Archive for the ‘Mac OS X Server’ Category

Newer Entries »

Leopard Server: Sharing Folders using Server Admin

Friday, November 2nd, 2007

We’ve gotten a few questions from people asking how you’re supposed to setup share points for Leopard Server. It’s relatively simple but will require a little getting used to for those who are used to configuring sharing options in Workgroup Manager.

To view the shared folders on a system, open Server Admin and click on the name of the server in the SERVERS list. From here, click on the File Sharing button in the Server Admin toolbar and you will see a list of the logical volumes that your server can see along with a handy Disk Space image showing how full the various volumes are. At this point you can click on Share Points to see which folders are currently being shared over SMB, AFP, NFS or FTP. If you click on Volumes and then the Browse button then you will be able to configure new folders to become share points that you want others to get access to. Browse to the folder to be shared and then click on the share button in the upper Right hand corner below the tool bar.

Now you are looking at 3 tabs along the bottom of the screen: Share Point, Permissions and Quotas. From here, click on Share Point and review the options:
Enable AutoMount – provides options to setup an OD link to the volume
Enable Spotlight Searching – allow the volume to be searchable using Spotlight
Enable as TimeMachine Backup Destination – client computers can backup using Time Machine
Protocol Options – brings up the screen that allows SMB, AFP, NFS and FTP settings to be configured (looks very similar to the old screen in Workgroup Manager)

Once you have configured the options for your share point click over to the Permissions tab. Now you can configure who has access to shared data. From here, the main change is that the Users and Groups window is a floating window, with a new look and feel, but with the same overall feature set. The next major change is that ACLs are listed above POSIX permissions, and when you drag a user or group into the window you will see a blue line indicating that you can drop the object off into the screen and it will stay.

Finally, click on the Quotas tab and notice that when you enable quotas you cannot drag users and groups into this window. Only users with a home folder on the volume can be configured for quotas using Server Admin. If you would like to configure quotas otherwise you can do so at the command line.

Posted in Directory Services, Mac OS X Server | Comments Off

ZFS: What was all that fuss about?

Friday, November 2nd, 2007

ZFS was released by a team at Sun in November of 2004. The name stands for “Zettabyte File System”. ZFS is a 128-bit file system, so it can store 18 billion billion (18.4 × 1018) times more data than current 64-bit systems. We’re not going to sit here and do the math for that but you are more than welcome to figure out what the theoretical size is at that point – all we can say is that it’s friggin’ huge.

Traditional file systems reside on single devices and require a volume manager to use more than one device to generate a logical or physical volume. ZFS is built on top of virtual storage pools called zpools. A zpool is constructed of virtual devices called vdevs. Vdevs are constructed of block devices that include files, partitions, or drives. Block devices within a vdev can be configured in a variety of different manners, depending on the needs of a user. The storage capacity of all vdevs is available to all of the file system instances in the zpool. This is similar in some ways to how Xsan builds volumes, but more customizable and without a requirement for vdevs to be based on Fibre Channel storage in order to be accessible by multiple hosts.

Quotas can be set to limit the amount of space a file system instance can occupy and a reservation can be set to guarantee that space will be available to a file system instance. This gives some nice features to those wanting to limit access for some volumes while still making sure other volumes have the space that will be required for planned future possible expansions. Other features of ZFS include: snapshots, write-cache, filesystem based encryption (in Alpha stage of development) and checksumming.

While users of Leopard may be disappointed in the fact that ZFS did not make it in the final build, giving greater volume sizes and more features for volume management, rest assured that Apple will be thoroughly testing any new file systems before making them available to the public and that with something as precious as a file system, if it wasn’t ready for prime time then it’s good that it wasn’t included with Leopard. ZFS is still going through changes and is not a completed or matured project by any stretch of the imagination. In /Library/FileSystems you will see that ZFS is not present but the framework for future ZFS is present which can be seen by the introduction of some ZFS binaries to the system. So keep a look out for ZFS in the future and maybe even an SDK from SUN on using it at some point.

Posted in General Technology, Mac OS X, Mac OS X Server, Xsan | 1 Comment »

Leopard Server: Using RADIUS with the Apple AirPort

Thursday, November 1st, 2007

Remote Authentication Dial In User Service (RADIUS) can help to take the security of your wireless network to the next level beyond standard WPA authentication. Prior to Leopard RADIUS communications could be obtained using Elektron or OpenRADIUS running on OS X – but in Leopard no 3rd party software is required beyond Leopard Server. So how difficult is it to setup RADIUS on Leopard? You be the judge after reading this quick walkthrough. For the purpose of this walkthrough we are going to assume that you are using the Advanced Mac OS X Server style.

Before you begin this walkthrough, make sure that the server is running Open Directory and that the forward and reverse DNS information for the server is correct.

The first step to using RADIUS is to enable it. To do this, open Server Admin, click on the name of the server in the SERVERS list and click on the Services tab. Find RADIUS in the services list and place a checkmark in the box to the left of it. When you click on Save then you should see RADIUS in the SERVERS list.

Now that RADIUS has been enabled, let’s select a certificate. For the use of this walkthrough we’re going to use the default certificate that comes with OS X Server. Click on RADIUS under the SERVERS list and then click on the Settings button. Click on the RADIUS Certificate drop-down menu and select the Default certificate. Click on the Edit Allowed Users… button.

By default all users of the OS X Server will have access to authenticate to the wireless network setup, so here we are going to click on the For Selected Services below Radio Button. Then click on RADIUS in the Service list. Now click on Allow Only Users and Groups Below and then click on the + sign. Now drag the users and groups into the Name list from the Users and Groups window. Once all users that should have access to your new wireless environment have been enabled, click on the Save button.

From here, click on RADIUS and click on the Start RADIUS button in the bottom left hand corner of the screen. RADIUS is now ready to accept authentication. The next step is to configure an AirPort to work with RADIUS. To do this, click on the Base Stations button in the toolbar at the top of the screen. Now click on Browse and select the first base station of your new wireless environment from the list of found base stations. Enter the password for the AirPort and click on Save. Wait for the AirPort to complete its restart and then you should be able to log in from a client.

To log in from a client, select the name of the wireless network from the wireless networks list and enter the username and password to the environment. The first time you do so you will get a second dialog asking you to enter the 802.1x username and password. Enter the same username and password and click on OK. If you click on the “Use this Password Once” checkbox then this password will not be saved for future use.

