Recent Articles

  • Pharmaceutical Informatics on Mac OS X Chris Swain has written a review of the products available from Dotmatics, a scientific informatics company. Find it here.
    Posted May 17, 2010, 2:12 PM by Greg Neagle
  • Prepare Your Enterprise for the iPad Rich Mogull has an article on preparing your enterprise for the iPad here:http://db.tidbits.com/article/10972
    Posted Feb 3, 2010, 8:18 AM by Greg Neagle
  • Integrating Novell eDirectory with 10.6 / 10.5 Joe Jenkins, Network Engineer for Davis Tool, Inc. has put together an updated document on Integrating Novell eDirectory with 10.6 / 10.5.  This includes a guide on how to ...
    Posted Jan 8, 2010, 8:10 AM by Greg Neagle
  • Integrating Google Apps with Open Directory More and more organizations are using Google's services for email, calendaring, and collaboration. For an organization that hosts some services internally (network logins to workstations, file sharing, and the ...
    Posted Nov 2, 2009, 8:23 AM by Greg Neagle
  • Using NetInstall to upgrade machines to Snow Leopard Peter Bukowinski has posted a great step-by-step guide to creating a NetInstall image you can use to upgrade Tiger or Leopard machines to Snow Leopard.Find it here ...
    Posted Oct 13, 2009, 2:21 PM by Greg Neagle
  • The Luggage Joe Block has made his packaging tool for OS X -- The Luggage -- available.He writes:Packagemaker.app makes it nearly impossible to have someone review the changes you've made ...
    Posted Oct 12, 2009, 8:51 AM by Greg Neagle
  • Active Directory Password Expiration Monitoring Andrew Thomson has made available a utility for Macs in Active Directory environments to notify users of upcoming AD password expirations. Andrew's solution takes an earlier approach by Peter ...
    Posted Jun 15, 2009, 3:27 PM by Greg Neagle
  • Dual Boot Deployment Tool - Windows Startup Disk Switcher A problem with managing dual-boot machines (OS X/Windows) is that they are hard to manage since you need to keep two OSes up-to-date, yet only one ...
    Posted Jun 12, 2009, 10:03 AM by Greg Neagle
  • Wireless Setup Scripts for Leopard Bryan Lee posted a series of scripts for managing the wireless setup under Leopard to the MacEnterprise mailing list.We thought it would be good to link to his blog ...
    Posted Mar 31, 2009, 9:52 AM by lance.ogletree@macenterprise.org
  • Setting up Podcast Producer in an Active Directory Environment This is an overview document for integrating Podcast Producer into your Active Directory environment.There are some fundamentals we need to check off before starting. First, and as is so ...
    Posted Mar 27, 2009, 12:58 PM by Andrina Kelly
  • Migrating a Local User to a Network User I've seen several places where a smaller company has been integrated into a large company, or where the number of Macs in the company has grown, and now you ...
    Posted Mar 23, 2009, 11:41 AM by Andrina Kelly
  • SSH redirection based on load by Timothy O'KeefeIf you have a compute cluster and wish to have SSH users automatically "redirected" from the login node to a child node based on load average ...
    Posted Dec 28, 2008, 7:22 AM by Greg Neagle
  • PKGImage modular system restore tool for leopard (10.5). by Dominic CarpenterPKGImage modular system restore tool for leopard (10.5).very image starts with the same universal base that then is stacked with .pkg or .mpkg files that ...
    Posted Dec 28, 2008, 7:15 AM by Greg Neagle
  • Replacing Kicker: handling system events in Python using the SystemConfiguration framework by Chris Adams Since this post was originally written, I've been working on the PyMacAdmin project with Nigel Kersten.The information below is still correct but the kicker-replacement ...
    Posted Mar 13, 2009, 3:09 PM by Nigel Kersten
  • Flushing the Directory Service cache in Leopard With the introduction of Leopard, lookupd disappeared.  A new utility was put in it's place, with much of the same functionality.  In particular, it was changed to a new ...
    Posted Dec 23, 2008, 10:17 AM by Greg Neagle
  • Using Apple Remote Desktop send unix command - network setup & folder creation Written by Steve Hayman   Tuesday, 07 December 2004More Complex Scriptscd /Users for u in *; do mkdir $u/NewFolder chown $u $u/NewFolder done Create a new folder for ...
    Posted Dec 23, 2008, 10:05 AM by Greg Neagle
