School Lab Annoying Problems - Please Help!

[Pardus]

Hello,

I am the tech at a school with 35 brand new emacs running tiger (10.4 - 10.4.4) Our server is running 10.3.9. Clients connect with manual ip config with Ldap/open directory. The only services running are AFP, DNS, NAT, OPEN DIRECTORY,PRINT AND WEB. We are having numerous problems and no one in the district has been able to fix it yet. I have used macs a long time as a graphic designer and fiddle around alot but I am new to servers. If any of you can help, I would greatly appreciate it.

Problem 1: Blue Screens
I have read a little bit about this one but havent found a real fix for it. Randomly at log out an emac will hang on the blue screen. I have just been force restarting them.

Problem 2: MS Word so slow starting
When a class comes in and logs in and loads word, it can take up to 20 minutes for everyones word to start up. If I allow small groups to log in at a time, it will take about 5 minutes. It usually hangs on the font menu optimization. I have gone into font book and resolved duplicates. removed the dofonts file, deleted the word font cache, repaired permissions but none of that seems to have made a difference. this is crippling our lab and really hope someone can enlighten me.

Problem 3: Emacs hanging on load screen at startup
I have had 4 emacs now freeze on startup on the progress bar. I have tried safe booting, starting from tiger disk and repairing disk and permissions. none seem to work. the only fix is to full restore from a master disk Image file i made

Problem 4: Hand in Folder for groups
In OS 9, groups were offered this fabulous hand-in folder, a great tool for teachers. Now in OS X, that is a little trickier. I created a new share point for a group folder in Workgroup Manager that was read and writable for everyone. Next i created a Hand-in folder and assigned the teacher as the owner and the group/everyone having write only. Unfortunately, when a student drops a file in there, there is a permission error and the file is saved there but 0kb. very frustrated about this as well. Are there fixes.

Problem 5: Font Conflicts and safari crazy fonts
On various users and computers, safari displays crazy fonts instead of the default or CSS set font. If i go into font book and resolve duplicates and clear the safari cache, it usually works but is a real pain. I suppose students have different fonts in there user font library that conflicts so what is the best way to manage this? move all of them to the system font library?


ERROR MESSAGES ON SERVER
When class logs in, this pops up for each user.
Mar 21 10:45:37 osxserver krb5kdc[356]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 142.33.144.239: NEEDED_PREAUTH: billsmith@XXXXXX.XXXX.SD35.BC.CA for krbtgt/XXXXXXXX.XXXX.SD35.BC.CA@XXXXXXXX.XXXX.SD35.BC.CA, Additional pre-authentication required

others:
AFP error log example
21/Mar/2006:09:35:17 -0800: MMap chainhead is NULL

DNS Log example
Mar 21 10:57:09.589 lame server resolving 'hell.capefeare.com' (in 'capefeare.com'?): 72.36.155.171#53

It also seems we have numerous hacking attempts but they seem to not get by password.

Let me know if you can help or require anymore info. Thanks so much.

Randy Friesen
Langley Meadows Community School
http://www.sd35.bc.ca/lm

 

[Go3iverson]

Hello,

I am the tech at a school with 35 brand new emacs running tiger (10.4 - 10.4.4) Our server is running 10.3.9. Clients connect with manual ip config with Ldap/open directory. The only services running are AFP, DNS, NAT, OPEN DIRECTORY,PRINT AND WEB. We are having numerous problems and no one in the district has been able to fix it yet. I have used macs a long time as a graphic designer and fiddle around alot but I am new to servers. If any of you can help, I would greatly appreciate it.

Sure. No problem. I'm glad to help out!

First, do you have proper forward and reverse DNS working? Very integral! Also, 10.4 may be a good upgrade for your server...

 

[Go3iverson]

Problem 1: Blue Screens
I have read a little bit about this one but havent found a real fix for it. Randomly at log out an emac will hang on the blue screen. I have just been force restarting them.

So, are you using network home directories? If you move to 10.4, you could use Portable Home Directories to save bandwidth and server load.

I've heard of this happening. No real magic fix though. Be sure your forward and reverse DNS is immaculate! Also, try and standardize your clients on one version of the OS. These all help in troubleshooting.

 

[Go3iverson]

Problem 2: MS Word so slow starting
When a class comes in and logs in and loads word, it can take up to 20 minutes for everyones word to start up. If I allow small groups to log in at a time, it will take about 5 minutes. It usually hangs on the font menu optimization. I have gone into font book and resolved duplicates. removed the dofonts file, deleted the word font cache, repaired permissions but none of that seems to have made a difference. this is crippling our lab and really hope someone can enlighten me.

So, are you just doing NHD's or are you doing shared Libraries or Applications as well? Are you NetBooting these machines off an image?

 

[Go3iverson]

Problem 3: Emacs hanging on load screen at startup
I have had 4 emacs now freeze on startup on the progress bar. I have tried safe booting, starting from tiger disk and repairing disk and permissions. none seem to work. the only fix is to full restore from a master disk Image file i made

Hmmm. If it is consistently the same machines that you have to continually rebuild, it could be hardware related. Could be DirectoryService related. If the LDAP server isn't available, it could be slowing down the works. At the very least, you can enable the DSStatus light at loginwindow to be sure that the LDAP is ready when login window loads.

