Profile Manager allows you to leave certain fields that are user-centric blank and it will prompt at the time that the profile is installed for the blank information. These are usually user-centric fields, such as short name and password. You can also create a profile in Profile Manager for each user you want to setup mail, Exchange, iCal, Address Book and other services that are tied to a specific user. You can enter the username for each and leave the password blank and the user will be prompted for the password but have the username filled in. And then there are payload variables. Note: Before we get started on Payload…
-
-
Setting Up Profile Manager in Lion Server
New in Lion Server, Profile Manager is the most substantial new service added to Mac OS X Server in recent memory. A lot of engineering has gone into it since the introduction in 10.7.0 and in 10.7.3, Profile Manager represents a service that is ready for actual deployments. I have written a number of articles about Profile Manager, but they all revolved around working with Profile Manager once the service is setup and configured. Therefore, I have decided to document the steps used to take a system out of the box and configure it for Profile Manager. Before we get started, let’s prep the system for the service. This starts…
-
'Using Mac OS X Lion Server' Now Finished
My next book, Using Mac OS X Lion Server, from O’Reilly is all done. I accepted the final changes last week and it was sent to the printer on Wednesday. The digital copies should be shipping shortly and the print copies should be shipping in about one to two weeks. If you haven’t yet ordered it, you can pick it up on Amazon, here, or directly from O’Reilly, here. Hope you enjoy! Also, for those interested, we’ve already begun updating the book for all the new features in Mountain Lion Server. Now that I’m pretty in tune with publishing through O’Reilly and the various technical aspects of doing so, I…
-
Fixing Service Issues When Upgrading to 10.7.3 Server
The 10.7.2 to 10.7.3 update for Lion Server has introduced a few issues in some environments that I’ve seen. It just so happens that the update corrects a lot of behavior with Lion Server while also introducing new features, so it’s something you’re gonna’ need to do eventually. Therefore, before I update, I would strongly recommend backing up all of your services, your service data and Open Directory. Once you’ve run the 10.7.3 update, there are a few things that I’ve seen happen. The first is that the web server won’t start. If this happens, reset the web server back to factory default: serveradmin command web:command=restoreFactorySettings Once it’s reset, you…
-
Nuke+Pave iCal Server in Lion Server
It is possible to remove all of the content from a Lion Calendar server using Postgres. To aid you in doing so, Apple has built out a couple of commands to make the process easier. This will nuke everything from the server and so is not something that should be lightly done. To do so, first stop the Calendar service in the Server application. Then let’s back up the database: pg_dump -U _postgres caldav -c -f /db_backups/caldav.sql Then run dropdb to remove the database itself: dropdb -U _postgres caldav Once the database is gone, run the calendar_bootstrap_database script (I prefer doing so verbosely): calendarserver_bootstrap_database -v Now you should be able…
-
Address Book Server "Groups"
I use the term “groups” loosely here. On my list of features that are needed in Lion Server (a much smaller since the advent of 10.7.3 btw) is the fact that Address Book Server doesn’t have groups, resources or whatever you want to call a logical structure that is a place for groups of users to keep contacts whose access can be limited to only certain users. The Address Book client fully understands such constructs, given that it separates the GAL from a user’s contacts and that user’s can themselves have groups of contacts. This area is a huge miss. The reason this annoys me is that you have the…
-
Podcasting in Lion Server
There have been a number of articles on using the Podcast Producer service in Snow Leopard and previous operating systems. The Podcast Producer service itself in Lion remains unchanged. It still needs shared storage (e.g. NFS, Xsan, etc), Xgrid, Kerberos (for Xgrid) and while seeming to sit atop a house of cards, is one of the coolest and most complex services in Mac OS X Server. But there have been a lot of environments where Podcast Producer seemed out of reach where it shouldn’t have. If you have a single server, why do you need shared storage, a truly scalable grid computing cluster and all that complex workflow goodness at…
-
Pentesting Mac OS X Server With Nessus 5
One of my favorite tools for penetration testing is Nessus from Tenable Network Security. Nessus 5 is the latest release in the family of vulnerability scanners that is probably amongst the most prolific. Nessus 5 does discovery, configuration auditing, profiling, looks at patch management and performs vulnerability analysis on a variety of platforms. Nessus can also run on a Linux, Windows or Mac OS X and can be used to scan and keep track of vulnerabilities for practically any platform, including Mac OS X. To install Nessus, go to the Nessus site and click on the Download button, around the middle of the page. Agree to the download agreement and…
-
Upgrading Open Directory From Snow Leopard Server to Lion Server
I don’t believe in upgrading major operating systems for servers in place. There, I said it. If I’m doing an upgrade from Snow Leopard to Lion, I’m about 99.9% of the time going to do so with a clean install. Before I do so, I’m going to export all the data from my old server and when I’m done with the fresh, clean, loving installation, I’m going to import that data back into my server. Actually, before I import the data, I’m going to install all of the point releases, application updates and security patches. That’s my process for production servers. Open Directory isn’t very different. I Archive and Restore…
-
Backing Up and Reindexing The Profile Manager Database in Lion Server
A common task when scaling databases is to reindex tables within the database. This process makes lookups faster and databases run butter. Reindexing becomes a pretty easy step before or after backing up the database as a general housekeeping step. To backup the database, you’ll use the pg_dump command, defining the user with -U and then the database with -d. In the case of Profile Manager, the database is device_management. Given that data is distributed across a lot of tables in the device_management database, the below script will backup the device_management database and then reindex each of the tables. If you follow previous articles to enable the Postgres user, you…