[Macpartners] Upgrading OS X Server from standalone to open directory

Mateja Miljacki mateja at apple.com
Tue Mar 29 20:04:27 EST 2005 

This may be a long response, let me know if you need some off-line 
advice.

Yes you can change the server role from standalone to open directory 
master.

You must make sure that you have DNS settings correct before you do so. 
There needs to exist forward and reverse lookup for your server and 
those entries need to match (otherwise, there will be Kerberos issues).

That being said, all you need to do is go to Server Admin, change the 
role and save.

When you do so, you are creating a NEW database of users which does not 
somehow magically transform your existing, local, non-shared users into 
the shared user database (this would actually be a security risk if it 
happened automatically). In fact, the server continues functioning with 
2 databases (1 local, Netinfo, database and 1 shared LDAP accessible 
database).
You can export users from one to another (using WGM) and if the 
passwords are crypt, you can potentionally keep the passwords. However, 
if you are planning to migrate the users into the, more secure, 
password server, they would need to be re-set.
(password server actually stores multiple encryptions of a password, so 
migrating from an already hashed password like crypt is impossible, 
without re-creating the password altogether).

In short, no, you do not need to re-install the OS. (but do make sure 
the DNS is all set)

I hope this helps,
Mateja.

> From: "Mark J. Pearrow" <mpearrow at csail.mit.edu>
> To: macpartners at mit.edu
> Subject: [Macpartners] Upgrading OS X Server from standalone to open 
> directory
> Message-ID: <31bac72c3c122d79c6a295ed23725709 at csail.mit.edu>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> MIME-Version: 1.0 (Apple Message framework v619.2)
> Content-Transfer-Encoding: 7bit
> Precedence: list
> Message: 1
>
> Hi all,
>
> I am looking to change an OS X (10.3.8) Server that is currently
> configured as a standalone server to an Open Directory master. After
> looking through dozens of articles on Apple's discussion forums and
> afp548, it appears that this is either impossible or extremely
> difficult to do and have it actually work afterwards.
>
> Although I can change the server role in Server Admin from standalone
> to Open Directory Master, I can't seem to change any of my users'
> password types from crypt to Open Directory. I get into a loop where I
> am told by the Server Admin that I must first configure the password
> server. Has anyone ever managed to get this to work properly? I am not
> too psyched about the thought of having to reinstall the OS, which is
> what the most common suggestion seems to be.
>
> mjp
>
-- 
Mateja Miljacki
mateja at apple.com
Systems Engineer
o: 617-718-9955

AppleCare Support
     http://search.apple.com/
Apple Science
     http://www.apple.com/science/
Technical Resources for Integrating Mac OS X
     http://www.apple.com/education/technicalresources/
-- 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 3239 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/macpartners/attachments/20050329/5fed4267/attachment.bin

More information about the Macpartners mailing list