Showing posts 1 - 50 of 58. View more »
Chris Swain has written a review of the products available from Dotmatics, a scientific informatics company. Find it here.
Rich Mogull has an article on preparing your enterprise for the iPad here:
Joe Jenkins, Network Engineer for Davis Tool, Inc. has put together an updated document on Integrating Novell eDirectory with 10.6 / 10.5. This includes a guide on how to complete the integration, as well as an LDIF file, plist mappings for DirectoryServices and some useful PHP tools for password changing.
The information can be found here: http://www.nerdnet.com/?q=node/88
More and more organizations are using Google's services for email, calendaring, and collaboration. For an organization that hosts some services internally (network logins to workstations, file sharing, and the like) and also wants to use Google's services, it's ideal to have a single User ID and password that works with both the internally hosted services and Google's services.
Randy Saeks has written an white paper on integrating Google Apps for Domains with Open Directory. It's available here:http://rsaeks.files.wordpress.com/2009/04/integrating-google-apps-for-education-into-open-directory.pdf
Peter Bukowinski has posted a great step-by-step guide to creating a NetInstall image you can use to upgrade Tiger or Leopard machines to Snow Leopard.
Find it here:
This version of this guide has a workaround for a bug that prevented some update packages (like the 10.6.1 update) from being installed.
Joe Block has made his packaging tool for OS X -- The Luggage -- available.
Packagemaker.app makes it nearly impossible to have someone review the changes you've made in a package. They have to rummage through screen after screen, trying to remember the previous settings. At Google, I wrote an internal tool using Make that allowed the other members of my group to easily review package changes - every package is generated by a Makefile, and since Makefiles are text, the diffs are easily presented by code review tools. We made a lot of packages for use with puppet and InstaDMG using that tool, and after I left Google, I wanted to have a similar tool available, so I wrote the Luggage.
Andrew Thomson has made available a utility for Macs in Active Directory environments to notify users of upcoming AD password expirations.
Andrew's solution takes an earlier approach by Peter Bukowinski (which you can read about at AFP548.com) to the next level.
More details on Andrew's solution here.
A problem with managing dual-boot machines (OS X/Windows) is that they are hard to manage since you need to keep two OSes up-to-date, yet only one is running at any given time.
There are solutions that help with this, but a big stopping point was that it was difficult or nearly impossible to programmatically tell a machine booted into Windows to restart into OS X.
Patrick Huber of Minnesota State University has made available a solution to that problem - a utility that can switch the startup disk back to Mac OS X from a Windows session.
Read more about it, and download the tools here: http://acc.mnsu.edu/software/startupdisk.html
Bryan Lee posted a series of scripts for managing the wireless setup under Leopard to the MacEnterprise mailing list.
We thought it would be good to link to his blog for others to reference.
This is an overview document for integrating Podcast Producer into your Active Directory environment.
There are some fundamentals we need to check off before starting. First, and as is so commonly repeated, you need to check your DNS. This integration will work best when DNS is hosted by your Windows servers. The setup testing here was done with a Windows 2003 server with Active Directory and DNS running on the same server. When checking DNS you want to ensure that both the forward and reverse DNS entries are set up correctly. You can use dig, nslookup or host to accomplish this.
bash-3.2# host pcpserver.example.com
pcpserver.example.com has address 10.0.1.5
bash-3.2# host 10.0.1.5
18.104.22.168.in-addr.arpa domain name pointer pcpserver.example.com.
Once you've verified that DNS is set up correctly, install Leopard Server. Chose the advanced setup, configure with a static IP and name to match the one that you checked in the DNS setup, but leave the Directory setup as stand-alone for the moment. Once configured run all you software updates to bring you up to the most recent version of OS X Server.
While waiting for your software updates, get in touch with your Active Directory administrators and get a new account set up for binding the server to the Active Directory server. This needs to be an account that has the ability to create a computer record in Active Directory - full administrator rights are not required. With your newly acquired AD account, bind your server using Directory Utility to Active Directory, and test that you can lookup AD users to ensure everything is working correctly. If this doesn't complete correctly you'll have to go through troubleshooting steps for getting a successful bind before proceeding.
Now that you're bound to Active Directory we can set up Open Directory on the OS X Server. The reason we do the setup this way round is to ensure that kerberos does not start on our OD Master. We only want kerberos tickets handed out from one location, and that is our Active Directory server. Set up Open Directory from Server Admin on your OS X Server, verify after going through the setup assistant that kerberos is not running.
