Results 1 to 15 of 15

Thread: ML server problems...

  1. #1
    Join Date
    Feb 2012
    Posts
    265

    Default ML server problems...

    This one should be simple enough for you all to help me with!
    As I don't often get involved with servers it's got me scratching my head a bit.
    I'm trying to set up VPN for the boss of an accounting firm to be able to login while he's away from the office.
    I've done all the usual stuff of setting up the VPN and creating a profile to install on the client MBP, L2TP is open on the router and forwarded to the server on 192.168.1.27, but when I try to login in all I get is L2TP-VPN server is not responding... tell me what info you need to help me out on this.
    Thank you.
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

  2. #2
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,784

    Default

    Hmm, usually straight forward. Can you SSH in, to confirm ports are open and the router is forwarding correctly? Might check router logs to see if it is seeing/blocking connection....

    This guide goes deeper, might cast some light on other aspects such as VLANs.

    If you think everything is right.....have you restarted the server? That has got me a handful of time over the years....services that you expect to work when you turn them on...and look like they are running....
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  3. #3
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,784

    Default

    Forgot to ask: Is your VPN IP scheme different than your LAN IP scheme? AFAIK, this is a must.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  4. #4
    Join Date
    Feb 2012
    Posts
    265

    Default

    Okay, this is going to different places all at once!

    In the guide you linked to that showed setting up a VLAN... nowhere have I come across that suggested that for openers.
    Secondly, you're now talking about making sure it's different from the LAN - the set up that is SUPPOSED to work involves neither... just reserving the last 31 IP addresses for L2TP and that was already done in the Netgear router...

    This is what I was working from:

    When you configure VPN service, you set a range of IP addresses that are
    assigned to the remote VPN users. These addresses are on the serverís
    network. This range must not contain static IP addresses used on the network
    and must not overlap ranges provided by a DHCP server, an Internet router,
    or an AirPort Base Station. Make sure that these devices arenít assigning IP
    addresses from ranges that overlap with those that the VPN service is
    providing to remote users.
    To edit the default range, click the Edit button next to Client Addresses (refer
    to Figure 18-14). The dialog that appears describes the first IP addresses used
    for VPN and the number of addresses that will follow it. So, if the Starting At
    address is 192.168.206.224, and the Address for VPN is set at 31, the range
    will be 192.168.206.224 to 192.168.206.255.

    That is EXACTLY what I did. So is it necessary to set up a VLAN or just advisable?
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

  5. #5
    Join Date
    Feb 2012
    Posts
    265

    Default

    Oh, and while we're at it, I've just come across another puzzle!

    I created the new accounts on the server. The idea initially was to have the server authenticate logins for the client macs - did that, but now customer wants to have the client home folders on the server so he can have them all backed up overnight on the NAS.
    So, not a problem, or so I thought!
    I went into Advanced settings and navigated to the user folders on the server and selected the first one... logged out of user, logged back in, except it's NOW telling me that there's an error, so I'm not getting anywhere fast here!
    I've got Open Directory set up, correctly I'm sure, so why would it now not let me in at all?
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

  6. #6
    Join Date
    Feb 2012
    Posts
    265

    Default

    Just wondering if the path to the desired home folder is correct.
    It doesn't refer to the server at all, just shows:
    /Volumes/nettest
    (net test being the test account I set up on my own server)
    Shouldn't it be a bit more specific than that?
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

  7. #7
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    https://www.grc.com/x/ne.dll?bh0bkyd2

    That place will test any ports you want or all ports if you want and tell you if they are truly open or not. Sorry I can't be more help but I have very little server experience.

    I have my gear set up for stealth and every test I take at the above site tells me there is no computer at my IP address!! YAY ME!
    Damien,

  8. #8
    Join Date
    Jan 2006
    Location
    Boise
    Posts
    988

    Default

    Damien that was fun. Well sort of anyway. All was fine except that a ping was shown to have gotten a response. Wonder why that was?