That’s it, you’re done. Now this setup may be a little more complicated than WPA personal or WEP 128, but it’s far more secure and should be considered for any AirPort environment that has an OS X Server. While the default certificate will work for clients, things are often easier from a deployment and interoperability perspective if you purchase a certificate from a CA such as Thawte. Also, this has all been tested in a pure Mac OS X Leopard environment, not with an OD structure based on Tiger. More on that as time goes on…

Posted in Directory Services, Mac OS X Server | Comments Off

Leopard Server: Mailbfr, spamtrainer and amavis-stats

Thursday, November 1st, 2007

Mailbfr, spamtrainer and amavis-stats are great packages that fit into Mac OS X Server. The guys from topicdesk have been kind enough to post an overview on how their products work under Leopard and how the changes in Leopard impact their utilization. Check it out at:

http://osx.topicdesk.com/content/view/129/1/

Posted in Mac OS X Server | Comments Off

New Mac Trojan Discovered

Thursday, November 1st, 2007

Monday, October 29th, 2007 – Intego issued a security alert about a new Trojan Horse called OSX.RSPlug.A targeting the Mac. OSX.RSPlug.A changes the DNS (Domain Name Server) address that infected systems use to access web sites and installs a new task on infected systems to change the DNS server again if the end user changes it back to what it was before. This is similar to many attacks against the Windows Hosts files. However, if anyone is going to get this worm they have to authenticate as an administrative user for their system to get infected.

OSX.RSPlug.A has been found on some pornographic Web sites and when an user is trying to view a movie, they are told that “Quicktime Player is unable to play movie file. Please click here to download new version of codec.” If the user clicks the link a disk image (.dmg) is downloaded to the desktop. When the software is used, the user is actually installing the Trojan as root, giving it access to the full computer. When the malicious DNS server is active, it hijacks some web requests, leading users to phishing web sites or to web pages displaying ads for other pornographic web sites, according to Intego.

For more information, see the original security alert from Intego at:

http://www.intego.com/news/ism0705.asp

Posted in Mac OS X, Mac OS X Server, Security | Comments Off

Leopard Server: Introduction to Wikis

Sunday, October 28th, 2007

Leopard Server and wiki. It’s cool and it works. But when you’re first looking into it, it might seem a little confusing. So let’s do a simple walkthrough. Here we’re going to enable a wiki in advanced mode for a group called testgroup and we’re going to give a user called testadmin access to edit the wikis and create new ones. To get access to the wiki we’re going to assume a hostname of server.318.com.

First, let’s go into Workgroup Manager and create a new group called testgroup. To do this, open Workgroup Manager, authenticate to Open Directory and click on the New Group icon in the toolbar. Enter a name for the group (testgroup for this example) and check the box for “wiki and blog.” Select the website to publish the wiki to in the Enable the following services for this group on field. Choose who can view and who can write to the wiki and click on the Save button.

Now let’s create a user called testuser. In Workgroup Manager, click on the User list and click on New User. Now enter a name for the user and a password. Then use the Groups tab to put the user into the testgroup group. Now click on Save.

Now that we have a user and group to give access to the wiki let’s go ahead and create a wiki. To do this open Server Admin. If the Web Service has not been enabled yet, click on the server name, click on Settings in the toolbar and then click on the Services tab and place a check in the box for Web. Now click on the web icon and click on the Settings tab. Select a theme for your site and click on Save. Now click on the Sites icon in the toolbar and click on the site you’d like to publish your wiki on. From here click on the Web Services tab and put a checkmark in the Wiki and blog box. Now click on Save. Then Start the web service.

Now you should be able to open up a web browser and go to URL of the server. Remember, do this by host name and not IP. At this point, you’ll see the Groups tab along the top navbar. From here you can click on Groups and then click on the group you want to create the wiki for (testgroup for our test wiki). Now you’ll be asked for a username and password. Enter the testuser you created and the password that you gave to testuser. Now you can click on the + icon to create your first entry into the wiki. Let’s call it testpost.

That’s it. You’ve now created your first wiki article on your new wiki server. Notice that if you enabled calendars and blogs that there will be icons for these in the top nav bar. You can customize everything you see on the screen to give it a more organizational look and feel. For example if you click on the pencil icon you will be able to rename the blog and customize the prebuilt information listed in the Welcome to your Wiki page.

Posted in Mac OS X, Mac OS X Server | 2 Comments »

Leopard Server: Introduction to Ruby on Rails

Sunday, October 28th, 2007

So Ruby on Rails… What does this mean for me and what exactly is Ruby on Rails from a systems administration standpoint? Ruby on Rails was created by David Heinemeier Hansson from his work on Basecamp, a web-based project-management tool, by the company 37signals. Ruby on Rails was first released to the public in July 2004. Ruby on Rails is a web application framework designed to support the development of dynamic websites. To see some sites built using Ruby on Rails check out http://happycodr.com

Ruby is an object-oriented program language that Rails is built on.  To access rails, you can use the rails command.

The Ruby on Rails framework is built into Leopard Server and can be started up using the mongrel_rails start command. It can be stopped using the mongrel_rails command. Mongrel is a fast HTTP library and server for Ruby. Mongrel_rails is a command line tool that can be used to control the Mongrel webserver.

Some options to the mongrel_rails command include the following:
-d daemonize
-p assign a custom port
-a assign an address for the HTTP listener
-l assign a log file to use
-t customize the timeout variable
-m use additional MIME types
-r change the document root
-B enable debugging
-C use a configuration file
-S define an additional config script
-h access the help libraries
-G generate a config file
–user define who the server will run as
–version get the version information for Mongrel

But that’s not all you can do with mongrel_rails. The actual file is not compiled so you can read it in clear text and learn more about what it is doing behind the scenes. Just cd into the /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/gems/1.8/gems/mongrel-1.0.1/bin/ folder to find it. One item of note is the inclusion of mongrel_rails_persist, a wrapper for mongrel_rails that allows admins to register the Mongrel Server with Bonjour and create a launchd plist to run Mongrel (/Library/LaunchAgents/com.apple.persist.portnnnn.mongrel_rails_server.plist).

So let’s say that you have a Ruby application that lives at the following location /Library/WebServer/MyRubyApp. You can run the following command to launch it over port 8001 in a persistent manner:
mongrel_rails_persist start -p 8001 -c /Library/WebServer/MyRubyApp

To access it from a web browser you would enter the address http://servername.domainname.com:8001

From here you’ll be able to daemonize Mongrel and provide the Rails development framework to developers in your environment. There are already a lot of projects for using Ruby with FileMaker and other database systems, so keep an eye out for more information about this piece of Leopard Server!

