Mac mini server 2010, windows client's, file sharing and VPN

Discussion in 'Mac OS X Server, Xserve, and Networking' started by joecool99, Aug 3, 2010.

  1. macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #1
    Basic network:
    INTERNET -> cable modem -> WIFI / Ethernet router

    Mini server connected via Giga-ethernet.

    4 PC laptops and 3 desktops (all windows vista or windows 7) via N-wifi network.

    all i really need is a file sharing service to able to access specified folders/files according to each PC station and have them auto-mounted.

    the 7 users, i want all of them to be able to see other user's folders as READ ONLY. only their own folder with full rights.

    how do i set this up on the apple mini server and the respective PC clients ?
    any issues i need to be aware with MAC server + windows client's combo ?

    what would the best tool for remote admin of the server from windows laptop ?
     
  2. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #2
    Frankly, if that's all you want you would have been better served by a Linux or Windows server box. As it is, you will need to go through the normal Snow Leopard Server configuration, assigning a static IP and ensuring DNS is working properly. Then when you configure shares you need to enable SMB. As far as the automounting is concerned, you will need to consult the documentation unless someone else chimes in. To access remotely you will need to use a VNC client as the remote admin tools require OS X.

    Your title also mentions VPN. It's easy to set up but I don't know what Windows client works with it. I do tunneling over SSH to access remotely from a PC.
     
  3. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #3
    i like the mini for it's compactness. i know Linux would have worked too.

    about the VPN, it's mainly to access it from home for occasional diagnostics.
    the server will be on the LAN, it won't be sitting on the internet line. it's behind the router:

    comcast cable -> modem -> wifi / ethernet router | -> WIFI client PC's
    | -> ethernet mini server

    how do i tunnel from home - also inside LAN to that at work ?
     
  4. macrumors member

    Joined:
    Oct 20, 2008
    #4
    The easiest is to use something like "teamviewer" or "logmein".

    If you want to use a "real" VPN, then you need to configure port forwarding on your router. I assume/guess that what you call "cable modem" is in fact a router and your "WIFI / Ethernet router" is actually a switch. Switches don't require to be configured for your VPN.
     
  5. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #5
    To do the tunneling, I suggest Googling "VNC over SSH". The topic is a bit too big for a post.
     
  6. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #6
    standalone SMB fileserver for Windows 7

    can anyone advise how to setup properly SMB file-sharing for small network with 8 Windows 7 computers ?

    i'm watching LYNDA essential training. lot of it males sense, BUT the very first step - setting up DNS doesn't fir my understanding for file server on a local network.

    the mac mini 2010 server will be behind router - it won't be directly on internet line. also, i don't want to host WEB or MAIL services. just simple file server with simple folder sharing and permissions by different groups of people accessing files.

    why would i need to setup DNS then ?

    screen shot from LYNDA training:

    [​IMG]

    see the example: server.private ?

    is that what i need to use if i need just LAN file server functionality ?

    Is only SMB sharing service compatible with Windows 7 ? Or can i use NFS or other ? Benefits or differences ?
    Please advise.
     
  7. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #7
    access mac mine server remotely after reboot

    strange, when i reboot the server, disconnect monitor, keyboard and mouse i cannot access it remotely ?

    is that normal ? so after every reboot/update i need to run up to it and sign in locally ? :confused:

    * already found the answer - that happens over WIFI. when connected via Ethernet, i can connect fine
     
  8. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #8
    The server version of OS X is different in that to operate properly (including remote access) forward and reverse DNS must be provided. I had terrible problems until I got this all resolved. Check this out: http://labs.hoffmanlabs.com/node/1436

    I'll tell you right now that your primary domain name you show is wrong if you just want LAN access. Study the link, above.
     
  9. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #9
    2010 mac mini server DNS issues setup

    i'm getting lost here with DNS configuration. please advise.

    config of the LOCAL DNS i tried to setup
    [​IMG]

    i tested it accordingly to LYNDA training essential for 10.6
    the test seems all good, see below:

    [​IMG]

    [​IMG]

    [​IMG]

    BUT if i try to setup open directory master i get this message: :(

    [​IMG]


    now what ??? please help
     
  10. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #10
    I don't see anything wrong. You wouldn't have the message if everything was initially set up correctly. Just click on "Continue". Kerberos worked for me without doing anything extra after configuring.

    Just in case, though, make sure your server is the only DNS server (disable DNS in your router). I didn't see DHCP configured -- you will need that so that other computers will be able to find your DNS server.
     
  11. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #11
    Are you saying i should ignore the message ? Honestly i don't fully understand it, but essentially it's error message ? Something doesn't seems to be configured right.

    What is single sign-on (Kerberos 5) ? Do i need it with windows networking ?

    Currently the other windows computers are hooked by WIFI-n (IPv6 disable everywhere) to a router, so i assume i need the DNS kept on the touter ON.
    Do i really need to disable it and configure all stations manually ?