    Other than that I have no clue about server stuff and am not helping a whit, and totally useless for this thread. But good luck.

  9. #9
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    I have a vague memory of that 'Respond to ping' setting being in the router config pages. If you're concerned look there.
    Damien,

  10. #10
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,784

    Default

    VLAN is not required, so skip that. Don't need another variable.

    Every server I have set up with VLAN always had a separate IP scheme, which is the default.

    If, for example, the LAN (DHCP from the router, say) is 192.168.1.xxx, then the VLAN IPs would be something separate, say 10.0.0.xxx handed out by the server.

    Frankly, I have never liked this, as I find it to be a bit confusing and a separate layer to trouble shoot. In a perfect world, it makes more sense to me to use a perimeter device that also handles VPN, so it is clean and simple. Hard to do that with many consumer level routers. Some do, but each is different, and have their own learning curve, and they also vary as to what you need on the client side to connect........more variables.

    In the past I have had good luck with something like this in a Mac environment that needed VPN for a remote office with a shared phone system. Easier for me to configure, monitor, and troubleshoot.

    I know that does not solve your issue. Wish I could offer more, but typically I have a clean install of Server, configure services, and it just works. Having said that, in the past, as you may know already, it was alway important to be sure that IP info and DNS info was right.....first time through. Otherwise, other services were difficult (to say the least) to troubleshoot.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  11. #11
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,784

    Default

    Client accounts on server......

    So, if it were me, I would create new OD accounts, and bind the client machine to the server. Once bound, log into test network account.

    Make sure a new, default clean account works first, so you know that OD, network, and client bind is right.

    Are all clients the same OS? If any are older than 10.7, it might cause issues. Not done this myself, but have seen others that have fought it.

    If all is good with test account.......we can talk about ways to migrate existing local accounts to served network ones.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  12. #12
    Join Date
    Feb 2012
    Posts
    265

    Default

    Sorry for the delay in responding, I've been away for the weekend.

    The customer wants to keep home folders on local macs, so all I've done is to set up the server login, however, because the same password is being used on both local and server accounts I can't be sure that it's not just accessing the password locally - it does have the green light against network server in User login prefs though.

    I've not had chance to do any more with the VPN yet, but it's not critical at this stage as it won't be needed for another couple of months, but I will check out the suggestions above. Thank you.
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

  13. #13
    Join Date
    Feb 2012
    Posts
    265

    Default

    Interesting... although the user is on both the server and the client, when the server wasn't available it refused to let the user in. So that means that the local login is disabled by default and the set up is correct.
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

  14. #14
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,784

    Default

    Good question. I have never used a local account that was the same as a network account.....except when letting the bound server create the local account with the Mobility option.

    If server creates the local account, then the user can log in, even if the server is down. Because though local.....it is the same account, just temporarily not able to synchronize; so the user will log in and get the last data and settings that they had the last time the account was sync'd.

    Seems to work well for me with 10.7.5 server and clients. All work stations only have a local admin account, and then each user logs into network account, and the mobile (local) account is created and sync'd.

    The good part is that the account follows the user to each work station (data and configuration). The bad part is that users don't like to wait for the sync function, especially if you don't have a really solid, Gig network, and/or if the user has many Gigs of data to push.


    If one could train users to leave most large data on the server in mounted share, vs. wanted everything on their desktop......it could work well in most environments, as sync time would be reasonable.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  15. #15
    Join Date
    Feb 2012
    Posts
    265

    Default

    Hi Unc, in this instance the vast majority of the work is on the server and although they have their accounts on their own macs they are logging in through the server.
    Oddly, the owner of the business wanted them to log in through the server but not to have their own accounts on the server - possibly because of the extra time involved involved in transferring them. It was even more odd because he wanted them to be able to hot desk and use any machine, but when I pointed out that having the user folders on the server would be required it all of a sudden wasn't a requirement!
    All seems to be working as half-planned and my invoice has been paid so that's fine by me
    The opposite of what you automatically assume to be the truth is the answer you're looking for!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •