Previous 1 2 3 Next 42 Replies Latest reply: Jul 23, 2012 5:49 AM by Alfista_SK Go to original post
  • Alfista_SK Level 1 Level 1 (0 points)

    Thanks, now i see all the system groups, but there isn't the devicemagment group, but when I test it over terminal, I see it and can read its setings, but don't see it workgroup manager.

     

    I have tested more and all AD users can conect over sharing but can't log. I thing that the problem is in home folder. When I maked user in workgroup manager and don't give him the place where should have the home folder, so then he can't log and it sees like this, only shaking the password field. But I don't know how shoul I change the home folder that he is on the mac.

  • furby Level 1 Level 1 (25 points)

    I'm not sure, it's never appeared for me but a quick search here https://discussions.apple.com/thread/3968853?start=0&tstart=0 It's the same as the last/previous screenshot I posted.

     

    Set the home folder in the directory utility. "Use UNC path from Active Directory...

     

    Screen Shot 2012-07-11 at 13.54.43.png

  • Sinerg1 Level 1 Level 1 (0 points)

    Hi furby,

     

    I managed to setup profile manager and was able to enroll devices.  However I mainly plan to use this application soloey for managing iOS devices.  I have enrolled an iMac for test purposes but this will be irrelevent for the moment and have enrolled an iPad.

     

    On the profilemanger page in the browser I can see the devices, however on the ipad if I go to mydevices I see the iMac and not the iPad, it then asks me to enroll again.  Are you aware of this, is it just a bug?

     

    Also, when you create an iOS profile and you have the option to download the profile.  I would imagine this is only for Mac OS rather than iOS?

     

    Thanks.

  • Alfista_SK Level 1 Level 1 (0 points)

    Yes I read it but nothing happens when I do that.

     

    I have this setting like on the picture.

     

    Nothing helps ... I don't know why the AD users can connect over sharing but can' log ... maybe when I change the home dir to mac ... but I don't know how ... I try it but nothing works ...

  • furby Level 1 Level 1 (25 points)

    Don't worry, it'll work eventually, I almost completely gave up and just had 2 seprate directories because it was drving me mad.

     

    Let's not worry about profile manager for now. You don't need to do those steps you're trying to do. I didn't do any of that and profile manager works fine. Can you log into the profile manager (as the Lion Server admin)?

     

    When you're connecting to the shares with AD accounts are you just typing in name and password or domain\name and passoword?

     

    I need more information. What is exactly happening when you try to log in as a an AD user?

     

    On the client can you open up the Console.app in Application\Utilites and see if there are any errors in

     

    /var/log/opendirectoryd.log

  • furby Level 1 Level 1 (25 points)

    I don't have my iPad enrolled so let me give it a try. Excuse me for being brief, I'm just heading out.

     

    If it asks you to enroll again it might not have worked first time. On the iPad what do you see in General -> Profiles? Should be a trust profile and remote management.

     

    The profile payloads are for osx. ios and osx. ios only so you might have some imac setting that will copy. Also varies a little with user settings and device settings. Sure you can figure that out though.

     

    No, you can just e-mail that file to the iPad if you want.

  • Alfista_SK Level 1 Level 1 (0 points)

    The profile manager is working, I can log like a admin, but only I dont understand why i can't see it. I'm not worry. :-)

     

    I use only the name and password.

     

    I give there a login password and then enter. After that happens only shaking the password row. Thats all. The same thing happens when I use users witch I don't give the home folder. (The permissions should be OK to the home folder on win server)

     

    Can you tell me how can I change the home directory, so that is on the Mac server only for users that will be on macs?

     

    I have there any error:

     

    2012-07-11 15:10:48.532 CEST - Module: SystemCache - Misconfiguration detected in hash 'GlobalSID':

              User 'atest' (/LDAPv3/lionserver.testsunteq.sk) - ID 1025 - UUID 9637C905-832E-4FFA-8612-A65326B6CDD8 - SID S-1-5-21-1043748137-2579697248-3877990931-3050

              User 'appletest' (/LDAPv3/lionserver.testsunteq.sk) - ID 1025 - UUID F62B4F16-A596-4F94-BA7C-595F375DCC93 - SID S-1-5-21-1043748137-2579697248-3877990931-3050

     

    I have found this:

     

    https://discussions.apple.com/thread/3213001?start=0&tstart=0

     

    but I cant find the:      Inspector/Config/augmentconfiguration

     

    in witch should I change some things that will perhaps help.

  • Alfista_SK Level 1 Level 1 (0 points)

    I found this:

     

    http://www.scribd.com/doc/84523543/34/Augmented-Records

     

    but it's on snow leopard and I can't find many functions in lion that are described there.

     

    I would like to ask you if you can tell me (detailed) how you have seted the permisions and home folders on your AD server, what you set in OD server after binding and was nesesery for users and what you set on client side.

     

    I have client bined only to OD server, but now I readed that there should be the binding to AD server to... do you something abou it?

  • Alfista_SK Level 1 Level 1 (0 points)

    I'm here again with new test infos ...

     

    I have tested what happens when I add second bind with AD server on client, so I can log and I have home folder on the client system not on server and the servers home folder is automaticaly mounted.

    The same happens when I removed the OD server from binding and left there only AD server.

     

    I have only one problem with all. And that's the home folder on OD server. I have checked that the Users shared folder is activated for home folder, but nothing happens. I think when I some where change the home folder from AD server to OD server, then all will work.

     

    And by testing I found one thing. I have on mac server started file sharing for SMB and AFP, but win server can't connect to my mac server on my shared disks ... Do you now why?

  • Alfista_SK Level 1 Level 1 (0 points)

    I have a another question to my problem.

     

    When I bind the two servers, is on mac needed to kerberize it that the server know that he shoul take all infos from AD server?

     

    My latest test, that I have on client maschine seted both servers AD and OD, on AD server I have changed the home folder over network sharing to mac server and when I will log then he ask normaly for password, but than ask me again for password but now for mac sharing where is my home folder and now the same password isn't working. But when I give the password for normal share is OK.

     

     

    User properties.jpg

  • furby Level 1 Level 1 (25 points)

    Busy at work so sorry for dropping in and out of this discussion.

     

    I have some problems getting connected to mac shares from windows, asks for passwords but doesn't connect. Not had time to figure it.

     

     

    You don't need the client machine bound to the OD and the AD, it should just be bound to the active direcotry. That looks correct for the home folder. When you're logged on as an Active Directory user, can you connect to the home folder manually(via FInder Go->Connect to Server)? And can you write to it?

  • Alfista_SK Level 1 Level 1 (0 points)

    No problems.

     

    I don't now why but on one Lion server I have the same problem. I have active sharing with both (AFP, SMB) and Win server can't connect.

     

    I think I need, when I will use Apple servers services ...

    When I have bound the client to the AD server all is working but I have problems to connect to network home foldes. Local are working corectly.

  • Alfista_SK Level 1 Level 1 (0 points)

    Now I can connect to network home folders but they are on AD server and I'm unable to change it to OD server or other else ...

Previous 1 2 3 Next