Likewise Open 5.3 Supports Snow Leopard

Likewise 5.3 supports Snow Leopard at 32 or 64 bit! Likewise Open 5.3 is open source software that can be used to bind Mac OS X, Linux & Unix to Active Directory. Likewise Enterprise (which is not open source) starts with the Open client but allows leveraging Workgroup Manager or Active Directory Users & Computers to manage policies. If you haven’t already, check it out at www.likewise.com.

Adding Recursion in named.conf

In DNS, recursion references the process where a name server will make DNS queries to other name servers on behalf of client systems. Most name servers are simply DNS clients that cache information for a specified amount of time. Recursion is disabled by default on most name servers. In Mac OS X recursion is enabled for subnets local to the server only.
In environments where you wish to provide recursive queries you can enable recursion by opening Server Admin, clicking on the disclosure triangle for the server you will be configuring and then clicking on the DNS service. From here, click on the Settings icon in the Server Admin toolbar and then in the section for Accept recursive queries from the following networks you would click on the plus sign (+). In this field provide the IP address or netmask that you would like to enable recursion for. For example, if you’re enabling recursion for all computers on the 192.168.0.0 subnet and the subnet mask for those clients is 255.255.255.0 then you would enter:
192.168.0.0/24
This will allow recursion for those clients by updating the /etc/dns/options.conf.apple file. Alternatively you can edit the setting by hand yourself, but don’t do so using the /etc/dns/options.conf.apple file or you could introduce instability into the DNS service and Server Admin could overwrite your settings. Rather, edit the /etc/named.conf file. In named.conf add the following line in the options section:
allow-recursion {192.168.0.0/24;};
Overall, this is a fairly straight forward technical note, but there is an underlying theme that Apple is doing a really good job of leveraging an include methodology with regards to configuration files. Inside the /etc/named.conf, also in the options section, you’ll notice that there is a line that begins with include and specifies the path of the Server managed file, which uses the word apple at the end of it. This is mirrored in zone files as well. While not all open source services use this method for allowing different configurations in the GUI and the command line, I hope they all will at some point.

Mac OS X and Mac OS X Server 10.6.1 Now Available

Mac OS X and Mac OS X Server 10.6.1 are now available for download. Listed fixes for Mac OS X Server include:
  • reliability of services using Grand Central Dispatch
  • duplicate serial number alerts on servers with multiple network interfaces
But more importantly are a number of minor GUI changes that have been resolved. If you’re an early adopter I would certainly run this as soon as possible. In addition, Server will have the following fixes, which are also included in Client:
  • compatibility with some Sierra Wireless 3G modems
  • an issue that might cause DVD playback to stop unexpectedly
  • some printer compatibility drivers not appearing properly in the add printer browser
  • an issue that might make it difficult to remove an item from the Dock
  • instances where automatic account setup in Mail might not work
  • an issue where pressing cmd-opt-t in Mail brings up the special characters menu instead of moving a message
  • Motion 4 becoming unresponsive

Create Groups Using dscl

The directory services command line (dscl) command can be used to create a group. Here we’re going to use dscl to create a group called Local Admins (or ldadmins for short).  First up, create the group:
dscl . create /Groups/ladmins
Now give our ladmins group the full name by creating the name key:
dscl . create /Groups/ladmins RealName “Local Admins”
Now to give the group a password:
dscl . create /Groups/ladmins passwd “*”
Now let’s give the group a Group ID:
dscl . create /Groups/ladmins gid 400
That wasn’t so hard, but our group doesn’t have any users.
dscl . create /Groups/ladmins GroupMembership localadmin
Why create a group with just one member though… We can’t use the create verb again, with dscl or we’ll overwrite the existing contents of the GroupMembership field, so we’re going to use append instead:
dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
If you use dscl to read the group:
dscl . read /Groups/ladmins
You’ll notice that because it was created through dscl it has a Generated ID of its own.  You can easily nest other groups into this one using their Generated IDs as well:
dscl . create /Groups/ladmins GroupMembers 94B6B550-5369-4028-87A8-0ABAB01AE396
The “.” that we’ve been using has been interchangeable (in this case) with /Local/Default. Now let’s look at making a little shell script to do a few of the steps to use with imaging, touch a file called createladmins.bash and then give it the following contents:
dscl . create /Groups/ladmins dscl . create /Groups/ladmins RealName “Local Admins” dscl . create /Groups/ladmins passwd “*” dscl . create /Groups/ladmins gid 400 dscl . create /Groups/ladmins GroupMembership localadmin dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
If you then want to hide these admins, check out my cheat sheet here: http://krypted.com/mac-os-x/hiding-admin-users-in-mac-os-x/

Snow Leopard & networksetup (802.1x + Locations)

One of the best new features of the Snow Leopard command line, for those of us who need to do automation at least, is the addition of a few new options in networksetup. That’s why I did a little write-up on the new options at afp548.com. Check it out here!

Ticket Viewer: What's in a Name Anyway?

Kerberos.app + Snow Leopard = Ticket Viewer. I’m not sure what the point of this is, but I’m guessing it will become clear some day. Possibly Apple plans on also integrating some other form of tickets? Curious, but easy to figure out quickly since the icon didn’t change…