Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use one Deploy Studio server with images on many servers OS X Server
I am jumping on board the DeployStudio train, and with multiple sites to support, I ran into the issue of how to use one master Deploy Studio server, but host the images at each of the sites (especially the WAN locations).

The solution I came up with was simple. When Deploy Studio wants to mount the images volume (via AFP), I just have a preflight script that mounts the volume based on which location (based on subnet) the computer is being imaged at. For instance, our Deploy Studio is on our fiber network, but our satellite site is on cable. When the computer netboots and DeployStudio Runtime is launched, it connects up to the Deploy Studio server (again, hosted on the fiber network).

A preflight script will mount the correct AFP mount prior to imaging the computer. We are basing this on our subnets, but your mileage may vary. Hope this helps those other network administrators going through the same struggles. I have other thoughts on using one image name (with multiple images), but I'll save that for another hint.
  Post a comment  •  Comments (4)  
  • Currently 2.33 / 5
  You rated: 5 / 5 (9 votes cast)
[18,748 views]  View Printable Version
10.5: Fix cron for LDAP Users in Mac OS X Server 10.5 OS X Server
To the best I'm able to determine, Mac OS X Server's cron does not recognize crontabs of users who exist in LDAP, nor the flat files (e.g., /etc/passwd). This is because cron starts prior to LDAP, and thus sees the crontabs of such users as "orphans." If you log in and re-establish the crontab, all is well ... but a simple reboot shouldn't cause crontabs to become disabled.

The system cron is a launchd service, and so it's quite difficult to control the order in which it launches. One can make the argument that it's cron's fault that it doesn't check for LDAP when it starts, but I think that the blame is really Apple's to bear. I spent hours today trying to figure out a graceful way to delay cron's launch without installing a new cron or hacking things up too badly, all in vain.

I gave up and just installed the hackery below; the script waits for LDAP to respond, then kills cron, which automatically restarts.
read more (126 words)   Post a comment  •  Comments (4)  
  • Currently 2.78 / 5
  You rated: 5 / 5 (9 votes cast)
[15,007 views]  View Printable Version
A basic how-to for using System Image Utility OS X Server
I am a system administrator on a small network of five servers with around 80 to 90 clients. Recently I wanted to image a group of 25 MacBooks to get them ready for staff to use. Searching the web, I found a lot of information about using SIU (System Image Utility). Based on my searching and my experiences, I'd like to offer up this "How to use SIU" how-to. Please note that this process is best done when the load on the server (from the users) is at it lowest. If done when you have users accessing the server, you will have complaints about things going slowly.
read more (762 words)   Post a comment  •  Comments (14)  
  • Currently 2.40 / 5
  You rated: 4 / 5 (10 votes cast)
[62,973 views]  View Printable Version
10.5: Set up host-specific mandatory TLS in Mail Service OS X Server
I recently had an instance in which a client company was insisting that all email communications between our servers being encrypted with TLS. We're using Leopard Server 10.5.5 (which includes Postfix 4.3.1), but it took some extra tweaking to make it work, so I thought I'd pass it on in case anyone else here ever needs it.

This hint assumes that you have a Leopard Server running Mail Service which needs to be able to receive email from servers out on the Internet, and a security certificate for your mail server. (In Server Admin GUI for Mail Service, that would translate to having SSL set to Use (not Require) for SMTP with the correct certificate selected.) You will need a certificate for this to work, and preferably one issued by a certificate authority.

When we're done, you'll be using Opportunistic TLS (offers TLS but doesn't require it, since most ISP email servers don't use it) for the internet at large and Mandatory TLS just for your specified host(s). Launch Terminal and here we go...
read more (163 words)   Post a comment  •  Comments (0)  
  • Currently 2.40 / 5
  You rated: 4 / 5 (10 votes cast)
[13,074 views]  View Printable Version
Avoid a hardware model filter bug in OS X Server OS X Server
This is more of a workaround than a hint, but will hopefully save some folks the hours of annoyance I've had to deal with.

