Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 27, 2008, 02:55 PM   #1
foidulus
macrumors 6502a
 
Join Date: Jan 2007
OS X Server going to give me my first ulcer

Anyone else as frustrated as I am with the bugfest that is the OS X Server?

My bosses(against my wishes) decided that we were going to use macs for our LDAP implementation instead of Linux boxes. It has been nothing but trouble from the get-go.

The most disappointing aspect is that if it actually worked, it would be a very innovative and great way to do server admin, but the problem is the thing just plain doesn't work. Its constantly beset by problems, and if the GUI even reports an error(which it often won't, it will just go along and say nothing when there are issues) its often an obscure error code that Apple's site doesn't even say much about. I have to give a big presentation on Friday and I am running into every conceivable error, often the best way to fix is just to re-install. I feel like I'm working with a Microsoft product, not the well polished and functional product that I am accustomed to Apple delivering.

They have had known bugs for YEARS in Tiger and still haven't(and probably never will) fix them! Major things like time zones resetting which can cause significant havoc on production systems they don't seem to think is a big deal. I have never had a Linux box randomly reset the time zone back to Cupertino......

Anyone else have nightmarish experiences with Apple's server products?

I am a young software engineer, and as much as I love Apple I can never, EVER recommend that anyone I work for use Apple server products. Apple has clearly shown that they just don't care about it. Linux for the win!

I am a young
foidulus is offline   0 Reply With Quote
Old Jan 27, 2008, 03:01 PM   #2
twoodcc
macrumors P6
 
twoodcc's Avatar
 
Join Date: Feb 2005
Location: Right side of wrong
Send a message via AIM to twoodcc Send a message via MSN to twoodcc
i personally have tried to setup an OS X Server several times, and with almost no success. even messed up my client machines trying to connect to the server!

but i'm still hoping to one day figure it out
__________________
tville
Smarter than the average bear
twoodcc is offline   0 Reply With Quote
Old Feb 4, 2008, 01:24 AM   #3
fall3n
macrumors 6502
 
Join Date: Aug 2006
I have a couple running just fine. What services exactly are your trying to setup? For most issues refer to the logs provided by the service, they do help immensely.
__________________
iMac 24" C2D 2.16Ghz 1G RAM 250HD 7600GT
PB G4 1.5Ghz 1.25G RAM 80HD ATI 9700
Intel P4 2.7ghz 2GB RAM 180HD GeForce 6600GTOC
fall3n is offline   0 Reply With Quote
Old Feb 4, 2008, 02:58 AM   #4
miniConvert
macrumors 68040
 
miniConvert's Avatar
 
Join Date: Mar 2006
Location: Kent, UK - the 'Garden of England'.
Send a message via AIM to miniConvert Send a message via MSN to miniConvert
I run OS X Server (Tiger). It took me a couple of reinstalls, I kept breaking it, and damn it doesn't like having its IP address changed.

However, if you 'think different' and follow Apple's documentation it all 'just works' and after that management is a breeze. http://www.apple.com/server/documentation/
__________________
Where are we? What the hell is going on? --Hide And Seek, Imogen Heap
miniConvert is offline   0 Reply With Quote
Old Feb 4, 2008, 05:45 AM   #5
Zjef
macrumors newbie
 
Join Date: Feb 2008
Personally, I think OS X server is the least 'Mac' product I have ever used.

The issues I came across setting up OD was tremendous. Despite the fact that I spent hours studying the support documents and discussion forums on the Apple site, there was always 1 more thing (issue) around the corner.

At first DNS wasn't working -> solved that one
Then Kereberos wasn't working -> solved that one
Couldn't create network home folders -> solved that one
...
At the current moment, when a client logs in, the home folder isn't accessible working when logging in from a different (client) computer at log in. It is accessible and usable when connecting manually.

Also the interface, is not up to Apple's standards.
For instance when the SMB or any other protocol isn't activated, you still are able to set some settings in the Open Directory pane regarding these protocols. There are at least a dozen other GUI inconsistencies.