    Only the server is on MANUAL so i know where it is all the time.
     
  12. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #12
    You will want DHCP enabled and set so that other computers will use your server for DNS. In the DNS Settings tab you add the Forwarder IP Addresses to the external DNS server you want to use. Your server, in System Preferences -- Network, should specify its own address for its DNS server. Your router should have DHCP and DNS services turned off. You don't have to manually configure any computer other than your server.

    The way I read the message is that Kerberos is currently configured, and that the configuration will be lost when you switch to Open Directory Master. This doesn't surprise me since changing that setting tends to wipe out any open directory data. You can always reenable Kerberos later if you need it. I don't know if it does anything for Windows.
     
  13. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #13
    actually getting somewhere - finally. now i see the server on windows machine and can login with the user names / groups i've created.
    still working on setting up the permissions etc.

    one of the user groups is wrong i want to change the short name, but it's greyed out! why ? i cannot delete it and start over :-(

    i unchecked all the users from this group so it should be available for delete ?

    [​IMG]

    I've left the server as is with manual IP configuration:

    [​IMG]

    the rest of the network is still using routers DNS and DHCP. seems to be working fine. so far...

    i just went ahead and installed directory master even with the warning of Single sign-on not available. then enabled SMB sharing
     
  14. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #14
    You can't change shortnames. Best best is to create a new group with the shortname you want and put everyone on that group. Looking at my setup, the group named workgroup is my only group that has a grayed out delete button. It also is the only group that was created by default. I did notice that the delete button is available in the Workgroup Manager program when logged in as the Directory Administrator. That may be the problem trying to delete it it the fairly anaemic Server Preferences program.
     
  15. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #15
    really grateful for the hep here. server OSX issues are not as discussed topics among the MAC crowed.

    update of current situation (after 2nd install - updated to 10.6.4 via SSH before setting up the server in background):

    • DNS (auto configuration - did not touch)
    • OD master running (installed fine with kerberos, no error as before) :rolleyes:
    • SMB running on the server (AFP and SMB windows
    • server DNS address in network conf. pointed to itself as: 127.0.0.1

    comcast cable modem -> Dlink WIFI router -> rest of the network
    - the WIFI router runs DNS and DHCP

    • most computers are via WIFI, except one XP SP3 PC (eth) - have yet to reinstall to W7


    STRANGE behavior (or my messed up setup)

    • few times i had all windows computers see the server in the network windows explorer listed with the rest of the computers, today the PC's didn't see the server by itself. i can ping by IP and name "server" fine. i can open run command \\server and then it appears in the windows explorer. odd ?

    also the shared folders i've defined and then manually linked in W7 (with checkin, remember credentials and automount at login). however after W7 restart it fails to reconnect and i need to re-enter it again)

    i lost the link that was editing local policy in "group policy manager" in LAN responses. someone else suggested to disable kerberos login in SMB. however i didn't have luck with that.

    SMB error logs:


    [2010/08/16 15:52:25, 0, pid=21939] /SourceCache/samba/samba-235.4/samba/source/nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
    find_domain_master_name_query_fail:
    Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
    Unable to sync browse lists in this workgroup.
    [2010/08/16 16:07:16, 0, pid=21939] /SourceCache/samba/samba-235.4/samba/source/nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
    find_domain_master_name_query_fail:
    Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
    Unable to sync browse lists in this workgroup.
    [2010/08/16 16:22:34, 0, pid=21939] /SourceCache/samba/samba-235.4/samba/source/nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(351)
    find_domain_master_name_query_fail:
    Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.

    and other, i just forgot to copy it and bring home. although it's running, seems there are quite a few bugs...


    [​IMG]

    [​IMG]
    [​IMG]
     
  16. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #16
    Well SMB is out of my area of expertise, that's for sure! But looking at the error messages, it wants a Domain Master Browser and can't find one. You didn't check the box for the server to be the Domain Master Browser. Perhaps you should check that box? Beyond that guess, I couldn't tell you what the difference between a Domain and Workgroup Master Browser. But I do know that SMB needs a Master Browser to tabulate the connected systems so that they can be located -- that's why they don't show up in the Network Neighborhood.
     
  17. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #17
    make sense... i'll try it tomorrow again. now, so i can troubleshoot and monitor from home, i would like to setup VPN.

    i've watched the video Lynda.com.Mac.OS.X.Server.10.6.Snow.Leopard.DNS.and.Network.Services

    very cool, one of the steps are properly configuring the router forwarding:

    [​IMG]

    i'm still a bit unclear. with this setup:

    comcast modem -> ethernet router with public IP -> local 192.168.xxx.xxx

    if i don't have a DNS setup for the public IP given by comcast (i'm not hosting web). do i just setup the public IP of the router in the VPN ?

    than those specified ports will be then forwarded to specified machine 192.168.xxx.x ?
     
