Posted on 05-13-2015 01:40 AM
Hoping someone can help me out with this...
The background:
We run our 9.7.2 JSS on a 2008R2 Hyper-V vm which hosts our main CasperShare distribution point via Samba. Our ageing xserve has been providing NetBoot and a second distribution point via AFP which we have needed for imaging. I have wanted for some time to ditch our dependance on the xserve and we are not keen on relying on a physical box for NetBoot and an AFP CasperShare. I had looked earlier at getting a NetSUS 2.0 running on a 12.04LTS but encountered some difficulties and in the end shelved the project due to other things taking priority. Then last week our xserve started giving HDD related trouble and I decided it was time to get the project back off the shelf....
The current situation:
I have NetSUS 3.02 running on a 14.04LTS vm on Hyper-V. After a lot of stuffing around (this is my first Linux server) I got things to the point where I have a CasperShare on the server too and have synced the share using Casper Admin. I can NetBoot after creating a new NBI (thanks for AutoCasperNBI Ben Toms) but when Casper Imaging tries to copy the base image (I've been testing just deploying a basic image) it errors out with a permissions error. To test I changed the credentials in the JSS for the share so that casper read only account used those of the read-write account. This enables imaging to proceed as expected.
So the line in etc/netatalk/AppleVolumes.default that relates to the CasperShare permissions looks like this: (all in one line if you see it wrapped)
/usr/local/CasperShare CasperShare allow:CasperRead,CasperWrite rwlist:CasperWrite rolist:CasperRead options:usedots,upriv
I can mount the share on my Mac using the CasperRead permissions.
So. Can anybody steer me in the right direction to sort this? It's kind of the last hurdle in being able to ditch OSX server altogether which will be a day for much celebration in our office since there is no actual server hardware to run it on these days.
Happy to answer questions about any of this.
Cheers
Lincoln
Solved! Go to Solution.
Posted on 05-13-2015 10:29 PM
OK so I seem to have sorted this out. While troubleshooting and searching for answers I saw in a post somewhere about Netatalk that Netatalk can't modify the permissions on a share or folder. I took that to mean that Netatalk can be more restrictive but not less so than the permissions set in the OS.
This led to wonder whether the permissions hadn't applied correctly when I did this after creating the CasperShare folder:
chgrp -R staff /usr/local/CasperShare
chmod -R g+w /usr/local/CasperShare
So I did this on the CasperShare folder:
chmod 775 -R /usr/local/CasperShare
And imaging now works as expected. I can manually mount the share with the CasperRead account and have read only permissions and when I mount with the CasperWrite account I get the expected permissions.
I'm a very happy camper, this now means I no longer need a server running OSX.
Now to get to work on SUS...
Cheers
Lincoln
Posted on 05-13-2015 10:29 PM
OK so I seem to have sorted this out. While troubleshooting and searching for answers I saw in a post somewhere about Netatalk that Netatalk can't modify the permissions on a share or folder. I took that to mean that Netatalk can be more restrictive but not less so than the permissions set in the OS.
This led to wonder whether the permissions hadn't applied correctly when I did this after creating the CasperShare folder:
chgrp -R staff /usr/local/CasperShare
chmod -R g+w /usr/local/CasperShare
So I did this on the CasperShare folder:
chmod 775 -R /usr/local/CasperShare
And imaging now works as expected. I can manually mount the share with the CasperRead account and have read only permissions and when I mount with the CasperWrite account I get the expected permissions.
I'm a very happy camper, this now means I no longer need a server running OSX.
Now to get to work on SUS...
Cheers
Lincoln