31 Aug 2011

On Mobile Accounts and Syncing

I'm still working on the post about Apache and Lion Server. Taking the screenshots is time consuming and i've got a lot on. In the mean time i thought i would share an email conversation I had with a reader recently as I thought it contained some pretty cool stuff.

To: [email protected]
Date: 27 August 2011 17:40:59 GMT+01:00
Subject:Blog Post 6 Feb 2011
I’m relatively new to Mac servers and am trying to configure mobile computer accounts.  I read you blog from February 6, got your e-mail, and decided to drop you a note.  
I can’t get a mobile computer account to sync no matter what I do on a Snow Leopard server.  The manual for Snow Leopard Server is long and bulky but overall doesn’t contain much useful information on this subject; and there’s precious little in any forums about Mac servers other than how to integrate with Active Directory (which I’m not doing).  
I don’t want to be a leech on your time but if you know of a setting that often gets overlooked, on which syncing is dependent, I’d appreciate it if you could let me know.  

I've certainly had fun with mobile accounts.

To: [email protected]
Date: 29 August 2011 11:01:03 GMT+01:00Subject: Re: Blog Post 6 Feb 2011 
Thanks for the email. I agree mobile accounts are a pain to set up and i’ve had the same headaches as you.  
The answer to this is that, in workgroup manager you have to manage the preferences always and, despite whether you want syncing in the background or not, "background sync" and “manually" HAVE to be ticked for a login and logout sync to trigger. (I know I know)
You can then manage the frequency of the background sync on the last tab to be manual if this is not your desired behaviour. You can also configure away the icon in the menu bar so a manual sync can’t be triggered by the user. 
You also have to set up the sync rules yourself, there aren’t any provided by default if you’re managing them with workgroup manager, despite what the “network home and default sync settings” option would lead you to believe. 
As a final note you don’t have to manage homesync rules through workgroup manager, they are settings available to the user in the accounts pane in System Preferences. Click on the mobile user and click mobile account: settings button. 
Hope this helps you deploy your mobile accounts. 
The Admin
Turns out I wasn't on the right track for their issue. Issues can manifest themselves in so many ways and clumps of users in forums complaining about vaguely similar things. Here was the final response.
Hi Admin:  
Thanks for the information.  I ended up talking with Apple tech support about the problem.  They reproduced it and admitted they’ve had some issues with Lion and OD. Here’s what ended up solving the problem:  
  •  Unbind the client.
  • Delete all home folders on client and server.
  • Reset all permissions on the server and client machines using Disk Utility and restart both machines when complete.
  •  Create a separate automount sharepoint on the server for network user home folders.  (Don’t use the default sharepoint as permissions conflicts can happen.)
  •  Re-bind the client machine using a different method than what I had used.  
First, change the login option to use the server, then open Directory Utility, select LDAP, and use the bind function from there.  Previously, my understanding was that the client was bound after selecting the OD server as the login option but apparently, it’s not fully bound until you click on the “Bind” button in Directory Utility.  (The green light beside the server after selecting it for logon is deceiving.)  
Thanks again.

8 Aug 2011

Inside Lion Server

There has been a shift in purpose for Lion Server. In Snow Leopard Server the philosophy seemed to be that all the easy stuff was fairly easy, but there was a steep learning curve for anyone who had never managed a server before. The medium stuff was mostly exposed in a GUI and so relatively easy, admittedly ambiguous at times, but you quickly ran up against a wall when trying to do interesting hard stuff so you had to drop down to Terminal. That was ok, however, as in theory anyone who wanted to do advanced stuff should be able to use the terminal anyway.
Lion is different. The easy stuff is brain-dead easy. Most services apple provides have an on/off simplicity to them that should make even the most beginner server admin stop and think “was that it?!”. My favourite change is the removal of the push notification server. Instead our servers can now hook up to Apple’s push notification servers and deliver notifications through them. Its as simple as clicking a button and we already know it works.
This is all made possible removing a lot of complexity from the Server App, which has more of a spiritual similarity to Server Preferences than Server Admin. The simplicity means a lot of features and settings are no longer GUI accessible, and Server Admin has lost the ability to configure things like web and calendar so medium and hard users now both have to use the Terminal to work OS X server. 
This strategy is no more apparent than in the /etc/apache2 configuration directory, where Apple has written a comprehensive readme to start the intrepid new server admin off on the right track. It lays out what each file and directory is for and what files you can modify without interfering with Server App’s inclination for vomiting configuration over everything. They have engineered a clear point to insert your own apache configurations and hook them onto certain virtual hosts, and even have them depend on certain launchd system services.
Even though they have spent a lot of effort on improving the Terminal based administration  its absolutely dreadful in comparison to a good Linux Server distribution. Most linux servers are designed to be set up on the command line and have standard tools that, if not easy, can be googled with great results. Whether Lion Server gets this same kind of attention remains to be seen. Going on web support for Snow Leopard Server config and issues I imagine support will be sparse.
So why run Lion Server? Why not. It hardly costs anything and you can run it on any computer. With it you get a great backup server for your other macs, you get iCloud features on your own machine with push notifications so you remain in control of your data (for better or for worse). The wiki server is cool and now tonnes better than before and I still believe Lion server is the best tool for managing suites of Macs and network user accounts (we still have Work Group Manager after all).

I guess that means OS X Lion Server has a place wherever you need an easy server for using with a bunch of Macs.