From: by way of MAGNet mailing list administrator (cayford@its.berkeley.edu)
Date: Wed Jan 08 2003 - 17:03:42 PST
As the unfortunate colleague who tried this I can tell you that it's
unexpectedly complicated.
If you modify the IP address on an OS X server through the system
preferences and reboot, you will have locked yourself out of the
machine. At least for all the accounts on my machine.
The basic problem with changing an IP address on OS X server is that
it uses several authentication services. And these services are tied
together through the IP address of the machine. You can't just
modify the IP address in one place because that breaks all the links
between the authentication services and prevents you from logging in.
At one point Apple provided me with a script which they thought would
probably work (they weren't sure if I would lose all my passwords).
This involved re-installing the open directory server with the new IP
address, booting into single user mode and importing the old netinfo
database. Unfortunately, the person who wrote the script hadn't
tried it on a stock installation and it used a whole set of commands
which weren't available on my machine. While I could probably have
gotten this to work, the next technician I talked to at Apple didn't
think it would do the job anyway and added writing a correct script
to his list of things to do. At this point reinstallation from
scratch was the much better option.
Authentication in OS X server is something of a mess at the moment.
My impression is that Apple inherited two separate methods and hasn't
succeeding in combining them yet or in properly integrating them into
other parts of the OS. This results in all sorts of irritating
limitations - the Appleshare migration tool only produces accounts
with basic passwords, windows users and authenticated mail users must
use password server passwords, you can't transfer an account from one
method to the other without resetting the password (and cutting and
pasting the old password doesn't work), etc.
They do appear to be working on integration, however. Up until the
most recent version, admin users could only use basic passwords so
you couldn't be an admin and mount volumes using SMB. So there is
some progress.
My expectation, like Greg's, was that changing the IP address of our
server would be a simple straightforward sort of task. I'm less
naive now.
Randall Cayford
Systems Unit
Institute of Transportation Studies
At 10:31 AM -0800 1/6/03, Greg Merritt wrote:
>Hi Eric,
>
> He ended up spending hours on the phone with Apple support,
>who, in the end, told him to reinstall the OS and enter the new IP
>address when prompted in the first-run configuration windows. They
>could offer no other way to cleanly change the system's main (and
>only) IP address.
>
> I believe that he could attempt an IP address change via the
>system preferences, but many of the services (the password server
>being the most important) would simply not work after the address
>change.
>
>Regards,
>-Greg
>
>cc: Wyn, magnet
>
>
>At 9:49 AM -0800 1/6/03, esaxby@uclink.berkeley.edu wrote:
>>Hi Greg,
>>
>>It doesn't work to do it through the System Preferences? This
>>would leave the
>>old IP in all the httpd config files, but those can be searched and replaced.
>>
>>I've never had to change the primary IP for our OS X server, but I seem to
>>remember changing around the numbers for the secondary ethernet card this
>>way without any problems.
>>
>>
>>Eric
>>
>>> O.k. -- this is going to sound like the lamest question ever,
>>>but my colleague has had no end of trouble trying to effectively
>>>modify the IP address of an OS X server. The problems seem to have
>>>to do with the NetInfo and password databases not groking the change.
>>>He's spent lots of time w/ Apple support, and their suggestion of how
>>>to modify the IP address is to reinstall the OS and enter the new IP
>>>address when you configure the machine.
>>>
>>> I keep pinching myself, not believe that this is the case.
>>>Does anyone have any experience with this? (Not the pinching, but
>>>the IP address change...)
>>>
>>>-Greg
>>>
>>
>>--
>>Eric Saxby Berkeley Art Museum/Pacific Film Archive
>>Computer Resource Specialist Digital Media Department
>>esaxby@uclink.berkeley.edu 510-642-9623
>
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Jan 08 2003 - 17:04:48 PST