Les écouteurs de ma jeunesse. J’ai mis la main sur une paire finalement.
Trop gros pour être drivés sur un ordi sans un ampli. 😛
Les écouteurs de ma jeunesse. J’ai mis la main sur une paire finalement.
Trop gros pour être drivés sur un ordi sans un ampli. 😛
In my previous post on the subject, I was telling you that we are moving our Mac directory services from Apple Open Directory to eDirectory by Novell.
I did not have many surprises. But some things are breaking, all can be fixed.
I will make a full post regarding Samba soon. I will toy more with it also…
Oh ! And regarding SMB2, the new Apple SMB server in Mac OS X starting with Lion (10.7) there is no way to have it to authenticate with an external LDAP.
When I first came in at my current work place, in 2007, there was no directory service for all the Macs I had to manage. There was an Active Directory, but no Mac OS X machines was bound to it.
When we replaced the production server by a shiny Intel Xserve, I did set up an Open Directory and it saved me an appreciable amount of time when the company began to grow.
After a few years, While I was happy of the choice I made, I realized that….
I began to look elsewhere.
I gave a long look to Active Directory, but I realized that besides costing a fortune, being able to do what I want with it would mean to modify the Schema, which is kinda iffy. Their virtualization requirements are not nice as well.
The deluge of people having problem after a Migration of Windows Server or a version of Mac OS X was worrying also.
So.
I spoke with one nice integrator I knew. He told me about Novell eDirectory. This was two years ago. I successfully build one myself as a pet project and configured it to authenticate our VPN users. I toyed on it even more after. The product is referenced to in the Apple Training book “Mac OS X Directory Services v10.6”.
I run it on SuSE Linux Enterprise 11. But I think you can run it on RedHat, CentOS or Oracle Linux.
It’s an amazing product. Stable, efficient, standards compliant, full featured. Licensing is also very cheap.
I tried to modify my existing eDirectory to use it as a Mac OS LDAP server, but it turns out it was kinda time consuming and there are various gotchas… There are lots of attributes to add as well as Object Types. I would have been able to do it over the course of several months, but I didn’t want to make mistakes.
My integrator has the knowledge to make it work and he did. We built 2 new virtual servers from scratch. He’s apparently managing several big businesses with a Novell setup for this kind of use.
Now.
My Apple specific requirements were as follow.
My machines are able to get their management and authentication information from the directory.
Some things are less intuitive to make, such as Computer groups and users because they can’t be created directly into Workgroup Manager anymore. They have to be created in Novell iManager, Novell’s web management interface for eDirectory. It’s not as easy as clicking in Workgroup Manager anymore but it’s not as hard as I make it sound.
Replicas are actually bound to the machine by adding another LDAP server to the client machines.
Since you end up with a “standards compliant” LDAP server, you can connect to it various other devices painlessly. For example, I successfully configured a FreeRadius server for our Wifi Authentication.
For the time being and in the future, this is the Yellow Brick road to directory service on Macs. My guess is also that this will be come less and less of an issue to support if Apple decides to drop the Open Directory Altogether and use the “Profile Manager” for MCX properties.
If you want further informations or would like the name of my contact who developed this wonderful piece of software, Feel free to reach me ! He’s able to have it deployed to your requirements remotely.
Apple Open Directory was always a weird and misunderstood part of Apple Server strategies. The Open Directory system in Lion seems to have several drastic changes to it’s structure and while moving from Snow Leopard to Lion using Apple provided Tools, I stumbled on these problems after the migration.
Il y a 4 ans, nous avons loué une ford focus 2008. Après 4 ans, 1 accident et deux accrochages elle a survécu et comme elle nous convenait, nous avons décidé de l’acheter. A date, avec Viau Ford, ce fut toute une galère.
Je sais, je demeures a Montreal et j’ai un dealer a Saint-Rémi. On avait un bon vendeur avant qu’il prenne sa retraite.
Je vous évites ici toute la bullshit de l’inspection.