  • Using Apple Remote Desktop send unix command to run software update Written by Steve Hayman   Tuesday, 07 December 2004Software Update Related Scriptssoftwareupdate -lList all needed software updates.softwareupdate -i someUpdateNameInstall one specific updatesoftwareupdate -i -aInstalls ...
    Posted Dec 23, 2008, 10:04 AM by Greg Neagle
  • Using Apple Remote Desktop send unix Command to install packages by Steve HaymanInstalling Packagesinstaller -pkg /Some/Package.pkg -target /Install a specific package on the root disk.cd /Volumes/Somewhere/SharedPackages for p in *.pkg; do if test ...
    Posted Dec 23, 2008, 10:05 AM by Greg Neagle
  • Apple Remote Desktop reset password applescript Written by Richard Glaser & James Reynolds   Friday, 16 September 2005If want to speed up the process of resetting your Apple Remote Desktop username & password rather than manually selecting each ...
    Posted Dec 23, 2008, 10:01 AM by Greg Neagle
  • Send Unix command script for AD & OD binding Written by Lance Ogletree   Tuesday, 05 September 2006Here's an example script that I use for binding our macs to both AD and OD via the send unix command ...
    Posted Dec 23, 2008, 10:00 AM by Greg Neagle
  • Automator and Apple Remote Desktop Written by Steve Hayman   Wednesday, 07 June 2006The webcast in May featured Steve Hayman introducing Automator actions for Apple Remote Desktop 3. They are provided here for your enjoyment ...
    Posted Dec 23, 2008, 9:56 AM by Greg Neagle
  • SANS Security Checklist SANS Institute has recently posted a Security Checklist for Mac OS X which also contains a section covering Mac OS X Server.Direct link to the Mac OS X document ...
    Posted Dec 22, 2008, 8:29 AM by Greg Neagle
  • Bug Reporting Best Practices - Apple Bug Reporting Best Practices.This documents specific areas that we should pay attention to when submitting our bugs to Apple so that they can be filtered to the appropriate engineering ...
    Posted Dec 22, 2008, 8:26 AM by Greg Neagle
  • Advanced IPFW firewall configuration Since the release of Jaguar, Mac OS X 10.2, a firewall has been included with the operating system. This graphical firewall configuration is a good start, but may be ...
    Posted Dec 22, 2008, 7:45 AM by Greg Neagle
  • Data Sanitation - not something to put by the curb By Richard GlaserIf you keep business, medical, or personal financial information on disks, simple file deletion or drive erasure isn’t enough to protect the data when disposing of ...
    Posted Dec 22, 2008, 7:38 AM by Greg Neagle
  • Mobile User Syncing By Scott KlauminzerMobileUserSync is a backup tool allowing for Home Folder backup to a remote server or local Volume using the rsync protocol. With enterprise/education features such as ...
    Posted Dec 22, 2008, 7:35 AM by Greg Neagle
  • Apple Enterprise Backup Solutions by Michael DhaliwalThe new edition of Apple Enterprise Backup Solutions by Michael Dhaliwal is now currently available.  With storage solutions for the platform increasing in size and speed and ...
    Posted Dec 22, 2008, 7:32 AM by Greg Neagle
  • Security of StartupItems by Greg NeagleRecently, the site "rixstep.com" published an article purporting to expose a major security flaw in OS X. The article has since been softened in tone and ...
    Posted Dec 22, 2008, 7:36 AM by Greg Neagle
  • Integrating Communigate Pro and Open Directory by Randy SaeksGuide on how to integrate Communigate Pro with Open Directory using Kerberos and LDA
    Posted Dec 22, 2008, 7:31 AM by Greg Neagle
  • Apple Remote Desktop Command Line Interface Written by Lance Ogletree   Wednesday, 10 November 2004Apple Remote Desktop has a command line tool that can be used to remotely configure ARD. The command line tool is called ...
    Posted Dec 22, 2008, 7:27 AM by Greg Neagle
  • Troubleshooting NetBoot/Netinstall/NetRestore Written by Mike Bombich   Monday, 11 July 2005Troubleshooting Netboot/Netinstall/NetRestore tips from the author of NetRestore, Carbon Copy Cloner and other great tools. (See the full troubleshooting article ...
    Posted Dec 22, 2008, 7:26 AM by Greg Neagle
  • Debugging MCX Written by Philip Rinehart   Wednesday, 29 March 2006MCX debugging has always been a challenge. Not now! The solution is actually an undocumented preference. Issue the following command: defaults write ...
    Posted Dec 22, 2008, 7:25 AM by Greg Neagle
  • Fixing Active Directory timeout values Written by Philip Rinehart   Tuesday, 26 September 2006One of the problems that has recently cropped up in our deployment of Active Directory is the long timeouts logging in when ...
    Posted Dec 22, 2008, 7:24 AM by Greg Neagle
