Archive for category: Odds and Ends

When creating an image, you typically have user creation as part of the build process. If you're doing this as part of a install and capture (aka the "Old Way") you simply create the user as part of the Setup Assistant, or use SysPrefs after the install to set it up.

Under Leopard, we have the very intriguing possibility of simply creating a series of files in the /var/db/dslocal folder structure that is very friendly for reproducing. This is especially handy for a package based, non-interactive imaging process like our friend InstaDMG. The problem is creating the password. You obviously can't run the passwd(1) command since that will change passwords on the existing machine. You need to create a shadow hash file that contains the password. In leopard and tiger, this file contains possibly quite a few password types, but the standard type is a salted SHA1 digest of the password (the salt is a random 4 byte integer).

Most people in the past have simply created a new account with the associated password, and saved the resuling hash file in the folder. This is nice, but can result in a shadow file that is consistant for all times. Since the hash is salted with a random integer, we can generate a new hash anytime we want, but will still have the same password. This way, over time, even if the passwords are the same, the hashes will be different. This is why if you compare a hash file with the same password, you still may get very different hashes.

I have created a simple PHP script that takes 1 parameter, a string password. It will then output a string that is suitable to be saved as a password hash file to standard output. The resulting string could be redirected to a file whose name is the GUID of the user who's password you wish to save. This hash file is valid for 10.4 and 10.5

In the future, I plan on making a script that automates the creation of this directory structure so it is suitable for packaging/automation with a non-booted volume. Obviously if this was a
booted volume, you'd just use dscl/passwd and be done with it.

Check out the script here

Comments/suggestions welcome.

On Feb 29th, two free Mac OS X Server and Xsan related training sessions in Tokyo are available for sign-up. Please feel free to login and sign-up while seats are still available.

Details are at AppleCert.org.

Sponsored by IronGate Server Management & Consulting, in association with Digital Transitions the next OS X Integrators Birds of a Feather gathering is taking place at MaRS Discovery District on College St. at University Ave., Toronto, Canada on Wednesday February 6th from 7:00PM-9:00PM.

In this session Steve Hayman will be talking about the state of scripting in Mac OS X 10.5, including recent changes to Applescript, Automator, and other scripting tools. Among other things we'll show off some of the ways that scripting lets you extend Apple Remote Desktop to simplify some common tasks. Why wait for Apple to add the features you need when you can script many of them yourself? 

Registration and more details of the event are available on Apple's Seminar Website 

Sponsored by IronGate Server Management & Consulting, in association with Digital Transitions the next OS X Integrators Birds of a Feather gathering is taking place at MaRS Discovery District on College St. at University Ave., Toronto, Canada on Thursday November 22nd from 7:00PM-9:00PM.

In this session we're looking to carry on from our previous session on the fundamentals of Directory Systems. We plan to cover integration methods to allow authentication against a 3rd party directory structure while retaining management of your OS X workstations from Open Directory's managed client settings. This seminar series aims to introduce administrators and technical co-ordinators to real life implementations of OS X and OS X Server, in a wide range of practical situations. Presentations are given by industry experts and/or system administrators, in a format which fosters open discussions and group collaboration.

Registration and more details of the event are available on Apple's Seminar Website.

If you're on the Mac-Managers mailing list, best to read this.

The Macintosh Managers mailing list has been operating since 1991, and like any system with over 6000 days of uptime a little cruft has accumulated … it could use a reboot. That will happen this coming Friday, November 16th, 2007.

Read on for more….

**TAKEN DOWN AS EVENT POSTPONED***

Sponsored by IronGate Server Management & Consulting, in association with Digital Transitions the next OS X Integrators birds of a Feather gathering is taking place in the Apple Market Center, Markham, Canada on Wednesday September 12th from 7:00PM-9:00PM.

In this session we’re looking to carry on from our previous session on the fundamentals of Directory Systems. We plan to cover integration with a “Golden Triangle” method to allow authentication against a 3rd party directory structure while retaining management of your OS X workstations from Open Directory’s managed client settings. This seminar series aims to introduce administrators and technical co-ordinators to real life implementations of OS X and OS X Server, in a wide range of practical situations. Presentations are given by industry experts and/or system administrators, in a format which fosters open discussions and group collaboration.

Registration and more details of the event are available on Apple’s Seminar Website.

I'd been wrestling on and off at work for a few months with a thorny issue.  Management wanted to see user's network home directories (hosted on Red Hat Enterprise Linux and manged with Windows 2003 Server and Active Directory) automounted for background syncing of select folders during user sessions.

Read on for a quick thing to check when AD integration begins to go south… 

The next MacEnterprise.org webcast, Lithium, will take place on Tuesday, July 17th 2007 at 10:00am PDT.

Please join us for this webcast where Lithium's CEO and lead developer will discuss how Lithium can be deployed as a single-app solution for monitoring Xserves, Xserve RAIDs, Mac OS X Server and now Xsan as well as all surrounding network and server equipment.

The webcast ID needed to view the July 17th 2007 webcast is "MacEnterprise".

The passcode for the webcast is "608760"

For more information on how to view the webcasts, please visit: http://macenterprise.org/content/blogcategory/113/96/

To view the webcast, go to the following web page 5-10 minutes prior to the webcast start time:
http://webcast.training.apple.com/

Sponsored by IronGate Server Management & Consulting, in association with Digital Transitions the next OS X Integrators Birds of a Feather gathering is taking place at MaRS Discovery District on College St. at University Ave., Toronto, Canada on Tuesday March 20th from 6:30PM-8:30PM.

In this session we’re looking to provide an understanding of how directory services work in general, how directory services are implemented on Mac OS X and Mac OS X Server, and how to configure Mac OS X to integrate into an Active Directory setup. We plan to cover Open Directory on OS X Server and integration into an existing Active Directory environment.
This seminar series aims to introduce administrators and technical co-ordinators to real life implementations of OS X and OS X Server, in a wide range of practical situations. Presentations are given by industry experts and/or system administrators, in a format which fosters open discussions and group collaboration.

Registration and more details of the event are available on Apple’s Seminar Website.

Script to configure client mail settings

So I thought I would post this before I grow too old and forget about it. I have been working on a command line based configuration script for Mail.app, it does some fancy things like create Mail bundles and Package installers for deployment,it still has a couple of bugs so use it wisely. I haven't had time after MacWorld to work on it too much so if you have any bug reports, feel free to post them here as well as code additions. I would like to add some ssl certificate import support.

It's big, it's long, its BASH – enjoy and dont judge me too harshly as I know it needs some work.

Grab the script here.