Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The following computers running Mac OS X server have been found
- Thread starter c123b456
- Start date
- Sort by reaction score
If you don't want to run any services on your server, you shouldn't have bought a server.
Are these network logins used for anything other than this server? If so, you don't need to be setup as an Open Directory master. It's not clear by your answer which seems to say you do and you don't.
But what does this mean? Does it mean "I can sign into a variety of machines with the same login/password"? Or does it mean "I can sign into the server"? That is the key difference here.
And if I want to support logging into a network account on any work machine... then you need Open Directory, and you have to join the work machine to the directory (which it is trying to do).
So can you at least rephrase what you are doing with different terms rather than repeating yourself verbatim so I can glean some better context on what you mean by 'network account'? It's a very vague term used differently in different organizations/teams/etc.
Hmm, and in actuality, I think this problem occurs when you use Stand Alone as well (for specific services like Time Machine).
One of the simplest options would be to configure things such that your servers and workstations are on different subnets, but are still routable to each other. This will erect a wall between the two where normal IP traffic can reach, but not UDP multicast.
Another option is to cripple Bonjour on the server so that it can't advertise any services, but that's probably gonna be painful to maintain and manage.
A third option is to find out if the launchd config files include information about being exposed via Bonjour (they might by having launchd cause the broadcast of the http service, for example). Edit them to not register the service on the network. You will likely need Bonjour Browser and some patience for this one to work, and you'll need to remember what you did in case an OS update undoes it for whatever reason.
EDIT: And it might not be terrible to setup the machines this way, if it lets you use a network account for your admin account. That would simplify your administration a bit by being able to create a "Workstation Admin" account in the directory and make it admin on all the boxes when you bind on install. Just a thought.
One of the simplest options would be to configure things such that your servers and workstations are on different subnets, but are still routable to each other. This will erect a wall between the two where normal IP traffic can reach, but not UDP multicast.
Another option is to cripple Bonjour on the server so that it can't advertise any services, but that's probably gonna be painful to maintain and manage.
A third option is to find out if the launchd config files include information about being exposed via Bonjour (they might by having launchd cause the broadcast of the http service, for example). Edit them to not register the service on the network. You will likely need Bonjour Browser and some patience for this one to work, and you'll need to remember what you did in case an OS update undoes it for whatever reason.
EDIT: And it might not be terrible to setup the machines this way, if it lets you use a network account for your admin account. That would simplify your administration a bit by being able to create a "Workstation Admin" account in the directory and make it admin on all the boxes when you bind on install. Just a thought.
Possible, depends on who is doing the DHCP for your network. (Or does it?)
AFAIK, NetBoot uses BootP, not Bonjour. So it is more based on who can respond to the lower-level BootP/DHCP request.
The easiest way would be to start the OS X Server firewall and block the unwanted port. It's easy to use and maintain. In addition, the firewall will allow you to block by subnet so that should you want to have some computers connect and not others, it's not difficult to do.