Pour la signature des papiers, on s’était entendu que:
En réalité:
Someone brought me a dead Hard Drive with important data on it. Only the electronic part of it seems to be broken as a short circuit occurs when connecting it to power. I tried powering it up with another controller and the disk spins but since the “test” controller does not have the same capacity I still couldn’t access the data.
The thing is:Where to get a Replacement controller ?
In the old days before the Internet it was near damn impossible to get a replacement controller short of finding a similar drive somewhere which would often not work since there are several revisions of Hard Disk Controllers.
Lucky for me, I stumbled onto this website which offers controller for a large number of Hard Drives.
http://www.onepcbsolution.com/
They have a nice wizard to help you pick up the proper controller.
I’m waiting for the controller.
I just wanted to let fellow techmates that this is now easier to find and can save your butt.
As many of you are aware of, I’m a really devoted customer of Teksavvy, my internet provider.
But now, you can say I “was” one of their customers. I was for almost ten years and it was awesome. They were the first to allow me to have my own servers, no port blocking, decent bandwith and most of all, a 5 IP addresses subnet !
However, in the last years have been having more and more trouble with the Bell infrastructure side of my connection. I’m sure they are somewhat sabotaging reseller accounts so it’s a living hell for customers. Packet Loss, transfer of my connection to far away DSLAM, throttling and most of all lack transparency from the techs and the company itself are just a few reason who pushed me out.
Bell instead of rolling DPI (Deep Packet Inspection, a process to lower p2p speeds), should have upgraded their network for growth.
I switched to Videotron Business service and I can’t wait to see what the service will be.
Dans le cadre de mon travail, j’ai vécu une expérience horrible, frustrante, et totalement ridicule avec iWeb Technologies, qui fournit quelques services pour nous, dont le email pour quelques domaines. L’Adresse de notre serveur partagé s’est retrouvée blacklistée la dernière fois le 22 Février, probablement parce qu’un bozo dans la même machine que celle que j’utilise a fait des conneries: ce qu’on appelles en jargon d’hébergement “Abuser”.
L’effet immédiat était que si on utilisait notre serveur pour envoyer du email chez Videotron, il ne se rendait jamais à destination et nous étaient bouncé.
Étant administrateur de système moi même, je comprends très bien ce phénomène et le fait que ça peut arriver. Ce qui me rends totalement Furax, c’est que le service d’iWeb est loin de la hauteur de ce que je m’attendais et de ce qu’on doit fournir à des clients qui paient. (more…)
J’ai fait l’impensable la cette semaine.
Tout le monde connait Moofo – Le gars qui avait un rack de 6 Pieds avec des serveurs dans son sous sol et qui héberge les blogs de ses amis et les siens.
Cette pratique a fait sourciller bien du monde dont plusieurs fellow techs, réparateurs de Bell et employeurs en prospection. Je pouvais me le permettre parce que j’avais une cool connection Internet avec Teksavvy qui avait 5 adresses IP, aucun ports bloqués, et qui allouais les serveurs.
Mais voilà, j’ai même pas eu le temps de transférer tout le monde sur le nouveau serveur (Qui roule Linux) que je me suis rendu compte que:
A la lumière de toutes ces choses, j’ai pris la décision de déménager tous les sites sur un shared hosting. Ca me fait chier un peu, parce que je m’étais tout équippé en Cisco… Pix, Switch Catalyst… Même pas eu le temps de les installer. J’avais installé un modem Cisco a la vavite, mais je voulais plus de contrôle.
Imaginez, j’ai remplacé 4 Machines par un hosting externe qui me coute 60 $ par année ! (4 Machines: 1 Web Server – 1 Mail server – 1 Backup serveur avec Tape – 1 machine a downloads…)
Je referais l’expérience demain matin. Tout ca m’a permis de tester un tas de trucs que j’aurais même pas pu apprendre dans un établissement d’enseignement. C’est pour moi la seule façon valable de faire de l’informatique.