Posted in FileMaker, Mac OS X Server, Web Development | 1 Comment »

Leopard: The New Terminal.app

Saturday, October 27th, 2007

Apple has been slowly winning over a lot of traditional Unix and Linux converts. This new breed of switcher is after a cool shell environment. In Leopard, Apple has upgraded Terminal.app to provide a whole slew of new features that are sure to continue winning new converts. Let’s just take a look at a few of them:
Secure Keyboard Entry – Prevent other applications from detecting keystrokes used in terminal. Enable this using the Terminal menu.
Tabbed Interface – I always have 3 shell windows open. That’s how I roll. But with the new tabbed interface (which you can access using the Command-T keystroke) I find that I’m using two shell windows with 3 tabs each. This gives me the ability to have a man page or process list on one side of my screen while being able to run other commands on the other side. You can fire up 2 shell windows and then open as many tabs as you like.
Export Settings – This isn’t new in Leopard, but what is new in Leopard is that the tabs get exported along with window positions, layouts, themes and backgrounds.
Themes – Glass, Homebrew, Novel, Red Sands – these themes allow you to use prebuilt templates for how you view your shell. These include background, text color, transparency. Can you imagine Steve sitting in his office at Apple dinking around with the Homebrew theme?
Window Groups – A group of windows with a saved location, tabbed layout, shell configuration and settings.
Terminal Inspector – Switch themes on the fly, view running process and increase the columns and rows of a shell environment.
Titles – Set titles for your terminal windows so you can remember what was where.

Posted in Linux, Mac OS X, Mac OS X Server | Comments Off

Leopard Server: Using Directory to Update LDAP Entries

Saturday, October 27th, 2007

If you’re migrating to Leopard and Leopard Server then you’ve likely noticed the welcome addition of a new program in /Applications/Utilities called Directory. Directory allows users bound into an Open Directory environment to update LDAP records provided they have access to do so. Using LDAP ACLs it’s possible to give users access to update their own directory information using an LDAP directory browser such as Directory.

When you open Directory you should see a listing of all of the directory information that has been created. From here you can create Shared Contacts, Groups, Locations and Resources. Each of these can be connected to a calendar. Groups can have multiple members and get a Mailing List, Calendar or Blog connected to them.

Resource types include Automobiles, Conference Phones, Copiers, Digital Cameras, Notebooks, Printers, Projection Screens, Projectors, Scanners and Video Cameras. Resources can be reserved in an iCal Server Calendar and can have a delegate. Delegates are users that are able to manage particular resources.

The fact that there are a lot of objects in the LDAP database that can be managed means that it’s important to have a tool for configuring who can manage them. Workgroup Manager has basic permissioning built it but it isn’t as granular as a lot of organizations will need. To get more granular it might be required to dip into the command line and configure LDAP using the configuration files. To get started with this, see the article from a couple of days ago about LDAP ACLs.

Posted in Mac OS X, Mac OS X Server | Comments Off

Leopard Server: Troubleshooting iCal Server

Saturday, October 27th, 2007

So you installed your new server and you’re having a few problems. Let’s look at the common issues and a few simple fixes for them.

iCal will not start, with log entries that it is unable to create a virtual host:
Check your host name. iCal is going to need the host name to be correct in order to start. Use scutil --get HostName and then make sure that the host name listed in the iCal Server settings is identical to this value.

You setup a user, check the box in Workgroup Manager for Enable Calendaring and then save your settings but you get the following error in your logs:
Oct 12 15:51:26 cedge Workgroup Manager[2282]: +[WPUser userWithGUID::] returned nil!

This is likely caused by the fact that you are enabling a calendar for a local user. Try using an OD based user and see if you get the same error.

You got everything started and the account was created for the user but when you add an account in iCal it fails to connect. Make sure that the port that iCal server is using is located at the tail end of the host name for the iCal Server. One issue that we see here is that unless you are using managed accounts then iCal Server is not likely going to append the port number for you iCal Server. Also verify that you can connect to the remote server, and remember that you can always open the URL of the server followed by a : and then the port number and get a login prompt. If you can authenticate to this as the user whose calendar that you are trying to setup then you can use the information in this screen to determine ACL information and other security settings that could be keeping calendars from working. Also keep in mind that while your default port might be 8008 your default port if you are using SSL is actually 8443.

Once you get this far, you should be able to create an event and see data listed in the Overview tab for iCal. If so then you should be able to about anything you want in the iCal server.

If you prefer to use the serveradmin CLI to control your services, you can also use the serveradmin settings calendar:ServerHostName = "SomeHostName" variable to change your host name. You can also use the calendar:HTTPPort to change the port number you are using for connectivity.

Happy Calendaring!!!

Posted in General Technology, Mac OS X, Mac OS X Server | Comments Off

Leopard: New Certification Track

Saturday, October 27th, 2007

The Tiger Apple Certified Systems Administrator (ACSA) track allowed certification candidates to accomplish the ACSA by getting an Apple Certified Technical Coordinator (ACTC) and then obtaining 7 points. Points were obtained by taking a variety of exams whose point values were based on the number of days of the corresponding class.

Apple has now posted the ACSA requirements for 10.5. There is no longer a point system, which was a unique approach in the IT industry for achieving certifications. Instead, for the Leopard ACSA, Apple has now trimmed down the number of courses that are provided and require that all exams be completed to accomplish the ACSA. For now, the certificates listed include:
Mac OS X Server Essentials v10.5
Directory Services v10.5
Deployment v10.5
Advanced Administration v10.5

Notice that there are no workstation oriented exams listed. The Support Essentials exam is all that is required to achieve an Apple Certified Help Desk Specialist (ACHDS) for Tiger. The ACHDS certification has been retired and replaced with the Apple Certified Support Professional for Leopard, which replaces the ACHDS and only requires the Support Essentials exam.

More information on the new certification program can be found here:

http://training.apple.com/certification/macosx

Posted in General Technology, Mac OS X, Mac OS X Server | Comments Off

Leopard Server: Documentation Released

Saturday, October 27th, 2007

To answer all those questions like “How do I create a share point now?” Apple has been kind enough to post the documentation for Leopard Server at:

http://www.apple.com/server/macosx/resources/

All of the new services are documented per Apple standards, so happy reading!

Posted in Mac OS X Server | Comments Off

Leopard Server: Advanced Setup with Server Admin

Friday, October 26th, 2007

So you selected Advanced Setup during the wizard while you were installing Mac OS X Server and now you’re looking at this new Server Admin screen that you’ve never seen before. You see the server name but there are no services in the list. This is because Apple has gone the extra step to make Server Admin less confusing and more user friendly than ever before. When you click on the Settings icon at the top of the Server Admin screen you will see the tab for Services. Here, you can enable or disable any service by checking its box and clicking on the Save button.

Once a service has been enabled then it will appear under the server in the Servers list (notice it no longer says Sites and Services). From here, you’ll notice that the old chicklets from the bottom screen are gone. Now they have been replaced with an icon set in the toolbar that changes as you click between the services. For example, the AFP Service shows Overview, Logs, Graphs, Connections and Settings. Clicking through these icons, you’ll notice that they provide the same experience that the chicklets at the bottom of the screen provided. However, by placing them at the top the user interface makes more sense. One thing that is a bit strange is the decision to move the Start and Stop buttons to the bottom of the screen. When you enable a service it will not start by default so if you want to begin using it look to the bottom of the list and click on the Start button for the service.

When you enable and then click on each service you will notice that many have the same options that they’ve had in the past. There are exceptions (like a more granular logging tab for the FTP service), as there are with every version. But for the most part many of the settings have stayed the same through a few versions of the OS because they just make sense in how they are laid out.

