| View previous topic :: View next topic |
| Author |
Message |
Tobias Alt
Been around the blocks
Joined: 29 Sep 2008
Posts: 26
|
 Posted: Fri Oct 10, 2008 12:51 am Post subject: Network accounts |
 |
|
I just set up my first XSAN - and to my surprise it works quite well.
But there is one thing i don´t get:
During SAN setup i created an ODM on the first MDC. On every client i created the same admin account for authentification.
Until know every editor worked localy on his machine, using his own local account. If they use these local accounts to write to the SAN then the rights are messed up. Everyone can read - but only the creators of the files can write.
The solution to this seems to be network accounts. When i create an ldap account with workgroup manager and use that acount to log in on the client i can read and write everything - because i´m a member of "Workgroup".
my question is: is this really the solution? Is everybody out there using network accounts to connect to their XSAN  |
|
| Back to top |
|
 |
rstasel
Xsan Master
Joined: 03 Aug 2007
Posts: 120
|
| Posted: Fri Oct 10, 2008 1:44 am Post subject: |
|
|
Tobias,
Are the clients setup to look at the ODM in Directory Utility (I think this might be the big issue)?
I wouldn't think you'd have any issues if all the users are uid 501 on the servers and clients... but if that admin account isn't the first account on all the machines, then it could cause issues. I guess they could all be the second account, or similar (basically, they all need the same UID).
What version of Xsan and OS X Server are you using? Clients?
I haven't had any issues with multiple machines all reading/writing to the SAN while logged in as the same local user (they're all uid 501). |
|
| Back to top |
|
|
abstractrude
Xsan Master
Joined: 13 Mar 2008
Posts: 864
|
| Posted: Fri Oct 10, 2008 1:56 am Post subject: OD is a good thing |
|
|
Tobias. Network accounts are the solution. You should start from scratch when it comes to permissions. Come up with a plan to use access control lists with users and groups. Create users and put them into groups, set permissions with groups when possible. Coming up with a good permissions model from the start makes things easier in the end.
This makes adding in additional clients easy too. This is the right way to setup Xsan. Also, its normal to run your OD master on your secondary controller. |
|
| Back to top |
|
|
chrisadam
JBOD
Joined: 20 Sep 2010
Posts: 2
|
| Posted: Mon Sep 20, 2010 2:31 am Post subject: Network accounts |
|
|
Until know every editor worked localy on his machine, using his own local account. If they use these local accounts to write to the SAN then the rights are messed up. Everyone can read - but only the creators of the files can write.
The solution to this seems to be network accounts. When i create an ldap account with workgroup manager and use that acount to log in on the client i can read and write everything - because i´m a member of "Workgroup".
___________________________________
Want to get-on Google's first page and loads of traffic to your website? Hire a SEO specialist from Ocean Groups[url=http://oceangroups.org/] seo specialist [/url] |
|
| Back to top |
|
|
Mister Googlehea
JBOD
Joined: 16 Feb 2011
Posts: 1
|
| Posted: Wed Feb 16, 2011 9:57 am Post subject: |
|
|
 haha. yes!!! |
|
| Back to top |
|
|
|
Xsanity Forum
Forum Search
Forum Help
Log in to check messages
Xsanity Articles
