OK, here we go...
Six months ago, under 10.2.8 we implemented netinfo for authentication, client management and of cause home directory storage.
Now, I've been hearing stories about netinfo's tendicy to crash, and become deaf on the network. However we have never experienced this - touch wood.
So what I'm looking for is your experiences with netinfo as we are at the stage of either sticking with netinfo or switching to LDAP.
We're running an Xserve G4 with 1 gb ram 2 X 250mb hd's and 60 concurrent clients on average.
Thanks
PS: HAPPY NEW YEAR!
NetInfo is also tremendously insecure. Swicth to LDAP v3. Even Apple suggests using LDAP over netinfo in the 10.3 Server admin's guide. Setting them up is the same in the workgroup manager, just make sure you write all the records to the LDAP node rather than the NetInfo or Local nodes.
I knew that netinfo was flawed in many ways but insecure :?
I suppose netinfo (being in its first implementation) was going to be ok for an organisation where the average age of computers was 8 years old!
Any user by default can SSH into the box and run nidump to get a UNIX formatted passwd file, which then can be attacked with brute force and dictionary crackers. Since most people on mac servers use a really poor password policy, it's often easy to get 1/3 of the account passwords in less than one day.
Well i took the plunge and migrated our server (with new 2.3ghz xserve g5 to boot) to LDAP (w. 10.3.8 Server) and i must say it was easier than what i first expected.
In the first two days of operation i had one issue when trying to replicate the server for a seperate mail server. After replicating accounts, LDAP became deaf and returned a 14002 error in workgroup manager and would not authenticicate clients (clients that were already connected were oblivious to this). The replica machine also failed.
After resetting the password on the replica and booting it into target firewire, i was able to get the replicated database back onto the master, rebooted ldap and it seemed to work OK.
Some points / suggestions for anyone migrating from Netinfo to LDAP.
- Create three partitions (or use three hard drives!) one for your old 10.2 server (or netinfo sys), one for 10.3 and one for shares & home directories.
- Ensure that your 10.2 system is still working ok with your shares/homes copied to the new partition. Export all your workgroup data.
- Perform a clean install of 10.3 server & import workgroup data
- I created a 'transitional' 10.3 client image (we create images - easier for us to roll out software, updates etc): one with both ldap and netinfo activated so if ldap or anything else on 10.3 server goes funny, you can reboot into 10.2 and continue like nothing much has happened - we don't have a fluid staff population or need for additional shares so this works fine for us