So here was my problem: I needed to be able to produce high-resolution movies of live screen presentations (PowerPoint as it happens) with audio. And because these presentations were two hours long, people wanted chapter/section marks so they could go directly to the part they were interested in seeing again.
We wanted to stream the movies, so that people did not have to download the entire 2GB+ movie. They movies also had to be on a server I could get to, so that we could get the video online quickly.
This all proved harder than it sounds, and took me about three weeks to figure out and set up -- it wasn't hard, but it was undocumented and not intuitive. I am providing this information because the online information is either wrong, or it doesn't seem to exist.
[robg adds: I have reproduced most, but not all, of the linked page in the remainder of this hint, just in case the original site vanishes. However, I suggest you read it on the linked site if possible, because (a) it includes screenshots and (b) the information may be updated at some point in the future.]
While playing with Snow Leopard Server's various services, I noticed DHCP wasn't working. Actually, it worked at first for my laptop, then it stopped. Then I noticed the iPhones were not able to receive IPs either. I thought it was something with my server, so I drew a network diagram, and it gave me an idea.
I have an Internet modem connected to a Netgear router, to which the AirPort Extreme (Dual Band) is connected. My Snow Leopard Server machine is connected via the AirPort, as are all other clients. My drawing showed that when my Server was connected on the 5Ghz side, and the DHCP clients were connected on the 2.4Ghz side, DHCP would not work.
I confirmed this by splitting the dual band and connecting server and all clients on the 2.4GHz channel only. Set up this way, DHCP worked great; problem solved! I'm not sure if that makes perfect sense to the IP specialists, but I almost think this is a bug with the Dual Band implementation.
[robg adds: I can't confirm this one, but I'd be interested in comments from others using Server and Dual Band AirPort to see if this is a general issue or not.]
Today I needed to use Workgroup Manager to add a Login Item that Mounts an afp Volume. Apple provides no instructions for doing this while logged in directly on the server; instead this task is done using Workgroup Manager on a client (see this Apple support document). I didn't have my MacBook with me at the time, nor did I want to install the Server Admin Tools on another machine just for this one task.
The solution is:
Open Safari and enter the URL in the form of afp://IP-address-OR-Server-name/Share Point
Drag the favicon (next to the URL) onto the Desktop.
Drag the favicon into the System Preferences » Login » Items section of Workgroup Manager.
Click Apply Now.
Note that you do not need to add %20 to any white space when typing the URL in Safari; this will automatically be added when you drag the Favicon to the Desktop. Also, the colon and forward slash in the Weblock's file name will be replaced with hyphens.
[robg adds: I couldn't get the above-linked Apple document to load, but I did find it in Google's cache.]
You may be surprised to learn that if you follow the detailed 136 page instructions for setting up an NFS disk server that Apple provides for the OS X server machines, it won't actually work. The problem is the firewall. Unlike the non-server OS, which has an application firewall, the Server OS uses IPFW, which is port-based not application-based.
This means every service that takes inbound connections has to have fixed port range assignments so you can tell IPFW which port to open. NFS required the RPC deamon, and by default, RPC takes whatever ports are free at the moment and does not keep them fixed. You need to fix these to specific ports by hand because the GUI won't do it.
This can be confusing to diagnose because if you start NFS with the firewall down and then put it up, you find the server continues to work for about 30 minutes, because of pre-existing daemon connections.
The fix is simple but undocumented in the Apple manual, and not possible via the Server Admin GUI: you fix the ports permanently, and then add a rule to the firewall to open those ports.
With Mac OS X Server 10.6, Apple has divided the catalog file into three separate catalogs: one for 10.4, one for 10.5, and one for 10.6. Each is a separate URL, and if you set the wrong catalog for the OS, you'll get the (incorrect) message that your software is already up-to-date. Having three separate scripts is a hassle, though, and is prone to error.
On the Hints Forums, users tw and Hal Itosis were instrumental in crafting this AppleScript. It checks the OS that you're currently running, and sets the appropriate Software Update Server URL. Change Server.local to your server's address.
I had the need to update a server that was acting as a Software Update Server. I knew that the machine had the update on it, but was unsure of how to get it to see the locally-hosted update. If you open Terminal and issue this command...
...then Software Update will launch, looking at the localhost -- no need to re-download the update from Apple.
Snow Leopard's iCal Server changed the location of the Wiki-based calendars, so that this previous hint no longer works. Intead of using the path of /principals/groups/groupname, the URL for wiki-based calendars has changed to one of the following:
When you add this in as a URL for an additional account, you can then access this shared calendar, with your changes reflected on the wiki page. You could alternatively create a specific user in workgroup manager to be used as the 'silent' owner of a group calendar, create your calendars, assign delegation to all the real users. But if done in that way, you don't get to see the calendar in the wiki, online.
Hopefully Apple develops the web-based version further, and allows you to show calendars you have delegate access to in your 'My Page,' in additional to your personal server-based calendars (nice that that is there now, though!).
Mac OS X lacks a good command line tool for following a Services Access Control List (SACL) tree of users and groups. If you don't want to, or just can't, use the GUI to list users in service ACLs of your Mac OS X server (or managed client), you need to parse the groups/nested groups/users tree one group at a time, using dscl. It's really painful. As an alternative, I've created a script to handle this for sys admins.
I won't promise you a killer command line tool with foolproof error and recursion handling, but I still believe I've designed a usable piece of shell script -- even if it looks like it's the worst code I've ever written (which is not true; I've made things way uglier). The source code is too long and messy to be just copy-pasted here; just download the getsacls.sh script (4KB) directly from my machine.
How to install getsacls.sh:
Simply copy it to your Mac OS X 10.5 server (or managed client); anywhere in your $PATH should be fine. Then chmod +x the script, so that it can be executed.
How to configure getsacls.sh:
Defaults values should be OK, but if you really want to change something, open the script in your favorite editor, and find the FEW USER TUNABLE MISCS section. Edit at your own risks.
I have recently discovered a solution to a long-time annoyance of mine with 10.5 server and managed preferences for 10.5/10.4 clients: How to force the Applications and Downloads folders into the Dock.
I 'took apart' and examined the com.apple.dock.plist file and found the options for the Applications folder and the Downloads folders. If you simply place these folders into the Workgroup Manager (WGM) area for dock preferences, you end up with a broken downloads folder and an Applications folder that won't show its contents. Instead, when you click on Applications in 10.5, you just get a new window instead of the list of its contents.
The secret is to take a com.apple.dock.plist file and take out everything but the entries for Applications and Downloads. Use this file in the Details tab of preferences plists that you can force out -- don't forget to make it 'always' for enforcement. After that, go back to the Dock preference area in WGM and finish your settings, including the Documents folder and any apps you want to see on the dock.
This is more observational than hint-like, but it's interesting. This morning we had a customer order a new 2009 Mac mini, and they asked to have it upgraded to Leopard Server.
When we put the DVD into the Mac mini slot, we were getting ready to boot from DVD to do the upgrade. However, with this new mini, it no longer requires a reboot. You can install the Leopard Server Install Package without booting from the DVD.