  • Fixing Adobe SelfHeal.xml problems Written by MacEnterprise   Monday, 12 March 2007One of the most common problems when deploying Adobe applications is the ability to "Self-Heal" a broken application.  In particular, this feature ...
    Posted Dec 22, 2008, 7:23 AM by Greg Neagle
  • Troubleshooting AD Logins Written by MacEnterprise   Tuesday, 06 February 2007This guide highlights some of the more common issues that surround AD based logon denials.If you run across other symptoms/solutions, send ...
    Posted Dec 19, 2008, 3:58 PM by Greg Neagle
  • Creative ways of using shadow files Written by Philip Rinehart   Wednesday, 28 March 2007One of the hidden gems of the Macintosh administrator's toolbox is hdiutil.  Why?One of the interesting things that can be ...
    Posted Dec 19, 2008, 3:55 PM by Greg Neagle
  • Troubleshooting with dirt Written by Philip Rinehart   Thursday, 29 March 2007dirt?Never heard of this handly little command line utility?  From the manual page description:The dirt tool is a command line ...
    Posted Dec 19, 2008, 3:55 PM by Greg Neagle
  • Searching Active Directory with ldapsearch Written by Philip Rinehart   Friday, 30 March 2007ldapsearch is one of the standard tools included with OpenLDAP to query LDAP directories.  Because Active Directory is ldap compliant, it can ...
    Posted Dec 19, 2008, 3:53 PM by Greg Neagle
  • Troubleshooting Portable Home Directories Written by Philip Rinehart   Monday, 16 April 2007A while ago, an article about how to troubleshoot Workgroup Management (MCX) with a MCXDebug setting.  Here's how to do the ...
    Posted Dec 19, 2008, 3:52 PM by Greg Neagle
  • Testing forward and reverse DNS Written by Philip Rinehart   Tuesday, 17 April 2007Testing forward and reverse DNS is one of the common troubleshooting steps with Directory Services.Often, nslookup or dig is the tool ...
    Posted Dec 19, 2008, 3:51 PM by Greg Neagle
  • Integrating Mac OS 10.3 and Novell eDirectory While this information was originally published for 10.3, it still has some good tips.This document describes how information stored in Novell's eDirectory can be used to authenticate ...
    Posted Dec 19, 2008, 3:48 PM by Greg Neagle
  • Running items at login Written by Greg Neagle   Wednesday, 24 November 2004A common need in a managed OS X environment is to run certain scripts every time someone logs in, or to open ...
    Posted May 17, 2009, 9:44 PM by Greg Neagle
  • Adding a user from the command line with dscl Written by MacEnterprise mailing list   Friday, 09 March 2007From Jeff McCune via the Macenterprise mailing list, he posted a short script showing how to create a user using the ...
    Posted Dec 19, 2008, 6:11 AM by Greg Neagle
  • Shell Scripting 101: Part 6 We've been through quite a lot in the shell scripting series so far.  Combining all of the parts, let's now begin to talk about how to do shell ...
    Posted Dec 19, 2008, 5:51 AM by Greg Neagle
  • Shell Scripting 101: Part 5 Now it begins to get fun.  We've talked about functions, conditionals, and basic shell scripting syntax.  In this part of shell scripting 101, we'll begin to look at ...
    Posted Dec 19, 2008, 5:50 AM by Greg Neagle
  • Shell scripting 101: Part 4 In the previous three parts of this series, we've looked at how to write a basic shell script.  It's now time to get more in depth on the ...
    Posted Dec 19, 2008, 5:47 AM by Greg Neagle
  • Shell scripting 101: Part 3 In part 3, let's begin looking at how shell scripts can be made even more useful using tests, and loopingTestsTesting can be quite simple, and doesn't ...
    Posted Dec 19, 2008, 5:46 AM by Greg Neagle
  • Xsan, ACLs and the AD/OD Magic Triangle: A Success Story Recently at Swarthmore College we set up a new Xsan and workstations to support a small, four station video editing lab. A major challenge was to maintain as much control ...
    Posted Dec 19, 2008, 5:41 AM by Greg Neagle
  • Automating ASR Image creation Written by Richard Glaser   Tuesday, 10 April 2007In our environment, we manage our Mac OS X client file systems with radmind, but sometimes we run into issues that can ...
    Posted Dec 19, 2008, 5:40 AM by Greg Neagle
  • Shell Scripting 101: Part 2 Written by Philip Rinehart   Thursday, 19 April 2007In the first part of this series, we examined how to create a quick shell script, and how rapidly prototype a script ...
    Posted Dec 19, 2008, 5:39 AM by Greg Neagle
Showing posts 1 - 50 of 58. View more »