New Services added are Radius, Podcast Producer, MySQL (which actually existed in its own stand-alone application before) and iCal. Each of these has a great purpose and will hopefully be explored in detail as time goes on. You might notice that one service, Applications, is gone from the list. Tomcat has now been moved into the Web Service as a checkbox (Enable Tomcat).

So that’s the quick and dirty tour of the new Server Admin application. It’s sleeker and has a (in our opinion) much improved interface over the old Server Admin.

Posted in Mac OS X Server | Comments Off

Leopard: Advanced Network Interface Management (GUI)

Friday, October 26th, 2007

Slight change from how things were done in Tiger/Tiger Server, but all the old options are there if you look. The first change is that now there is a wizard that you can use to configure your network interface. Since this is on more advanced topics we’ll skip that but it’s worth noting.

Another shift is that a network interface is now referred to as a Service. So when you go to add a interface you will associate it with a Service Name. If you remove a Service using the – icon in the list you can always readd it by clicking on the + in the services list, selecting the interface and assigning it a Service Name. If you check ifconfig you will find that if you remove a service and readd it then it will come back up with the BSD name that it originally had. For example, remove the Firewire Service, Apply your changes, readd the Firewire Service and in ifconfig it will still show as fw0 in the list. If you add a second service for fw0 and assign it unique IP stack information then it too will show as a second IP address under the same BSD interface as can be seen below:
inet 192.168.210.110 netmask 0xffffff00 broadcast 192.168.210.255
inet 10.0.0.9 netmask 0xffff0000 broadcast 10.0.255.255

In order to setup a second IP address for one NIC using the GUI for Leopard:
Open System Preferences and go to the Network Preference Pane.
Click on the interface you would like to run a second IP address on.
Click on the cog wheel at the bottom of the list.
Click on Duplicate Service.
Type the name for your new Interface and click OK.
Click on the New Interface and click the Advanced button.
Click on TCP/IP and enter the appropriate IP information.
If needed, enter information for DNS, WINS and Proxies under their respective tabs.
Click on OK.
Click on Apply.

Now, rather than use one NIC you might want to use two NICs as one, or use Link Aggregation. Assuming the switch supports it and you have that side of things configured, here’s where you configure Link Aggregation:
Open System Preferences and go to the Network Preference Pane.
Click on the cog wheel at the bottom of the list.
Click on Manage Virtual Interfaces…
Click on the + icon.
Click on New Link Aggregate.
Enter the name for the new Link Aggregate “bond”.
Check the boxes for the interfaces that support Link Aggregation in the list.
Open Terminal and run ifconfig.
Find bond in the list and verify that the correct MAC addresses for your aggregated NICs are in the list of MAC addresses for bond0 (or whatever BSD name was given to your bond when it was created).

To reorder services, click on a service and use the cog wheel to select the Set Service Order… option. From here you will be able to drag services up or down the list. The first service in the Service Order is still the default service that traffic will reply to. Therefore, if you want to actually use the additional services to respond to traffic you will still need to use the route command as has been used in *nix for a long time.

Posted in Mac OS X, Mac OS X Server | Comments Off

Kerberos Pruning Script

Friday, October 26th, 2007

I have noticed that over time inconsistancies can arise where a machine entry will be deleted from LDAP but the relevant kerberos principals remain in the KDC. Here’s a small script that I wrote up to help prune out unwanted/stale kerberos principals. Obviously great care must be taken when running this script; if you delete a principal that is still in use, things ARE going to break. So, think before you type. That being said, if you’re not interested in typing 20 delprinc commands, this script is for you.

Usage: %pruneKerb.sh query

pruneKerb will then list all principals matching “query” (standard case-sensitive grep match)

It takes a single argument query and outputs a list of matching
kerberos principals, presenting the user with the option to delete individual principals, all principles or simply print a list of matching principals.

Please read the scripts’ comments for more information.

pruneKerb.sh

Posted in Directory Services, Mac OS X, Mac OS X Server, Scripts | Comments Off

Leopard: Disable the Glass Shelf Look in the Dock

Friday, October 26th, 2007

For early Leopard adopters that don’t like the new look and feel of the dock, here’s a command to disable that Glass shelf look in your dock:


defaults write com.apple.dock no-glass -boolean YES killall Dock

If you would like to revert the setting:

defaults write com.apple.dock no-glass -boolean NO killall Dock

click on the code and choose run to activate or deactivate this setting

Posted in Mac OS X, Mac OS X Server | Comments Off

Leopard Server: Using ACLs with Open Directory

Friday, October 26th, 2007

In Leopard, Workgroup Manager supports rudimentary ACLs for the LDAP database. We’re all familiar with Access Control Lists by now. Especially in the Mac OS X Server community. However, we might not all be familiar with ACLs as they’re implemented in LDAP. But we should be, because LDAP is being used more and more as an address book, and with the new Directory application being shipped in Leopard it is conceivable that environments aren’t just going to use ACLs to secure LDAP but they’re also going to use them to allow users to self update their information in the directory. So in the interest of security and making the most out of the technologies build into LDAP, let’s cover LDAP ACLs for a bit. So to push beyond what you can do in Workgroup Manager, let’s take a look at building out more finely grained ACLs manually.

First, like with most things in LDAP ACLs are configured using the /etc/openldap/slapd.conf file. Below is the pertinent portion of this file that we will be looking at:

# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

Now, if we remove the commented out portions of the file or add more lines we can start to limit who has access to read and/or change what information in the LDAP database. Keep in mind that you always want to back up your slapd.conf file prior to doing so.

You can control access to each element in the database. Each ACL has an “access to” which is the elements in the LDAP database that you are granting or denying access for and then a “by” portion that lists who can do what to that portion of the database. An entire ACL can be listed on one line, as is done with policies that have only one user or group associated to them. For example, the following line gives anyone and everyone read access to the database:
access to dn.base=”" by * read

For ease of use and reviewing, we typically put the “access to” on one line and the subsequent users or groups with access in their own “by” lines for more complicated ACL rule sets. Slapd parses the file in such a way that it realizes that “access to” means the beginning of a new ACL. The following is an example of some more complicated ACLs:

access to attrs=userPassword
by dn="cn=users,dc=318,dc=com" write
by self write
by * compare

access to *
by dn="cn=computers,dc=318,dc=com" write
by users read
by * auth

Access levels in ACLs are hierarchical. Levels that are used are none, auth, compare, search, read and write. None is the lowest level of access and write is the highest. Each level includes the rights of all lower levels. In the above example, a user is able to write to their own userPassword record. This means that the user is also able to auth, compare, search and read that record.

