Freeradius under 10.3 Server

Get RADIUS authentication working with Open Directory and more on OS X Server

RADIUS allows for 802.1x, WPA Enterprise and other forms of authentication. Between RADIUS and LDAP you should be able to authenticate just about any network service that you need.

Read more

Using DNS in OS X Server to Block Ads

Right, we all hate ads, don’t we?

Good. Then if we could use the DNS built in to OS X server to block the ads from appearing on any client that uses
that DNS server, it would be a good thing, wouldn’t it?

Read more

Macenterprise.org Announces Macenterprise day

On behalf of the MacEnterprise.org Steering Committee, we would like to extend an invitation to everyone to attend the MacEnterprise Day in San Francisco. This FREE meeting and conference event will be held Sunday June 5, 2005, one day prior to the opening of Apple’s WWDC 2005.

We will be discussing topics relating to all aspects of deployment of macs in the enterprise, including:

-Directory Services
-Beginning your Enterprise deployment
-Network Home Directories and Directory Services
-Parallel computing, including XGrid and Pooch
-Apple Remote Desktop innovation
-Advanced troubleshooting
-Enterprise Streaming Services, including Audio and Video

as well as roundtable discussions about what’s hot in the enterprise today!

Registration is now open, and seating is limited. For more information, please visit:

http://macenterprise.org/enterpriseday

Read more

IP Failover in OS X 10.3 Server

Stupid-simple high availablity server solutions using the built-in failover scripts in 10.3.

OS X Server has had a variant of this system since 10.2, however few people have used it, or even realize it exists. Here’s a walkthrough of how to provide an active/passive solution for web and MySQL services.

Udated: 3/30/05: Fixed information about LUN masking on Xserve RAID.

Read more

How to install and update the Checkmate tripwire

A quick way to get secure hashes of all yer goodies

A glance at the underground sites shows a growing number of rootkits in development. Combine this with known, unpatched vulns, like the iSync mrouter privs escalation vuln, and I’m feeling naked without a tripwire.

Ed. Note: A tripwire application hashes a set of files and then looks for the files to change. Hopefully alerting you when that happens.

Read more

J2EE Deployment

How the … do I keep JBoss happy?

I’m having trouble finding troubleshooting information for the default JBoss installation on OS X Panther Server. Either no one is using it or no one but myself has had any trouble with it!

Read more

Using Microsoft’s Services For UNIX to serve NFS home directories

Get Windows to play nice with your OS X clients using NFS

AD integration works reasonably well for Mac OS X clients, but what if you’re running, say, an XServe G5, and you need to provide access to Windows-based home directories for multiple command-line users (via ssh, telnet, etc.) on your server simultaneously?

updated 3/29/05: fixed missing whacks in Windows paths.

Read more

Better periodic maintenance

This solves a problem with laptops (and/or desktops) being on again off again and perhaps missing the absolute time of the cron jobs run via periodic (daily, weekly, monthly).

Read more

Split routing for VPNs

We are getting to roll out Laptops to bunches of Faculty and staff and the Windows VPN server and the Windows Laptops play well with each other and the Windows laptops even have a little check box that you can check to tell it to NOT use the default gateway on the remote host. The Macs have no such "little check box".

Read more

Centralized and unsecure logging with syslogd

Get syslog to do your bidding and send logs to a remote machine.

A quick run-through on how to make syslogd be promiscuous and take logs from strangers.

Read more