[Casper] Timing logins and applicaion startup

Thomas Larkin tlarki at kckps.org
Fri Feb 13 09:44:38 PST 2009 

My email is ghetto here so I don't have a lot of options so I will just answer in sections needed items from previous emails.  I don't get any fancy colored text options..... 

Yes, WGM can cause all sorts of issues if you aren't using the proper version. This came straight to me from an Apple engineer and from official Apple server books (the ACSA books).  Also, if you are seeing LDAP and BSD database corruption you should first dsexport your users and groups to plain text immediately.  This will preserve their account information and UIDs, but not their passwords. 

You may at worse case scenario, have to rebuild LDAP from scratch.  It sounds horrid I know, because I had to do it once, but I did it in one day (one 13 hour work day).  All you have to do is demote everything to stand alone.  Then wipe out the LDAP from your ODM (demoting it first) reimport everything, then go back and promote all your stand alones to replicas so they get a fresh sync of LDAP. 

10.5.4 client and server were a head ache here, we bumped everything up to 10.5.5 and a lot of our problems disappeared. 

If your replicas are returning DNS errors and if you map home directories by FQDN, that can too cause problems.  We have a legacy DNS that some of the older PCs use, and a server or two picked up our old DNS and it screwed lots of things up, so now our DNS database points all Mac servers to the proper DNS and specifically omits them from the other DNS. 

In the ACSA books Apple says they do not recommend netbooting more than 50 clients for imaging purposes.  Imaging is done over AFP, and I have examples of how flaky AFP is.  I took screen shots of AFP throughput when we were imaging this summer.  If we did not kick off the file transfer at the same time on all clients, AFP would flake out trying to load balance the connections.  Data throughput would half itself.   

As for your specific problem, I would try to figure out what accounts have problems, watch the logs as they log in and see what specific errors you get. 

FYI, when I had the LDAP corruption I was getting PasswordService failures on my replicas as well, and Kerberos wasn't working properly either.  It is hard to tell what your exact problem is.  As a first step I would try to first demote your replicas to stand alone configuration, then promote them back to replicas.  This will force down a fresh copy of your LDAP to them. 

Good luck! 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/623a1924/attachment.html

More information about the Casper mailing list