Podcast Producer requires the group administrator user to be an Open Directory or local account, our testing used the user pcastadmin set up in Open Directory. See http://support.apple.com/kb/TA25011 for further details, but as of 10.5.6 the note about the HTTP authentication at the end of this article is no longer required - Podcast Producer now supports any combination of authentication methods, as described here - http://support.apple.com/kb/HT3289
After creating the pcastadmin user in Workgroup Manager, make this user an admin user on the server - this is required for podcast postings using the built-in workflows. You can set up a couple other regular Open Directory users for testing at this point if you like. I should point out at this point in time also, that if you're planning on running your web server on another server you will need to add the pcastadmin user to the local admin group of the web server.
Next comes setting up the website on our server. Go to web in Server Admin, select the Sites tab and select the default domain that's already in there. We need to rename the domain to be the FQDN (Fully Qualified Domain Name), so pcpserver.example.com in the Domain Name field in our case. From the Web Services tab in our site we need to enable Wiki and blog. Save your settings, and start Web in Server Admin.
Back in Workgroup Manager we set up a new group called "Podcasts", and add the pcastadmin user and some test users from both Open Directory and Active Directory. We also want to enable wiki services for this group - while this is possible in Workgroup Manager, I've seen better success enabling the wiki for a group within the Directory.app, found in /Applications/Utilities. Once doing this, open a web browser, and go to your server, in our case we went to pcpserver.example.com and test the "Podcasts" group wiki. If you aren't seeing the group wiki at this point in time you will need to troubleshoot the group wiki creation before carrying on.
Next is going to be the configuration of Xgrid. We need this to be a kerberized service however, so before setting up Xgrid we need to enable Single Sign-on for all supported services as we're using this server with Active Directory.
bash-3.2# sudo dsconfigad -enablesso
Use the "Configure Xgrid Service..." button on the Overview pane of Xgrid to set up the service. Chose "Host a Grid", and when prompted for a username and password, ensure that it's looking to /Active Directory/All Domains for it's authentication. Use the same username and password that you used from AD to bind your OS X Server to Active Directory. Continue through the setup, and Xgrid should start. Check the Settings pane, and ensure the Controller Authentication is set to Kerberos. If you have any issues with Xgrid starting, or the authentication is not set to Kerberos, you have to troubleshoot this step before continuing on. The logs will be you best place to start looking - if you see something similar to the following in the logs:
servermgrd: ERROR in record creation: Error Domain=OpenDirectoryFramework Code=-14140 UserInfo=0x25161f0 "Unable to create record pcpserver.example.com:/private/var/xgrid/sfs in /Active Directory/All Domains."
This is an issue with Kerberos - ensure you ran the dsconfigad -enablesso, and check your Kerberos files. You can test Xgrid is set up correctly by opening the Xgrid Admin application, select your server as the Xgrid controller to connect to, and when prompted select single sign-on rather than entering a username and password. At this point you should be prompted with a kerberos window to get your ticket. If you are able to then view your controller you've set Xgrid up correctly.
Moving onto configuring Podcast Producer in Server Admin. Set up the properties with the appropriate user, group, e-mail etc as shown in the Podcast Producer PDF from Apple - http://images.apple.com/server/macosx/docs/Podcast_Producer_Admin_v10.5.pdf . For this example our group is the Podcasts group we set up earlier, and our group administrator os the pcastadmin user we set up in Open Directory, while the Xgrid user is an Active Directory user. If these settings aren't fully configured the built-in workflows may fail. You may find that in setting up Podcast Producer it reports that Xgrid is unavailable - you can ignore this as long as you can use Xgrid Admin successfully.
Mail services for Podcast Producer can be configured either on OS X Server, or on the Windows server, however, you will need to be able to contact the SMTP server to send out notifications. Do note, that if the user submitting the job to Podcast Producer does not have an e-mail address specified in their account the mail task will fail.
Finally, it's time to test your deployment. From a client machine, open Podcast Capture and test a workflow with both an Open Directory user that's in the Podcasts group and an Active Directory user from the Podcasts group. If the jobs show up in Xgrid Admin your setup is working - even if the job fails - the failure is usually based around bad property settings in the Podcast Producer pane of Server Admin. In 10.5.6 or later you can also use single sign-on with Podcast Capture - your client machine must be bound and using a network account or a manually acquired kerberos ticket from the Kerberos application (/System/Library/CoreServices/Kerberos.app).
If you're planning on using the workflows to publish to the built-in wiki/blog you will need to enable clear text authentication due to the authentication methods that Active Directory supports as described here - http://support.apple.com/kb/TS1619. As noted, you can use SSL on the site after doing this, however, this will break the "subscribe to podcast" link in the wiki/blog - you can still subscribe in iTunes however if you use the https URL to point to the RSS feed.
Once this is all set up and working no doubt you'll have more than one group wanting to use the Podcast Producer setup - to separate out workflows for different groups take a look at the script provided here - http://pcast-producer.blogspot.com/2008/01/creating-new-workflows-from-script.html
1-10 of 58