Pharmaceutical Informatics on Mac OS X

posted May 17, 2010, 2:07 PM by Greg Neagle

Chris Swain has written a review of the products available from Dotmatics, a scientific informatics company. Find it here.

Prepare Your Enterprise for the iPad

posted Feb 3, 2010, 8:15 AM by Greg Neagle

Rich Mogull has an article on preparing your enterprise for the iPad here:

http://db.tidbits.com/article/10972

Integrating Novell eDirectory with 10.6 / 10.5

posted Jan 8, 2010, 8:10 AM by Greg Neagle

Joe Jenkins, Network Engineer for Davis Tool, Inc. has put together an updated document on Integrating Novell eDirectory with 10.6 / 10.5.  This includes a guide on how to complete the integration, as well as an LDIF file, plist mappings for DirectoryServices and some useful PHP tools for password changing.

The information can be found here: http://www.nerdnet.com/?q=node/88

Integrating Google Apps with Open Directory

posted Nov 2, 2009, 8:17 AM by Greg Neagle

More and more organizations are using Google's services for email, calendaring, and collaboration. For an organization that hosts some services internally (network logins to workstations, file sharing, and the like) and also wants to use Google's services, it's ideal to have a single User ID and password that works with both the internally hosted services and Google's services.

Randy Saeks has written an white paper on integrating Google Apps for Domains with Open Directory. It's available here:
http://rsaeks.files.wordpress.com/2009/04/integrating-google-apps-for-education-into-open-directory.pdf

Using NetInstall to upgrade machines to Snow Leopard

posted Oct 13, 2009, 2:17 PM by Greg Neagle

Peter Bukowinski has posted a great step-by-step guide to creating a NetInstall image you can use to upgrade Tiger or Leopard machines to Snow Leopard.

Find it here:

This version of this guide has a workaround for a bug that prevented some update packages (like the 10.6.1 update) from being installed. 

The Luggage

posted Oct 12, 2009, 8:47 AM by Greg Neagle

Joe Block has made his packaging tool for OS X -- The Luggage -- available.

He writes:

Packagemaker.app makes it nearly impossible to have someone review the changes you've made in a package. They have to rummage through screen after screen, trying to remember the previous settings. At Google, I wrote an internal tool using Make that allowed the other members of my group to easily review package changes - every package is generated by a Makefile, and since Makefiles are text, the diffs are easily presented by code review tools. We made a lot of packages for use with puppet and InstaDMG using that tool, and after I left Google, I wanted to have a similar tool available, so I wrote the Luggage.

