Recently, after upgrading my Mac Mini Core 2 Duo (turned into server) to Snow Leopard Server 10.6.4, I started experiencing a very annoying problem, the AFP service was periodically stopping to share the chosen folders (Shared Points) to the clients.
I noticed that this is sometimes related with the server resources and performance.
For instance the AFP may stop working properly during intensive file transfer such remote backup via TimeMachine or when another service is keep the CPU at 100% usage.
It especially happens in my MacMini as the RAM is limited to only 1GB and then a lot of disk activity is generated for swapping.
Basically the service is not crashed or discontinued, the AFP server process is still running and still allows the users to log in from any workstation connected, the problem is that once logged in the users is able to see only its own home folder but all the other Shared Points configured in the Server Admin control panel are not listed.q
The solution has been for a long while to periodically monitor the service and when I noticed the misbehaviour I restarted the service and in a few second the users were able to connect to all the shared points again.
I wasn’t happy with this inelegant solution, so when I had a little of spare time I investigated better the problem and I found an old thread on the Apple Support page, it was describing the same issue performing on Leopard server 10.5 series:
Apparently for the Leopard server the solution is a little tricky and involve a script that periodically toggle the Guest Account access option.
Then the idea, EUREKA! CARAMBA! I had a little check and I found that for security reasons I disabled the access for the Guest Account.
The Solution has been quite fast, I enabled again the Guest Access to the AFP service from the Server Admin, AFP service, Settings panel, Access tab (as shown in the picture below). This fix is still woking for me and the service never stopped again!
Anyway I wanted to prevent access to the Shared Points of the AFP services to the Guest Account so I disable the Guest Account specifically for each Shared Point.
From the Server Admin, AFP service, Shared Point panel, I selected the Shared Points individually, I accessed the Protocol Options and I disabled the Guest Access toggle (as shown in the picture).
Doing so I allow the Guest Access to log in to the AFP service but I prevent it to use any Shared Point (shared directory). For further security it’s possible to limit the access to the AFP service to a selected number of user groups (they must NOT include the Guest account as their member) through the Services Access settings of the Server Admin tool, according to my experience this is as a ‘best practice’ operation that we should apply in most of the AFP servers we set up.
Please feel free to reply this thread if you have found better solutions to this issue.
Powered by Facebook Comments