Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How do I multi-home Lion Server

My Mac-Mini Lion server is using both the wired and wireless connections. I have two network connections available to the internet. However, one is significantly faster than the other. I want to use the wireless connection for the internet, and the wired connection for local lan traffic. I should mention that this server is on a combined Active Directory and Open Directory network. This is the only Mac server and is set up in the Golden Triangle configuration.


What I have done so far: configured both interfaces with static addresses, pointing at the respective routers. I should also point out that the slower connection to the internet goes through an authenticated proxy server, so unless that is configured, internet traffic will not work. The faster internet connection (my wireless connection) does not have that restriction.


I have already turned on the Software Update service for the Mac clients, made a group to update them, and bound the clients to both the Active Directory and Open Directory servers.


The final thing I did was to reorder the network connections in the Network Preference panel, so the wireless connection was at the top of the list. Until I did that, I could not browse the internet with Safari.


So, have I missed anything which would prevent the Lion Server from downloading Software Updates for the network through the wireless connection, while allowing the client macs to get their updates through the server's wired connection.

Mac mini, Mac OS X (10.7.1), Lion Server

Posted on Feb 19, 2012 7:04 AM

Reply
12 replies

Feb 23, 2012 2:24 PM in response to Mark23

Thanks Mark23. This server is not a DHCP server, or a DNS server. It's just going to provide some services to Mac & iOS clients, like Software Update and ProfileManager.


I just want to make sure I'm not shooting myself in the foot, as I am having no end of trouble getting the Magic Triangle thing to work.


I want to be sure that the server downloads updates from Apple over the wireless (faster) 10.168.1.x connection but delivers them to the Macs over the local lan wired 192.168.1.x connection.

Feb 23, 2012 4:08 PM in response to itmanager

It's not clear from your post what is/is not working, and what you're asking.


It's trivial to multi-home your server. You've already done that. The only thing I can think you're asking relates to routing. On that front you should remove the router address from the wired interface's configuration. This, essentially, forces this interface to be used for local traffic only (from the same subnet), while all other traffic will use the other interface that has a gateway address set.

Feb 23, 2012 4:28 PM in response to Camelot

Thanks Camelot, I'll try the routing idea. All my issues are based on Lion Server. This discussion is not the place to scream and yell about that, except to say that binding to the Active Directory server is resulting in unclear results. On the one hand, typing id <active directory username> in terminal results in a full exposure of all that user's group memberships, proving that the servers are bound. However, that same user is unable to log into ProfileManager on the Mac server. The error is bad username or password. This is true for about 50% of the users whose credentials I know: some can log in without issue.


While Snow Leopard Server was a breeze to set up and use, Lion is turning into something else again. I have upgraded and downgraded my Snow Leopard machine (mac mini mid 2010) 3 times and finally formatted and started from Lion another 3 times. Either there is something wrong with the hardware, or the Apple God's are just not smiling on me.


I have finally bit the bullet and ordered a new Lion server. Now we'll see who's laughing on the outside and crying on the inside... but I digress.

Mar 29, 2012 2:26 PM in response to itmanager

Here's an update. The new Lion Sever came in and I set it up. The server is an OD Master and bound to the AD server. The Airport connection is at the top of the list in the Network preferences, as well as in the Set Service Order (the gearbox tool). Its address is 10.168.1.x with a router address of 10.168.1.1 with subnet mask of 255.255.255.0. The DNS address for this interface is 8.8.8.8.


The Ethernet address is 192.168.1.x with subnet mask of 255.255.255.0 and NO router address. The DNS address for this connection is 192.168.1.x (the DNS for AD domain).


I have DNS turned enabled on the server with a forwarder address of the AD DNS.


I have all proxy configuration empty, so the only way an Internet request will work is through the wireless.


I can browse the internet with no trouble. However, I cannot browse the internal intranet web sites by name: only by IP address. From the terminal, pings by IP address always work, both to outside addresses and internal addresses, showing all interfaces are connected and working. I cannot ping any internal hosts, whether it's with short host name or Fully Qualified Domain Name, although the hosts file addresses will work.


It seems that any service that uses DNS (like AD authentication) will fail. This means that although I have imported the Domain Users group from active directory (only after disabling Airport), no user can successfully log into the server's mydevices page until I once again disable Airport.


So for me, the reality is that one cannot multihome (multi network) an Apple server in a mixed AD/OD network. I would love for someone to prove me wrong without it cosing $695, which is what Apple wants per incident.

Mar 29, 2012 8:16 PM in response to itmanager

The Airport connection is at the top of the list in the Network preferences, as well as in the Set Service Order (the gearbox tool). Its address is 10.168.1.x with a router address of 10.168.1.1 with subnet mask of 255.255.255.0. The DNS address for this interface is 8.8.8.8.


This is not valid.


You're saying that DNS lookups should use Google's DNS server. That's not correct. Google are not going to know anything about your LAN addresses or hosts on your local domain. This will cause all kinds of issues with lookups, especially for directory services.


The DNS server's settings should be the address of your local LAN's DNS server.

Without valid, working DNS, all bets are off as far as Open Directory is concerned.

Mar 30, 2012 10:39 AM in response to itmanager

Only the public facing interface (Airport) has the public DNS. The internal facing interface has the internal DNS.


And that's what I'm telling you is WRONG.


None of your interfaces should have a public DNS server, especially not your primary interface. Your INTERNAL DNS server should be able to resolve all queries, either via recursion (preferred) or redirection.

The OS does not decide which DNS server to use based on the service that's querying. It will just use the first DNS server it sees (in this case, 8.8.8.8) and won't ever query your internal DNS server, and therefore won't ever know anything about your internal services.

Your server HAS to use your internal DNS server.

Mar 30, 2012 2:31 PM in response to Camelot

Camelot,


I did as you suggested and removed the DNS address from the Airport interface. Note that the OS subsititued the address of the router and this is greyed out: can't be removed by me.


Things remarkably haven't changed. I can browse the internet without a problem, but cannot browse the internal network. And logins using AD credentials fail to the server's mydevices web page.


I even tried making the Ethernet interface the primary interface in the services order. That surprisingly made no difference in web browsing.


The cold hard fact is, that for some reason the interal DNS is not begin found. The moment I turn off Airport, however, all DNS related internal activites work. This is whether the Airport is the primary or secondary interface.


It's depressing.

Apr 20, 2012 1:07 PM in response to itmanager

I had multiple IP's set on my server, which randomly seemed to switch. It seems like there is an incompatibility still between Server Admin and server.app. Since Apple is pressing developers to test server admin and server.app I am confident those problems will resolve eventually, but for now I have deleted all-but-1 IPv4 and 1 IPv6 address (same interface), the networking interface overview for my server within Server Admin was updated and it looks like it works solid now, this was not by design I presume, so this must be another bug plaguing Lion...


After upgrading Postgres to 9.1.3 and upgrading webmail (upgrade: usr/share/webmail) from www.roundcube.net, making a new site webmail.example.com with the files stored in /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/ I made a symbolic link from that 'directory' to the actual built in webmail facility found in /usr/share/webmail by entering the following in terminal.

ln -s -i /usr/share/webmail/ /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/


By doing this it will ask to remove a directory, if you didn't put any important files in there, which I presume you didn't, confirm with the letter y and press enter.


Webmail now works every time the way I want it 🙂

As does profile manager.

How do I multi-home Lion Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.