OS X Server not a breeze

Question

OS X Server not a breeze

I have two iMacs. I don't need to access this server from the internet.

I have five accounts plus one admin account on the newer iMac. I installed OS X server on that iMac - let's call it iMac2

On iMac1 there is only an admin account but I could scrap that if I have to.

I thought I could share the user accounts to both computers so anyone could access their accounts from either computer. ( if I do that where do I put the user folders? Do they get backed up with Time Machine if they are not in the User directory?)

What I have now are something called "local user" accounts on iMac2. They have all the data in them that the users need. When I turn on the other iMac none of those accounts show up, not even their cute little pictures on the login screen.

It seems that I can't share local user accounts so I need to make them network users - can't figure out how to convert them. One article from Apple says to delete the user folder then recreate it, blah blah. I followed the directions and ended up with an endlessly nested user folder. Hundreds of nested user folders of the same user…

That's when I decided I was in over my head and came crying here.

iMac, OS X Yosemite (10.10.2), 32GB

Posted on May 19, 2015 4:40 PM

Reply

Answer 1

Best reply

Strontium90

Level 5

4,803 points

May 19, 2015 6:03 PM in response to johnnyjackhammer

Welcome. It is not as bad as it seems. And, in the end you will likely agree that it is very logical and structured. First, the basics.

OS X Server can enhance your user experience through either mobile accounts with synchronized home folders or through network home folders. Here is the basic difference:

A mobile account is an account created on the server (In Open Directory) but accessed by a workstation (the home folder is on the workstation). You need to apply settings to the account to enable this either through MCX' mobility payload (which is deprecated) or through Profile Manager's mobility payload. In addition to a basic mobile account, you can add home folder sync. This is a process were the home folder is still on the workstation but based on triggers, the data can be synchronized to the server. With proper synchronization setup, you can move back and forth between devices and your data "should" sync to where you move.

The second type is a network home folder. This is exactly what it sounds. The account is created on the server in Open Directory and so is the home folder. The client system will mount a special network home folder shared folder and all user data is accessed over the network. If you are using the Adobe product suite, doing anything with video editing, or have a slow network, this does not work very well. Network home folders are great for schools that use devices on a cart, allowing more students than devices to have a home location that can be accessed regardless of device used.

Ok, so all that being said, the way to get this going is to first prep the server. Disable sleep. Have adequate storage capacity. Then define DNS. Don't use .local domains, they will conflict with Bonjour and you will smash you head into a wall repeatedly. Once DNS is set, then configure Open Directory. Create your users based on what type of home folder style you want. If network home, you will need to enable a network home folder shared folder. If mobile account (with or without syncing) you will need to select a management tool (MCX of Profile Manager) and set policy for the user using the Mobility payload.

Keep in mind that all your workstation still need a "local admin" account. This is the first account created on the machines. You can not get around this. Also, in order for the devices to access the OD users on the Server, you must bind the workstations to the server. If you are using Profile Manager you also must enroll the device. (Keep in mind that binding can be a profile payload so you can do both with one action). If you choose to use MCX then enrolling is not required.

Hope that helps.

Reid

Apple Consultants Network

Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

Reply

Answer 2

Jun 3, 2015 12:56 PM in response to Strontium90

Strontium90,

You have a wealth of knowledge in this area. Thank you very much. Some questions.

1. Define DNS?

1.2 I connect to a VPN (Private Internet Access) most of the time but sometimes I am not connected. This service has it's own DNS servers. Any special configuration in Mac Server?

1.3 It seems Mac Server DNS pulled the PIA DNS servers automatically and put them in the "Forwarding Servers" section while I was connected to my VPN but upon disconnecting my IP's DNS servers weren't substituted as they normally would in System Preferences.

1.4 There is a new DNS Server in my System Preferences >Network->DNS Servers 127.0.0.1

2. I do have a registered domain address. I don't have a website. Should I use that domain address instead of .local ? Even if I am just creating a private network for our house?

Reply

Answer 3

Jun 5, 2015 4:34 AM in response to johnnyjackhammer

Busy week.

1: DNS is Domain Name System. Liken it to a phone book that can look up people by number or number by people. Humans like names (www.apple.com). Computers like numbers (17.18.19.20). When we humans type in a name, the computer uses DNS to discover the number and then routes based on the number. OS X Server is heavily reliant on proper DNS. Open Directory will succeed or fail based on the proper config of DNS. Profile Manager will as well. The basic reason is that the setup scripts for OD ask your machine for its name. If DNS is not providing it you do not setup properly. Understanding DNS is the foundation to success with OS X Server.

1.2: Nope. A VPN will provide DNS to the client so you can access resources on the remote network by name.

1.3: The setup assistant will grab the DNS values and auto-populate.

1.4: Yes. This is also part of the setup assistant. When you enable the DNS service your system will define itself as primary DNS. 127.0.0.1 is the localhost address, ensuring that the machine finds DNS even if you change IP addresses.

2: This is the big one. My feeling is that you always plan for the potential of the future. If you build on .local today because it is easy, then you must rebuild in a year when you need a fully qualified domain name. I recommend to everyone to build for the expansion of services. It is always better to build a solid foundation that can support all services then to build a weak one that will fall apart when you try to add too much. If you have a domain name, then using it internally costs you nothing. For example, you have prokos.com as a domain. You can create an infinite amount of host names associated to the domain (and sub host names, and sub sub host names, etc). So www.prokos.com, ftp.prokos.com, tom.prokos.com, jerry.prokos.com, spike.prokos.com, etc are all possible DNS is the magic that makes them discoverable. Next, you can have both public and private DNS. For example, the OS X Server will run a private DNS, pointing to private IP addresses. Only devices on the LAN will use this DNS. Then you use your public DNS to allow others to find the same resource at your public address. Take web for example. Say you want to host a web site. The server is on your LAN at address 172.16.32.64. Your public address is 17.18.19.20. On your LAN DNS you will make an A record for www.prokos.com and point it to 172.16.32.64 while on the public DNS wwwprokos.com will point to 17.18.19.20.

Now devices moving in and out of your LAN as well as the rest of the world, all route to the same place using the same name.

Reply