- Jamf Nation Community
- Products
- Jamf Pro
- Re: Self Service External Access
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2013 03:06 PM
I have a secondary Linux distribution point that I would like to make available to Self Service users from outside of our network (ie, from home). I have set up the Linux server with an AFP share and defined it in JSS as a DP server, both with the AFP and HTTP information configured. For all I can tell, the Linux DP server itself is fully ready to accept requests (port 80 is open, Apache is running, etc). I have opened up my network firewall to get to the server via the browser outside our LAN and I can download packages from the CasperShare directory with no problems.
When I attempt to download an application from Self Service on an external network, the policy fails. Logs show an attempt to mount the master AFP share, which fails, then the Linux AFP share, which also fails. However, no attempt is made to use the HTTP protocol.
Questions:
1) Why isn't Self Service trying HTTP to the Linux DP if I've defined how to get to it in JSS? In other words, how do I get JSS to use HTTP instead of AFP for a distribution point?
2) How can I specify in JSS that any non-internal network segment use a different distribution point FIRST other than timing out on the master AFP share and then failing over to the Linux DP?
My intention is to offload external Self Service requests to a different DP for reasons of security and performance.
Linux OS: CentOS 6
Web service: Apache
JSS OS: Mac OS X 10.8
Casper Suite version: 8.71
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-06-2013 12:27 PM
I did finally figure out how to get this working, although not sure exactly why.
I deleted the Linux DP entry in the list of Distribution Servers in JSS and re-added it. This still didn't resolve the issue.
I then saw in the documentation to create a read-only user for the share, so I created a Linux user on the server "casperread" and entered the credentials in the read-only fields of the AFP tab in the DP setup. Previously, I was entering the same credentials for both the read-only and read/write authentication. After this change, I was able to get external access to Self Service over HTTP.
Not sure why this worked, but just in case someone is dealing with similar issues.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-05-2013 03:15 PM
Have a look @ "Network Segments"
Define an all empassing network segment like 1.1.1.1 > 255.255.255.255 & set the Linux DP for this network segment. (If you're not using network segments, you'll need to also define your internal LAN ip's & do the same process for your internal DP).
For the DP, where you define it in the JSS (under servers I think). Enable HTTP downloads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-06-2013 06:16 AM
Bentoms - thanks for the response. Regarding the network segments, if I define an all-encompassing network segment and then another network segment (internal LAN) within that same range (10.0.0.0 - 10.255.255.255), does the more specific network segment take precedence when choosing the DP? Or will I have to make three total network segments (ex: 1.1.1.1-9.255.255.255, 10.0.0.0-10.255.255.255, 11.0.0.0-255.255.255)? The two outside ranges would be external DP settings and the 10.x.x.x range is all internal.
Secondly, the 'HTTP Downloads are enabled for this Distribution Point' checkbox was and still is checked for the Linux DP. Any other ideas?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-06-2013 07:20 AM
- Yes. Most specific takes precdenece (from what i've seen).
- If you tell the nw segment to use a the linux dp, & if http is enabled it should use http...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-06-2013 12:27 PM
I did finally figure out how to get this working, although not sure exactly why.
I deleted the Linux DP entry in the list of Distribution Servers in JSS and re-added it. This still didn't resolve the issue.
I then saw in the documentation to create a read-only user for the share, so I created a Linux user on the server "casperread" and entered the credentials in the read-only fields of the AFP tab in the DP setup. Previously, I was entering the same credentials for both the read-only and read/write authentication. After this change, I was able to get external access to Self Service over HTTP.
Not sure why this worked, but just in case someone is dealing with similar issues.
