Archive for December, 2006

HOWTO: Configure GNU/Linux to provide BSDP NetBoot services.

HOWTO: Mac OS X BSDP Service using a GNU/Linux Server
This article describes how to setup a Linux machine to provide BSDP services to Apple Macintosh machines.

Read on for the whole recipe…

Read more

Remote Control of Directory Access

Many of you are aware that you can open Directory Access, click on the Server menu item, click Connect, and fill in the address, username, and password of an OS X Server and then make changes to the server’s authentication settings as if you are at the console.

I needed to remote control Directory Access the other day on a plain OS X box that I was using for some server functions, but unlike a full OS X Server, Remote Directory Access would not work.

Read on for how to potentially solve this…

Read more

Undoing the Undoable

Ever had to change the IP on a server that's without any local supervision, behind who knows how many firewalls, in another country, with only SSH accesss sticking out of it? Wouldn't it be nice if there was a function similar to the Displays preference pane, in which, if the settings turn out to be incorrect, it automatically reverts to the previous working setup? Well, here's one.

Before any critical conf change, I just re-define the current config into an at command:

$ sudo at now + 15 minute
$ changeip - newip oldip newhost oldhost
$ networksetup -setmanual networkport oldipĀ oldnetmask oldrouter
$ Ctrl -D

Then, make your changes. If all does work out, don't forget to disable the safety harness:

$ sudo at -l
$ sudo at -r jobnumber

I used an IP change as an example here, but I'm sure you can think of other scenarios with potentially tragic consequences.

Read more

Forums Maintenance 08.12.2006

Update: The upgrade will be postponed to the 8'th of december.

The forum software will be upgraded to the latest and greatest version on the 8'th. This means forums will be out of service for about 1 hour starting from 10:00 AM UTC.

The new version is expected to improve performance as well as address a few other pending issues.

Read more

SANS Security Checklist

There is now a security checklist covering 10.4 and with limited coverage of 10.4 Server available from the SANS S.C.O.R.E. team.

You can get the guide here.

Read more

Syslog-ng as a replacement of Apple’s Syslog to centralyse logs

Syslog-ng can be used as a replacent for Apple's syslog. It gives the ability to filter logs on criterias others than just 'facility' as for example : name or IP address of the source machine.

Ed. Note: It's not really syslog that Apple includes in Tiger, but the Apple System Log, ASL. As of 10.4, however, all ASL did was essentially replicate syslog. As such you'll get some benefit from installing syslog-ng. However we hold out great hope that the promise of ASL will become a reality in future operating systems.

Read more

Respecting AD account workstation restrictions

Custom AD add-ons continue! A script to manage who can log on to a machine.

Ed. Note: It would be possible to do this with a loginwindow SACL on the local systems, but this login hook will match the local machine’s hostname with a list of acceptable machines held in AD. Thus it’s a much more Windows-like way of doing this and helps the Mac fit in a bit more into the AD way of doing things.

Read more