• Active Directory,  Articles and Books,  Business,  Consulting,  Network Infrastructure,  SQL,  Ubuntu,  Unix,  VMware,  Windows Server

    Getting Started with Amazon's EC2 Cloud

    Yesterday I did a quick review of the various cloud offerings from Amazon. Previous to that I had done a review of using S3, the Amazon storage service, with Mac OS X, primarily through the lens of using S3 as a destination for Final Cut Server archives. Today I’m going to go ahead and look at using EC2 from Mac OS X. To get started, first download the EC2 tools from Amazon. Next, log into Amazon Web Services. If you don’t yet have a login you will obviously need to create one to proceed. Additionally, if you don’t yet have a private key you’ll need one of those too –…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Windows Server

    Disable SMB Signing

    Mac OS X 10.5 supports SMB signing.  But if you have some older operating systems you may need to disable SMB signing when using Windows Server 2003 and up to host your files, typically when the 2003 Server is also a Domain Controller (DC).  To determine if SMB signing is required use Netmon (Network Monitor).  When using Netmon it is best to use a hub rather than a switch.  Once you have set the addresses and performed a capture, you’ll then look for the SMB negotiation string.  Options here are values of 3, 7 and 15 meaning SMB signing is disabled, enabled/not required and required respectively. If SMB signing is…

  • Active Directory,  Mac OS X,  Microsoft Exchange Server

    Address Book.app and Exchange Contacts

    Over the years Apple has slowly been adding Exchange functionality to a number of their products, quietly.  While Snow Leopard  is reported to add even more functionality there are still a number of things you can do with Exchange from the Mac OS X client.  For example, Address Book can pull information from your Exchange contacts.  This isn’t to say that every single field will work, but the basics do work – and pretty well.   To connect to your Exchange server from Address Book, open the program and then open the Preferences menu.  From the General tab check the box for Synchronize with Exchange as seen here:  Now click…

  • Active Directory,  Mac OS X Server,  Unix

    Samba 4: A Poor Mans Active Directory

    Today I pulled down the Samba 4 binaries and installed it using the instructions the developers are slowly building on the Samba 4 wiki. Overall it was a fairly painless experience, although I do believe I have a couple of bug reports to file (not surprising considering it is not out yet). Overall I found the process to be far easier than it has been in the past. The Samba team seems to realize that in order for Samba 4 to compete with Active Directory that it needs to integrate really well in the *nix server ecosystem. For example, like Active Directory you can choose to have Samba integrate into…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Windows Server

    Mac OS X: Directory Services Debug Log

    When you’re trying to troubleshoot issues with Directory Services on Mac OS X sometimes the best thing you can do is put the directoryservices daemon into debug mode. To do so you would use the following command: killall -USR1 Directory Service By default errors get trapped into this file: /Library/Logs/DirectoryService/DirectoryService.error.log But when in debug mode using -USR1 you can see more specific errors in the /Library/Logs/DirectoryService/DirectoryService.error.log file.  You can then use commands such as tail in conjunction with grep in order to isolate issues to specific strings such as ADPlugin. If you choose to use -USR2 for debugging then the logs will get written into the /var/log/system.log file. To disable verbose…

  • Active Directory

    Extend the AD Schema in 2008 Server using ldifde

    To import directory objects, at the command prompt, type the following command, and then press ENTER:  ldifde–i-ffilename-sservername:port-m-ausername domain password To export directory objects, at the command prompt, type the following command, and then press ENTER:  ldifde-e-ffilename-sservername:port-m-ausername domain password

  • Active Directory,  Mass Deployment,  Windows Server

    Windows Server 2008: Install RIS and WDS

    In Windows Server 2008 you can use the Server Manager application to enable RIS (part of Windows Deployment Services, WDS).  To do so, open Server Manager and click on Roles in the left column.  Then click on Next and read the Introduction to WDS items.  It’s worth noting that you can setup your server as a Transport Server in WDS, which is a bit like Multicast clustering (eg – multicast ASR imaging for the Mac).  It’s also worth noting that a Deployment Server will use parts of the Transport Server to do its job so you’ll need to install both.  Once you’re satisfied with your selection, click Next and then…

  • Active Directory,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Windows Server

    Mac OS X: Force LDAP Signing using dsconfigad

    dsconfigad did not support signing of LDAP packets in 10.4.x.  However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in.  Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable.  To force LDAP signing, just run the following command: dsconfigad -packetsigning required To then disable signing if your environment doesn’t support it use the following command: dsconfigad -packetsigning disable The default variable is allow, which will use LDAP signing when possible.

  • Active Directory,  Windows Server

    Windows Server 2008: AD Schema

    Importing ldf files is one way to extend an Active Directory Schema.  In 2003 you could use ldifde to import ldif or ldf files.  In 2008 you’ll be happy to know the syntax hasn’t changed. To import directory objects use the following command ldifde–i-ffilename-sservername:port-m-ausername domain password To export directory objects use the following command ldifde-e-ffilename-sservername:port-m-ausername domain password