The following computers running Mac OS X server have been found

Discussion in 'Mac OS X Server, Xserve, and Networking' started by c123b456, Apr 18, 2011.

  1. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    macrumors newbie

    Joined:
    Jan 27, 2010
    #1
    na
     
  2. macrumors member

    Joined:
    Sep 25, 2009
    Location:
    IL
    #2
    If you don't want to run any services on your server, you shouldn't have bought a server.
     
  3. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #3
    na
     
  4. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #4
    It is because it has OpenDirectory setup. I'm not sure exactly how to turn off this specific feature though.

    Is the server actually providing login services to other machines (other servers) to provide single sign-on capability?
     
  5. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #5
    na
     
  6. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #6
    Are these network logins used for anything other than this server? If so, you don't need to be setup as an Open Directory master. It's not clear by your answer which seems to say you do and you don't.
     
  7. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #7
    na
     
  8. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #8
    But what does this mean? Does it mean "I can sign into a variety of machines with the same login/password"? Or does it mean "I can sign into the server"? That is the key difference here.

    And if I want to support logging into a network account on any work machine... then you need Open Directory, and you have to join the work machine to the directory (which it is trying to do).

    So can you at least rephrase what you are doing with different terms rather than repeating yourself verbatim so I can glean some better context on what you mean by 'network account'? It's a very vague term used differently in different organizations/teams/etc.
     
  9. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #9
    na
     
  10. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #10
    Hmm, and in actuality, I think this problem occurs when you use Stand Alone as well (for specific services like Time Machine).

    One of the simplest options would be to configure things such that your servers and workstations are on different subnets, but are still routable to each other. This will erect a wall between the two where normal IP traffic can reach, but not UDP multicast.

    Another option is to cripple Bonjour on the server so that it can't advertise any services, but that's probably gonna be painful to maintain and manage.

    A third option is to find out if the launchd config files include information about being exposed via Bonjour (they might by having launchd cause the broadcast of the http service, for example). Edit them to not register the service on the network. You will likely need Bonjour Browser and some patience for this one to work, and you'll need to remember what you did in case an OS update undoes it for whatever reason.

    EDIT: And it might not be terrible to setup the machines this way, if it lets you use a network account for your admin account. That would simplify your administration a bit by being able to create a "Workstation Admin" account in the directory and make it admin on all the boxes when you bind on install. Just a thought.
     
  11. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #11
    na
     
  12. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #12
    Possible, depends on who is doing the DHCP for your network. (Or does it?)

    AFAIK, NetBoot uses BootP, not Bonjour. So it is more based on who can respond to the lower-level BootP/DHCP request.
     
  13. c123b456, Apr 18, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #13
    na
     
  14. macrumors member

    jerry333

    Joined:
    Nov 4, 2005
    #14
    The easiest way would be to start the OS X Server firewall and block the unwanted port. It's easy to use and maintain. In addition, the firewall will allow you to block by subnet so that should you want to have some computers connect and not others, it's not difficult to do.
     
  15. macrumors 68030

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #15
    Sounds like a lot of work for one window popping up. Just click "no"?
    Anyway, set one machine up perfectly and clone them right out of the box.
    Just a thought.
     
  16. c123b456, Apr 19, 2011
    Last edited: Nov 14, 2011

    thread starter macrumors newbie

    Joined:
    Jan 27, 2010
    #16
    Think its working

    na
     
  17. macrumors member

    Joined:
    Aug 26, 2007
    #17
    If you are using Server Preferences I don't think you can control this message? I believe you can turn this message off in server admin though.
     

Share This Page