Apple has slowly been moving us away from the legacy afp file sharing protocol for some time. High Sierra (macOS 10.13) now comes with a new suite of tools to manage WebDAV shares. Most of these are configurable using wfsctl located at /usr/sbin/wfsctl. When run, the tool reports as “WebDAV File Sharing control utility.” To start the WebDAV service, use the start verb: wfsctl start At this point, the service will attempt to lookup the hostname of the server. If the hostname cannot be found (or once found does not match the expected results) then the service will not start. For more on why this might be happening, use the…
-
-
Before You Upgrade to macOS Server 5.4 on High Sierra (macOS 10.13)
The latest version of the Apple Server app is out (macOS Server 5.4), and before you upgrade, there are a few points to review: As always, make a clone of your computer before upgrading. During the upgrade to High Sierra, if the operating system is running on a solid state drive, the drive will automatically upgrade to APFS. You cannot share APFS volumes over AFP, so if you’re running file services, make sure you’re aware of that. You can choose not to upgrade to APFS using the command line to upgrade a server. Even though the file sharing services are not in the Server app, you can still configure ACLs…
-
Demote Open Directory Servers Using The Command Line in macOS Server
The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# sudo slapconfig -destroyldapserver The logs are as follows: 2017-09-09 20:59:31 +0000 slapconfig -destroyldapserver 2017-09-09 20:59:31 +0000 Deleting Cert Authority related data 2017-09-09 20:59:31 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/krypted Open Directory Certificate Authority. 2017-09-09 20:59:31 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer krypted Open Directory Certificate Authority –serial 1339109282 2017-09-09 20:59:51 +0000…
-
Programatically Manage DNS In macOS Server
DNS is DNS. And named is named. Except in macOS Server. Sometimes. The configuration files for the DNS services in macOS Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/ makes it more portable across systems. The current version of BIND is BIND 9.9.7-P3 (Extended Support Version). This has been the case for a number of macOS Server versions, and can easily be located by doing a cat of the /Library/Server/named/.version file. Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still…
-
Export All Profile Manager Data Into CSV
If you fire up a connection to Postgres on a Profile Manager server, you can see a list of all the databases and tables on the server, respectively: sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 devicemgr_v2m0=# \list devicemgr_v2m0=# \dt The list of tables is as follows: Name | Owner | Encoding | Collate | Ctype | Access privileges ----------------+------------+----------+---------+-------+--------------------------- devicemgr_v2m0 | _devicemgr | UTF8 | C | C | postgres | _devicemgr | UTF8 | C | C | template0 | _devicemgr | UTF8 | C | C | =c/_devicemgr + | | | | | _devicemgr=CTc/_devicemgr template1 | _devicemgr | UTF8 | C | C | =c/_devicemgr + |…
-
Debug Logging Profile Manager on macOS Servers
OS X Server stores most logs in files that are in the /Library/Logs/ProfileManager directory. Logs are split up between php, devicemgrd.log, scep_helper.log, servermgr_devicemgr.log, profilemanager.log and others. In my experience, if there’s a lot of errors at first, or if the service doesn’t work, just reformat and start over. But, once a server is in production, you don’t want to re-enroll devices after you do that. So, as with all good error prodding, start with the logs to troubleshoot. By default the logs can appear a bit anemic. You can enable more information by increasing the logging level. Here, we’ll shoot it up to 6, which can be done with the…
-
Check to See if Your Caching Server is Working
One of the first things we do when we setup a new macOS Caching Server is to check the logs to see if it’s actually serving content. You can view thee logs at /Library/Server/Caching/Logs/Debug.log. In the log, when a Caching Server has registered for your network, you’ll see a line that begins with the following: Got request for host = http://swcdn.apple.com/ This above means that the server actually got a request (as it says) and that the request is for an asset at swcdn.apple.com (followed by the actual package path). Once found, the server caches the asset, which starts with the following: Initializing asset handler for http://swcdn.apple.com/ The path would…
-
serverdiagnose Your Server Logs
Servers can have problems. When they have problems, you need to grab logs and stuff. Ever wonder what Apple developers think is important, when it comes to logs and stuff? Try serverdiagnose! serverdiagnose Then hit the Enter (return) key. Then it collects some logs into a tgz. Why a tgz? No clue. But it ends up in /tmp. Notice the name as ServerLogs- followed by the hostname, then a date stamp (yearmonthday) and an underscore followed by a timestamp. Inside the tgz is /Library/Logs, /Library/Server, /tmp/dsdiagnose (a dump of OD debug logs), serverlogs_S3vKsy (configuration statuses), a couple of things from /var/db (the most important of which is PreviousSystemLogs), and /var/log.
-
Create Jabber Chat Rooms Programmatically
Server comes with a command called RoomsAdminTool located at /Applications/Server.app/Contents/ServerRoot/usr/bin/RoomsAdminTool. This tool can list available rooms using a -l flag: RoomsAdminTool -l You can also create new rooms, using the following format, where krypted is the name of the room, the persistent option means the room is, er, persistent. The description option indicates a description used for the room. RoomsAdminTool -n krypted -c persistent yes description "This room is for friends of krypted only” To then delete the room, use the -d option: RoomsAdminTool -n krypted -d Add the -v to do it all verbosely. There are lots of other options as well, as follows (from the man page): Valid…
-
Configure NetInstall Services In macOS Server 5.2 for Sierra
The NetBoot service allows administrators of Apple computers to leverage images hosted on a server to boot computers to a central location and put a new image on them, upgrade them and perform automations based on upgrades and images. Since the very first versions of OS X, the service has been called NetBoot and so the name remains at the command line, but is listed as NetInstall in the Server app. In the Server app, Apple provides a number of options surrounding the NetInstall service, based on Automator-style which we’ll explore further in this article. The first step to configuring the NetInstall service is to decide what you want the service…