 

[Go3iverson]

Problem 4: Hand in Folder for groups
In OS 9, groups were offered this fabulous hand-in folder, a great tool for teachers. Now in OS X, that is a little trickier. I created a new share point for a group folder in Workgroup Manager that was read and writable for everyone. Next i created a Hand-in folder and assigned the teacher as the owner and the group/everyone having write only. Unfortunately, when a student drops a file in there, there is a permission error and the file is saved there but 0kb. very frustrated about this as well. Are there fixes.

10.4 and ACLs are a beautiful thing!

 

[Go3iverson]

Problem 5: Font Conflicts and safari crazy fonts
On various users and computers, safari displays crazy fonts instead of the default or CSS set font. If i go into font book and resolve duplicates and clear the safari cache, it usually works but is a real pain. I suppose students have different fonts in there user font library that conflicts so what is the best way to manage this? move all of them to the system font library?

Yes. If you replace some of the Helvetica and other standard .dfonts in OS X it will cause the Apple branded applications to flip out a bit. Be careful about this! Why are your students installing their own fonts would be my first question. Could you standardize them? Some applications are very sloppy, like MS Office and will dump fonts all over the place, time and time again. There are some scripts around that can clean up these trouble applications for you in lab environments like yours

 

[Go3iverson]

ERROR MESSAGES ON SERVER
When class logs in, this pops up for each user.
Mar 21 10:45:37 osxserver krb5kdc[356]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 142.33.144.239: NEEDED_PREAUTH: billsmith@XXXXXX.XXXX.SD35.BC.CA for krbtgt/XXXXXXXX.XXXX.SD35.BC.CA@XXXXXXXX.XXXX.SD35.BC.CA, Additional pre-authentication required

others:
AFP error log example
21/Mar/2006:09:35:17 -0800: MMap chainhead is NULL

DNS Log example
Mar 21 10:57:09.589 lame server resolving 'hell.capefeare.com' (in 'capefeare.com'?): 72.36.155.171#53

It also seems we have numerous hacking attempts but they seem to not get by password.

Let me know if you can help or require anymore info. Thanks so much.

Nothing to worrisome here. The chainhead issue comes up for many folks. More commonly under Panther. Not anything to worry about.

The lame server resolving issue usually dictates an inconsistency in the DNS configuration.

Are you having any Kerberos issues? Check to be sure you have proper forward and reverse DNS lookups on that OD master! Very important! Also remember that your clients should be using the same DNS servers and be a part of the same search domain. The clients are going to take records of the LDAP and Password Servers on your network and will need to resolve them properly through DNS lookup.

Hope this helps!

Michael

 

[Pardus]

Thanks for your replies, lots of good info there. I am off till tuesday but will go through this then and see what I can come up with. How do i check that forward and reverse lookups? I know the clients all have the same DNS servers.

Another thing i have been wondering is if there may be a problem with the network swiches/hubs. we upgraded 2 new 3comm switches but are still using some older Asante ones in combination with it. This should be something our district techs should be able to figure out.

thanks again and will look further into this on Tuesday.

 

[Go3iverson]

Cool. The easiest way to check the DNS is using the host command in the terminal. For example:

BigBook2:~ ladmin$ host xserve1.district13computing.com
xserve1.district13computing.com has address 192.168.1.13

BigBook2:~ ladmin$ host 192.168.1.13
13.1.168.192.in-addr.arpa domain name pointer xserve1.district13computing.com.

 

[Pardus]

ok, i ran the host command in terminal and the DNS is working properly for the first one but i don't think that the second one is working correctly, I will ask my district tech on that one. Does it help to have something in the Search Domains on the client's settings?

So, are you just doing NHD's or are you doing shared Libraries or Applications as well? Are you NetBooting these machines off an image?

We just use NHD, all the apps are off client machines but the user library's are on the server. we are not netbooting.

Hmmm. If it is consistently the same machines that you have to continually rebuild, it could be hardware related. Could be DirectoryService related. If the LDAP server isn't available, it could be slowing down the works. At the very least, you can enable the DSStatus light at loginwindow to be sure that the LDAP is ready when login window loads.

Neat little thing i came across with that, clicking on computer name at login window shows all sorts of goodies. green light on network

10.4 and ACLs are a beautiful thing!

Are ACL's hard to setup is there a UI or is it done in terminal?

The lame server resolving issue usually dictates an inconsistency in the DNS configuration. Are you having any Kerberos issues? Check to be sure you have proper forward and reverse DNS lookups on that OD master! Very important! Also remember that your clients should be using the same DNS servers and be a part of the same search domain. The clients are going to take records of the LDAP and Password Servers on your network and will need to resolve them properly through DNS lookup.

I am verifying this with district tech.

 

[Go3iverson]

Isn't that loginwindow trick an ultra handy one?

You'll need to be sure both forward and reverse DNS is working. If only one way is, you'll have some big issues. ACLs are 'easy' to work with. Easy in that they are GUI based, but they are still ACLs and need to be thoroughly thought out before implemented.

Michael

 

[Pardus]

Ok, I had our district tech in today to review things. He couldn't seem to find the problem, however another thought came up. We are using a Dual 1.8 G5 with 512mb and a single gig ethernet. How are these powermacs as a server. we probably don't have an xserve in the budget right now but would that be a problem?

We also tried deleting all the netinfo mcx caches and directory access prefs and rebinding again. didnt seem to make a difference.

 

[finlaycm]

I am having a simmilar problem with computer hanging at logout. DId you find a solution for taht problem? Thanks,
Cristina

 

[Go3iverson]

Hanging at logout with a network or portable home? Could be the AFP server not releasing the mount point or such.

Michael