/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/Media/FSicon.gif/FSicon.gif){kind=small}
ASIP 6.2:
Shared User and Group
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/Media/arrowl.gif/arrowl.gif)
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/Media/AdvArrowTr.gif/AdvArrowTr.gif){kind=small}
updated: 3/15/99
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/6.2Media/asip6.2logo.gif/asip6.2logo.gif)
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/6.2Media/asip6.jpg/asip6.jpg)
Installation & Use
Shared User and Group
AppleShare IP 6.2 now supports shared User and Group datafile.
- What does Shared User and Group mean?
- Rules of the Road for using Shared User and Group
- Setting up Primary User & Group server
- Setting up Secondary User & Group server(s)
- Mail accounts under Shared User and Group
- Troubleshooting Tips
What does Shared User and Group mean?
If you’ve installed AppleShare IP 6.2 on multiple servers, you can perform users and groups administration for all servers from one server. You do this by setting up servers to get the latest users and groups information from a primary server.
After you’ve set up primary and secondary servers, you share the
users and groups information that resides on the primary server.
You still need to set users' access privileges for share points,
along with mail and print privileges for users, on secondary servers.
Users and groups are downloaded automatically onto each secondary
server in two cases:
- when a user tries to log on to a secondary server and there is
no account for that user. The secondary server contacts the primary
server to see if an account was added, and if it was, the account
is downloaded to the secondary server. (The user can then log
on to the server.)
- when a user’s password doesn’t work. The secondary server queries the primary server to see if the password was changed, and if it was, the new password is downloaded to the secondary server.
Rules of the Road for using Shared User and Group
Sharing User & Group data from a Primary ASIP 6.2 server to Secondary server(s) has several setup requirements that need to be followed. They are:
- The Web & File Server must be running at the Primary and Secondary server(s).
- User and Group entries must be current and already created at the Primary ASIP 6.2 server.
- Primary ASIP 6.2 server must have an IP address or DNS host name assigned to it. AppleTalk servers are not supported.
- Secondary server(s) must be able to see the Primary Server on the network (use Chooser to find by Server IP address).
- Secondary server(s) current User and Group datafile will be erased. Backup if needed.
- Admin name and password have to be the same at Primary and all
Secondary server(s).
NOTE: You can share users and groups information with a maximum of 11 servers (10 secondary servers and 1 primary server).
Setting Up Primary User & Group server
The Primary server only needs two tasks performed before proceeding to Secondary server setup.
- Create a complete User and Group list with all individuals and groups that will access the Primary server and Secondary server(s). You perform this task in the AppleShare IP Web & File Admin program at the Primary server. Don't forget to enter Mail Server location and ARA info if applicable.
- Set up TCP Filter on Primary server to allow access from the Secondary servers thru port 687. Setting up filters will prevent other server's access to this information. See below picture for an example.
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/6.2Media/UGTCPFilt.GIF/UGTCPFilt.GIF)
Setting Up Secondary User & Group server(s)
The Secondary Server(s) configuration requires:
- Open Web & File Admin program
- Pull down the Server menu and select Web & File Server Settings.
- Select General panel from the pop-up menu
-Check the box for "Get Users and Groups from another server"
-Enter the IP or DNS host name for the Primary Server in Server Address field
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/6.2Media/SharedUG.GIF/SharedUG.GIF)
You will receive the following warning message upon checking the
Get... box:
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/6.2Media/UGWarning.GIF/UGWarning.GIF)
- Type the number of hours in which you want the users and groups
information on the secondary server to expire. (The default number
of hours is 12.)
When users and groups information expires, the secondary server is checked against the primary server for users and groups changes. The next time a user logs on whose settings have changed, the user's settings are downloaded to the secondary server.
If you typed in a new number of hours in Cached Users Groups expire field, click Save.
- If you want users' and groups' access privileges on secondary
servers to be updated immediately, click Download All.
This copies all of the users and groups from the primary server to the secondary server.
IMPORTANT: Downloading takes considerable time. For example, downloading 4000 users can take up to 20 minutes. Server performance may be impaired on both the primary and secondary servers during download.