  18. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #18
    I am concerned here because you are forwarding to 192.168.12.2 yet in an earlier post you show your server at 192.168.0.2. You want to forward to your server's LAN IP address. Otherwise it looks like the port forwarding is correct, at least the ports used.

    Do you have a static IP on the Internet, or is it Dynamic? This is the IP address of the router looking outward as opposed to inward facing, which is probably 192.168.x.1. If it is static, then that is the IP address you use to VPN access your LAN. If it is dynamic then you need a Dynamic DNS service like DynDNS.com. I've got a domain name on the outside which I have point to my name at DynDNS.com that then points to my home network. Works just fine.

    The instructions for setting up VPN worked for me just fine from the start. It turned out to be the easiest service to configure. You will want to use the Shared Secret IPSec Authorization. The data on the Client Information page is used in the DHCP configuration of clients connected over VPN, so set the DNS Server and search domains fields same as you have for local systems. In the Network Routing Definition you are specifying the address range goes over the VPN connection. You have the option (in the client) to send all traffic over VPN, which is slower but very secure because no system in the LAN the client is on can analyze any of the traffic beyond it is going to your VPN. You should use 192.168.x.0 255.255.255.0 private, where "x" is as appropriate (is it 0 or 12??).
     
  19. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #19
    the router VPN port screen shot forwarding is from lynda ;-) mine will be as shown before x.x.0.2

    the public IP is probably dynamic. i'll look into dyn DNS also.
    will report back. thank you.
     
  20. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #20
    VPN mac mini server 2010

    i setup the advanced routing as in the image before (with correct local IP)

    then i looked at the outside IP on the router, wrote it down, created VPN (L2PT) with the shared secret, but cannot connect.

    [​IMG]

    i'm attempting VPN first time ever, what obvious did i miss ? the outside IP doesn't respond to ping, could that be just a setting on comcast modem ?
     
  21. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #21
    Routers typically don't respond to ping requests for security reasons.

    If you are testing VPN within your LAN, try connecting directly to your server's IP address. I don't think you can connect to your router's outside IP address unless you are connecting from the outside. I've never tested that. You might also want to have your router port forward SSH to your server, enable ssh on your server, and see if you can access your server that way as well.
     
  22. macrumors 6502

    Joined:
    Mar 3, 2009
    #22
    As someone else said, this is not a job for a osX server, its just not.

    Windows boxes do a very poor job of peer to peer amongst themselves, in fact I'd tell a customer peer to peer on a Windows box is useless unless you have a host file on each machine, point to all the other machines, but then you need to manage and update.

    What you need to do is turn off DNS/DHCP on the router and let the server handle it...and if you go through that much trouble on a Windows box might as well go Active Directory and get rid of peer to peer all together. IMO peer to peer is not a true business solution, not with how cheap you can put together a W2K8 server.

    If you do that then the server's DHCP will also cause DNS to register the machines, allowing the windows boxes to find one another.

    Since your letting the router do the work it, it assigns the addresses but has no DNS pool of its own.

    Your internal domain is company.com

    Your DHCP unit on the router hands out 10 IP's for computers1 through computer10.

    So when you try to browse for computer1.company.com that is an unregistered name because your ISP's DNS obviously doesn't register it, plus it exists inside your LAN.

    I'll assume osX works this way since its the logical way. Now osX is your DHCP/DNS instead.

    DHCP handles out 10 IP's to 10 computers, it also registers them in its own internal DNS.

    So you browse to www.macrumors.com, it checks its own internal DNS, does not find it, then asks the ISP DNS to resolve it.

    You browse to computer1.company.com and it does find it registered in your company DNS and returns an address.

    The server needs to be the manager of the network, which means it must be aware of all the devices, which requires it to be the DNS/DHCP.

    Irregardless although you like the mini form factor you would be much much better served with a Windows server.

    Still my explanation should hold true.
     
  23. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #23
    I certainly concur with Eric-PTEK. I reread the thread and noted I did say the server needs to be the DNS and DHCP server, but then I did notice the OP stated in a later message that the router was still the DNS/DHCP server for the other systems.

    OS X Server is not a "It Just Works" Apple product, and in an environment with only Windows clients it looses whatever advantages it has in a Mac environment.
     
  24. thread starter macrumors 6502a

    joecool99

    Joined:
    Aug 20, 2008
    Location:
    USA
    #24
    i've tested it from MBP at home. also behind WIFI router with comcast modem.
    do i need to configure the modem at home too to carry through the VPN ?

    will have to try SSH.
     
  25. macrumors 601

    talmy

    Joined:
    Oct 26, 2009
    Location:
    Oregon
    #25
    The access from home shouldn't be a problem, but it is possible (not likely) the outgoing ports are being blocked at home. Then again, the incoming ports might be blocked at work. SSH is less likely to be blocked anywhere.
     

Share This Page