SAAS - Change IP and keep netinfo on Apple OS X Server


When installing OS X Server, information about IP addresses and hostnames is embedded within the server database and any subsequent changes to the IP configuration may (too easily) render the server inoperable.

The same problems arise when moving an existing server onto a new subnet.

Some time after this document was published, Apple released a solution that is documented here and supported by a script that is available for download (thanks to Chin for this link).

The following may seem completely OTT - so here is some independent background information.

Here is one possible way of solving Directory Service configuration problems when changing OS X server to a new IP address or when moving an OS X Server to a new subnet.

Please, please let us know if you have a simpler way of doing this.

WARNING:

These notes are based on our own limited experience configuring OS X Server.

We have found this stuff to work using V10.2.3 - your mileage may vary!

In our case, we always have a backup. If anything goes badly wrong we can simply create a new copy and start again within a few minutes.

Make sure you can do the same before you try any of this at home :)



The correct operation of Netinfo is dependent on having correct and current IP address settings set in the Netinfo database. Changing the ipaddres:netinfo relationship breaks the authentication process. Although success is possible for a skilled sysadmin, deciding which settings to configure first can lead to a chicken and egg problem where you (and everyone else) may be unable to log in to your new server.

This is only worth trying if you have done a lot of customisation on your server. Mostly it will be safer and easier to start with a new install.

To have any hope of recovery when things go wrong, you must at least backup everything in /var/db/* and /Library/Preferences/* /var/named/* /etc/hosts and /etc/named.conf.

This assumes you are making changes while physically logged in at the server - not logged in via remote connect and authenticated by password server!

Overview
This method is based on gradually migratimg your server to a new IP address range instead "doing it all in one go".

This means that you can continue to boot your new server using all the original data whilst re-configuring. To achive this, you need to bind an extra IP address (IP alias) to a network card on your server.

By creating an IP alias, all old settings remain valid while re-configuring. When you are sure your new settings are working correctly, simply disable or remove the alias of the old IP address. If you are prepared to live with a quick and dirty solution, then this is all you need :)

The original settings are pervasive and in some situations you may find it easier to create or import a totally new netinfo database - or even building a new OS X Server from scratch!

Getting Started
Boot a new copy of your cloned server and add the new IP address to the primary NIC interface. This is done by creating an IP alias on the same interface for our old IP address. This is sometimes called "multihoming".

Having this alias allows you to freely edit new IP based settings until the transition from old to new is complete.

How to change the OS X Server IP address
  1. To bind another IP to one Ethernet card (OS X 10.2.3 Server)

    Open the Network prefs panel

    From the popup menu, choose Active Network Ports

    Select Built-in Ethernet and press the Duplicate button

    Select the New item. OS X will automatically assign a name of Built-in Ethernet Copy. Enter the new IP address (in the first case, the new alias IP address)

    In the OS X Server Terminal window (Applications-Utilities-Terminal), from the command line, run the command ifconfig -a and check that you now have 2 IP address bound to your network card (NIC) - usually automatically named 'en0'by OS X server).

    NB: If your server is not connected to a network then no IP addresses may be bound to your NIC. Connecting your server to a spare, stand-alone switch/hub may solve the problem.
  2. Modify /etc/hosts entries to include new IP and host names. If necessary, edit /etc/named.conf and configure / create new DNS zone files in /var/named.
  3. Open Netinfo - manually edit all obvious IP's and hostnames
  4. Save changes and reboot.
  5. Open Workgroup Manager (WGM) Click on "At:" (bottom LH corner) Select "Local" Select "Administrator" Click on "Basic" tab and Look for "Location: xxx.yyy.zzz.aaa", where xxx.yyy.zzz.aaa is your preferred (new) IP address.
  6. Check that "Home: afp://domain.name/some/path" points to the peferred (new) domain name or IP address.
  7. Browse through settings in other tabs (Mail, Home... and make sure settings are valid for new address)
  8. Make sure that there is an entry for the "admin" user and 'admin" group (or equivalent) in each domain.
  9. Select domain from the "At:" box in bottom left corner of WGM. Make sure your chosen "admin" user password type is set to basic (re-set the password if prompted for new password in dropdown box). Close WGM
  10. Open Netinfo Manager. Browse to "config" entry for each doamain and remove entry for password server from all domains.
  11. Close Netinfo Manager and re-boot and then login (to make sure you still can :)

    IMPORTANT:
    If you are running a password server or wish to set one up, then read this carefully... otherwise, skip next few steps and go straight to DIRECTORY ACCESS section below.
  12. Reboot in Single User Mode:
    cd /var/db/authserver
    mv authservermain authservermain.old
    reboot
  13. Login as root and open the "Open Directory Assistant" and you will be prompted for a user name:

    IMPORTANT:
    Use a standard admin login name - DO NOT USE "root" !

