[bschappel]

Did you make any changes to your clients search policy? You’ve got to add your server into the search path so that the clients know to look to the server for accounts.

If you’re running 10.5.x on your clients run /Applications/Utilities/Directory Utility.app and add odm.myserver.com to the list of servers (which should be empty). Save your changes and, to be safe, restart the client Mac. You should now be able to login with WGM accounts.

[bschappel]

I would use a few Macs to copy the data to the new server over the network. I’ve done it with lots of Macs copying and also I’ve used Retrospect (on Mac) to duplicate the files from the Mac server to the Windows server.

[bschappel]

I tried something very similar using rsync and had very poor results. Rsync would spend so much time trying to figure out what had changed it never really got around to performing the sync.Rsync worked for a while but when the number of files grew it stopped being efficient.

I eventually went looking for commercial products and came upon FileReplicationPro. When setup properly this worked pretty well. It uses file system events and will only sync changed files. It works in real time as well. If one file changes it will start replicating immediately. You can try FRP for 30 days. I’d give it a shot.

[bschappel]

I think it’s time for Apple to move the conference to Moscone East. Selling out in 12 hours means that many, many developers can’t attend. I am certainly one of the unlucky ones that didn’t have a chance to buy a ticket.

I also am dismayed at the lack of an IT track. Those sessions were always packed and usually overflowing. I don’t understand why they are not offered anymore. They were so valuable.

[bschappel]

I highly recommend Sohos AV. I’ve used it for many years. It has proven to be very reliable and has caused no issues with my desktops. It has central update capability. If you are an Active Directory shop you can manage Windows boxes and Macs from the same centralized console. If you’re Mac only or don’t use AD then their Mac management console can handle the Macs separately from the Windows clients.

[bschappel]

I’m going to guess that this server is not accessible to the internet as a whole and assume you’re using private IP numbers. If that is true then I’d say the easiest way to solve this is to add another IP address to your server and have the iweb.domain.com be mapped to that IP in DNS with an A record.

To add an IP address to your server simply open the Network PrefPane and duplicate the Ethernet interface. Now just edit the duplicate Ethernet interface settings and change the IP address. (Another option – If you’re not using the other ethernet port on the Xserve you could assign the IP to that interface and plug that port into your network switch.)

In Server Admin go the the iweb.domain.com entry and set it to use the IP address on the duplicate interface. Apply the settings and (if memory serves) it should work.

The reason it was not working on the setup you had is that your web traffic is going over port 80. The wiki is already using port 80 on your existing address. Two sites can’t use the same port unless you enable virtual hosting in Apache. By giving the server another IP address you serve another site on port 80.

You can avoid the multiple IP addresses if you enable virtual hosting in the web server. This will examine the URL that is requested and serve different content based on the URL.

Hope this helps.

[bschappel]

One thing I see is that the reverse DNS lookup is now matching the forward lookup. What do you get when you enter the command: [code]host 10.32.9.57[/code] If this does not return “LONDMSTWIST.EMEA.SCHAWK.COM” then you need to edit your 9.32.10.in-addr.arpa file on your DNS server and change the entry for 57 to “LONDMSTWIST.EMEA.SCHAWK.COM.”. Notice the period at the end of the FQDN. This is VERY important.

You don’t mention what you’re using for your DNS server. What are you using?

Hope this helps.

[bschappel]

I have two ways I’d approach this. The first is mod_rewrite. A quick tutorial is [url=https://portal.data-basics.com:443/tmtrack/tmtrack.dll?View&I=25195&T=1000]here[/url]. Using mod_rewrite you could map the .aspx pages to .php and then read the resid from the query string, and then start the download of the needed file.

The other way would be to map the .aspx file type to another scripting language. So when an aspx page is delivered it’s first run through an interpreter (such as php).

Does that make sense?

[bschappel]

Yes, this is 100% possible and almost trivially easy. I do this for our remote offices so that they have a local copy of the master zone file on their local network.

OS X runs BIND for DNS. You’re probably running BIND on your Linux box too. Just add the IP address of your OS X box to the ACL for your DNS slaves and create a secondary zone on your OS X box.

Your ACL’s are usually defined in the named.conf.local file on your master server. Here’s a sample ACL:

[code]acl dns_slaves {
10.1.1.3;
10.10.10.90;
10.10.12.9;
};
[/code]

Then in your zone declaration you add an “allow-transfer” option. A typical zone declaration would look like this:

[code]zone “mydomain.com” {
type master;
file “master/db.mydomain.com”;
allow-transfer { dns_slaves; };
};
[/code]

Use the GUI in Server Admin to create the secondary zone on your OS X server. It should work immediately.

[bschappel]

Remember when Steve Jobs came back to Apple and said they were going to “milk Mac OS 9” for all it’s worth? I think that is now the attitude toward OS X. OS X will be milked to generate iPhone/iPad/iPod OS. Apple has gotten addicted to the constant revenue stream from “subscribers”. With the success of the super-closed platforms of the iPhone/iPad OS X has to be looked at as the red-headed stepchild. Even the attention paid to the Mac has dwindled from Apple. The hardware is not revved as quickly as it needs to be. The switch to Intel commodity hardware has not reduced prices. Even the elimination of the Premier developer plans, developer hardware discounts, and other perks is distressing to me.

I LOVED the IT track at WWDC. It’s the only reason I went. The general Mac sessions have been getting reduced over the last two years. This year it’s mostly iPhone. I bet next year it’s almost all iPhone.

Jobs wants total control of everything Apple. An open platform like OS X does not allow total control. So the Mac will be milked for all it’s worth.

Just my opinion.

[bschappel]

Apple has a technote for creating a loginhook here: [url]http://support.apple.com/kb/HT2420[/url].

Another great resource is located here: [url]http://www.jochsner.dyndns.org/scripts/Scripts.html[/url]. Checkout the NHR package. It installs a nice loginhook system. One master script that runs all scripts in a folder. It also shows you how to get the user name and find the users home directory using dscl. Very nicely done.

[bschappel]

It’s not a super elegant solution but you could write a loginhook that unloads the daemon, rewrites the plist, and then reloads the daemon. This would be pretty easy since a loginhook runs as root and the $1 parameter is the username.

[bschappel]

If there is another local account on the Mac you can add it to the admin group with this:

[code]dscl . -append /Groups/admin GroupMembership localuser[/code]

In that line “localuser” is the shortname of the local account you want to make an admin.

Does that help?

You could always boot the server from an install DVD and change the password on the account.

[bschappel]

Pay a visit to [url]http://www.cacert.org[/url] and setup an account. You can generate free certificates. Add their root cert to your keychain and the certs will always be trusted.

Download their root cert, in PEM format, and save it as CACertroot.crt at the root of your startup drive. Then use this command to add the cert to your keychain.

[code]/usr/bin/security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” /CACertroot.crt[/code]

The above command is for Leopard and SL.

Doing this will eliminate the certificates from your troubleshooting chain. Hope you figure it out.

[bschappel]

To actually answer your question — YES it is that simple. You probably don’t want to use a mask of 255.255.0.0 because that is a HUGE network. If you use a subnet mask of 255.255.252.0 you’ll have one network with 1022 host IPs. This mask will give you a network that can use all of these IPs:

192.168.0.x
192.168.1.x
192.168.2.x
192.168.3.x

In CIDR notation this network is 192.168.0.0/22.

There is a nice on-line subnet calculator here: [url]http://www.subnet-calculator.com/[/url]. You’ll want to look at making “Class B” subnets.

[Author]

Posts