The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# sudo slapconfig -destroyldapserver The logs are as follows: 2017-09-09 20:59:31 +0000 slapconfig -destroyldapserver 2017-09-09 20:59:31 +0000 Deleting Cert Authority related data 2017-09-09 20:59:31 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/krypted Open Directory Certificate Authority. 2017-09-09 20:59:31 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer krypted Open Directory Certificate Authority –serial 1339109282 2017-09-09 20:59:51 +0000…
-
-
Programatically Manage DNS In macOS Server
DNS is DNS. And named is named. Except in macOS Server. Sometimes. The configuration files for the DNS services in macOS Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/ makes it more portable across systems. The current version of BIND is BIND 9.9.7-P3 (Extended Support Version). This has been the case for a number of macOS Server versions, and can easily be located by doing a cat of the /Library/Server/named/.version file. Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still…
-
Programatically Manage Jabber Chat Rooms In macOS Server
Server comes with a command called RoomsAdminTool located at /Applications/Server.app/Contents/ServerRoot/usr/bin/RoomsAdminTool. This tool can list available rooms using a -l flag: RoomsAdminTool -l You can also create new rooms, using the following format, where krypted is the name of the room, the persistent option means the room is, er, persistent. The description option indicates a description used for the room. RoomsAdminTool -n krypted -c persistent yes description "This room is for friends of krypted only” To then delete the room, use the -d option: RoomsAdminTool -n krypted -d Add the -v to do it all verbosely. There are lots of other options as well, as follows (from the man page): Valid…
-
Quick and dirty: Pull a list of all filevault encrypted users on a Mac
In the following example script, I’m going to pull a list of just the usernames from fdesetup. sudo fdesetup list The output would be as follows: charlesedge,F4D8B61D-1234-1234-98F4-103470EE1234 emerald,2E1203EA-1234-4E0D-1234-717D27221234 admin,50058FCF-88DF-1234-1234-91FCF28C0488 I’ll then pipe them into sed and use the , as a delimiter, pulling * or everything before it: sudo fdesetup list | sed 's;,.*;;' As follows: charlesedge emerald admin
-
Logs, Logging, And Logger (Oh My)!
Apple has a number of different logging APIs. For the past few releases, Apple has tried to capture everything possible in logs, creating what many administrators and developers might consider to be a lot of chatter. As such, an entirely new interface needed to be developed to categorize and filter messages sent into system logs. Writing Logs The logger command is still used to create entries in system logs. However, if you are then using tail to view /var/log/system.log then you will notice that you no longer see your entry being written. This is because as the logs being created in macOS have gotten more complex, the tools to read…
-
Use DNS To Improve Caching Service Discoverability
Clients discover the Apple Caching service bundled with macOS Server (and in the future macOS) automatically. You can create a text recored for _aaplcache._tcp on your DNS server. That would look _aaplcache._tcp 518400 IN TXT “prs=192.168.50.100” Name: _aaplcache._tcp with a type of TXT and a TTL of 518400 seconds. The prs is the address to be used and is set to a value using prs=192.168.50.100.
-
Augmenting defaults domain settings within Apps
Some apps have defaults domains that don’t work the same as other apps and you need to use the -app option in defaults. This option is available for most apps, and sometimes I’ll use it to specifically crawl around for a specific setting I’m looking for. But for other apps, you need to interact with them there. So let’s look at Eclipse. Here, we can do a read with -app followed by the path: defaults read -app /Applications/eclipse/Eclipse.app/ The output would be as follows: { NSNavLastRootDirectory = “~/smb/smb”; NSNavPanelExpandedSizeForOpenMode = “{712, 426}”; NSScrollAnimationEnabled = 0; WebKitJavaEnabled = 0; } Now, let’s say you had a specific setting, like fixing an…
-
Episode 38 of the MacAdmin Podcast, with plenty of WWDC predictionating
-
Precache Now Pulls Models From Jamf Pro
Added 3 new flags into precache tonight: –jamfserver, –jamfuser, and –jamfpassword. These are used to provide a Jamf Pro server (or cloud instance), the username to an account that can list the mobile devices on that server, and a password to that account respectively. Basically, when you provide these, the script will pull a unique set of models and then precache updates for them. It’s similar to grabbing a list of devices: curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/mobiledevices And then piping the output of a device list to: perl -lne 'BEGIN{undef $/} while (/<model_identifier>(.*?)<\/model_identifier>/sg){print $1}' And then running that array as an input to precache.py. Hope this helps make the script…
-
Jamf Now, Now In German And Japanese
If you’re in need of MDM in Japanese or German, Jamf Now shipped support for those languages last week. To switch languages, click on your name once logged in, and then click on the language you would like to use. Enjoy.