Archive for category: Articles

If you are in an environment where you are integrating Mac OS X with a 3rd party KDCs, you already know about builtin:krb5authnoverify addition to your /etc/authorization.  But did you know that you can use the builtin:krb5authenticate option to provide better security by assuring that your KDC is not being spoofed?  Are you safe from the "Zanarotti attack"?  Read on to find out how to get it set up and running.

You might have read some of our previous articles talking about using kicker to perform actions on network status changes.

This was always an unsupported solution, and with Leopard it turns out that Apple no longer needed kicker, and so they got rid of it.

Chris Adams and I started kicking around some ideas in Python, and the result is an incredibly flexible framework for triggering events on any change to the SystemConfiguration API, NSWorkspace notifications, and filesystem changes via FSEvents.

You can find this along with some other useful Python Mac sysadmin utilities at the Google Code site pymacadmin.

Anyway, there's a problem.

We need a name.

[Edit: 2008/07/23 – We have a winner! Kok-Yong Tan came up with "cranker" and the primary daemon will be called "crankd" ]

Read on for details….

NausicaMedia, the first french company certified on Mac OS X and Mac OS X Server, has translated the "Tips and Tricks for Macintosh Management" of John de Troye in french.

Although this is the Tiger Version, the Leopard's one is not released yet, everyone know how much this documentation can be important as a practice for a sysadmin. The Tips and Tricks have been many times lauded like the documentation you can't get from a training center !

"Tips and tricks for the Macintosh Management", sorry : "Trucs et astuces pour la Gestion du Macintosh" is available at NausicaMedia's website.

The MacEnterprise.org group will be presenting a Webcast on InstaDMG: Image Creation Revolution on April 15, 2008 at 1:00pm EDT (10:00am PDT).

InstaDMG is revolutionizing the way that Mac sysadmins create ASR deployment images and it can help you too. More than just a tool, InstaDMG is actually a methodology for deployment image creation and testing. In this webcast we will cover both the methodology and the reference tool in detail, including a roadmap of the reference script feature set.

For more information on how to view the webcasts, please visit: http://macenterprise.org/content/blogcategory/113/96/

The login ID for April 15th Webcast : MacEnterprise

Passcode for April 15th Webcast is : 724412

Go to the following web page 5-10 minutes prior to the webcast start time: http://webcast.training.apple.com/

Webcast Coordinator

Macenterprise.org

As part of some self-documentation, I posted on my personal blog exactly what works and where I found the help for getting an OpenDirectory 10.5 Server running from a 10.4 in production box. The twist is that I needed to keep my SID and other PDC functionality that I've inherited up from 10.3.9. Yes, it can be done, and no you can't upgrade. Below is the reprint from my blog which I'm posting here for posterity:

Leopard server brings us a new interface for managing amavis in Server Admin. But, using some of the options of Server Admin's GUI doesn't modify correctly /etc/amavisd.conf and brings some weird issues

LANrev announced today that their InstallEase automated packaging tool is now free.

InstallEase is a tool for creating installer packages and has functionalities like automated "Before" and "After" snapshots, installation of files to current user's home folder, exclusion filters and uninstaller packages all wrapped into a graphical user interface for administrators.

Registration is required to get the free download, and is available here –http://www.lanrev.com/solutions/installease.shtml

After installing Leopard Server and ISC DHCPD, I had an itch- my logfile that I created (/var/log/dhcpd.log) was not getting rolled like the other logs.  I started looking into how Apple does this, and found a nice utility that is new in Leopard, although not new to the UNIX world… newsyslog.

Read on for more…

When the Apple Store came back up after this morning's Tuesday outage, I thought the new $49 price tag on the shuffle summed up the changes.

But I was wrong. 

Xsan2 has been released. See apple.com/xsan

And we have a big change up at apple.com/server/storage

We don't have new Xserve RAIDs, not exactly. 

It looks like Xserve RAID has been replaced with Promise's "VTrak E-Class RAID" units.

It is the same 3U, but instead of 14 drives, the Promise holds 16 drives.

Instead of PATA, now we have the choice of SATA or SAS. (750GB for SATA and 300GB for SAS drives). 12TB raw capacity if you want one big dangerous RAID 0 LUN.

4Gb/s FC instead of 2Gb/s.

Dual active/active controllers.

And of course, it supports Xsan 2. 

To activate the autobuddy function for the Jabber server first get the actual settings:  

sudo serveradmin settings jabber  

jabber:enableAutoBuddy = no

Notice that it's off, so now go ahead and set it to yes:

sudo serveradmin settings jabber:enableAutoBuddy = yes

After which you'll have to restart the Jabber server. Now comes the secret sauce, you have to manually run the process to update the buddy list for all users.

sudo /usr/bin/jabber_autobuddy -m  

Note that this has to be done every time you add a new user to the Jabber server. Also, users that are currently logged in will have to log out and back in again for the new users in the buddy list to show up.