup as an Open Directory master. It's not clear by your answer which seems to say you do and you don't.

c123b456
Apr 18, 2011, 03:06 PM
na

Krevnik
Apr 18, 2011, 04:00 PM
The only reason this unit was made a directory master was so it could provide network user accounts.

But what does this mean? Does it mean "I can sign into a variety of machines with the same login/password"? Or does it mean "I can sign into the server"? That is the key difference here.

And if I want to support logging into a network account on any work machine... then you need Open Directory, and you have to join the work machine to the directory (which it is trying to do).

So can you at least rephrase what you are doing with different terms rather than repeating yourself verbatim so I can glean some better context on what you mean by 'network account'? It's a very vague term used differently in different organizations/teams/etc.

c123b456
Apr 18, 2011, 04:07 PM
na

Krevnik
Apr 18, 2011, 04:34 PM
Hmm, and in actuality, I think this problem occurs when you use Stand Alone as well (for specific services like Time Machine).

One of the simplest options would be to configure things such that your servers and workstations are on different subnets, but are still routable to each other. This will erect a wall between the two where normal IP traffic can reach, but not UDP multicast.

Another option is to cripple Bonjour on the server so that it can't advertise any services, but that's probably gonna be painful to maintain and manage.

A third option is to find out if the launchd config files include information about being exposed via Bonjour (they might by having launchd cause the broadcast of the http service, for example). Edit them to not register the service on the network. You will likely need Bonjour Browser and some patience for this one to work, and you'll need to remember what you did in case an OS update undoes it for whatever reason.

EDIT: And it might not be terrible to setup the machines this way, if it lets you use a network account for your admin account. That would simplify your administration a bit by being able to create a "Workstation Admin" account in the directory and make it admin on all the boxes when you bind on install. Just a thought.

c123b456
Apr 18, 2011, 04:42 PM
na

Krevnik
Apr 18, 2011, 05:09 PM
Playing with the subnets did cross my mind but i wasn't sure if this would then cause the netboot service to become useable (at least for some of the machines)


Possible, depends on who is doing the DHCP for your network. (Or does it?)

AFAIK, NetBoot uses BootP, not Bonjour. So it is more based on who can respond to the lower-level BootP/DHCP request.

c123b456
Apr 18, 2011, 05:17 PM
na

jerry333
Apr 18, 2011, 06:29 PM
The easiest way would be to start the OS X Server firewall and block the unwanted port. It's easy to use and maintain. In addition, the firewall will allow you to block by subnet so that should you want to have some computers connect and not others, it's not difficult to do.

Les Kern
Apr 18, 2011, 07:34 PM
Sounds like a lot of work for one window popping up. Just click "no"?
Anyway, set one machine up perfectly and clone them right out of the box.
Just a thought.

c123b456
Apr 19, 2011, 04:32 AM
na

steve123
Apr 19, 2011, 09:40 AM
If you are using Server Preferences I don't think you can control this message? I believe you can turn this message off in server admin though.