Difference between revisions of "Okra"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 31: Line 31:
 
Okra's Open Directory server has SSL enabled and it should be used by clients connecting to the server. In order to for it to work correctly you may need to get a copy of the SSL certificate when you configure a client system. To do so, follow the instructions [http://support.apple.com/kb/HT4183 here].
 
Okra's Open Directory server has SSL enabled and it should be used by clients connecting to the server. In order to for it to work correctly you may need to get a copy of the SSL certificate when you configure a client system. To do so, follow the instructions [http://support.apple.com/kb/HT4183 here].
  
===Adding New Users===
+
===Managing Users===
  
You can manage accounts in the Open Directory database using the [[Workgroup Manager]] application. To add a new user account first click the lock in the upper right hand corner and enter the directory admin account username and password (diradmin, password follows the normal system root password scheme). For the most part you just need to enter the user's name, login name and password. If you select "Template" in the Presets menu at the bottom of the screen most of the other settings you need will be automatically configured for you. Make sure to switch to the Home tab and click "Create Home Now" to create the user's home directory.
+
You can manage accounts in the Open Directory database using the [[Workgroup Manager]] application.  
 
 
Be aware that when adding a new user on the Mac system you will need to create a similar Linux user account on [[einstein]].
 
 
 
Before you create the account you need to locate an unused UID for the account. You should use a UID in a similar range to the existing UID numbers in order to avoid user's accounts conflicting with the UIDs of system built-in accounts. In order to find a usable UID number, login to [[Einstein]] and run the following command:
 
 
 
$ getent passwd | awk -F ':' '{print $3}' | sort -nr | head -n 20
 
 
 
This will give you a list of the top 20 UIDs in descending order, which should look something like this (ignore the top ridiculously large UID, that's some weird thing Red Hat uses for NFS):
 
 
 
4294967294
 
5040
 
5039
 
5038
 
5037
 
5036
 
5035
 
5033
 
5032
 
5031
 
5030
 
5029
 
5028
 
5027
 
5026
 
5015
 
5014
 
4340
 
4339
 
4338
 
 
 
You want to select a UID one higher than the highest UID, or find a gap (like the one between 4340 and 5014) and use something in that range. Make sure to set the same username and UID for both the Mac and Linux LDAP accounts for the same user.  
 
  
 
==AFP Shares==
 
==AFP Shares==

Revision as of 16:51, 7 April 2011

Okra is a Mac Mini server which operates as an Open Directory master for NPG Mac Clients, as well as providing apple file protocol shares for Mac user's home folders. The LDAP database on Okra is a separate LDAP database from the database on einstein. Some similarity exists between the two databases in that User accounts should share the same UID and username across both systems to allow users to have the correct permissions on their files across both systems.

Hardware Details

Mac Mini Aluminum
  • Model: Mac mini aluminum
  • Processor: Intel Core 2 Duo 2.66 GHz
  • L2 Cache: 3 MB
  • Memory: 4 GB
  • Ethernet Controller: Broadcom 57765
  • Wireless Controller: AirPort Extreme (Broadcom BCM43xx) 802.11 a/b/g/n
  • Graphics: GeForce 320M 256 MB
  • Storage: Hitachi HTS725050A9A362 500 GB 7200RPM x 2

Network Configuration

Okra only has one Ethernet port, so it does not have a Farm interface. Okra also has an Airport wireless interface, but it is not currently used so it has been disabled.

UNH IP Address: 132.177.88.73

Software and Services

Operating System Version: Mac OS X Server 10.6.3

Open Directory (Mac LDAP)

The Open Directory LDAP database on Okra is configured as follows:

  • Base DN: dc=physics,dc=unh,dc=edu
  • Kerberos Realm: OKRA.UNH.EDU

Okra's Open Directory server has SSL enabled and it should be used by clients connecting to the server. In order to for it to work correctly you may need to get a copy of the SSL certificate when you configure a client system. To do so, follow the instructions here.

Managing Users

You can manage accounts in the Open Directory database using the Workgroup Manager application.

AFP Shares

Okra shares several data volumes of the apple file protocol. These are:

  • /Volumes/Server/Users (afp://okra.unh.edu/Users)
  • /Volumes/Store/Shared Items/Backups (afp://okra.unh.edu/Backups)
  • /Volumes/Server/Shared Items/Public (afp://okra.unh.edu/Public)
  • /Volumes/Server/Groups (afp://okra.unh.edu/Groups)
Retrieved from "https://nuclear.unh.edu/wiki/index.php?title=Okra&oldid=5280"