Archive for September, 2005

I had a powerbook that was upgraded to tiger. The problem was that after the upgrade it was unable to do proxy authentication with our squid proxy, which is bouncing against Active Directory for access to the web.

I tried a few things to fix this, but ended up with NTLMAPS.

After upgrading my home system to Tiger, I noticed that my RsyncX backups to an external FireWire drive were no longer working. Much consternation and hair-pulling later, I realized that the Spotlight indexing was causing problems with RsyncX. I used mdutil to disable indexing on that drive, and the problem was solved.

Ed. Note: keep in mind that Spotlight indexing can make any type of file transfer take longer due to the overhead of indexing every file. This is especially true when you’re moving large amounts of small files.

When dealing with funky network issues it’s handy to be able to tweak configd a bit to see what’s going on. We have an older article on configd that explains more of what it does, but here are some quick thoughts on getting more debugging and other options out of configd on 10.4.

Since upgrading my OD master and replicas from 10.3.9 to 10.4.2, the Password Service pegs both processors on the OD master for 8-10 minutes whenever a password is changed. Doesn’t matter whether the password is changed from WGM, terminal, or managed client. No crashes occur, nothing written to System log, all else seems normal. The following consistent System log entries are also new since the upgrade.

Thursby’s ADmitMac is a full-featured SMB/CIFS client that contains a lot of great features to hook Mac OS X into an Active Directory infrastructure. Be aware, though, that there is a downside involved. Thursby chose to implement a different method of handling resource forks on non-AFP filesystems than Apple uses in its samba-based SMB client. Basically, Thursby’s method takes advantage of multi-fork-savvy filesystems (like NTFS) whereas Apple’s doesn’t.

The upshot of this is that if you have two Mac clients, one using ADmitMac and the other using the "stock" SMB client, both accessing an SMB share, neither will be able to see resource forks saved by the other system. This is no big deal for some files (notably those with a known DOS-style 3-letter filename extension like ".doc" or ".xls"), but it can make other files completely unusable. For example, Eudora files rely on the type/creator codes in the resource fork; without the resource fork, Eudora doesn’t know what to do with the various files.

I quizzed a Thursby engineer on this incompatibility, and he pointed out that their DAVE product, which was the first SMB client for Macintosh, used this method because it adhered to Microsoft’s Services for Macintosh standard. They are simply carrying on the tradition of doing it the Microsoft-recommended way.

This incompatibility is a huge issue that Thursby seems reluctant to address. Thursby’s implementation may be superior to Apple’s on technical grounds; nonetheless, they need to either convince Apple to do it their way, or change ADmitMac (or at least offer an administrative option) to do it the Apple way. As it stands now, unless sysadmins go with an "all or none" approach to ADmitMac in their organization–now and into the foreseeable future–they’re asking for trouble. That’s an expensive prospect.

This past weekend, I had my first request to set up a catch-all address for a domain in Tiger server. It’s fairly simple, and it requires some command line interaction.

Not exactly an OS X Server issue, but still a question for the admins here: I admin a smallish design studio (15 or so users) and am working to put together a schedule for regular maintenance. As it is, backups and a few things happen automatically, but tasks like permissions repair, clearing caches, directory repairs and optimisation – the stuff that requires I kick someone off their machine – tend to happen only sporadically, when a user goes on vacation, or on nights and weekends when I’d rather be doing other things. I’ve also got several laptop users that take their machines with them every night, so it’s hard for me to get anything done on them without disrupting their work. Are there any suggestions from the peanut gallery for a realistic maintenance schedule – how often should I really be running these things? – as well as a realistic way of keeping up with it? i.e. do folks set iCal reminders, cron tasks, sticky notes?

Recently I was writing a shell script in which I needed to create a disk image, mount it, write to it, and dismount it. The command in OS X that manages disk images at the command line is hdiutil, and the man page is rather long. The syntax for the command is simple, but there are a lot of options to consider. In this particular example I’m going to create a sparse image that is only as large as the data contained within the image. You can adapt the command to create images to fit your needs.

Read on for more…

I am part of a team designing the infrastructure for a 1:1 Laptop Program. We will have roughly 1,000 users, four different buildings, and mobile home directories. In addition, we will have several graphic labs (G5’s), lit labs (eMacs), and libraries (iMacs). Lastly, we will also have several labs of windoze machines for business apps.

Originally, we were looking to one Dual G5 X-server loaded with memory to serve as an Open Directory Master to manage desktops, laptops, and host the users’ home folders. Recently, we were advised to explore adding replica servers to lessen the load on the single box.

Are we expecting too much out of a single machine?
How many additional replicas should we add for 1,000 users?
Is there a guideline – for example – 100 users per replica?

Any help would be appreciated. Thanks!

As the networking infrastructure guy, I occasionally have the need to update hardware or backup settings using the TFTP protocol. I’ve noticed that there are plenty of good instructions for how to make this work with Panther, but almost none for Tiger.