Samba can be a PDC, allowing Windows clients to join a single line domain name and then access domain resources (such as roaming profiles) as though the domain were Windows NT-based. When you set this up the default behavior for Mac OS X Server based domains is to create a drive mapping for H: to the users profile path (as specified in the homeDirectory attribute) on the server. H: is kinda’ low for some computers with a lot of drives and it can also conflict with other drive mappings you may choose to use. Therefore you may find that in some cases you need to change the H:. To do…
-
-
Delegating DirAdmin to Windows Clients
The default behavior of a Windows Server NT4 through 2008 based domain is to allow a Domain Admin account to manage Windows clients. A number of environments have been moving over to using the PDC emulator on Mac OS X as a means of replacing aging Windows servers. One of the biggest annoyances is that the Open Directory administrative accounts they use to bind the Windows computers to are not local administrators. When you bind Mac OS X to Active Directory you can specify which Active Directory groups are administrators of Mac OS X client systems so you would imagine you can do the same thing on an OS X…
-
Publishing with Podcast Producer
-
Mac OS X Server Services
-
Article on Directory Services Plug-ins on AFP548
I published an article up on AFP548 on how directory services plug-ins work. If you’re curious about directory services plug-ins or just unable to sleep and need something to knock you out, this should be an interesting read.
-
Hackintosh on EFI-X
Considering building a Hackintosh? There are a number of methods out there that I can’t say I’m in love with. But one method I do like is using EFI-X, provided you’re happy with the supported motherboards, mostly from Gigabyte. EFI-X is a hardware based EFI emulator, which allows you to run more natively as a Mac OS X computer. Oh, and if you build a Hackintosh, don’t forget to buy a legitimate copy of Mac OS X or Mac OS X Server to run it on.
-
FDE on Mac OS X Server
I’ve rolled a few Mac OS X Servers into production either sitting on top of PGP or Checkpoint. Other than the obvious issues of killing the ability to remotely reboot the thing it’s actually going really well so far. If anyone else has any observations or has been doing this as well let me know as I’d be interested in comparing performance benchmarks and notes about other potential technical ramifications. So far I’m seeing almost the same performance (about 5% degradation, which is easily made up by running faster drives), there are limited troubleshooting options and the issue with it booting to a password request rather than to the OS…
-
OD: Password Server Stats
mkpassdb is the command line front end for the Password Server in Mac OS X Server. When you are using the mkpassdb command, you can get a number of statistics, including the type of authentication used and total connections. To see the statistics you would use the following command (run with elevated permissions): mkpassdb -getstats The listing shows good authentications (successful) and bad authentications (unsuccessful) and is then broken down by each encryption type: apop, cram-md5, digest-md5, mschap-v2, smb-lm (hope there aren’t many of those), smb-nt, smb-ntlm-v2, webdav-digest-md5 and the ubiquitous other. These stats can be pretty useful when troubleshooting authentication errors, looking at the security of the environment, etc.
-
Mac OS X Server: CalDav Log Fun
The selected logfile does not exist. Ran into an interesting little problem again, where the iCal Server doesn’t create its log directory when you enable it. Not sure why this happens, but the first thing to do when you see this error is verify that the /var/log/caldavd directory is present on the system. If not: mkdir /var/log/caldavd Then, restart the service and see if access.log and error.log are created in this folder. If not: touch /var/log/caldavd/access.log touch /var/log/caldavd/error.log And for good measure: chmod 640 access.log chmod 640 error.log How did I know where those logs go? serveradmin settings calendar:ErrorLogFile; serveradmin settings calendar:AccessLogFile It’s therefore possible to actually decide you’d rather…
-
Troubleshooting Automounting with AppleScript
Troubleshooting automounts can be a particular pain at times. Beyond verifying that you can manually mount a directory and that the automount shows up properly in the directory service, there is another little trick that I’ll occasionally do, which is to set an Applescript to load the mount point at some time during the login process (or more specifically at different times in order to further isolate). The quick and dirty script I use is: set MyVolume to “afp://username:password@my.server.com/mysharepoint” tell application “Finder” activate mount volume MyVolume end tell Obviously you’ll have a different volume name you wish to mount the share as and a different user,…