Active Directory Password Expiration Monitoring

posted Jun 15, 2009, 3:19 PM by Greg Neagle

Andrew Thomson has made available a utility for Macs in Active Directory environments to notify users of upcoming AD password expirations. 
Andrew's solution takes an earlier approach by Peter Bukowinski (which you can read about at AFP548.com) to the next level.

More details on Andrew's solution here.

Dual Boot Deployment Tool - Windows Startup Disk Switcher

posted Jun 12, 2009, 9:58 AM by Greg Neagle   [ updated Jun 12, 2009, 10:03 AM ]

A problem with managing dual-boot machines (OS X/Windows) is that they are hard to manage since you need to keep two OSes up-to-date, yet only one is running at any given time.

There are solutions that help with this, but a big stopping point was that it was difficult or nearly impossible to programmatically tell a machine booted into Windows to restart into OS X.

Patrick Huber of Minnesota State University has made available a solution to that problem - a utility that can switch the startup disk back to Mac OS X from a Windows session.

Read more about it, and download the tools here: http://acc.mnsu.edu/software/startupdisk.html

Wireless Setup Scripts for Leopard

posted Mar 31, 2009, 9:51 AM by lance.ogletree@macenterprise.org

Bryan Lee posted a series of scripts for managing the wireless setup under Leopard to the MacEnterprise mailing list.
We thought it would be good to link to his blog for others to reference.


Setting up Podcast Producer in an Active Directory Environment

posted Mar 24, 2009, 12:49 PM by Andrina Kelly   [ updated Mar 27, 2009, 12:58 PM ]

This is an overview document for integrating Podcast Producer into your Active Directory environment.

There are some fundamentals we need to check off before starting. First, and as is so commonly repeated, you need to check your DNS. This integration will work best when DNS is hosted by your Windows servers. The setup testing here was done with a Windows 2003 server with Active Directory and DNS running on the same server. When checking DNS you want to ensure that both the forward and reverse DNS entries are set up correctly. You can use dig, nslookup or host to accomplish this.

bash-3.2# host pcpserver.example.com
pcpserver.example.com has address 10.0.1.5
bash-3.2# host 10.0.1.5
5.1.0.10.in-addr.arpa domain name pointer pcpserver.example.com.


Once you've verified that DNS is set up correctly, install Leopard Server. Chose the advanced setup, configure with a static IP and name to match the one that you checked in the DNS setup, but leave the Directory setup as stand-alone for the moment. Once configured run all you software updates to bring you up to the most recent version of OS X Server.

While waiting for your software updates, get in touch with your Active Directory administrators and get a new account set up for binding the server to the Active Directory server. This needs to be an account that has the ability to create a computer record in Active Directory - full administrator rights are not required. With your newly acquired AD account, bind your server using Directory Utility to Active Directory, and test that you can lookup AD users to ensure everything is working correctly. If this doesn't complete correctly you'll have to go through troubleshooting steps for getting a successful bind before proceeding.

Now that you're bound to Active Directory we can set up Open Directory on the OS X Server. The reason we do the setup this way round is to ensure that kerberos does not start on our OD Master. We only want kerberos tickets handed out from one location, and that is our Active Directory server. Set up Open Directory from Server Admin on your OS X Server, verify after going through the setup assistant that kerberos is not running.

Podcast Producer requires the group administrator user to be an Open Directory or local account, our testing used the user pcastadmin set up in Open Directory. See http://support.apple.com/kb/TA25011 for further details, but as of 10.5.6 the note about the HTTP authentication at the end of this article is no longer required - Podcast Producer now supports any combination of authentication methods, as described here - http://support.apple.com/kb/HT3289 

After creating the pcastadmin user in Workgroup Manager, make this user an admin user on the server - this is required for podcast postings using the built-in workflows. You can set up a couple other regular Open Directory users for testing at this point if you like.  I should point out at this point in time also, that if you're planning on running your web server on another server you will need to add the pcastadmin user to the local admin group of the web server.

Next comes setting up the website on our server. Go to web in Server Admin, select the Sites tab and select the default domain that's already in there. We need to rename the domain to be the FQDN (Fully Qualified Domain Name), so pcpserver.example.com in the Domain Name field in our case. From the Web Services tab in our site we need to enable Wiki and blog. Save your settings, and start Web in Server Admin.

