DHCP, or Dynamic Host Control Protocol, is the service used to hand out IP addresses and other network settings by network appliances and servers. The DHCP Server built into OS X Server 3, installed on Yosemite running the Server app (aka Yosemite frickin’ server) is easy-to-use and fast. It’s pretty transparent, just as DHCP services should be. To install the service, open the Server app and then click on the Show button beside Advanced in the server sidebar. Then click on DHCP. At the DHCP screen, you’ll see two tabs: Settings, used for managing the service and Clients, used to see DHCP leases in use by computers that obtain IP…
-
-
Using afctl To Manage The Adaptive Firewall In OS X Yosemite Server
OS X Server (Yosemite 10.10 running Server 3.5 has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with…
-
OS X Yosemite Server and dnsconfig
DNS is DNS. And named is named. Except in OS X Server. The configuration files for the DNS services in OS X Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/named makes it more portable across Mac DNS Servers. Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still an option. In Yosemite Server, a command is available at /Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework called dnsconfig, introduced back in Mavericks. The dnsconfig command appears simple at first. However, the options available are actually…
-
Configure Profile Manager On Yosemite Server (Yosemite running the Server app)
Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for OS X based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. In OS X Mountain Lion, Apple added a number of new features to Profile Manager and revved the software to Profile Manager 2.0, most notably adding the ability to push certain types of apps to mobile devices. In Mavericks Server (Server 3), Apple provides new options and streamlined a bunch of things, most notably App Store and…
-
Account Management Using The jamf Binary
The jamf binary comes with a lot of cool little features that you can use to script things quickly, because JAMF has already built things to help you. We’ll look at two really quick. The first is the deleteAccount verb which, surprisingly, deletes accounts. With that verb, you’ll use the -username operator to define a given user that you’d like to remove. That username is defined as the short name (or what dscl shows) of a given user. For example, if I wanted to remove the user rorygilmore, I’d run the following command: /usr/sbin/jamf deleteAccount -username rorygilmore You can then provide a popup on the screen that you completed that…
-
One Month To The MacTech Conference!
We’re one month out. Are you missing out? MacTech Conference is our 3-day, immersive, technical conference specifically designed for Apple IT Pros, Enterprise, developers, and programmers. MacTech Conference has been working hard to give you the best event in the most cost effective ways we can. Part of the way we do that is through Pre-Registration Pricing, which expires in three weeks, and saves you $200! MacTech Conference is not only about learning, but about forming relationships and building networks. MacTech is known for world-class speakers and content, but it’s also known for the entire experience, food, and activities. All together, you have the opportunity to spend time with your…
-
Mac Network Commands Cheat Sheet
After writing up the presentation for MacSysAdmin in Sweden, I decided to go ahead and throw these into a quick cheat sheet for anyone who’d like to have them all in one place. Good luck out there, and stay salty. Get an ip address for en0: ipconfig getifaddr en0 Same thing, but setting and echoing a variable: ip=`ipconfig getifaddr en0` ; echo $ip View the subnet mask of en0: ipconfig getoption en0 subnet_mask View the dns server for en0: ipconfig getoption en0 domain_name_server Get information about how en0 got its dhcp on: ipconfig getpacket en1 View some network info: ifconfig en0 Set en0 to have an ip address of 10.10.10.10…
- Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Network Infrastructure, sites, Ubuntu, Unix
Manage Apex Domains In OS X
OS X Server supports running a traditional bind implementation of DNS. You can define a record for most any name, including google.com, www.google.com, www.www.google.com, etc. You can use this to redirect subdomains. In this example, we’ll create an A Record to point www.google.com to 127.0.0.1 without breaking other google.com subdomains. To get started, let’s use the DNS service in the Server app to create test.www.google.com. The reason for this is that OS X will then create a zone file for www.google.com. If we created www.google.com instead, then OS X would automatically create google.com, which would break the other subdomains. To do so, open Server app and click on the DNS Service. Then…
-
Install Xcode Command Line Tools On A Fresh Mac Image
I didn’t figure this out myself but can’t remember the source to attribute. Anyway, I image a lot of systems in my home lab for testing. Many tools I use (e.g. ant, metasploit, etc) need the Xcode Command Line Tools. The easy way to install these is to run xcode-select sung the –install option, as follows: /usr/bin/xcode-select --install
-
Bringing stroke Back
Stroke got moved, so dug this up and am reprinting with the latest and greatest location. Network Utility has a port scanner – it’s built in and really easy to use. Sure, stroke isn’t nmap, but it’s not trying to be… Since Network Utility is distributed with every copy of Mac OS X it stands to reason that every copy of Mac OS X has the ability to scan a port without using a GUI tool. Enter one of the best named tools in Mac OS X, stroke. Stroke is the command line back-end to the Port Scan tab of Network Utility. To use stroke, you will need to cd into the…