The problem can be summarized as follows: In the Server Admin application, installed with Apple's Server Admin Tools, you can manage many of Mac OS X Server's features, including Netboot and Netinstall images. Once you have created a Netinstall image, you have the option in Server Admin to specify what types of Apple hardware are allowed to boot the image over the network. I refer to these filters as hardware model type filters, though I'm not sure of their official name. Anyway, once a model type filter is set for a given Netinstall image, a workaround is required to make future edits to the same filter in the GUI.

Steps to Reproduce the bug:
  1. Create a netinstall image.
  2. Edit the hardware model type filter by clicking the pencil button, then click OK, then Save.
  3. Try again to edit the same hardware model type filter, click Okay, then Save.
  4. Look at the filter a third time and the changes made in step three will not have been applied
Steps to work around the bug:
  1. Toggle the Enable checkbox. Note it does not matter what state the checkbox is in, so it can be toggled to either the enabled or disabled position.
  2. Edit the model type filter by clicking the pencil button. Important: do not click the Save button between this step and the prior step.
  3. After editing, click OK, then click Save.
Look at the filter again, and the changes made will have held this time. It appears that the state change of Enable is what triggers a write operation to the plist once the Save button is clicked. That is, nothing gets written when Save is clicked unless the state of the Enable checkbox has changed.
  Post a comment  •  Comments (0)  
  • Currently 1.44 / 5
  You rated: 2 / 5 (9 votes cast)
[8,258 views]  View Printable Version
Create a CSV list of all pages in an Apple WikiServer wiki OS X Server
An interesting request came in today from a coworker. She wanted to create a spreadsheet that contained all of our intranet's wiki pages (which uses the Apple WikiServer), presumably because Apple doesn't provide an easy way to "list all pages" in the wiki itself. Along with the page title, she also wanted to extract its internal ID, its URL, and the time the page was created as well as the time it was last modified.

I spent about an hour looking into this this afternoon, and it turns out that much of this information is readily available on the filesystem in the Apple WikiServer's data store. I whipped up the following shell script to extract this information in CSV format, exactly as requested. I'm submitting this script here in case someone else wants similar "export a list of WikiServer pages to a comma-separated values (CSV) file" functionality, but isn't sure how to go about getting it.

To use this script, just edit the line that reads so that it refers to the wiki base URI of your own server, make it executable (chmod a+x script_name), and then run it.
#!/bin/sh -
# Script to extract data from an Apple WikiServer's data store by querying the
# filesystem itself. Creates a 'wikipages.csv' file that's readable by any
# spreadsheeting application, such as or Microsoft
# USAGE:   To use this script, change to the WikiServer's pages directory, then
#          just run this script. A file named wikipages.csv will be created in
#          your current directory. For instance:
#              cd /Library/Collaboration/Groups/mygroup/wiki  # dir to work in
#                                   # run the script
#              cp wikipages.csv ~/Desktop                     # save output
# WARNING: Since the WikiServer's files are only accessible as root, this script
#          must be run as root to function. Additionally, this is not extremely
#          well tested, so use at your own risk.
# Author:  Meitar Moscovitz
# Date:    Mon Sep 22 15:03:54 EST 2008

##### CONFIGURE HERE ########

# The prefix to append to generated links. NO SPACES!


# debugging
set -e

WS_PAGE_IDS_FILE=`mktemp ws-ids.tmp.XXXXXX`

function extractPlistValueByKey () {
   head -n \
     $(expr 1 + `grep -n "<key>$1</key>" page.plist | cut -d ':' -f 1`) page.plist | \
       tail -n 1 | cut -d '>' -f 2 | cut -d '<' -f 1

function linkifyWikiServerTitle () {
   echo $1 | sed -e 's/ /_/g' -e 's/&/_/g' -e 's/>/_/g' -e 's/</_/g' -e 's/\?//g'

function formatISO8601date () {
   echo $1 | sed -e 's/T/ /' -e 's/Z$//'

function csvQuote () {
   echo $1 | grep -q ',' >/dev/null
   if [ $? -eq 0 ]; then
       echo '"'$1'"'
       echo $1

ls -d [^w]*.page | \
 sed -e 's/^\([a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9]\)\.page$/\1/' > $WS_PAGE_IDS_FILE

