[maccanada]

The Intel Macs use something called GPT (GUID Partition table), which is a major advance over the old method of Master Boot Records (MBRs).

Again from kernelthread – the advantages of GTP:
64-bit LBA (thus, disk offsets are 64-bit).
Supports many partitions (without resorting to nesting schemes like “extended” partitions).
Uses version number/size fields for future expansion.
Uses CRC32 fields for improving data integrity.
Each partition contains a 36 Unicode character human readable name.
Uses a GUID and attributes to define partition content type (note that tagging each partition with a GUID makes relocation easier).
Uses a primary and backup table for redundancy.

This last point is a huge improvement – while not what I’d call frequent, I have experienced corruptions of the MBR on PC’s.

And this is taken from TechNet:
The GUID partition table (GPT) disk partitioning style supports volumes up to 18 exabytes in size and up to 128 partitions per disk, compared to the master boot record (MBR) disk partitioning style, which supports volumes up to 2 terabytes in size and up to 4 primary partitions per disk (or three primary partitions, one extended partition, and unlimited logical drives). Unlike MBR partitioned disks, data critical to platform operation is located in partitions instead of unpartitioned or hidden sectors. In addition, GPT partitioned disks have redundant primary and backup partition tables for improved partition data structure integrity.”

Anyway, you’ll need to have the version of disk utility that allows for creation and reading of GPT’d drives.

~Ian

[maccanada]

PXE is part of BIOS. EFI has full networking capabilities built-in, based on Free BSD’s TCP/IPv4 stack.

From kernelthread.com:
FI’s pre-boot environment is also meant to facilitate robust solutions for secure network booting, secure network resetting, remote provisioning and setup (through bootable “agents” that are EFI objects), remote management of system firmware, and so on. Thus, it is easier to deploy and manage a large number of “headless” servers.

So, yes, EFI contains a whole bunch of goodies previously unavailable which should lead to greater control of machines pre-boot, not just for Netboot, but also ARD.

~Ian

[maccanada]

No, you can’t boot from USB AFAIK. The same old Target Disk Mode via Firewire does still work, though.

EFI information can be found here at the official site and also here
That should help answer some of your questions.

~Ian

[maccanada]

Take a look at my article for doing your own custom rules.
Also take a look thinbits’ post in this thread for getting the right database to be updated when the learn_junk_mail script is run.

Finally you’ll need to make sure the /private/etc/mail/spamassassin/learn_junk_mail script is getting run on a daily basis – best off using cron for that right now.

You should also turn up the spam/anti-virus log level in ServerAdmin – it will show exactly what is going on with each message.
Looking at the headers in your mail client will also show which rules were matched – you should see BAYES_XX when the Bayesian filtering is working.
We’re getting *maybe* 2 messages a week get through the filter (level set at 3).

[maccanada]

Are you talking about the IMAP port? When runing Squirrelmail on the same server as the IMAP service, there’s little benefit in encrypting the IMAP traffic between the two. If you’ve separated out the two services onto different servers, sure you’d want this on, but otherwise I’m not sure what purpose it has with a single server setup. Using SSL will encrypt all the traffic from the server down to the client.

I’m using SSL and cram-md5 with no problems. The IMAP port is 143. 993 is used for IMAPS (or secure IMAP) which is typically used by email clients to talk directly to the IMAP server over SSL.

Squirrelmail does not currently (or at least properly) support IMAPS, I
believe…

[maccanada]

On Squirrelmail, trying to hit any page in your history (once the session has timed out) will return you to the login screen. It doesn’t look like cache files are getting created when getting webmail through SSL either…

If you can specify using Safari, you can also turn on private browsing so no history gets written.

[maccanada]

The crashing is probably because the configuration file can’t be parsed due to your changes. It’s nothing to worry about, merely an indication that your setup can’t be shown in the ServerAdmin GUI – servermgr_dns is the process that server admin uses to display andedit the DNS configuration.

You can delete/rename/move the DNS.bundle from within Serveradmin.app quite happily – obviously you’ll have no DNS section anymore, but it will stop the crash messages 🙂

[maccanada]

Probably easiest to go interactive…(replace yourserver with your LDAPv3 entry name)

dscl localhost

cd LDAPv3/yourserver/Users
read username

[maccanada]

Have you tried the Gateway setup assistant? Works just fine for basic stuff.

[maccanada]

What components of OD are running. The overview tab in SA will indicate if SASL and Kerberos are running. It sounds like Kerberos isn’t.
SA has all the log files for the OD components.
Troubleshooting has been added to 10.4.3 to indicate at the login screen if the server(s) are available. See andrina’s article on 10.4.3 for details on this and on how to set a delay to ensure network is up and running.

[maccanada]

Sorry for asking the obvious, but…has it been locked at the front?

[maccanada]

Well the logs from the router and firewall on denies/refused packets gets emailed to me, once a day, and immediately on suspicion of intrusion.

Ditto the backup logs. There’s an article on doing a centralized syslog to put all your log files in one location for easier admin.

[maccanada]

Have you set the sharepoint to inherit permissions?
How are the clients connecting to the server? OD accounts?
Anyway…
The easiest way to change ownership and permissions is through the command line.
cd /pathtosharepoint
chmod -R 777 *

This will set the permissions to rwx for owner, group and everyone so take care before using it. You can change each of the numbers in the 777 to set the permissions you need using the following table:
4 – allow write access
2 – alllow read access
1 – allow execute (or search within for folders)

So 766 would be rwx for owner, and rw for group and everyone else.

You change ownership of files in the same way:

chown -R user:group *

This will change the ownership of everything in the current directory down, recursively. If you only want to change the group use :group – if only one name is given it will assume it to be a user.

[maccanada]

I let the daily, weekly and monthly scripts run and that’s about it.
In terms of checking…
Diskspacemonitor
Server Monitor / SNMP / [insert favourite snmp tool here]

Once my servers are up and running I like to leave them alone to get on with their jobs.

[maccanada]

Same here!

[Author]

Posts