• Mac OS X,  Mac Security,  Mass Deployment

    Before You Upgrade to macOS Server 5.4 on High Sierra (macOS 10.13)

    The latest version of the Apple Server app is out (macOS Server 5.4), and before you upgrade, there are a few points to review: As always, make a clone of your computer before upgrading. During the upgrade to High Sierra, if the operating system is running on a solid state drive, the drive will automatically upgrade to APFS. You cannot share APFS volumes over AFP, so if you’re running file services, make sure you’re aware of that. You can choose not to upgrade to APFS using the command line to upgrade a server. Even though the file sharing services are not in the Server app, you can still configure ACLs…

  • Mac OS X Server

    Demote an Open Directory Master using the Server app

    macOS Server 5.2 running on Sierra can have problems with Open Directory. Sometimes, you just need to reset your directory service. You can demote and restore the server if needed. But buyer beware, you may end up screwing things up while the directory server is being demoted and you’re restoring a backup. Or if you haven’t built out the directory server, you may end up just demoting the server and starting over. In this article, we’ll look at demoting the server. To get started demoting the Open Directory master, first open the Server app and click on Open Directory. From the Open Directory screen, click on the minus button in the Servers…

  • Mac OS X,  Mac OS X Server

    Navigating Through accountsd in macOS

    The directory services options in macOS has quietly been going through some slow changes over the past couple of years. Many of the tools we use to manage accounts look similar on the outside but sometimes work a little differently under the hood. Account information is still stored in the /var/db/dslocal/nodes directory. Here, the local directory service pulls files from within directories recursively when accountsd loads. You can still create a second instance of the local directory service by copying the Default directory. For example, here we’ll copy the Default directory node to a directory node called NEW: sudo cp -prnv /var/db/dslocal/nodes/Default /var/db/dslocal/nodes/NEW If you killall accountsd then wait (this is…

  • Mac OS X Server,  Mac Security,  Mass Deployment

    OS X Server 5 Logs

    OS X running the Server app has a lot of scripts used for enabling services, setting states, changing hostnames and the like. Once upon a time there was a script for OS X Server called server setup. It was a beautiful but too simplistic kind of script. Today, much of that logic has been moved out into more granular scripts, kept in /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup, used by the server to perform all kinds of tasks. These scripts are, like a lot of other things in OS X Server. Some of these include the configuration of amavisd, docecot and alerts. These scripts can also be used for migrating services and data. Sometimes the scripts…

  • Mac OS X Server

    Manage Users In OS X Server 5

    There are four ways to create users in OS X Server 5, running on El Capitan or Yosemite. The first is using the Server app, the second is using Workgroup Manager (which barely works in OS X El Capitan and won’t install in El Capitan by default), the third is using the Users & Groups System Preference pane and the fourth is using the command line. In this article we will look at creating users in the Server app. To do so, open the Server app and connect to your server. Then click on the Users entry in the ACCOUNTS list. The list of users is displayed, based on the directory…

  • Mac OS X Server

    Promote An OS X Server To A Replica

    Previously, we looked at setting up an Open Directory Master in OS X Server. An Open Directory Replica keeps a copy of the Open Directory database available for users even when the Master goes offline. But it can also take a part of the load from the Open Directory Master and when using the new Locales feature, balance network traffic. To get started with an Open Directory Replica, first enable SSH, now disabled by default. If SSH is not enabled, you will not be able to create an Open Directory Replica. SSH is enabled on a server by opening the Server app, clicking on the name of the server and…

  • Mac OS X,  Mac OS X Server,  Mass Deployment

    Ask serveradmin If an Open Directory Certificate Authority is Available

    The serveradmin command has an option to run commands. I’ve talked about these in past articles, for doing tasks like asking how many concurrent NFS connections are open on a host. Well, here’s another, and it’s a simple command. Here, we’re going to look at whether the Open Directory server has a CA. To do so, we’ll use the serveradmin command, along with the command verb. Then, we’ll add the certs option, followed by command= and then the payload of the command. In this case that’s isODCAPresent: sudo serveradmin command certs:command = isODCAPresent This is a simple, informational command, similar to the web:command of getSites or the mail:command of getConnectedUsers.…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Destroy Open Directory Servers Using The Server App

    You can destroy an LDAP server using the Server app (and still using slapconfig -destroyldapserver). To do so, open the Server app and click on Open Directory. Then click on the Open Directory server in the list of servers. When prompted to destroy the LDAP Master, click on Next. When asked if you’re sure, click Continue. When asked if you’re really, really sure, click Destroy. Wait.

  • Mac OS X Server

    Demoting An Open Directory Server In Yosemite Server

    The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# slapconfig -destroyldapserver The logs are as follows: 2014-09-18 14:42:02 +0000 slapconfig -destroyldapserver 2014-09-18 14:42:02 +0000 CopyReplicaArray: ldap_search_ext_s failed 2014-09-18 14:42:02 +0000 Error retrieving replica array 2014-09-18 14:42:02 +0000 Deleting Cert Authority related data 2014-09-18 14:42:03 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/Take Control Books Open Directory Certification Authority. 2014-09-18 14:42:03 +0000 command: /usr/sbin/xscertadmin…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Configure Messages Server In OS X Yosemite Server

    Getting started with Messages Server couldn’t really be easier. Messages Server in the OS X Yosemite version of the Server app uses the open source jabber project as their back-end code base (and going back, OS X has used jabber since the inception of iChat Server all the way through Server 3). The sqlite setup file is located at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd directory and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. The actual jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd, where there are a couple of perl scripts used to migrate the service between various versions as well. Setting up the Messages service is simple. Open the Server app and click on Messages…