As much as a like working with most of Apple's products, this one is a disappointment.
Zjef is offline   0 Reply With Quote
Old Feb 4, 2008, 07:36 AM   #6
Cromulent
macrumors 603
 
Cromulent's Avatar
 
Join Date: Oct 2006
Location: The Land of Hope and Glory
Despite OS X Server having nice GUIs for a lot of things, it still requires a lot of command line administration. I believe it is a well known fact that the GUI has problems. A little foray into Terminal with vi and you should be able to sort out most of your problems.
__________________
Neural Advance - Mac OS X, UNIX and Windows Development
Last.fm Profile | Extreme Metal Reviews
MP 4x 2.66Ghz Xeons / 6GB RAM / 640GB + 500GB + 750GB + 1TB HDDs / ATI Radeon 4870 / iPad 3
Cromulent is offline   0 Reply With Quote
Old Feb 4, 2008, 07:54 AM   #7
Zjef
macrumors newbie
 
Join Date: Feb 2008
Ok, I can agree that using the command line is the way to go (a bridge to far for me).

But isn't the point of Apple's advertising that the solution they have come up with is that rock solid that you don't need to use the command line at all? And to elaborate, they even promote the standard and workgroup setup which is even worse then the advanced one.

Anyway, anyone who would like to help me out, I'm willing to document everything I have so far in detail. Just give me a sign.
Zjef is offline   0 Reply With Quote
Old Feb 4, 2008, 08:33 AM   #8
miniConvert
macrumors 68040
 
miniConvert's Avatar
 
Join Date: Mar 2006
Location: Kent, UK - the 'Garden of England'.
Send a message via AIM to miniConvert Send a message via MSN to miniConvert
I use it for OD/LDAP, too.

I never actually sorted out the DNS stuff, as thankfully it's all working fine regardless (despite some errors in the logs about it). Your home folder issue sounds interesting! I wouldn't really know where to start, most of my initial issues happened due to my IP changing as we moved between several ISPs.

It's working really well now, though!
__________________
Where are we? What the hell is going on? --Hide And Seek, Imogen Heap

Last edited by miniConvert; Feb 4, 2008 at 08:39 AM.
miniConvert is offline   0 Reply With Quote
Old Feb 4, 2008, 08:42 AM   #9
budward
macrumors member
 
Join Date: Mar 2006
Wow, no kidding..

Quote:
I feel like I'm working with a Microsoft product
No kidding. I have had this same feeling. OSX Server (Leopard) Is not production ready. Stick with linux or Freebsd.

I don't have the time to tell you all the issues we have had with OSX Server Tiger/Leopard.

Problems right now..

Major:
Date/Time Bug, 1 minute = 55 seconds (is accumulative)
Server Admin is not usable, start it and painfully slow.

I prefer never to use anything apple makes in the server environment, just not worth it since they can care less about their business class customers.
budward is offline   0 Reply With Quote
Old Feb 4, 2008, 10:56 AM   #10
blinkylight
macrumors newbie
 
Join Date: Feb 2008
Location: MA, USA
Quote:
Originally Posted by miniConvert View Post
I use it for OD/LDAP, too.

I never actually sorted out the DNS stuff, as thankfully it's all working fine regardless (despite some errors in the logs about it). Your home folder issue sounds interesting! I wouldn't really know where to start, most of my initial issues happened due to my IP changing as we moved between several ISPs.

It's working really well now, though!
If you don't sort out the DNS stuff, there are many things that just won't work when you want them to. You should try to get the forward & reverse DNS working, then also you can turn on Open Directory and your Kerberos won't report that it's not working.

Unfortunately, in 10.4 it's a major pain to get the name services working right unless you like the command line and reading error logs. 10.5 does try to make this more straightforward with some reasonable feedback though.
blinkylight is offline   0 Reply With Quote
Old Feb 4, 2008, 11:34 AM   #11
0racle
macrumors regular
 
Join Date: Jun 2007
Location: North Carolina
Send a message via ICQ to 0racle
Quote:
Originally Posted by budward View Post
Major:
Date/Time Bug, 1 minute = 55 seconds (is accumulative)
NTP. Really, servers and clients should not be left to manage time on their own.