ACLs are prosessed from top to bottom. This makes it important to put specific ACLs and by statements above more general ones. ACLs that restrict access to the userPassword attribute, followed by one applicable to *, that is, the entire LDAP database. In the above example, placing the userPassword ACL first causes the rule that allows users to change their own passwords to process before the wildcard that specifies everyone. When a * is used as a wildcard in the access to line of slapd.conf it means the entire database or tree of the LDAP database. When the * is used in the by line it typically denotes all users.

Access levels in ACLs are hierarchical. Levels that are used are none, auth, compare, search, read and write. None is the lowest level of access and write is the highest. Each level includes the rights of all lower levels. These two points, the first match wins rule and the inclusive nature of access levels, are crucial to understanding how ACLs are parsed. They also are important for making sure your ACLs don’t lead to either greater or lesser levels of access than you intend in a given situation.

It can be time consuming to go through every possible attribute by group and determine who has access to what. However, if you want to have users updating their own addresses, phone numbers, and other information, as can be done with the Directory application, this is often one way to accomplish this goal. You could also provide help desk users the ability to update the database using the Directory application but not allow them to access other records in the LDAP database, such as group memberships. Having a very granular ACL environment for records can also allow you to obtain a maximum level of security.

This can also be put into the schema in order to force replication between hosts. Keep an eye out for that article at a later date. ;)

For what it’s worth, at 318 we’ve found that commenting out each ACL helps us to keep track of who did what, why and what they were thinking when they did it. Happy OD everyone!!!

Posted in Directory Services, Mac OS X, Mac OS X Server | 1 Comment »

Leopard: Custom Installations

Thursday, October 25th, 2007

Installing Mac OS X is a fairly simple task to complete and can typically take up to an hour or more depending on the installation options you choose. However, you should review all of your options in the installer as many items are not needed unless you have a specific need for them. Installing any operating system involves choices, which we will reveal throughout this chapter. If you are reinstalling your operating system, just make sure to have a valid backup before you continue on with this chapter.

The Installation Process
Installing Mac OS X requires little of a user other than agreeging to the license agreement, known as an EEULA and being able to click on continue. Many of the choices available during installation can be left at their default settings. The system will simply guide you in many cases allowing you to click Continue or Agree at most of the dialog boxes and obtain a default installing.
But the power user knows better and wants to be up and running as quickly as possible. The power user wants to leave out any of the items from the operating system that they’re not going to use and the power user is going to want a level of control over what is on their system that can’t be had by doing a default installation.

Also, until the system starts the Checking Disk process, which it will do in order to verify your installation media, you can stop the installation and go back to the operating system you had before. Of course, if you reformat a drive going back to your operating system will no longer be an option.
Note: You can access Disk Utility while booted to the CD in order to partition your hard drive, but if you plan on using Boot Camp to install Windows onto a partition then you will need to leave your system with one partition.

The installation process takes users through a variety of steps to help choose which parts of the operating system to install. At most of the stages, you will be able to click on the default value and proceed without actually customizing anything. However, you will see a Customize button at many of the screens that can be used to

Note: Each version of OS X will have a slightly different installation process. This article is written for OS X 10.5. However, if you are using a previous version then while some of the screens will be similar do not expect them all to be the same.

Installing an Operating System onto an External Drive
When you install OS X you can choose to install it on any drive that is visible to your computer. This can be a USB jump drive, a FireWire hard drive or an Xserve RAID. There are a variety of reasons why you would use any of these as a boot medium rather than your internal drive. Whether the reason is portability, drive size, redundancy or performance, Apple has given us a lot of options by allowing the installation of the operating system on any medium the computer can access that doesn’t require special drivers.
• USB jump drive: Placing a customized and very trimmed down operating system onto a USB jump drive can provide you with the ability to have a quick and easy way to troubleshoot any computer in your pocket at any time. The size of a USB jump drive makes it a good choice for people just looking to
• FireWire: Firewire hard drives are becoming more and more inexpensive with each passing year. These portable drives can allow you to take your files with you anywhere. But they’re not as good for using as a full time operating system. They are great for carting around installers, using as targets for your backups and it never hurts to an operating system on to use for troubleshooting.
• Internal RAID 0: A RAID is a random array of independent disks, or disks that have been combined for a specified outcome. RAID 0 disks are particularly helpful with increasing performance and obtaining a larger drive than what is possible without using a RAID. Computers with an operating system installed on a RAID 0 will receive a slight speed increase, but if either drive fails then you risk loosing all of the data on the volume.
• Internal RAID 1: A RAID 1 disk set is also known as a mirror. In a mirrored disk set, if any single drive fails then all of the data is also located on the second drive. There is a slight reduction in speed for RAID 1 volumes.
• Internal RAID 5: Apple recently released a card that allows for using 3 internal drives to create a RAID 5 volume. RAID 5 allows for redundancy as is found with RAID 1 and a larger volume as is found in RAID 0 with an offset in the speed decrease.
• Xserve RAID: The Xserve RAID can be connected to a computer through a fibre cable and allows for a single volume size of up to 10 terabytes.

Once you have your drives ready to install onto you will want to choose whether to do an upgrade or a new installation. If you are coming from a previous version of Mac OS X or having problems with your existing installation then you will likely want to do an Archive and Install. If you are working on Mac OS X Server you will likely need to do a format prior to installation. Once you have chosen which of these you will be doing then click on the Next and get ready to customize your installation. At this point you will be able to click on the Custom… icon and choose which parts of the OS to install. Don’t worry, if you leave anything out that you later decide you would like you can always go to the installation CD and install it as a package manually.

Now, click Install and you’re off to the races.

Posted in Mac OS X, Mac OS X Server | Comments Off

Using the JAMF Binary with the Casper Suite

Thursday, October 25th, 2007

Casper is an incredibly useful tool for package deployment, maintaining records of the systems in your environment and policy management. But for those of you already using Casper (or considering it) you’ll be glad to know that you can use the jamf binary to do all kinds of fun stuff that can help with troubleshooting computers in your environment. For example:

The following command will setup a hidden SSH user and restrict SSH access to be allowed by only that user:
jamf createAccount -username casperadmin -realname "Casper Admin" -password capseradmin -home /Users/casperadmin -hiddenUser -admin -secureSSH

This command can be used to display a popup on the system it’s run on that says “Hello Minnesota”:
jamf displayMessage -message "Hello Minnesota"

The following command will unmount a mounted server called mainserver:
jamf unmountServer -mountPoint /Volumes/mainserver

The following command can be used to change a users home page in all of their web browsers:
jamf setHomePage -homepage www.318.com

The following command can be used to fire up the SSH daemon:
jamf startSSH

The following command can be used to fix the By Host files on the local machine:
jamf fixByHostFiles -target 127.0.0.1

The following command can be used to run a Fix Permissions on the local machine:
jamf fixPermissions /

The following can be used to flush all of the caches on your local system:
jamf flushCaches -flushSystem

The following can be used to bless the drive externaldrive:
jamf bless -target /Volumes/externaldrive

The following can be used to run a software update on the local system:
jamf runSoftwareUpdate

The following can be used to bind to an AD environment (rather than dsconfigad if for some reason you just didn’t like using dsconfigad), but would need all the parameters for your environment put in as flags:
jamf bindAD

The following can be used to enable OpenFirmware passwords on your computer to secretpass:
jamf setOFP -mode full -password secretpass

Most of these options are available inside the Casper suite, but the ability to do some simple tasks very quickly from the terminal is yet another reason to fall in love with Casper.

Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off

Leopard Server: CalDAV Event Formatting

Thursday, October 25th, 2007

A key aspect of any groupware solution is the ability to share calendars. Leopard server brings the long-awaited ability to share calendars to the Mac OS X Server platform. Leopard uses CalDAV as the back end protocol for Calendar sharing. CalDAV is currently supported by Facebook, Novell Evolution, Zimbra, Drupal, Microsoft Exchange, Kerio and now Mac OS X Server.

CalDAV looks at each event as an HTTP resource, giving users the ability to view events in a web browser. Each event is stored in the iCalendar format.

A typical event in the iCalendar format:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Apple Calendar//Calendar1//Charles Edge
BEGIN:VTODO
DTSTAMP:19980130T134500Z
SEQUENCE:2
UID:uid4@host1.com
ORGANIZER:MAILTO:riaa@us.gov
ATTENDEE;PARTSTAT=ACCEPTED:MAILTO:riaa@host.com
DUE:19980415T235959
STATUS:NEEDS-ACTION
SUMMARY:Random Music File
BEGIN:VALARM
ACTION:AUDIO
TRIGGER:19980403T120000
ATTACH;FMTTYPE=audio/basic:http://myhost.com/publish/audio-
files/file.mp3
REPEAT:3
DURATION:PT1H
END:VALARM
END:VTODO
END:VCALENDAR

Parsing this data can help you to imbed data from Leopard Server into your 3rd party web services. One difference between CalDAV events in Mac OS X Server and other types of event handlers is how they are presented over the wire. For example, Kerio, a popular Mac-based groupware solution presents CalDAV in the form of an ICS file so it can be viewed through iCal in pre-Leopard computers.

Posted in General Technology, Mac OS X Server | Comments Off

Finder Shortcuts

Thursday, August 23rd, 2007

When you’re active application is the Finder then check out these shortcuts:
Command-N opens a new finder window
Command-Shift-N creates a new folder in the active folder of your finder
Command-W closes a window
Command-Shift-W closes all the windows (if you have more than one open)
Command-Shift-Escape
Command-E ejects a disk or mounted volume
Command-Tab switches to the previous application
Command-Shift-Tab switch to the next application
Command-Shift-Delete trashes an item
Command-Shift-Option-Delete empties the trash without a warning dialog

Posted in Mac OS X, Mac OS X Server | Comments Off

Tripwire Basic Installation

Monday, August 21st, 2006

To install Tripwire, run in the folder that you have extracted the tripwire files into
sudo ./install.sh
Then enter passphrases/passwords when asked
Then enter the shortname of the primary user of tripwire
Allow the system to define the baseline state of the Server.

To update your tripwire database after making system changes run this command:
./tripwire -m u -r ../report/day-month-year-initials.twr

To update your tripwire config, change the /usr/local/etc/twcfg.txt file and run this command
./twadmin -m F -S ../key/site.key ../../etc/twcfg.txt

To enforce a new policy, edit the /usr/local/tripwire/policy/twpol.txt file and run this command:
./twadmin -m p > ../policy/twpol.txt

To view Tripwire reports run this command
./twprint -m r -r ../report/*.twr → the * in this command is meant to demote your latest twr file

To scan what changes have been made to the system, cd into this directory /usr/local/tripwire/bin and run
./tripwire -m c
To email these changes to the email address listed in the config file, run ./tripwire –m c -M

Posted in Mac OS X, Mac OS X Server | Comments Off

Installing Joomla in OS X Server

Tuesday, July 4th, 2006

1. Enable MySQL.
2. Create a database in MySQL called joomladb.
3. Create a new user called jadmin that has full priviledges to this database (the user does not need to be called jadmin, but that is the username we will be using for this walkthrough).
4. Download the latest stable release of Joomla.
5. Extract the tar files into a new folder (for this example we are going to call it joomla to keep things easy).
6. Make the following folders writeable for Joomla
administrator/backups/
administrator/components/
administrator/modules/
administrator/templates/
cache/
components/
images/
images/banners/
images/stories/
language/
mambots/
mambots/content/
mambots/editors/
mambots/editors-xtd/
mambots/search/
media/
modules/
templates/
7. Move the joomla folder onto a web server.
8. From your web server, visit the site 127.0.0.1/joomla or the subfolder that you placed the joomla files into.
9. Make sure PHP is enabled for the domain and globally.
10. At the Joomla Pre-Installation check page, you will either see a notice that you can install Joomla or a notice that your system does not meet the minimum requirements for installion. If your system does not meet the requirements, install the modules that are listed in Red, or make Joomla work and click on the Check Again button. Once the dependencies are all installed click Next.
11. Read the license agreement and click on Next.
12. Fill in the appropriate fields for your MySQL environment and click Next >>. The fields that are used:
a. Host Name: If the server you are currently using is a MySQL server then enter localhost. Otherwise enter the name or IP of your MySQL server.
b. MySQL User Name: Either enter the root User Name for your MySQL server or another username if desired.
c. MySQL User Name: Either enter the root password for your MySQL server or the password for another user if desired.
d. MySQL Database Name: The name of the database on the MySQL server you would like the Joomla files saved to. In our example, we will use joomladb.
13. Enter the name you would like to use for your Joomla site. This will be the name users will see when logging into your Joomla site and click on the Next button.
14. At the next screen you will be asked to enter some site specific information and then click Next.
a. URL: Enter the URL that users will use to access your site.
b. Path: Enter the full path to the Joomla directory on your server.
c. Email: This will be used for administrative logins.
d. Admin password: This will be the administrative password used to access your Joomla site.
15. cd into the Joomla directory and remove the directory called installation.
16. Click on the View Site button. If you see the Default Joomla site then you are almost done.
17. Go back to the previous screen and click on the Administration button.
18. Enter admin as your username and the administrative password you gave Joomla in field 14.d.
19. You now have Joomla configured and are now ready to customize it.

Posted in Mac OS X Server, Web Development | Comments Off

Mac Tiger Server Little Black Book Review

Monday, June 19th, 2006

Title: Mac Tiger Server Little Black Book, Author: Charles Edge Publisher: Paraglyph Press, distributed by O’Reilly Published: 2006 Price: $34.99 URL: http://www.oreilly.com/catalog/1933097140/

Roger Smith, SVMUG, June 18, 2006.

Audience: Users and system administrators trying to get the most out of Mac networking with Tiger Server.