Repeat steps the above steps on any other servers you want to designate as secondary servers.
TIPS:
Choose an expire number based on how often you think users will change their passwords and how often you will change users' attributes.
Choose an expire number that you will allow you to expire the current User and Group data at all Secondary servers at the same time. This will help prevent out-of-sync problems later on. For example, if you want the secondary server(s) to expire at 6am every day, select the Expire Now button and Download All buttons for it to occur now and put in the hourly time difference now until 6am.
- Read the ReadMe files for any late-breaking news about known issues or compatibility problems.
Mail accounts under Shared User and Group
For the easiest setup, it's recommended that you run the Mail
Server on the primary server and keep all users' mail there. However,
if there is not enough disk space there for the expected mail
load, follow these steps:
1- Because of the way DNS service works, you need to find out
the DNS name of the mail server specified as the lowest preference
MX alternative in the MX list for your secondary server. You can
find this information in the MacDNS software or wherever the DNS
service is set up.
2- Open the Web & File Admin program on the Primary server.
3- Choose Show Users & Groups List from the Users menu.
4- Open the user whose mail account location you wish to change.
5- Choose Mail Settings from the User pop-up menu and make sure
mail is enabled.
6- In the text box, type the DNS name specified in the first step.
Note: If nothing is entered in this text box, this user's mail will
be sent to the Primary server and stay in the delivering mail
server's outbasket until successfully sent.
7 Configure the user's e-mail application to contact the server
specified in the first step.
Note: If you don't want to set up each user's account separately
as described in steps 2 through 6, working on the primary server,
you can export user information to a text file, import it into
any tab-delimited spreadsheet program, change the user mail server
information, then import the user information back into your AppleShare
IP Registry.
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/6.2Media/UserMail.GIF/UserMail.GIF)
The e-mail client software POP/IMAP mail server address should be given to the user as you have entered in the Mail Account location field. If not, mail delivery problems may occur.
Primary mail server should be setup and running if you do not wish to fill in a server location in the above window. The Shared User and Group data will always forward mail to the Primary server if a server location is not designated for a user. This applies to AppleShare 5 and 6 servers upgraded to version 6.2 without designating a server address in the above window.
Troubleshooting Tips:
Here are some general guidelines on how to troubleshoot problems accessing the Primary server from Secondary server:
- Review the steps listed under "Setting Up Secondary User & Group server(s)".
- Try accessing another computer on the same network segment to determine if it's a network problem.
- If the problem appears to be with accessing a specific Secondary
Server:
- Confirm that the Secondary server Web and File server is running.
- Confirm that the Primary server Web and File Server is running.
- Confirm at the Primary Server that TCP Filter is allowing the Secondary server to come in thru Port 687. If it's not, configure TCP Filter to allow this secondary server to connect. See an example filter in section "At the Primary Server setup TCP Filter to allow Secondary Server thru."
- In the Secondary Server's Web and File Admin, Expire Now its User and Group information and Download All the current User and Group data from the Primary Server.
- If the problem appears to be specifically with a user not able
to get mail from a secondary mail server:
- Verify that the user's e-mail client software is configured correctly.
- Verify that the correct mail server was assigned in the User window at Primary server.
- Confirm with ISP or Administrator that the DNS MX list for your mail servers has a record for this secondary mail server. If not, mail will attempt to be delivered to the primary mail server, stay in the outbasket of sending mail server, and not get delivered to the user's assigned mail server.
- Verify that the Secondary server has the most up-to-date User and Group data. If not, Expire Now and Download All from the Primary Server.
- It is always safe to resync a Secondary server by expiring the current User and Group data and download it again from the Primary server.
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/Media/upArrow.gif/upArrow.gif){kind=small}
Click the right arrow to the section on other new Web & File features...
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/Media/ADVarrowr.gif/ADVarrowr.gif){kind=small}
/AppleShare IP 6.2 Install/Tutorials/ASIP 6.2 Tutorial/Media/apple.gif/apple.gif)