Password protecting QuickTime Streaming Server is a bit different than password protecting most other Mac OS X services. For starters, you should define a local QTSS Users file and a local Groups file. for the server. You can do so using /Library/QuickTimeStreaming/Config/qtusers and /Library/QuickTimeStreaming/Config/qtgroups respectively. Each user can be defined in the qtusers file and each group in the qtgroups file should contain the pertinent users on a line with the name of the group, followed by a colon (:) followed by the users that make up the group. In order to password protect a stream served by Quick Time Streaming Server you will then need to create a text…
-
-
From Open Directory to Active Directory
Whether you’re going from Open Directory to Active Directory or from Active Directory to Open Directory, chances are you’ll encounter csvde along the way. Csvde is installed on Windows Server and allows you to interface with Active Directory using csv files. cvsde can import files using the -i switch, followed by the -f switch to indicate the file that you are importing, followed by the path of the file. So if you save a file called toimport.csv to the root of your c drive temporarily you would use the following command to import the objects in the rows of the file: csvde -i -f c:toimport.csv Now, what’s that file need.…
-
Programatically Setting Password Policies
Mac OS X, like many operating systems has a robust password policy engine. One that is not leveraged by default on either Mac OS X client or on Mac OS X Server. In Mac OS X Server, when using Open Directory, you can easily click on Open Directory in the SERVERS sidebar list of Server Admin and then click on the Settings icon in the Server Admin toolbar. Here, if you click on Policies you’ll see the available Policies for Open Directory accounts. However, in order to use Password Policies in non-Directory Services environments (ie – on standalone Mac OS X clients or servers) you’ll need to use the command…
-
Server Admin Comic?
-
Mac OS X Directory Services Plug-ins
In a number of contexts, we hear about directory services plug-ins. A directory services plug-in is a way for a Mac OS X computer to leverage the DirectoryServices daemon to obtain account information (be it authentication or policy information) from a server. This might be an Active Directory server that uses the Active Directory Plug-in or an Open Directory server that uses LDAP. You disable plug-ins that you don’t need and enable plug-ins (ie Active Directory plug-in or third party plug-ins) that you need in order to access directory services of various types. These plug-ins are developed in the form of .dsplug files. The default plug-ins that Apple includes with…
-
Removing Old Replicas from OD
There are a number of instances when you cannot remove a replica from Open Directory using Server Admin. This can be due to a variety of reasons, but if you cannot remove the replica from Server Admin then try doing so using slapconfig. For example, if the replica has an IP of 10.10.10.10 then the command would be: slapconfig -removereplica 10.10.10.10
-
Integrating Google Apps with Open Directory
Randy Saeks has posted a paper on integrating Open Directory with Google Apps. It’s a nice read and takes a lot of the guessing game out of getting Google Apps to authenticate users based on Open Directory. Many of the steps can also be leveraged to use the GoogleAppsToolkit for LDAP running on other platforms as well.
-
Troubleshooting Automounting with AppleScript
Troubleshooting automounts can be a particular pain at times. Beyond verifying that you can manually mount a directory and that the automount shows up properly in the directory service, there is another little trick that I’ll occasionally do, which is to set an Applescript to load the mount point at some time during the login process (or more specifically at different times in order to further isolate). The quick and dirty script I use is: set MyVolume to “afp://username:password@my.server.com/mysharepoint” tell application “Finder” activate mount volume MyVolume end tell Obviously you’ll have a different volume name you wish to mount the share as and a different user,…
-
Presentation Zack, Schoun and I did at MacWorld 2008
There are a lot of folks looking to upgrade Tiger OD to Leopard OD. Here’s a presentation that Zack Smith, Schoun and I did at MacWorld where we cover the details of doing this type of migration. Hope it helps! Presentation from MacWorld
-
Mac OS X Server: Reset Last URL with Open Directory
So I recently pushed out an image after trying to connect to an AFP server that couldn’t be accessed. The account that was used was being used by an entire lab of 100 machines so I really needed to get that URL out of there. What to do? Well, first open Workgroup Manager and click on the group in question. Then click on Preferences and then the Details tab. Next, click on the + sign and browse to /System/Library/CoreServices/Finder.app. Next click on com.apple.finder and click on the pencil. Here drop down the Often disclosure triangle and click on the FXConnectToLastURL button. From here, change the value of the key to the server you…