I just surfaced out of a situation with a Mac Server connected to ADwith Kerberos Authentication.  Much help was received from Apple and I was given permission to share the "fix" for anyone else out thereattempting this type of solution.  
The problem was the server name in AD and the DNS name were different(Disjointed Namespace).  This is because our external domain name[server.outside.org] differs from the AD domain [ad.inside.org] and theAD domain is not available on the internet.  Since this server isavailable to the outside world, we could not use the AD name.  TheActive Directory Plug-in cannot reconcile this difference.

Read on for more….

If you have an Open Directory infrastructure, and you want to secure your connections between the client and Open Directory services using SSL, the simplest solution is to purchase SSL certificates and install the certificate on your Open Directory Master and each Replicas.  However, each server will require its own certificate.  In this article, we'll look at how to create a Root Certificate Authority and how to create and sign certificates for your Open Directory Master and Replicas.

Read on for more…

If you are in an environment where you are integrating Mac OS X with a 3rd party KDCs, you already know about builtin:krb5authnoverify addition to your /etc/authorization.  But did you know that you can use the builtin:krb5authenticate option to provide better security by assuring that your KDC is not being spoofed?  Are you safe from the "Zanarotti attack"?  Read on to find out how to get it set up and running.

Corsair has updated their series of "Securing Mac OS X" white papers to include "Securing Mac OS X Leopard (10.5)". This is an update of the Tiger version to include "the new security features offered by Mac OS X Leopard."

You can find this, previous versions, and others on their Technical White Papers page. You can download the Leopard PDF directly here.

If you've ever tried using the command line to change the defult NetBoot image on your OS X Server, you know that it can be a pain in the butt and have probably resigned yourself to just using the GUI — even though it takes seven clicks (from initial launch of Server Admin) to do it.

Because of the numerous times I've wanted to change the default NetBoot image while away from my admin tools — not to mention my increasing distaste for those seven clicks — I came up with a script that makes switching the default NetBoot image from the command line dead simple.

You can read more about it here (including how to install and use it) or download it directly here.

You might have read some of our previous articles talking about using kicker to perform actions on network status changes.

This was always an unsupported solution, and with Leopard it turns out that Apple no longer needed kicker, and so they got rid of it.

Chris Adams and I started kicking around some ideas in Python, and the result is an incredibly flexible framework for triggering events on any change to the SystemConfiguration API, NSWorkspace notifications, and filesystem changes via FSEvents.

You can find this along with some other useful Python Mac sysadmin utilities at the Google Code site pymacadmin.

Anyway, there's a problem.

We need a name.

[Edit: 2008/07/23 – We have a winner! Kok-Yong Tan came up with "cranker" and the primary daemon will be called "crankd" ]

Read on for details….

NausicaMedia, the first french company certified on Mac OS X and Mac OS X Server, has translated the "Tips and Tricks for Macintosh Management" of John de Troye in french.

Although this is the Tiger Version, the Leopard's one is not released yet, everyone know how much this documentation can be important as a practice for a sysadmin. The Tips and Tricks have been many times lauded like the documentation you can't get from a training center !

"Tips and tricks for the Macintosh Management", sorry : "Trucs et astuces pour la Gestion du Macintosh" is available at NausicaMedia's website.

Ed. Note: Perhaps a word of warning? Discuss. 

Firefox 3 appears to have issues with user accounts not located on the main drive.  At the very least it cannot deal with a network user account being located on a remote OS X Server.

When I updated to Firefox 3, I immediately noticed that Bookmarks were not visible under bookmarks menu.  The Search engine field had a generic icon and when I selected 'Manage Search Engines', the dialog box was frozen and I couldn't get out of it without quitting Firefox.  When I tried to enter a URL into the URL field and press 'enter', nothing happens.  However, when double-click on a URL in an e-mail message, that appears to work.

I initially ran Firefox 3 on a client Mac OS X 10.5.3.  My home directory (and thus my Firefox profile) is on an XServe running OS X 10.5.3 Server.

When I switched to a local admin account (i.e., Firefox profile on the local hard drive), it seems to work fine.  However, when I switch back to my network home account (on our XServe), it still displays the problems described above.  I tried other user accounts on our XServe with the same problems.

Downgrading to Firefox2 solved the problems with no apparent permanent damage to the Firefox user profile.

As is, Firefox3 is completely unusable for my set up.  I'll stay with Firefox2 until this is resolved.

Today marks the release of 10.5.3 Client and Server. There have been a few nasty bugs in Leopard Server that have given us a headache or two. The primary being being the Directory Services issue with AFP connections. The other one I wrote about awhile ago was in Server Admin and creating DNS records. According to the release notes these bugs and more are eradicated. As well as AD binding issues, DHCP, Software Update Server, Password changes and augment directory records. You can read about it in detail here and download the combo updater to boot:

http://www.apple.com/support/downloads/macosxserver1053comboupdate.html

 Please post comments back to see if you 10.5 Server annoyances are gone. I know I have quite a few things to test this week.

(Ed. Note. One of our favorite additions in 10.5.3 is the ability to create augment records in WGM now. So all you advanced server config users rejoice!)

There were some bugs in the first version of the "Mac OS X Server Open Directory Administration For Version 10.5 Leopard"  

Check out the new version. 

Open Directory Administration 

http://images.apple.com/server/macosx/docs/Open_Directory_Admin_v10.5.pdf