Previously, we looked at setting up an Open Directory Master in OS X Server. An Open Directory Replica keeps a copy of the Open Directory database available for users even when the Master goes offline. But it can also take a part of the load from the Open Directory Master and when using the new Locales feature, balance network traffic. To get started with an Open Directory Replica, first enable SSH, now disabled by default. Next, use the changeip to check the host name. While the Server app is cool, it caches stuff and I’ve seen it let things go threat shouldn’t be let go. Therefore, in order to make…
-
-
Rock the Logging Facilities in Windows Server (aka More Syslog Crap)
The default logs in Windows Server can be tweaked to provide a little better information. This is really helpful, for example, if you’re dumping your logs to a syslog server. Here’s a script that can make it happen with a few little tweaks to how we interpret data (to be run per host, just paste into a Powershell interface as an administrator): auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable auditpol /set /subcategory:"Logon" /success:enable /failure:enable auditpol /set /subcategory:"Logoff" /success:enable /failure:enable auditpol /set /subcategory:"Account Lockout" /success:enable…
-
Configuring Windows 2008 As An NTP Server
When you’re configuring a Mac to leverage an existing Windows infrastructure, having the clocks in sync is an important task. Luckily, Windows Server has been able to act as an NTP server for a long time. In this article, we’ll look at configuring Server 2008 R2 to be an NTP server for Mac and Linux clients. Note: Before you get started, or any time you’re hacking around in the registry, make sure to do a backup of your registry/SystemState! To enable NTP on Windows Server, open your favorite registry editor and navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpServer. From here, enter a key called Enabled as a dword with a value of 00000001. The NTP Server should…
-
Configuring Time In OS X Mountain Lion & OS X Mountain Lion Server
Time is a very important aspect of OS X Server, as it has been since the early days. Time is so important that if you see network time server, NTP or 5 minutes as the answer on an Apple exam, you should just pick that one, as it’s invariably correct. The traditional way to configure time zones and Network Time Servers is to use systemsetup command. Before you set a time zone, run the following to see a list of all available time zones, use the -listtimezones option in systemsetup: sudo systemsetup -listtimezones To set the time zone, pick one and use the -settimezone option in systemsetup: sudo systemsetup -settimezone…
-
Setting Up an Open Directory Master in OS X Mountain Lion Server
Open Directory has never been so easy to setup for a basic environment as it is in OS X Mountain Lion Server. It’s also never been so annoyingly simple to use that to do anything cool requires a bunch of command line foo. No offense to the developers, but this whole idea that the screens that were being continually refined for a decade just need to be thrown out and started fresh seems to have led to a few babies thrown out along with them. Not often as I’m kinda’ digging most of the new config screens in OS X Mountain Lion Server, but with Open Directory, it’s just too…
-
Install ntpd in Ubuntu Server 10
I’m sure you’re getting tired of seeing me regurgitate apt-get commands, but here’s another: apt-get install ntp This will install ntpd. Then a quick update to /etc/ntp.conf to configure who you get your updates from (I still like time.apple.com) and you’re now an ntp server. Once changed, restart the daemon: /etc/init.d/ntp restart Then, use ntpq to check your time against the server: ntpq -np Lucky us, ntp is easy, but we’re gonna’ need it for Kerberos now aren’t we…
-
Only Use Kerberos with Podcast Producer
By default the /Library/Preferences/com.apple.pcastserverd.plist allows basic, digest and Kerberos authentication. Attempts to authenticate will be made in the reverse order, respectively. This is pulled from the http_auth_type array, which you can see using the following command: serveradmin settings pcast You can then remove an entry and edit existing entries to change the supported mechanisms using serveradmin if you cannot stop the Podcast Producer service. If you can stop the service then the easiest way to edit the authentication mechanisms is to edit /Library/Preferences/com.apple.pcastserverd.plist directly. To do so, locate the http_auth_type key as you see it here: <key>http_auth_type</key> <array> <string>basic</string> <string>digest</string> <string>kerberos</string> </array> Here, remove each string that you no longer…
-
Ticket Viewer: What's in a Name Anyway?
Kerberos.app + Snow Leopard = Ticket Viewer. I’m not sure what the point of this is, but I’m guessing it will become clear some day. Possibly Apple plans on also integrating some other form of tickets? Curious, but easy to figure out quickly since the icon didn’t change…
-
Snow Leopard + SkyHook = Kerb Problems?
In the Date and Time System Preference pane there is now an option to enable “Set time zone automatically using current location”. Assuming you have a Mac OS X computer with Wi-Fi and you use this option (which is not enabled by default) then your portable looks up your location automatically using the wireless access points surrounding you, which can then be looked up against the Skyhook database API and then changes your time zone based on your physical location. However, if your system looks back to the IP address of the KDC and sees a time offset that is greater than 5 minutes a few people have asked me…
-
Samba 4: A Poor Mans Active Directory
Today I pulled down the Samba 4 binaries and installed it using the instructions the developers are slowly building on the Samba 4 wiki. Overall it was a fairly painless experience, although I do believe I have a couple of bug reports to file (not surprising considering it is not out yet). Overall I found the process to be far easier than it has been in the past. The Samba team seems to realize that in order for Samba 4 to compete with Active Directory that it needs to integrate really well in the *nix server ecosystem. For example, like Active Directory you can choose to have Samba integrate into…