I've never had a problem with Server Admin, so I can't even suggest anything.
0racle is offline   0 Reply With Quote
Old Feb 4, 2008, 11:40 AM   #12
foidulus
Thread Starter
macrumors 6502a
 
Join Date: Jan 2007
Quote:
Originally Posted by Cromulent View Post
Despite OS X Server having nice GUIs for a lot of things, it still requires a lot of command line administration. I believe it is a well known fact that the GUI has problems. A little foray into Terminal with vi and you should be able to sort out most of your problems.
The biggest problem with the GUI imo is that it doesn't usually tell you when it fails to do something, or if it does, the error is relatively meaningless. I think that poor error messages are a huge problem across the industry, but Apple's server takes the cake. You can be setting one up, thinking everything is fine because the GUI tells you everything is fine, then when you try to actually do something it fails and you have to backtrack over everything you did to try to find what went wrong. And it seems at least in my experience, if you mess up step 2, then go to step 12, you have to start all over again.

I have nothing against the command line, in fact I like it better, but echoing another persons sentiment: why would I use OS X Server if I am going to do everything on the command line anyway? I can do that in Linux, and frankly the support environment, both free and commercial is much better with Linux than OS X.

If the GUI actually worked, it would be a revolutionary step in server management. Theoretically its the perfect system, you can take out of the box and be running a fully kerberized and encrypted Open Directory system in a few hours tops, but the thing just doesn't work and becomes an exercise in frustration.
foidulus is offline   0 Reply With Quote
Old Feb 4, 2008, 01:45 PM   #13
Evangelion
macrumors 68040
 
Join Date: Jan 2005
Quote:
Originally Posted by 0racle View Post
NTP. Really, servers and clients should not be left to manage time on their own.
One could say that NTP merely fixes the symptom (wrong time), not the cause. While NTP is a Good Thing, the server should IMO be able to manage the time on their own. What if you want to use the server as a master NTP-server?
__________________
"One way or another, you're gone"
Tea Party protester to Gaby Giffords
Evangelion is offline   0 Reply With Quote
Old Feb 4, 2008, 01:46 PM   #14
Eidorian
macrumors Penryn
 
Eidorian's Avatar
 
Join Date: Mar 2005
Location: Cuidad de México
Send a message via AIM to Eidorian
Quote:
Originally Posted by Evangelion View Post
One could say that NTP merely fixes the symptom (wrong time), not the cause. While NTP is a Good Thing, the server should IMO be able to manage the time on their own. What if you want to use the server as a master NTP-server?
I believe our time server gets its date/time from other time servers.

timehost.math.purdue.edu
__________________
Core i5 750 / 16 GB RAM / 500 GB SSD / HD 7950 / Windows 8.1
13" Retina MacBook Pro
Eidorian is offline   0 Reply With Quote
Old Feb 4, 2008, 02:51 PM   #15
0racle
macrumors regular
 
Join Date: Jun 2007
Location: North Carolina
Send a message via ICQ to 0racle
Quote:
Originally Posted by Evangelion View Post
One could say that NTP merely fixes the symptom (wrong time), not the cause. While NTP is a Good Thing, the server should IMO be able to manage the time on their own. What if you want to use the server as a master NTP-server?
Because of the way the real world unfortunatly works, now 2 servers will ever have the same time left on their own. This makes things like coordinating log file events and Kerberos either difficult or outright fail if the difference becomes too large.

A NTP client can also be a NTP server, this is how NTP works.

Quote:
Originally Posted by Eidorian View Post
I believe our time server gets its date/time from other time servers.

timehost.math.purdue.edu
Exactly.

We have a Active Directory domain here, as well as Linux servers, a OS X Server and OS X Clients. Since the Domain Controller is going to be the master time source for all the Windows machines, we use it as the time source for everything. To keep its time correct, it syncs up to a stratum 2 NTP time server.
0racle is offline   0 Reply With Quote
Old Feb 4, 2008, 02:56 PM   #16
ChrisA
macrumors G4
 
Join Date: Jan 2006
Location: Redondo Beach, California
Quote:
Originally Posted by Evangelion View Post
...What if you want to use the server as a master NTP-server?
The purpose of NTP is to keep time synchronized between two systems. NTP servers know nothing about the real "true" time. They only know how to sync to something else. Not even the level zero servers know. So if you did want to set up a master server (I assume you meant "level zero server") you would still need a source of time. Most people today use a GPS receiver for that purpose.
ChrisA is offline   0 Reply With Quote
Old Feb 4, 2008, 03:00 PM   #17
ChrisA
macrumors G4
 
