Blog

Are you using a Samba server and having problems with Mac OS X 10.6.3 clients copying files to your shares? You’re probably the victim of “wide links”. This issue seems to arise when someone upgrades to 10.6.3 specifically. The error message “The operation can’t be completed because you don’t have permission to access some of the items.” will appear, with no errors in the smbd logs.
More »

You may disagree with a lot of things President Reagan said, but you can’t deny the utility of one of his favorite phrases, “Trust, but verify”.  Log files, like spy planes, keep honest people honest. Logs can provide proof of unauthorized access, catching employees or others doing things they shouldn’t be doing on your network. In addition, your logs are often your only recourse to figure out what went wrong and when on a system that is heading south.
More »

If you’ve ever tried to set up NFS behind a firewall, you know that it’s not trivial. NFS relies on several helper applications to do its thing. NFS relies heavily on portmap, which handles incoming NFS connections and coordinates ports for daemons like mountd, statd, and lockd. Each of these daemons listens on its own port (several ports in some cases), and they can be arbitrary in choosing those ports. This makes it next to impossible to firewall a default nfs configuration. We’ll learn how to lock ‘em down in this session, so you can firewall them easily. More »

Sometimes it’s the little things that drive you crazy.  Like when you do a tail of /var/log/messages on someone’s linux system only to find a sea of iptables log entries.  Denied DHCP broadcast queries, multicast DNS, everything.  It takes just an extra step to tack on a grep to clear out this stuff, but as any sysadmin can tell you, the little things add up to a lot of time and aggravation.  In addition, the sea of irrelevant denies does little to tell you who’s actually attempting to get into your systems.  With just a few extra switches in iptables, you can send your firewall log to its own file. More »

Samba is the result of some clever reverse-engineering to create reliable Windows file sharing without the headaches of a Windows server. Mac OS X clients can also use these shares, making Samba a great option for cross-platform environments. It’s not a common scenario to use an Open Directory server to control Linux systems, but here’s how to do it if you have one already, and want to use Samba on Linux with your OD users.  If you are finding the Xserve platform to be a little out of your budget for the amount of performance you get, or you don’t want to administrate yet another Mac OS X Server system, this could be a great alternative to an AFP solution for your Macs.

We could host SMB shares directly on our OD server, but ideally we keep our OD server just as a directory and authentication server, and let other servers do the file sharing heavy lifting. More »