Content: The book is divided into 18 chapters, each focused on some aspect of server functionality.

My opinion: Very much task-oriented, this would get a lot of use next to the console of a Tiger server. It is setting next to my server and will stay there.

There is an embarrassment of riches these days when it comes to OS X Server books. Until 10.2 there was nothing except some material on the Apple Web site.

Then Schoun Regan came out with Mac OS X Server Essentials, the first good book on Mac servers (Peachpit Press, Apple Training Series). But with each new edition, Schoun’s book is more oriented towards the budding Apple Consultant who wants to understand the various components of OS X Server and then pass his or her Apple certification exam. Several sections of Mac OS X Server Essentials are titled “Understanding this” and “Understanding that”. It is thorough book, but not suitable as a reference. It is also physically very heavy.

In contrast, “Mac Tiger Server Little Black Book” is intended as a handy reference for whatever task is at hand. Most chapters have an introductory “In brief” section that is two or three pages long. It is assumed that you understand, for example, the basics of networking. The rest of each chapter is “Immediate Solutions”, checklists and screen shots of how to accomplish the task at hand. Even the planning and installation chapter has “Immediate Solutions” like Choosing your Network infrastructure, Creating a Maintenance Plan, etc. Each chapter ends with a page or two of “Tips from the Trenches”, real world experience of these previous solutions in practice. The author has been there and done that, in the real world. “Troubleshooting …” is also a frequent topic heading.

The major Chapters are: Planning, Directory Services, Windows Services (I did mention it is real-world based, right?) Sharing Files, Network Services, Printing, Web, Mail and Streaming Servers, etc. Subjects also get into the more advanced area like VPNs, WebObjects, MySQL, Java Server Pages and Collaboration.

The Little Black book isn’t tiny at 377 pages, but is a convenient 6 by 9 inch format and is printed on light weight paper. It has index tabs on the margin so you can quick locate the section, and then the 2 or 3 page solution to your problem. The book was actually designed to be used!

— Roger Smith Complete System & Network Administration Windows, Mac, Sun, Cisco Apple Authorized Business Agent Microsoft Registered Partner 408-736-7200

Posted in General Technology, Mac OS X Server | Comments Off

Installing AWStats on Mac OS X Server

Friday, February 3rd, 2006

Here are the steps for setting up AWStats on Mac OS X 10.4 Tiger Server.

1. Download the last stable release of AWStats from www.awstats.org to your desktop.
2. In the Finder, navigate to /var/log/httpd
3. Backup and remove any old web logs.
4. Open Server Admin.
5. Select Web:Settings:Modules
6. Make sure the “perl_module” and “php4_module” are enabled.
7. Click Save.
8. Select the “Sites” pane.
9. Double-click the entry for the site you are going to enable stats on.
10. Select the “Options” pane.
11. Enable CGI Execution and Server Side Includes (SSI).
12. Click Save.
13. Select the “Realms” pane.
14. Create a new Realm called “awstats_data” in the site’s root directory or “Web Folder”. If necessary, within the Finder, navigate to the /Library/WebServer/Documents directory and create a new folder called “awstats_data”. (i.e. /Library/WebServer/Documents/awstats_data).
15. Enable Browse/Author access for the local Administrator and the “www” user only.
16. Click Save.
17. Select the “Logging” pane.
18. Change the access logging Format to “combined”
19. Change the access log Location to /var/log/httpd/awstats_access_log
20. Change the error log Location to /var/log/httpd/awstats_error_log
21. Click Save.
22. Select the “Aliases” pane and add 127.0.0.1 as an alias.
23. Click Save.
24. Click the left-arrow icon to exit Editing the site.
25. Make sure the site is enabled and Web Services are running.
26. Open Workgroup Manager.
27. Verify ACLs are enabled on the volume containing the “awstats_data” directory you created earlier.
28. Change the posix permissions of the “awstats_data” directory to allow Read/Write access for the admin group.
29. Create an ACL to allow Read/Write access for the “www” user.
30. Click Save.
31. Close Server Admin and Workgroup Manager.
32. Expand the awstats.zip downloaded from awstats.org to your desktop.
33. Create a new folder named “awstats” in the /Library/WebServer directory.
34. Copy the contents of ~/Desktop/awstats-6.5/ to /Library/WebServer/awstats
35. Open a Terminal session.
36. Type cd /Library/WebServer/awstats/tools
37. Press Return
38. Type sudo perl awstats_config.pl
39. Follow the prompts…

—– AWStats awstats_configure 1.0 (build 1.6) (c) Laurent Destailleur —–
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to ‘understand’ all possible ways to use AWStats…
Read the AWStats documentation (docs/index.html).

—–> Running OS detected: Mac OS

—–> Check for web server install
Found Web server Apache config file ‘/etc/httpd/httpd.conf’

—–> Check and complete web server config file ‘/etc/httpd/httpd.conf’
AWStats directives already present.

—–> Update model config file ‘/Library/WebServer/awstats/wwwroot/cgi-bin/awstats.model.conf’
File awstats.model.conf updated.

—–> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
40. file (required if first install) [y/N] ? y

—–> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
41. site.domain.com

—–> Create config file ‘/Library/WebServer/awstats/wwwroot/cgi-bin/awstats.site.domain.com.conf’
Config file /Library/WebServer/awstats/wwwroot/cgi-bin/awstats.site.domain.com.conf created.

—–> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/Library/WebServer/CGI-Executables/awstats.pl -update -config=site.domain.com
Or if you have several config files and prefer having only one command:
/Library/WebServer/Documents/tools/awstats_updateall.pl now
42. Press ENTER to continue…

A SIMPLE config file has been created: /Library/WebServer/awstats/wwwroot/cgi-bin/awstats.site.domain.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for site.domain.com’ with command:
> sudo perl awstats.pl -update -config=site.domain.com
You will also read your statistics for ‘site.domain.com’ with URL:
> http://localhost/cgi-bin/awstats.pl?config=site.domain.com

43. Press ENTER to finish…
44. Edit the awstats.site.domain.com.conf file (in your favorite text editor, as root) and add these lines or augment existing lines for these variables.
LogFile=”/var/log/httpd/awstats_access_log”
LogType=W
LogFormat=1
SiteDomain=”site.domain.com”
DirData=”/Library/WebServer/Documents/awstats_data”
DirCgi=”/Library/WebServer/CGI-Executables”
DirIcons=”/icon”
AllowToUpdateStatsFromBrowser=1
AllowFullYearView=3
46. Move the remaining contents of /Library/WebServer/awstats/wwwroot to /Library/WebServer/Documents
47. Move the “tools” directory of /Library/WebServer/awstats to /Library/WebServer/Documents
48. Open Terminal
49. Type cd /Library/Webserver/CGI-Executables/
50. Type sudo perl awstats.pl -update -config=site.domain.com
51. From the server, open a browser and go to the site http://localhost/cgi-bin/awstats.pl?config=site.domain.com
52. If you see the data then you know that both your configuration and log file format is good.
53. Now it’s time to tell the system to update awstats on a regular basis.
Create a CRON job to run the command /Library/WebServer/CGI-Executables/awstats.pl -update -config=site.domain.com

