OSX Server Add Computers To Domain

Discussion in 'Mac OS X Server, Xserve, and Networking' started by DoFoT9, May 3, 2010.

  1. macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #1
    Hey all,

    I feel like some sort of idiot posting this question - but a intense google doesn't give me the answers I am after!

    I have a VM of OSX Server, and I would like to trial adding some real computers (such as my MBP running 10.5.8, thus having a UUID) to this virtual machine.

    Here is a basic rundown of the network.
    10.0.1.1 (router address, Time Capsule)
    10.1.1.3 (iMac address)
    ->10.0.1.21 (OSX VM) - this is running on the iMac.
    10.1.1.4 (MBP address)

    I would like to test adding my MBP into the domain of the virtual OSX server. Is this possible? I presumed that because the MBP and VM are on the same network that I could just create a new computer via Workgroup Manager (add machine name, UUID etc), reboot the MBP and then attempt to login from the MBP using a user account created from the VM. Is this not possible? Do I have to tell the MBP to connect to the OSX domain like on a Windows machine?

    I do not have OSX server giving out DHCP - because I have a router to do that, does this matter?

    Any help is greatly appreciated :)

    DoFoT9
     
  2. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #2
    Yes, you have to bind the machine to the OS X Server. Even if the Server knows about a machine with those attributes, the client has no idea that it should be looking in another directory.

    I am assuming you have DNS running on the Server? And you are pointing your clients to the server for lookups? DNS is crucial for directory services.

    If that is already setup, and you have tested the clients ability to lookup your server. Then you can bind the machines via Account Preferences (10.6) or Directory Utility.

    What is required to bind will depend on what you set up in Server Admin. For example it may be set up to require authenticated binding.

    When you add a server, it typically will automatically add the search policies. In your case it will something like /LDAPv3/domain.example.com, where domain.example.com is your domain name.

    Once the machine is bound, you will be able to login assuming the network user has a home folder defined. This can be local or network based, but it must be defined in WGM.
     
  3. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #3
    i do have a DNS server but had decided not to use it thus far - i didnt think it was important.

    i have setup the computer in WGM - if i then add the servers address into the DNS part of the client, should that work? if not, could you explain what Account Preferences are? is that on the client side or server side (i couldnt find the application on either).

    i have already assigned a test user with a home profile etc, it can be logged on from the server so i know that its operational (and defined in WGM).

    any further help would be great! thanks so much for your time :)
     
  4. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #4
    Yes, it is important for directory services. You need a DNS server, whether it be OS X Server or some other DNS Server.

    No, that is not sufficient. The client still has no idea that is should be using your server for directory access. Adding the address to your DNS server on the client only instructs the client to perform lookups off your server.

    The client must be bound to the server.

    Account Preferences refers to the Accounts Preference Pane in System Preferences on the client. In 10.5, Directory Utility was used for this and it was located in /Applications/Utilities. In 10.6, Directory Utility was moved to /System/Library/CoreServices, but the ability to join a Network Account Server was added to the Login Options section of Account Preferences.

    If everything else has been setup properly, you should be able to log in.
     
  5. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #5
    thank you very much for that clarification cal! everything that you just said makes so much sense :rolleyes:, now that i think about it anyway!

    i shall have a look when i get home from work/uni today and report back! thanks :D
     
  6. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #6
    In 10.6, you can still use Directory Utility, and you should if you want to setup more advanced options lie custom search paths, etc.
     
  7. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #7
    ok that makes sense. currently my laptop only has 10.5.8 - any real drawbacks to this? as long as it logs on i dont care.

    question time!: so i have various computers in my house, dads ibook, dads imac etc - then my imac, my MBP. if i add say, dads imac - can he still logon using the local account that he has? and then can i log him out (via fast user switching for example) and log myself in using the server domain? im hoping so :)

    also: once "added" to the domain, on the login page is there an option like in windows to choose the domain? im still roughly 7hrs from getting home :p just finished work! :(
     
  8. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #8
    There should not be any drawbacks to using 10.5.8 in regards to network accounts.