Join Date: Jan 2006
Location: Redondo Beach, California
Quote:
Originally Posted by foidulus View Post

My bosses(against my wishes) decided that we were going to use macs for our LDAP implementation instead of Linux boxes. It has been nothing but trouble from the get-go.
Can't you just download the OpenLDAP sources and pretend you are using Linux?
This way both yo and your boss are happy. You get to use the same software as you would have under Linux and it's running on a Mac.
ChrisA is offline   0 Reply With Quote
Old Feb 4, 2008, 03:20 PM   #18
xparaparafreakx
macrumors 65816
 
Join Date: Jul 2005
Send a message via AIM to xparaparafreakx Send a message via MSN to xparaparafreakx Send a message via Yahoo to xparaparafreakx Send a message via Skype™ to xparaparafreakx
Been using OS X Server with LDAP and OD. Took me a while to learn it but being young, I follow the manual ideal situation for K-12 and it worked.
xparaparafreakx is offline   0 Reply With Quote
Old Feb 4, 2008, 03:30 PM   #19
Skaffen
macrumors newbie
 
Join Date: Feb 2008
Quote:
Originally Posted by budward View Post
Major:
Date/Time Bug, 1 minute = 55 seconds (is accumulative)
Server Admin is not usable, start it and painfully slow.
That Date/Time issue affects a very limited number of Macs (the new Penryn Macs) and there is a (relatively) trivial workaround for that problem until 10.5.2 comes out - use NTP. Not had a problem with Server Admin under 10.5 and 10.5.1 so can't comment on that really.
Skaffen is offline   0 Reply With Quote
Old Feb 4, 2008, 03:36 PM   #20
Skaffen
macrumors newbie
 
Join Date: Feb 2008
Quote:
Originally Posted by foidulus View Post
The biggest problem with the GUI imo is that it doesn't usually tell you when it fails to do something, or if it does, the error is relatively meaningless.
What particularly meaningless error messages are you getting? Most are either list online or in the appropriate documentation/man pages. DirectoryService has a lot of fairly scary looking error codes but a man DirectoryService will give you a lot of info about them.

Quote:
Originally Posted by foidulus View Post
If the GUI actually worked, it would be a revolutionary step in server management. Theoretically its the perfect system, you can take out of the box and be running a fully kerberized and encrypted Open Directory system in a few hours tops, but the thing just doesn't work and becomes an exercise in frustration.
I've set up an awful lot of servers and so far this year 8 or so Leopard servers. There are a few bugs with Leopard server at the moment, but they actually mostly seem fairly minor (there's an irritating SMB ACL issue) and there are fixes due. Open Directory has always been absolutely rock solid for me as long as you follow Apple's guidelines closely. You need forward and reverse DNS names before you touch OD, and you need to make sure that hostname in the Terminal is matching your DNS entries. Any IP or hostname changes are better changed using changeip etc. There's quite a few requirements but as long as you follow through the steps carefully then OD will pop up with Kerberos running away nicely in under 10 minutes.
Skaffen is offline   0 Reply With Quote
Old Feb 6, 2008, 09:26 AM   #21
Evangelion
macrumors 68040
 
Join Date: Jan 2005
Quote:
Originally Posted by Eidorian View Post
I believe our time server gets its date/time from other time servers.

timehost.math.purdue.edu
What if timehost.math.purdue.edu ran OS X? Could we trust it? THAT is my point! The argument presented here is that "the server can freely think that 1 minute is 55 seconds long, since we use NTP for timekeeping"... Am I the only one who thinks that that is a HUGE problem that is being "fixed" by relying on NTP? It's like "fixing" security-holes in Windows by running antivirus.

