5 Replies Latest reply: Apr 4, 2012 8:27 PM by Blaidd Drwg
Sobz Level 1 Level 1 (0 points)

Hi All,

 

 

Any help here would be greatly appreciated!!

 

We are running XSAN 2.2.2 with three MDC's and a dozen or so clients. We have recently changed our Directory Services throughout the business from Open Directory to Active Directory, with the aim of OD being decommissioned. The last part of the migration is the SAN.

 

I am unsure of the best way to change the Directory Services on the MDC's so a new search policy is created.

 

I have tried simply shutting the SAN down and leaving only the primary MDC running, then unbinding from OD, deleting relevant Search Policys etc and joining the AD Domain. But as expected, the MDC just reports " Incorrect Search Policy " and continues to want my OD server.

 

I'm presuming somewhere there are some config files that hold this info?!?! Can anybody point me in the right direction and best practise?

 

Thanks again

  • Strontium90 Level 4 Level 4 (3,615 points)

    The configuration files are mostly stored in /Library/Preferences/DirectoryService.  However, you might be able to rectify this by using Server Admin to depricate the server to standalone.  I am assuming the MDC is running OS X Server and was configured as Connected to.  If so, try deprecating to Standalone and then rebooting.  Then use Server Admin to initiate the process of binding to AD.  Remember, the permissions on your SAN will need to be updated to reflect the GUID values of your AD users.

  • Blaidd Drwg Level 1 Level 1 (70 points)

    So you were managing users in Xsan Admin and no longer need to because you're using AD, correct?


    If that is correct, I believe if you set the DSType value to 0 in the /Library/Filesystems/Xsan/config/config.plist on MDCs, Xsan Admin will no longer want to manage users and groups or get/set the authentication search path on the clients. You may also need to reboot the MDCs or restart servermgrd (sudo killall servermgrd) and reconnect in Xsan Admin.

     

    I would also make a backup of all files in /Library/Filesystems/Xsan/config before making changes like this. And test this procedure on a test system before doing it on the production system.

  • Sobz Level 1 Level 1 (0 points)

    Hi Strontium90, thanks for your reply. Thats correct the MDC is running 10.6 Server and is configured as ' connected to '. Although I haven't actually depreciated the server through Server Admin, I have unbound from the OD Server using Directory utilty and removed any search policies also from Directory Utility and stopped the LDAP service. I also rebooted the machine, before binding to the AD server. This, didn't work, but is this not the same thing as depreciating the server through Server Admin?

  • Sobz Level 1 Level 1 (0 points)

    Hi Blaidd Drwg, thanks for your reply.

     

    We are not managing Users in Xsan Admin or Locally, we are currently managing our users through Open Directory on a dedicated server. As a company, we have moved over to Active Directory, so I need to stop the MDC's and Clients Athenticating to our Open Directory Server and instead point towards the new Active Directory Server.

     

    Would your initial reply still be relevent in this scenario?

     

    Thanks

  • Blaidd Drwg Level 1 Level 1 (70 points)

    I think so. If the MDC was configured to manage users and groups during its initial setup, Xsan Admin will expect all systems to have the same directory services. See http://support.apple.com/kb/HT3888. You would also see "Users and Groups" in Xsan Admin rather than "Quotas".

     

    Do note if you do what I suggested you won't be able to edit "Users and Groups" in Xsan Admin any more. This probably won't matter since you're going to be using Active Directory. You could always continue administering OD users and groups in Workgroup Manager if you needed to, though.