echo "Title,ID,Date Created,Last Modified,URI" > $WS_CSV_OUTFILE
while read id; do
   cd $
   title=$(extractPlistValueByKey title)
   created_date="$(formatISO8601date $(extractPlistValueByKey createdDate))"
   modified_date="$(formatISO8601date $(extractPlistValueByKey modifiedDate))"
   link=$WS_URI_PREFIX"$id"/`linkifyWikiServerTitle "$title"`.html
   cd ..
   echo `csvQuote "$title"`,$id,$created_date,$modified_date,`csvQuote "$link"` >>>< $WS_CSV_OUTFILE
Note: This script was originally posted on my own personal weblog.
  Post a comment  •  Comments (6)  
  • Currently 2.70 / 5
  You rated: 4 / 5 (10 votes cast)
[10,274 views]  View Printable Version
Monitor Xserve temperature, voltage, power via Munin OS X Server
Many system administrators are using Munin to monitor and make graphs of many details about their servers. However, there is no official plug-in for Mac OS X Server and Xserve to monitor temperature, power, or voltage.

Aqua Ray, however, provides some of them; that page has download links for G4, G5, and Intel Xserves, along with explanations on how to install them on a current version of Munin.

[robg adds: These plug-ins appear to be free, but I haven't tested them to see how well they work.]
  Post a comment  •  Comments (0)  
  • Currently 1.67 / 5
  You rated: 1 / 5 (9 votes cast)
[12,331 views]  View Printable Version
10.5: Remove Time Machine from menu bar on clients OS X Server
Well, if you're like me and already have backup solutions running in your Open Directory, you may not want your users using Time Machine, for whatever reasons you may have. In Work Group Manager (WGM), select your groups (or your parent group) and select the Details tab. Then add the following to the details list:
Once you add that in to the Details part of WGM, you can select the menu items and click on the pencil icon to add a string to disable Time Machine from the menu bar. So, click on the pencil icon and a new window should pop up. It should display Once, Often, Always. Select and expand the arrow key on Always, and then click on the New Key button. Select Edit from the drop-box, and name it, then for Type, select boolean, and for Value, select false. Attached is a screen shot. It should look like this when you're done.

The next time your client updates the MCX, it will no longer have Time Machine in the Menu Bar. This is sort of a backwards way of going about things, so I put in a feature request for OS X Server to just manage these things through WGM by a menu or items list. I need to thank Jeff from our Apple mailing list to helped me figure this out.
  Post a comment  •  Comments (2)  
  • Currently 2.27 / 5
  You rated: 4 / 5 (11 votes cast)
[11,671 views]  View Printable Version
.htaccess, Open Directory, and Leopard Server OS X Server
I was looking to set up .htaccess on Leopard server, and as I was testing the .htpasswd file I set up for the user (myself), I tried the wrong password and it let me in! It turns out I had used my regular password that's set up through Open Directory. So I deleted the .htpasswd file, and I removed all references to it in the .htaccess file to further test. This is the resulting .htaccess file:
AuthName "Server Access"
AuthType Digest
require valid-user
Just by using the above .htaccess file, I am able to login with any user that has an Open Directory account. Nice treat, for me anyway. I'm guessing others will have to add restrictions for users they don't want to have access.

[robg adds: I have no way of testing this one...]
  Post a comment  •  Comments (1)  
  • Currently 1.80 / 5
  You rated: 5 / 5 (10 votes cast)
[19,148 views]  View Printable Version
Limit OS X Server VPN connections to one per user OS X Server
VPN in Mac OS X Server (all versions, I think) allows users to have as many sessions from as many different computers as they want to the VPN server. I didn't like this, so I tried to find a way to restrict them to only one session. I tried looking at plists, thinking maybe Apple had some hidden option for this, but I couldn't find it. I then dug around in man files for vpn and pppd and such, and found something of interest in pppd's man page:
A program or script which is executed after the remote system successfully authenticates itself. It is executed with the parameters:

interface-name peer-name user-name tty-device speed

Note that this script is not executed if the peer doesn't authenticate itself, for example when the noauth option is used.
Great! All I need now is some code and a way to find out which users are currently online.
read more (162 words)   Post a comment  •  Comments (6)  
  • Currently 2.10 / 5
  You rated: 5 / 5 (10 votes cast)
[10,340 views]  View Printable Version