Another server upgrade – Part 3

After 3 hours of sleep, around 6am on Saturday, I came back to the office to fiddle around with server one more time. No matter what I did, ODR still thought that ODM is on the network, and I’ve decided to move to the Plan B.

Plan B was to export our current OD structure via Archiving, install new OS X server on MacMini and restore from there. Little I knew how corrupted LDAP was on the original server, after all ‘hard reboots’ throughout it’s lifetime.

By around 10am, I clearly understood that Plan C is my only solution – which was exporting users from original OD and re-importing them into brand new installation of OS X. The only positive from this approach was that our users would have to change their passwords upon initial login anyway, to comply with recent implementation of IT Sec Policy, so loosing user’s passwords was not a big deal.

By around 11:30, I had all my users imported and passwords reset, but one more hiccup was waiting for me…

Our mail server, Kerio, relies on LDAP for users and OD for authentication. In order for this setup to work, I had to install OD extension… Well, of course this time, after having less then 4 hours of sleep in the last 48 hours, it completely went out of radar. After freaking out to see empty list of users on the Kerio admin console and not be able to activate any users, I had to take a deep breathe, and memories came right back.

Since users could not be reactivated, as thei were already active, I had to use WorkGroup Manager’s Inspector to add couple of attributes to LDAP records manually: kerio mailbox names, custom email addresses etc. Slowly, one by one, users started to reappear and by around 12:30pm I was ready to leave to my son’s birthday party – sure as kids were having fun, I was half asleep zombie…

Later that day, after catching another 3-4 hours of sleep, I came back to the office to finish my 10.5 setup…

I will not bother you with all of the details, just would say that my 10.6 upgrade hasn’t happened as of time constraints so I had to stick with 10.5 servers across the board.

By around 3am on Sunday, after 20 hours of setup with 2x3hrs sleep breaks, my server setup was done, not exactly as I originally planned, but all important things were functioning just as expected: single sign-on, password policies, services segregations – all with minimal impact on the operational flow.

By the end, my setup looks like this:

  • MacMini with 10.5 server running Open Directory Master, DNS and DHCP with TimeMachine backup
  • XServe with 10.5 server running Open Directory Replica, AFP, SMB with TimeMachine backup
  • FileMaker server and VMWare machine were untouched

Things that were fixed because of this setup:

  • Single sign-on and Kerberos authentication to the file server
  • Password policies
  • Separating DNS/DHCP from File Server
  • …and Server Monitor and LOM now work as expected!

Not sure when my next setup setup project would happen, which will finally bring our FileMaker server to 10.5 version of OSX, but I will sure write about it here…. Ciao…

Tags: , , , , , ,