Back in Workgroup Manager we set up a new group called "Podcasts", and add the pcastadmin user and some test users from both Open Directory and Active Directory. We also want to enable wiki services for this group - while this is possible in Workgroup Manager, I've seen better success enabling the wiki for a group within the Directory.app, found in /Applications/Utilities. Once doing this, open a web browser, and go to your server, in our case we went to pcpserver.example.com and test the "Podcasts" group wiki. If you aren't seeing the group wiki at this point in time you will need to troubleshoot the group wiki creation before carrying on.

Next is going to be the configuration of Xgrid. We need this to be a kerberized service however, so before setting up Xgrid we need to enable Single Sign-on for all supported services as we're using this server with Active Directory.

bash-3.2# sudo dsconfigad -enablesso

Use the "Configure Xgrid Service..." button on the Overview pane of Xgrid to set up the service. Chose "Host a Grid", and when prompted for a username and password, ensure that it's looking to /Active Directory/All Domains for it's authentication. Use the same username and password that you used from AD to bind your OS X Server to Active Directory. Continue through the setup, and Xgrid should start. Check the Settings pane, and ensure the Controller Authentication is set to Kerberos. If you have any issues with Xgrid starting, or the authentication is not set to Kerberos, you have to troubleshoot this step before continuing on. The logs will be you best place to start looking - if you see something similar to the following in the logs:

servermgrd[55]: ERROR in record creation: Error Domain=OpenDirectoryFramework Code=-14140 UserInfo=0x25161f0 "Unable to create record pcpserver.example.com:/private/var/xgrid/sfs in /Active Directory/All Domains."

This is an issue with Kerberos - ensure you ran the dsconfigad -enablesso, and check your Kerberos files. You can test Xgrid is set up correctly by opening the Xgrid Admin application, select your server as the Xgrid controller to connect to, and when prompted select single sign-on rather than entering a username and password. At this point you should be prompted with a kerberos window to get your ticket. If you are able to then view your controller you've set Xgrid up correctly.

Moving onto configuring Podcast Producer in Server Admin. Set up the properties with the appropriate user, group, e-mail etc as shown in the Podcast Producer PDF from Apple - http://images.apple.com/server/macosx/docs/Podcast_Producer_Admin_v10.5.pdf . For this example our group is the Podcasts group we set up earlier, and our group administrator os the pcastadmin user we set up in Open Directory, while the Xgrid user is an Active Directory user. If these settings aren't fully configured the built-in workflows may fail. You may find that in setting up Podcast Producer it reports that Xgrid is unavailable - you can ignore this as long as you can use Xgrid Admin successfully.

Mail services for Podcast Producer can be configured either on OS X Server, or on the Windows server, however, you will need to be able to contact the SMTP server to send out notifications. Do note, that if the user submitting the job to Podcast Producer does not have an e-mail address specified in their account the mail task will fail.

Finally, it's time to test your deployment. From a client machine, open Podcast Capture and test a workflow with both an Open Directory user that's in the Podcasts group and an Active Directory user from the Podcasts group. If the jobs show up in Xgrid Admin your setup is working - even if the job fails - the failure is usually based around bad property settings in the Podcast Producer pane of Server Admin. In 10.5.6 or later you can also use single sign-on with Podcast Capture - your client machine must be bound and using a network account or a manually acquired kerberos ticket from the Kerberos application (/System/Library/CoreServices/Kerberos.app).

If you're planning on using the workflows to publish to the built-in wiki/blog you will need to enable clear text authentication due to the authentication methods that Active Directory supports as described here - http://support.apple.com/kb/TS1619. As noted, you can use SSL on the site after doing this, however, this will break the "subscribe to podcast" link in the wiki/blog - you can still subscribe in iTunes however if you use the https URL to point to the RSS feed.

Once this is all set up and working no doubt you'll have more than one group wanting to use the Podcast Producer setup - to separate out workflows for different groups take a look at the script provided here - http://pcast-producer.blogspot.com/2008/01/creating-new-workflows-from-script.html 


Happy Podcasting!

1-10 of 58