[Detrius]

Wow… this is an old thread to revive. To give anyone reading a little heads-up, I wound up getting a programming job instead of a sysadmin job. My certification expires next month, and I never really got much of a chance to use it. However, having the certification has helped a bit at my programming job, as I’ve become the IT guy for anything that does require heavy-duty Windows Server skills. AND, thanks to some of the new Leopard features (e.g. time machine and the iCal server), we’re planning on switching over to a Mac server sometime next year. 🙂 Of course, my certification expires next month, but I’ve proven I can handle it.

[Detrius]

I have had some weird issues with Kerberos on 10.4.0 server as well. The 10.4.1 update hosed my OD setup as well. However, I never wiped the system and reinstalled. There’s nothing wrong with the actual installation, and reinstalling is just a headache that you don’t have to go through. What I have done is export the user definitions (and computer lists, etc…) in workgroup manager. Then, demote the server to standalone, and then re-promote it back to OD Master. You can then import the user definitions. You will have to manually change the password to be an OD password–you’ll have to reset the password as well.

Once I have it working, I use the nifty new backup feature in Server Admin. Then, if I hose it at some point in the future, I can just restore using the same feature. This is a very useful and timesaving new feature.

[Detrius]

The training is not necessary to pass the tests, as all of the information is available in the Server Admin Guides, man pages, and the Skill Assessment Guides. That was enough for me to pass the tests (though it takes much longer than a week to prep for the tests).

Also, having the ACSA is by no means a guarantee of a job. It will get you attention, as it puts you near the top of the list, but it’s up to you and your actual experience to get the job.

[Detrius]

http://train.apple.com/certification/acsa.html

Things just changed. The 10.3 tests will be available until the end of 2005. Anyone who passes the 10.3 tests is automatically an ACSA 10.4. Afterwards, you have to do the 10.4 route.

That’s my take on this.

[Detrius]

I posted a reply to your post on the macnn.com message board.

For those that don’t want to follow links (or in case that one goes away), here’s the info:

[quote]
You have to love man pages.

Did you know that you can do everything that the Server Admin application does with a web browser? It’s not necessarily easy, but you can pull all of the information out in an XML plist type file.

Point your browser at:

https://yourserver:311/

You may be VERY surprised with what you find.

You can use that to figure out what commands to pass to serveradmin. The one you are looking for is:

serveradmin command mail:command = getUserAccounts
[/quote]

[Detrius]

If you have access to OS X Server, the ACTC test isn’t particularly difficult. Make sure you read the skill assessment guide though.

[Detrius]

Welcome to the club! I did it the hard way too. I took both tests on the same day and passed them both the first time.

I did the same thing with the ACTC a few months prior to the ACSA.

[Detrius]

[QUOTE BY= MacTroll] Like sample config files?[/QUOTE]

You have a simple StartupItem in the downloads section that I modified to fix an odd DNS issue that I was seeing with 10.3.5 and 10.3.6. I created a startup item to check to see if the DNS server was resolving the local machine name, and if not, I HUPped named. I passed this modified script off to a client of mine, as he was having the same problem. The fact that you effectively had a shell of a StartupItem saved me from the time of having to research what had to be done. This also saved me from instead modifying rc scripts or something else like that.

[Detrius]

I wanted to throw in a few small details here. Today, I was having the same problem of users not being able to log in (spinning beach ball after clicking login). system.log showed a lot of the “nfs server automount -fstab [PID] not responding” errors. I also got the symlink errors. I did a killall automount and then went through and removed all folders from /automount. I also removed /private/Network and /private/_Network_. I think I may have also removed /private/var/automount. It is very important that automount not be running when you do this, as an rm -fr could wipe your system. You should also double check using df that nothing is mounted in these locations and you should specifically triple check that there are no important files in these folders.

Then, reboot.

As far as you wanting user folders to be stored locally on the client computers: you could get open directory running properly and then enable mobile accounts. This may be the simplest way to get an effect similar to what you want.

[Detrius]

[QUOTE BY= gw1500se] Thanks for the reply. The ‘dscl’ command was the key. I wish I knew how to find commands when I don’t know what to look for. [/QUOTE]

Apple’s Server Admin Guides are very helpful. Surprisingly, the ACSA Skill Assessment Guides also have a lot of information as to which commands you should be aware of.

[Detrius]

Your confusion over the two different results when querying are likely unrelated here. The important thing is the resolution of the server must work. What the clients see is unimportant as far as getting the KDC running is concerned. It’s important later, but not now.

Check the folder /var/db/krb5kdc/. There should be a dozen or so files in this folder for the KDC to run properly. If the folder doesn’t exist, create and and make it accessible only to root. Then, demote your server to standalone. Save the setting. Reboot for good luck (probably not necessary). Then, promote the server to OD Master. Check in /var/db/krb5kdc/. See if the files are there. If not, repeat the process. I’ve had to do this two or three times before without changing anything else before it would work.

Once you have the kdc running, we can tackle whether or not your addition DNS settings are an issue. For now, what the clients see isn’t as important as what the server sees.

[Detrius]

I’ve had some issues sometimes if /var/db/krb5kdc does not exist before running the aforementioned commands.

Also, the Kerberos stuff is launched at boot by watchdog. This is in /etc/watchdog.conf — and the -f flag on one of the commands (kdcsetup, I think) tells it to add the appropriate Kerberos entries to the watchdog file.

Lastly, if you ARE starting from scratch, then you should initially configure your machine as a standalone open directory server. Then, you configure the DNS and make sure that it is working correctly (set your network settings here too). Then, promote the server to OD Master, and all should be good. You can make sure the processes are running. If not, verify that /var/db/krb5kdc exists and is populated. If the folder does not exist, create it and re-promote the server.

[Detrius]

[QUOTE BY= jaol] [QUOTE BY= Detrius] BTW, to those that don’t know: Apple is running a promotion until the end of the year that each OS X test you pass this year gets you a free OS X test next year. Therefore, if you pass one of the two tests this year, you get a freebee do-over next year for the other test. If you pass both tests, you get to take the 10.4 update for free.[/QUOTE]

Can You point out where it is mentioned…[/QUOTE]

http://train.apple.com/certification/promo/

[Detrius]

I did not take the class, BTW. I only recall there being two routing table questions… three at the most.

I’d tell you more, but I kind of like us ACSAs being few and far between…

The bottom line is that you can get enough from the server admin guides and man pages to pass the test.

You do still have to have a clue about Unix user and permissions management, though. Do you know what a umask is?

I do find it odd that these tests didn’t overlap with the ACHDS test. You don’t have to have a clue what the differences between /Library, /System/Library, and ~/Library are.

[Detrius]

I’m taking the tests tomorrow. Any other last minute recommendations?

BTW, to those that don’t know: Apple is running a promotion until the end of the year that each OS X test you pass this year gets you a free OS X test next year. Therefore, if you pass one of the two tests this year, you get a freebee do-over next year for the other test. If you pass both tests, you get to take the 10.4 update for free.

[Author]

Posts