    Yes, he can still log himself in. However, be aware that if you are using network home directories, two network users cannot be logged in at the same time. Thus, fast user switching is a no no in a network home directory environment.

    All you are doing when you bind the machine is telling it: "Hey, look at me for user accounts too."

    You are not required to choose a domain in OS X. It will query all the network account servers, for example the local, OD and AD until it finds the account.

    If, for example, there was a local and OD account with the same name, the login window will alert you and let you choose which you want to use.
     
  9. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #9
    wonderful! can you have the same user logged onto multiple computers at the same time?

    i see - i would only have 1xlocal + 1xnetwork logged onto the 1 machine at any time. is that acceptable?

    aahh i see now! great explanation :) thankyou
     
  10. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #10
    Yes.


    Yes, but remember, the issue is only when using network homes. If the network accounts are assigned local home directories, it wouldn't be an issue to have more than one network account logged in.


    No problem.
     
  11. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #11
    ok so setup OD and DNS. have come across this error when trying to logon

    [​IMG]



    i can see that the users account is there and being shared etc... maybe a simple reboot of the client is needed? that doesnt seem logical though...
     

    Attached Files:

  12. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #12
    Was the AFP share setup as an automount share for home directories?

    Also, at the login window click the computer name and keep clicking until it shows the status of network accounts. Does it say "Network accounts available?"
     
  13. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #13
    hhmmm. i setup an account share myself. see attached image, is that it?

    yup it says "network accounts available" with a little green dot :D
     

    Attached Files:

  14. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #14
    No, in Server Admin, the share has to be setup as an automount point.
     
  15. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #15
    Wirelessly posted (nokia e63: Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE63-1/100.21.110; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413)

    oh I Aww.... I will report back in an hour
     
  16. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #16
    In Server Admin, highlight the sharepoint and click the sharepoint tab. Check that the "Automount" option is checked and is setup for AFP and user home folders.
     
  17. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #17
    OH OF COURSE!!! :eek:

    i was looking through there before but was in the wrong tab!

    i have enabled "enable automount" for the /volumes/Mac HD/Users share - however i have just realised that the user accounts that i create automatically go to /Network.Servers/gallery.com/Users/"username". do you think that it will be shared? im at uni so cant test right now :(
     
  18. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #18
    hmm ok this is confusing me.

    i have created a user - and the home folder has been saved to /Network.Servers/gallery.com/Users/"username".

    i then tried the alternative, saving to /Network/Services/gallery.com/Users"username" but the same error comes up.

    totally confused here, i thought users would be saved into /Users/"username".

    hmm i think i may know now.. trying...

    that didnt work either. when i attempt to logon from a client computer - it creates the user folder in the users/"username" directory! but then continues to chuck up that error.. hmm
     
  19. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #19
    There are errors on the path names you have given, so it us tough for me to help.

    I can tell you that it should be /Network/Servers/example.com/Users/username for the full path in WGM.

    At this point you should check the client logs and the server AFP and OD logs.
     
  20. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #20
    they arent errors. ;)

    checking logs now :)

    well i dont know where im looking - but i cannot find one single thing..
     
  21. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #21
    ok so tried pretty much everything i could think of.

    have even went as far as setting AFP to allow all users to access it (via System Admin). i still keep getting the same error, very confusing. DNS is working, and this is happening on multiple computers....

    ill keep trying i guess. might be worth resetting the server?
     
  22. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #22
    Update

    SUCCESS!

    i can now login using one account only from my ethernet on my MBP. using the same account on my wireless iMac it does not work!

    everything appears to be setup the same, but it refuses to work.. i am continuing to troubleshoot.
     
  23. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #23
    Congrats. Hope you are able to get the iMac working.
     
  24. thread starter macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #24
    haha you are an A class stalker :D jks

    its very odd. wired clients seem to work, and wireless ones wont. is there a setting for that somewhere?

    when adding the computer into WGM - i put in the ethernet ID MAC, the MBP can login using ethernet. if i put in the airport MAC, then it refuses to work. hmph.
     
  25. macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #25
    No setting that I know of.

    I have wireless clients working just fine here. Is the machine actually connected to Wi-Fi when you are trying to log in?
     

Share This Page