Archive for category: Articles

In Mac OS X 10.2.2 journaling was added to the Mac OS X Extended file system (I first read about it here on afp548). Journaling introduced a lot of great stuff, most notably improved resiliency to crashing. This resiliancy comes from the fact that a journaled file system uses part of a disk to write changes that are intended to go into the actual file system. This way if a crash occurs while a transaction to the file system is occurring the file system will usually easily and quickly recover by using the journal to bring the file system back into a consistent state.

Read on for more…

Snow Leopard comes with a great little new command in mcxrefresh, which as you might have guessed refreshes policy information. This allows you to request a new set of policies and provided the command returns with no errors the process has completed successfully (exit's 0). Use a UID using the -u option and use a short name using the -n option:

mcxrefresh -n cedge

You can also use the -a option, which prompts for authentication when dealing with Active Directory. There's not really a lot to mcxrefresh, but what there is turns out to be really useful.

The networksetup command is pretty useful for deploying static network information, which is otherwise tedious (to say the least).  In Mac OS X 10.6 there are three major additions to networksetup that have not gotten a lot of attention yet.  The first is that you can now use networksetup to import and export 802.1x profiles (and link them to certificates that you import from pkcs12 into Keychain), which will hopefully ease implementation burdens for environments with supported 802.1x setups.  The second is that networksetup can now be used to manage a Baseboard Management Controller (BMC), which is the chip that enables ipmi/Lights Out Management.  The third new option is the addition of network locations control from within networksetup.  This means that networksetup can now be used to configure basically the entire network stack. 

Read on for more…

On Mac OS X 10.5, if you connect two different ports on a host to two different networks and assign them with two different IP schemes then only one can act as the default gateway.  This means that any incoming packets will all, by default, get responded to over the default gateway; despite which interface the packets came in on.  You can customize your routing table using the route command but this can be tedious and doesn't always necessarily net the desired results.

Read on for a bit more…

Apple has made documentation available for 10.6, which is available here..

http://www.apple.com/server/macosx/resources/documentation.html

 At first glance, it appears to be a vast improvement from the documentation of 10.0-5, going into the detail of the different relationships between applications, as well as breaking out several applications that used to be grouped together. 

In a number of contexts, we hear about directory services plug-ins. A directory services plug-in is a way for a Mac OS X computer to leverage the DirectoryServices daemon to obtain account information (be it authentication or policy information) from a server. This might be an Active Directory server that uses the Active Directory Plug-in or an Open Directory server that uses LDAP. You disable plug-ins that you don't need and enable plug-ins (ie Active Directory plug-in or third party plug-ins) that you need in order to access directory services of various types.  These plug-ins are developed in the form of .dsplug files. The default plug-ins that Apple includes with Mac OS X are located in the /System/Library/Frameworks/DirectoryService.framework/Versions/A/Resources/Plugins folder in Mac OS X. Any .dsplug file stored in this directory will be loaded as a plug-in, assuming it matches the parameters laid out in the DirectoryServices API.

I had a hard time finding a step-by-step procedure for setting up OS X Server Wiki with Active Directory Integration (aside from just setting authentication to plain text on the Apple site) so, I wrote the following procedure.  Feedback is welcome.

 Enterprise Apple Xserve Wiki and Blog using Active Directory

NausicaMedia, the french ACSA company, has translated the latest "Tips and Tricks for Macintosh Management for Leopard" in french.

For all the french speaking sysadmins around the world, you will be able to read the John de Troye's guide for managing your users accounts in your own language.

"Trucs et astuces pour la Gestion du Macintosh pour Leopard" is available at NausicaMedia's website.

I just surfaced out of a situation with a Mac Server connected to ADwith Kerberos Authentication.  Much help was received from Apple and I was given permission to share the "fix" for anyone else out thereattempting this type of solution.  
The problem was the server name in AD and the DNS name were different(Disjointed Namespace).  This is because our external domain name[server.outside.org] differs from the AD domain [ad.inside.org] and theAD domain is not available on the internet.  Since this server isavailable to the outside world, we could not use the AD name.  TheActive Directory Plug-in cannot reconcile this difference.

Read on for more….

If you have an Open Directory infrastructure, and you want to secure your connections between the client and Open Directory services using SSL, the simplest solution is to purchase SSL certificates and install the certificate on your Open Directory Master and each Replicas.  However, each server will require its own certificate.  In this article, we'll look at how to create a Root Certificate Authority and how to create and sign certificates for your Open Directory Master and Replicas.

Read on for more…