    Login as a normal 'admin" type user who should already exist in the root domain and should currently be configured to use "basic" authentication.
  14. Run "Open Directory Assistant to configure your new password server - it will want to restart after the new configuration is complete.
  15. Login as admin or root. Start Workgroup Manager and make sure your admin user(s) can authenticate and make changes (the admin user password type should have automagically been reset from "basic" to "password server".
  16. DIRECTORY ACCESS
    Take a deep breath and then run "Directory Access" application.

    Choose the "Netinfo" item from "Services" tab.
  17. If you have selected "Attemp to connect to a specific Netinfo server" then make sure you enter and save the correct (new) IP address.
  18. Click on "Authentication" tab and View contents, set Search option to "Automatic" - you should see something like "Netinfo/root/newname"
  19. If you have problems with wrong stuff showing in the WGM "At" box: Re-start in Single User Mode, mount -uw and then:
    cd /Users/username/Library/Preferences/
    mv com.apple.WorkgroupManager.plist
    com.apple.WorkgroupManager.plist.old

In explanation above, the "username" is the administrator(s) for the domain:
For example:

/Users/admin/Library/Preferences/com.apple.WorkgroupMagaer.plist
See: http://is.rice.edu/%7Elanceo/netinfo/netinfo.html

  1. Restart and see what happens. If you get the "rainbow pizza wheel of death" in the top left hand corner of our screen... wait a couple of minutes and hopefully you will eventually get a login prompt (this is due to network service problems - a PITA but not necessarilly critical).
  2. Login as root (or if all else fails, recycle power... but make sure you wait at least 3 minutes before you give up on the login.!).
  3. Open terminal and:
    mv /var/log/system.log /var/log/system.log.old
    echo START > /var/log/system.log
  4. Restart server again (things that failed on previous start may work this time around - really!)
  5. After server starts, login as root and look for any obvious errors in /var/log/system.log
  6. Finally, disable your old IP address in System Control Panels and reboot one more time.


If you are lucky - any remaining problems should be small ones!

If you are unlucky, then re-start in Single user mode and restore your old settings from backup and put it all down to a learning experience :).

Sometimes your server will appear to hang and may display messages such as: "Waiting for LDAP service to start" and similar.


If the OS X server hangs or will not start:

  1. Start up into single-user mode by holding the Command-S key combination immediately after the server startup sound. Hold down the keys until you see text messages appear on the unix console screen (usually white text on a black background).
  2. Type:   /sbin/fsck -y
  3. Press: Return
  4. Type:   mount -uw /
  5. Press: Return
  6. Type:   cd /Library/Preferences
  7. Press: Return
  8. Type:   mv DirectoryService DirectoryService.old
  9. Press: Return
  10. Type:   reboot
  11. Press: Return

This sets all Directory Access configurations back to their default values. You may need to re-configure these wih your own preferences after you restart your server (NB: incorrect configuration of these options was probably the reason your server would not start before!).

Reminders:
  1. You may need to re-activate Appletalk and re-start the server if Appletalk was disabled at any stage above.

  2. You may want to re-run the Open Directory Assistant and Directory Access tools - especially if you are using LDAP services.


Cloning Hint:
If you are cloning between different hardware configs, delete these files from your OS X image first:
/System/Library/Extensions.mkext
/System/Library/Extensions.kextcache
... otherwise, you may not be able to get the cloned copy working.

This is a work in progress - It's too complicated and we're looking for a simpler solution.

No Frames! | Search | About SAAS | Clients | Courses | Solutions | Feedback | Bookmark | Translate

Telephone: +61-2-9981-6864 - Fax: +61-2-9981-4771

Copyright © 1992-2001 Studio of Arts And Sciences.
    W3C code validation

  Site Menu
       home
       about us
       projects
       clients
       solutions
       training
       feedback
       search
       schoolRadio
       bookmark