This isn't rocket-science people. A server should be able to keep track of time on it's own. Yes, it makes sense to use NTP when needed, but it still doesn't mean that the server itself should think that 1 minute consists of 55 seconds.
__________________
"One way or another, you're gone"
Tea Party protester to Gaby Giffords
Evangelion is offline   0 Reply With Quote
Old Feb 6, 2008, 10:05 AM   #22
Eidorian
macrumors Penryn
 
Eidorian's Avatar
 
Join Date: Mar 2005
Location: Cuidad de México
Send a message via AIM to Eidorian
Quote:
Originally Posted by Evangelion View Post
What if timehost.math.purdue.edu ran OS X? Could we trust it? THAT is my point! The argument presented here is that "the server can freely think that 1 minute is 55 seconds long, since we use NTP for timekeeping"... Am I the only one who thinks that that is a HUGE problem that is being "fixed" by relying on NTP? It's like "fixing" security-holes in Windows by running antivirus.

This isn't rocket-science people. A server should be able to keep track of time on it's own. Yes, it makes sense to use NTP when needed, but it still doesn't mean that the server itself should think that 1 minute consists of 55 seconds.
All hardware clocks are going to have some drift from the "true" time. Barring some bizarre lack of connectivity you're going to get permission to use higher level NTP servers to get the time from them. Your server is going to calculate the time at your location using the time it obtained and factoring in network latencies. After that your clients would use NTP to get their time from your server.

http://en.wikipedia.org/wiki/Network...l#Clock_strata

It's only for synchronizing your clocks as it is.
__________________
Core i5 750 / 16 GB RAM / 500 GB SSD / HD 7950 / Windows 8.1
13" Retina MacBook Pro
Eidorian is offline   0 Reply With Quote
Old Feb 11, 2008, 02:15 PM   #23
foidulus
Thread Starter
macrumors 6502a
 
Join Date: Jan 2007
Quote:
Originally Posted by Skaffen View Post
What particularly meaningless error messages are you getting? Most are either list online or in the appropriate documentation/man pages. DirectoryService has a lot of fairly scary looking error codes but a man DirectoryService will give you a lot of info about them.



I've set up an awful lot of servers and so far this year 8 or so Leopard servers. There are a few bugs with Leopard server at the moment, but they actually mostly seem fairly minor (there's an irritating SMB ACL issue) and there are fixes due. Open Directory has always been absolutely rock solid for me as long as you follow Apple's guidelines closely. You need forward and reverse DNS names before you touch OD, and you need to make sure that hostname in the Terminal is matching your DNS entries. Any IP or hostname changes are better changed using changeip etc. There's quite a few requirements but as long as you follow through the steps carefully then OD will pop up with Kerberos running away nicely in under 10 minutes.
For one, I am trying to enforce account lockout after 3 failed attempts. I click the button on the passwords policy setting pane in Server Admin, and then click "save", the wheel spins and it saves, and of course unchecks the selection I JUST made without even the slightest hint that something went wrong.....not the behavior I expect from an Apple product.
foidulus is offline   0 Reply With Quote
Old Feb 11, 2008, 03:08 PM   #24
twoodcc
macrumors P6
 
twoodcc's Avatar
 
Join Date: Feb 2005
Location: Right side of wrong
Send a message via AIM to twoodcc Send a message via MSN to twoodcc
yeah, i think i've given up again for a little while. i might try to configure the server how i want it later, as in 10.5.2
__________________
tville
Smarter than the average bear
twoodcc is offline   0 Reply With Quote
Old Feb 11, 2008, 03:39 PM   #25
Eidorian
macrumors Penryn
 
Eidorian's Avatar
 
Join Date: Mar 2005
Location: Cuidad de México
Send a message via AIM to Eidorian
Going to need to work on my LDAP schema to get web services working...joy.
__________________
Core i5 750 / 16 GB RAM / 500 GB SSD / HD 7950 / Windows 8.1
13" Retina MacBook Pro
Eidorian is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Mac Mail 7: Does it work on Mavericks server w/Home folders on server? kk05629 Mac Applications and Mac App Store 2 Dec 10, 2013 03:24 PM
Anyone upgrade from Snow Leopard Server to Mountain Lion + Server.app? talmy Mac OS X Server, Xserve, and Networking 13 Jul 14, 2013 11:22 AM
Using MBA as a server (10.8 Server - not a music server) percival504 MacBook Air 1 Aug 16, 2012 01:44 AM
Mac os x Lion Server Web+Dns server setup Help Needed Newbie David Hurd Mac OS X Server, Xserve, and Networking 3 Jun 4, 2012 03:54 AM

Forum Jump

All times are GMT -5. The time now is 05:38 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC