Archive for November, 2007

Mac OS X: Showing Invisible Files

Tuesday, November 20th, 2007

Have you ever been looking for some files an you just can’t find them. Well, maybe they’re hidden. If you need to see hidden files, use the following command:defaults write com.apple.finder AppleShowAllFiles -boolean true
killall Finder

The problem with seeing hidden files is that you see a lot of stuff that you really probably don’t want to see. So to get back to a state where you don’t have to see all of the invisible files, use the following command:
defaults delete com.apple.finder AppleShowAllFiles
killall Finder

Posted in Mac OS X | Comments Off

Leopard: Flush the Cache Resolver

Tuesday, November 20th, 2007

So you need to empty your cache resolver, but you fire up your handy lookupd but you’re getting a command not found error. What to do… Try dscacheutil, which let’s you do so very much more than lookupd. For example, using the -cachedump allows you to dump an overview of the cache contents. -cachedump has a slew of flags to get pretty granular with the output such as -entries and -buckets. -configuration allows you to access detailed information about your search policy. -statistics allows you to view detailed information on statistics of calls.

Examples of using these commands:
Emtpy the DNS Cache Resolver:
dscacheutil -flushcache

Dump cache with user entries:
dscacheutil -cachedump -entries user

Lookup all the users on a system:
dscacheutil -q user

Posted in Mac OS X, Mac OS X Server | Comments Off

Leopard Server: Use Unsupported Disks with Time Machine

Tuesday, November 20th, 2007

If you want to use an unsupported disk type for your Time Machine archives, running the following command on workstations will allow you to do so:
defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

Posted in Mac OS X, Mac OS X Server | Comments Off

Leopard Server: Auto-populate User Lists in iChat Server

Tuesday, November 20th, 2007

If you want to enable the auto-population of buddy lists for users of your iChat server, use the following command:
serveradmin settings jabber:enableAutoBuddy = no

If you have a lot of users and this causes performance issues, consider disabling this feature again by using the following command:
serveradmin settings jabber:enableAutoBuddy = yes

Posted in General Technology | Comments Off

Leopard Server: Reskin WebMail

Tuesday, November 20th, 2007

The default “skin” of the WebMail server (SquirrelMail) in OS X server leaves a lot to be desired to some. So we thought that we would post some of the more popular skins/themes (or collections of themes) that we’ve been using so you can check them out:

http://www.squirrelmail.org/themes.php

http://www.nutsmail.com

http://www.roundcube.net

http://sourceforge.net/projects/squirreloutlook

Happy skinning!

Posted in Mac OS X Server | Comments Off

Leopard: Making the Top Menu Bar Solid

Tuesday, November 20th, 2007

In Leopard the Top Menu Bar is fairly transparent and will overlay on top of the background image. For those who want to disable it the following command will do so:
write /System/Library/LaunchDaemons/com.apple.WindowServer 'EnvironmentVariables' -dict 'CI_NO_BACKGROUND_IMAGE' 1

We have seen some reports that this command didn’t work for users; therefore it is important to point out that when you’re using the command you need to unload and load the launch daemon.  Or just reboot.  If you later start to miss this menu bar then you can undo this change by using the following command:

defaults write /System/Library/LaunchDaemons/com.apple.WindowServer 'EnvironmentVariables' -dict 'CI_NO_BACKGROUND_IMAGE' 0

Posted in General Technology | Comments Off

Leopard Server: Customizing iChat Server Welcome Messages

Tuesday, November 20th, 2007

Customizing the welcome message to new users of your iChat server is a fairly simple task. For this, we’ll look into the jabber configuration because jabber is the Open Source package that iChat Server is built on.

When you first setup jabber the /etc/jabber directory will be created. Inside this folder will be a file called jabber.xml. If you open the jabber xml file and look for the “welcome” tag then anything between the "welcome" and "/welcome" will be the information that is shown in a welcome screen when a new user signs onto the iChat server. Before you edit the /etc/jaber/jabber.xml file make sure to back it up.

For this example we will have all new users receive a message that says Welcome to the 318 iChat Server. To do this, delete or comment out the information between the existing welcome tags and add the following information:

"welcome"
"subject"318 iChat Server"/subject"
"body"Welcome to the 318 iChat Server"/body"
"/welcome"

Save the jabber.xml file and you’ve now customized the welcome message for your iChat server.

Note, for the purpose of this article the < and > have been replaced with quotes (“). However, you will need to use the < and > in your environment while using the Jabber.xml file.

Posted in Mac OS X Server | Comments Off

Leopard Server: Sharing Folders using Server Admin

Friday, November 2nd, 2007

We’ve gotten a few questions from people asking how you’re supposed to setup share points for Leopard Server. It’s relatively simple but will require a little getting used to for those who are used to configuring sharing options in Workgroup Manager.

To view the shared folders on a system, open Server Admin and click on the name of the server in the SERVERS list. From here, click on the File Sharing button in the Server Admin toolbar and you will see a list of the logical volumes that your server can see along with a handy Disk Space image showing how full the various volumes are. At this point you can click on Share Points to see which folders are currently being shared over SMB, AFP, NFS or FTP. If you click on Volumes and then the Browse button then you will be able to configure new folders to become share points that you want others to get access to. Browse to the folder to be shared and then click on the share button in the upper Right hand corner below the tool bar.

Now you are looking at 3 tabs along the bottom of the screen: Share Point, Permissions and Quotas. From here, click on Share Point and review the options:
Enable AutoMount – provides options to setup an OD link to the volume
Enable Spotlight Searching – allow the volume to be searchable using Spotlight
Enable as TimeMachine Backup Destination – client computers can backup using Time Machine
Protocol Options – brings up the screen that allows SMB, AFP, NFS and FTP settings to be configured (looks very similar to the old screen in Workgroup Manager)

Once you have configured the options for your share point click over to the Permissions tab. Now you can configure who has access to shared data. From here, the main change is that the Users and Groups window is a floating window, with a new look and feel, but with the same overall feature set. The next major change is that ACLs are listed above POSIX permissions, and when you drag a user or group into the window you will see a blue line indicating that you can drop the object off into the screen and it will stay.

Finally, click on the Quotas tab and notice that when you enable quotas you cannot drag users and groups into this window. Only users with a home folder on the volume can be configured for quotas using Server Admin. If you would like to configure quotas otherwise you can do so at the command line.

Posted in Directory Services, Mac OS X Server | Comments Off

Citrix and Open Source

Friday, November 2nd, 2007

It seems like everyone wants to dabble in the Open Source market these days. First came the RedHat, VA Linux and other public companies using Open Source technologies to ramp up. Then IT giants such as Novell, Sun and Apple started to come to markets with products faster due to their newfound Open Source roots. Now a lot of other companies are jumping on the bandwagon and introducing products based on Open Source technologies or purchasing other companies to help them do so quickly.

Citrix has purchased XenSource, a company that provided virtualization products based on the Xen Open Source virtualization platform. XenSource is now a prodcut of Citrix that is meant to compete directly with VMWare on the virtualization scene. Why use something like XenSource instead of just building a virtual cluster based on the actual Open Source Xen packages? Citrix offers annual support plans for Standard Edition, which allows customers to receive support. In addition, Citrix is providing free web-based resources, including online product documentation, a knowledge base, and discussion forums, as is done with their popular Metaframe products. And of course, XenSource becomes the preferred platform to run Citrix clusters on. Not that VMWare won’t do a fine job, but support will be a lot easier if you’re using XenSource.

Posted in Linux, Windows | Comments Off

ZFS: What was all that fuss about?

Friday, November 2nd, 2007

ZFS was released by a team at Sun in November of 2004. The name stands for “Zettabyte File System”. ZFS is a 128-bit file system, so it can store 18 billion billion (18.4 × 1018) times more data than current 64-bit systems. We’re not going to sit here and do the math for that but you are more than welcome to figure out what the theoretical size is at that point – all we can say is that it’s friggin’ huge.

Traditional file systems reside on single devices and require a volume manager to use more than one device to generate a logical or physical volume. ZFS is built on top of virtual storage pools called zpools. A zpool is constructed of virtual devices called vdevs. Vdevs are constructed of block devices that include files, partitions, or drives. Block devices within a vdev can be configured in a variety of different manners, depending on the needs of a user. The storage capacity of all vdevs is available to all of the file system instances in the zpool. This is similar in some ways to how Xsan builds volumes, but more customizable and without a requirement for vdevs to be based on Fibre Channel storage in order to be accessible by multiple hosts.

Quotas can be set to limit the amount of space a file system instance can occupy and a reservation can be set to guarantee that space will be available to a file system instance. This gives some nice features to those wanting to limit access for some volumes while still making sure other volumes have the space that will be required for planned future possible expansions. Other features of ZFS include: snapshots, write-cache, filesystem based encryption (in Alpha stage of development) and checksumming.

While users of Leopard may be disappointed in the fact that ZFS did not make it in the final build, giving greater volume sizes and more features for volume management, rest assured that Apple will be thoroughly testing any new file systems before making them available to the public and that with something as precious as a file system, if it wasn’t ready for prime time then it’s good that it wasn’t included with Leopard. ZFS is still going through changes and is not a completed or matured project by any stretch of the imagination. In /Library/FileSystems you will see that ZFS is not present but the framework for future ZFS is present which can be seen by the introduction of some ZFS binaries to the system. So keep a look out for ZFS in the future and maybe even an SDK from SUN on using it at some point.

Posted in General Technology, Mac OS X, Mac OS X Server, Xsan | 1 Comment »

iWork and iLife 08 Documents and Retrospect

Friday, November 2nd, 2007

iWork ’08 applications (Keynote, Numbers, Pages) and iLife ’08 components including iPhoto, iTunes, Garage Band have a slight issue with Retrospect – their data files are not considered documents using the Documents Selector. Now in the case of iPhoto, iTunes and Garage Band this is probably a good thing. However, for Keynote, Numbers and Pages it’s more than likely that if you’re using these then you will want Retrospect to back them up. So if you are using selectors and you are using the Documents selector then check out this Knowledgebase article from EMC/Dantz:

http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9632&r=0.2114527

Posted in Mac OS X | Comments Off

Leopard Server: Using RADIUS with the Apple AirPort

Thursday, November 1st, 2007

Remote Authentication Dial In User Service (RADIUS) can help to take the security of your wireless network to the next level beyond standard WPA authentication. Prior to Leopard RADIUS communications could be obtained using Elektron or OpenRADIUS running on OS X – but in Leopard no 3rd party software is required beyond Leopard Server. So how difficult is it to setup RADIUS on Leopard? You be the judge after reading this quick walkthrough. For the purpose of this walkthrough we are going to assume that you are using the Advanced Mac OS X Server style.

Before you begin this walkthrough, make sure that the server is running Open Directory and that the forward and reverse DNS information for the server is correct.

The first step to using RADIUS is to enable it. To do this, open Server Admin, click on the name of the server in the SERVERS list and click on the Services tab. Find RADIUS in the services list and place a checkmark in the box to the left of it. When you click on Save then you should see RADIUS in the SERVERS list.

Now that RADIUS has been enabled, let’s select a certificate. For the use of this walkthrough we’re going to use the default certificate that comes with OS X Server. Click on RADIUS under the SERVERS list and then click on the Settings button. Click on the RADIUS Certificate drop-down menu and select the Default certificate. Click on the Edit Allowed Users… button.

By default all users of the OS X Server will have access to authenticate to the wireless network setup, so here we are going to click on the For Selected Services below Radio Button. Then click on RADIUS in the Service list. Now click on Allow Only Users and Groups Below and then click on the + sign. Now drag the users and groups into the Name list from the Users and Groups window. Once all users that should have access to your new wireless environment have been enabled, click on the Save button.

From here, click on RADIUS and click on the Start RADIUS button in the bottom left hand corner of the screen. RADIUS is now ready to accept authentication. The next step is to configure an AirPort to work with RADIUS. To do this, click on the Base Stations button in the toolbar at the top of the screen. Now click on Browse and select the first base station of your new wireless environment from the list of found base stations. Enter the password for the AirPort and click on Save. Wait for the AirPort to complete its restart and then you should be able to log in from a client.

To log in from a client, select the name of the wireless network from the wireless networks list and enter the username and password to the environment. The first time you do so you will get a second dialog asking you to enter the 802.1x username and password. Enter the same username and password and click on OK. If you click on the “Use this Password Once” checkbox then this password will not be saved for future use.

That’s it, you’re done. Now this setup may be a little more complicated than WPA personal or WEP 128, but it’s far more secure and should be considered for any AirPort environment that has an OS X Server. While the default certificate will work for clients, things are often easier from a deployment and interoperability perspective if you purchase a certificate from a CA such as Thawte. Also, this has all been tested in a pure Mac OS X Leopard environment, not with an OD structure based on Tiger. More on that as time goes on…

Posted in Directory Services, Mac OS X Server | Comments Off

Leopard Server: Mailbfr, spamtrainer and amavis-stats

Thursday, November 1st, 2007

Mailbfr, spamtrainer and amavis-stats are great packages that fit into Mac OS X Server. The guys from topicdesk have been kind enough to post an overview on how their products work under Leopard and how the changes in Leopard impact their utilization. Check it out at:

http://osx.topicdesk.com/content/view/129/1/

Posted in Mac OS X Server | Comments Off

New Mac Trojan Discovered

Thursday, November 1st, 2007

Monday, October 29th, 2007 – Intego issued a security alert about a new Trojan Horse called OSX.RSPlug.A targeting the Mac. OSX.RSPlug.A changes the DNS (Domain Name Server) address that infected systems use to access web sites and installs a new task on infected systems to change the DNS server again if the end user changes it back to what it was before. This is similar to many attacks against the Windows Hosts files. However, if anyone is going to get this worm they have to authenticate as an administrative user for their system to get infected.

OSX.RSPlug.A has been found on some pornographic Web sites and when an user is trying to view a movie, they are told that “Quicktime Player is unable to play movie file. Please click here to download new version of codec.” If the user clicks the link a disk image (.dmg) is downloaded to the desktop. When the software is used, the user is actually installing the Trojan as root, giving it access to the full computer. When the malicious DNS server is active, it hijacks some web requests, leading users to phishing web sites or to web pages displaying ads for other pornographic web sites, according to Intego.

For more information, see the original security alert from Intego at:

http://www.intego.com/news/ism0705.asp

Posted in Mac OS X, Mac OS X Server, Security | Comments Off

BarCamp LA -> 4

Thursday, November 1st, 2007

There’s an open source conference of sorts coming up in LA on November 3rd. It’s called BarCamp. Check it out at: http://barcampla.org/

We start by gathering together in one space and going around the room to introduce ourselves with three tags to describe what we’re passionate about (or want to talk about). There will also be some announcements. After this, people who intend to lead a session will add their session info to an empty schedule grid (may be moved around early on). If you see a session you’re interested in, go to it.

After a couple of sessions, you will have a significant amount of downtime for lunch. Feel free to wander around and socialize while or after you eat. More announcements will be made, and any newly proposed sessions will be announced.

After the sessions are finished, please stick around to clean up. It’s generally as simple as throwing trash away and taking down signs, but all the help is appreciated.

If you brought wireless equipment or power strips, find a coordinator and ask where they’re most needed. Please set your wireless router to a unique SSID (e.g.- barcamp_xxx), to avoid networking conflicts (nasty with a dozen routers in the same room named the same thing). Also, if you can, please lower the radio output of your router. There’ll be plenty of WiFi cloud to go around without everyone blasting out at full power.

While loosely structured, there are rules at BarCamp. All attendees are encouraged to present or facilitate a session. Everyone is also asked to share information and experiences of the event, both live and after the fact, via public web channels including (but not limited to) blogging, photo sharing, social bookmarking, wiki-ing, and IRC. This open encouragement to share everything about the event is in deliberate contrast to the “off the record by default” and “no recordings” rules at many private invite-only participant driven conferences.

Fun stuff. November 4th, check it out.

Posted in General Technology | Comments Off