[bschappel]

The only way that I know of to have the clients automatically find the OD Master is to have OS X provide DHCP. Apple has used some DHCP options that provide the name/address of the OD Master to DHCP clients.

You can easily disable the DHCP server in your router and add the service to the OS X server.

[bschappel]

Here’s how I handle this problem.

Go visit RapidSSL ( [url]http://www.rapidssl.com/[/url] ). Click the link to buy a new cert. When you get to the page that lets you choose the type of cert select [b][i]Competitive Replacement[/i][/b]. You can get a RapidSSL cert for free this way.

The RapidSSL cert is a single root (non-chained) cert. It works wonderfully with OS X.

[bschappel]

Is an OS X Server running the DHCP server process? The easiest way to make this work is to give your new Mini server a static IP and have it act as the DHCP server for your network. The client Macs find the OD server through DHCP. Your Mini server needs to either be the DHCP server or be bound to another Mac that is the DHCP server.

[bschappel]

Connect the servers to OD just as you do any other client computer; use Directory Utility. Once bound to OD the OD logins should start working.

[bschappel]

This isn’t FileMaker based but it’s pretty easy to setup and free.

[url]http://www.osticket.com/[/url]

PS: No affiliation, just a user.

[bschappel]

I use the utility “Software Update Enabler 2.0” ([url]http://www.allocinit.net/apps/suenabler/[/url]) to set the update server on all of my Macs, including my servers. What I found is that you can point the update server to itself as long as you use the FQDN of the machine. Don’t use localhost in the URL. My URL is the same on the server providing updates as it is on all of the clients. All machines point to:

http://asu.mydomain.com:8088/

Hope this helps.

[bschappel]

You need a great little gizmo called a gHead II. Dr. Bott used to sell them in the US but now they are only available in Germany. If you know someone in Germany that can send you some that’s what I recommend.

The gHead II is an adapter that attaches to video port on the Xserve. It tells the Xserve that there is a monitor attached that can display any resolution. It is/was a wonderful product.

[bschappel]

This is controlled by a policy stored in the /etc/cups/cupsd.conf file. Here’s a site with some info about the changes you need to make to this file:

[url]http://mattson.edgemereroadrunners.com/?p=291[/url]

After changing cupsd.conf I found you have to reboot to get the system to see the changes. Once you get it all figured out you can blast the new .conf file out with ARD.

Hope this helps.

[bschappel]

I do everything I can to keep servers off of the internet. I put everything behind a firewall. I haven’t come across any firewall that can provide NAT that does not allow for 1:1 NAT rules. While I don’t have any experience with your Cisco device I’ve used many others and they all to 1:1 NAT. The basic command to allow 1:1 NAT on all of my Cisco gear is:

[code]static (inside,outside) OUTSIDEIP INSIDEIP netmask 255.255.255.255[/code]

OUTSIDEIP is the internet routable IP address.
INSIDEIP is the “private” IP inside the firewall.
“netmask 255.255.255.255” limits the scope of the mapping to a single IP address.

Then you issue “conduit permit” directives to allow certain traffic through. Here’s an example that allows everyone access to port 80.

[code]conduit permit tcp host INSIDEIP eq 80 host any[/code]

You can issue as many “conduit permit” statements as needed to pass the traffic you need.

If you’re looking for a new firewall check out the Cisco ASA devices and the SonicWALL devices. I have lots of experience with each and they are much easier to configure than older Cisco devices. I would give SonicWALL the nod for ease of setup.

The Cisco uses a Java-based GUI admin util called ASDM. The SonicWALLs use an HTTP-based admin util. Both work fine on OS X.

As for your DNS issues this is easily solved by running two name servers. One name server should supply resolution for all computers inside the firewall and the other one handles requests for people outside the firewall.

[bschappel]

When I upgraded from Tiger to Leopard server I had a new Intel Xserve I wanted to use as my ODM. I also was changing the name and IP of the ODM. What I did that time was I did an OD archive (in Server Admin) and eventually did a restore on the new server.

I say “eventually” because I first opened the archive and edited some of the files. I did a search/replace of the old server FQDN with the new FQDN. This worked (to my surprise) and preserved all the passwords.

Perhaps this will give you some other ideas.

[bschappel]

OK, this is probably not the kind of post you want but what about trying this…

Since 10.5 is truly universal you could clone the system drive from your G4 Xserve to a GUID formatted SATA drive and install it in the Intel Xserve and boot it. Do the same sort of thing with the boot drive from the Intel box, clone it to an Apple partition table IDE drive and boot the G4 with it.

You can mount the drives in inexpensive USB enclosures for the cloning process. When the server reboot off the new drives you’ve basically switched the machines around.

Granted it’s a brute force approach but I think it will work.

PS: Use Carbon Copy Cloner or SuperDuper to clone the drives.

[bschappel]

I had this problem constantly with 10.4. I personally blame Apple Mail and Spotlight as the culprits. When Tiger Mail came out each message was converted to a single file to make Spotlight searching easier. This greatly increased the number of files that had to be accessed by NHD users. Under Panther a user with 50,000 messages in 50 mailboxes has to open 50 files. Under Tiger they had to open 50,000 files.

I tested this by having everyone log in and the server was fine. I then had people open Mail.app, one at a time, and watched as the AFP process went wild. I also found that once AFP went over 100% CPU it never recovered and the server had to be restarted.

I’ve been running Leopard server (with a mix of Tiger and Leopard clients) for about four months and have not had this problem reappear.

FWIW: the upgrade Leo server was not bad. I think you can do an in-place upgrade. I remember there was no way to upgrade from PPC Tiger server to Universal Tiger server but that Leopard would allow for a PPC Tiger to Leopard upgrade.

In the worst case (and I tested this) archive your OD info in Server Manager. Install a clean Leopard server, promote it to a master, and import the old archive. As I said it worked for me.

[bschappel]

This may not be of much help but if you’re near Moscone I don’t think there are many inexpensive hotels. I usually stay at the Hilton on O’Farrell and they are up to about $250 a night. There are a number of hotels near Moscone — I remember a Marriot almost directly across the street. I think that Apple usually arranges some decent rates at the closest hotels. Check the links that you received when you registered.

One consolation is that there are many good restaurants, bars, and entertainment within blocks of the convention center. You won’t spend any money on cab fare.

I hope that I’m wrong but at least be glad WWDC is not in NY. I’ve paid over $500 a night for a room the size of a large closet!

Enjoy your trip!

[bschappel]

To add another listener you need to edit this file:

/etc/postfix/master.cf

Find this line (the real line has tabs separating the fields so it will look different):

smtp inet n – n – – smtpd

add another below it:

587 inet n – n – – smtpd

Save the file and stop and restart the mail server. Server Admin will do this nicely. Your mail clients can now be configured to use port 587 to send mail.

Why port 587? It’s the standard alternate SMTP port. You can use any port that you wish as long as another service on the same box is not using that port.

[bschappel]

Line 86 of that script reads:

my $result=$ldap->bind("uid=$name,cn=$domain",password=>$password)

I found that I had to manually edit the search string. Let’s say my LDAP server has an FQDN of ldap.mydomain.com. I altered line 86 to read like this:

my $result=$ldap->bind("uid=$name,dc=ldap,dc=mydomain,dc=com",password=>$password)

and all of a sudden the script started working.

I hope this helps others.

[Author]

Posts