Posted in Mac OS X Server, Web Development | Comments Off

Installing MediaWiki on Mac OS X

Wednesday, August 17th, 2005

Installing MediaWiki

1. Create a database in MySQL called wikidb.
2. Create a new user called wikiserver that has full priviledges to this database (the user does not need to be called wikiserver, but that is the username we will be using for this walkthrough).
3. Download the latest stable release of MediaWiki from http://mediawiki.sourceforge.net.
4. Extract the tar files into a new folder (for this example we are going to call it wiki to keep things easy). This can be done using the tar -xvzf mediawiki.tar.gz (or subsititute your file name for mediawiki.tar.gz
5. Make the configuration files writeable using the command chmod a+w config while in the new wiki folder
6. Move the wiki folder onto a web server
7. From your web server, visit the site 127.0.0.1/wiki or the subfolder that you placed the wiki files into
8. At the MediaWiki Installation page, you will either see a notice that you can install MediaWiki or a notice that your system does not meet the minimum requirements for installion. If your system does not meet the requirements, install the modules that are listed. If it does, move on to the next steps
9. At the MediaWiki Installation page, scroll down to the Site Config section. Here, fill in the fields for:
a. Wiki name: The name assigned to your wiki.
b. Conact e-mail: Displayed when error notices are encountered.
c. Language: The language to be used for your Wiki
d. Copyright: The copyright type, typically leave this as the default setting
e. Admin Username: The username to use for administering the Wiki
f. Admin Password: The password to use for administering the Wiki
g. Shared Memory caching: Decide whether to use memcached
10. Fill in the appropriate values for the Email and authentication setup section:
a. Email (General): Enable or disable the global use of email for your Wiki
b. User-to-User email: Allow users to email one another
c. Email Notification: Allows users to be notified if there is a change in a folder or page
d. Email Authentication: Enable email authentication for the wiki. Sends request for users to click a link to authenticate into the wiki.
11. Database Configuration options:
a. Database Type: Most users use MySQL, but Oracle is an option as well, although experimental.
b. SQLServerHost: The address of the MySQL Server. If MySQL is on the system you are currently using then leave this field as localhost.
c. Database Name: The name of the database you will be using in MySQL to store your wiki’s data.
d. DB Username: If you used wikiserver in step 2 then use wikiserver here; otherwise use the username you chose in step 2.
e. DB Password: The password you assigned for your wikidb user.
f. Database Table Prefix: Use this option if you would like to share you will be using other tables within the wiki database for other applications.
g. Database Character set: leave this as defualt unless you will be using
h. Superuser account: The MySQL SuperUser account – typically root
i. Superuser Password: The MySQL SuperUser or root account password
12. Click on Install MediaWiki!
13. Move the LocalSettings.php file from the /config directory of the wiki installation into the root directory of the wiki installation
14. Go to the http://127.0.0.1/wiki folder and the default Main MediaWiki page will open
15. Customize the wiki to work for your organization

Posted in Mac OS X, Mac OS X Server, Web Development | 1 Comment »

Link Aggregation and Tiger

Sunday, August 7th, 2005

Link Aggregate Networking

Mac OS X 10.4 includes support for link aggregate networking. Link aggregate networking shares network traffic over two or more bonded Ethernet controllers, giving them one IP address for communication. This can allow the servers controllers to run at speeds of 2Gbps. Link aggregation is configured using the Network System Preference Pane.

To enable Link Aggregate Networking
1. Open the Network Pane from System Preferences
2. Click the Show: box and select Network Port Configurations
3. Click New
4. In the Name: box enter a name for the new aggregate port
5. In the Port: box select Link Aggregate
6. Places check marks in the boxes for each port you would like to aggregate
7. Click OK
8. Configure the Port as you would any other network port

Troubleshooting
Link Aggregate Ports must be used in conjunction with an Ethernet Switch.
Link Aggregate Port status can be viewed for each en adapter using the status tab in Network Preferences for the controller.
Assigning multiple LAN IP addresses to a Link Aggregate port can be tricky. I’d stay away from this if possible.
Do not assign two LAN IP addresses to a Link Aggregate port if they are not in the same IP scheme/subnet.

Posted in Mac OS X, Mac OS X Server | Comments Off

Apple Market Share

Friday, April 8th, 2005

According to a report by JupiterMedia Corp, Mac OS X is becoming more and more of a standard in the small to Enterprise business categories. The report states that in organizations with 10,000 or more employees, 21% use Mac OS X on their desktops in the office. In businesses with 250 employees or more, 17% of the employees run Mac OS X on their desktop computers at work.

Mac OS X is taking market share aware from traditional Linux and Unix installations. One explanation for this is that Mac OS X is easier to use than Linux and Unix, especially for desktop computers. Another explanation is that the number of software packages available for Mac OS X is growing, with a focus on Enterprise applications such as Oracle. It has also become possible to buy corporate support packages through Apple, something that Enterprise customers typically require before allowing production deployment of software. Companies that were once considering Linux are now more likely to move forward with Mac OS X.

Although to a smaller degree, Mac OS X is taking market share away from Windows as well. Microsoft saw a slight decrease in its installation base last year. Although it is difficult to tell exactly why this shift is occurring, it is possible that in the server market this has a lot to do with software licensing costs.

Apple’s licensing scheme can, in some cases, save companies tens of thousands of dollars in licensing over traditional Windows servers. Nine percent of companies with 250 employees or more are now using Mac OS X Server. 14 percent of companies with 10,000 employees or more are now running Mac OS X Server. These are strong numbers for a relatively young Network Operating System. With the latest enhancements built into Mac OS X Server 10.4 it is likely that the numbers will grow more in Apple’s favor.

The single largest Network Operating System is still Windows NT 4.0 Server. UNIX, Linux, Windows 2003 Server and Mac OS X Server are all seeking to displace NT 4.0, which gained popularity due to its stability and scalability. A strong placement in the Network Operating System market can only help in gaining even more popularity in the desktop market.

Posted in General Technology, Mac OS X, Mac OS X Server | Comments Off

318 Speaks at DefCon 2004: Charles Edge is Featured Speaker

Saturday, June 26th, 2004

This year’s DefCon seminar will cover the features and fundamental concepts of OS 10.3.4 Server. We will begin by describing the various roles of OS 10.3 SERVER in both small and medium sized offices. We will cover managing the webserver, email server and file storage. Finally, we will cover upgrading from 10.2 and data backup strategies.

Bio for Charles Edge:Charles is a Senior Systems Engineer for Three18, Inc. and is a leader within the technical department and a mentor to the other field technicians as well as a trusted advisor to hundreds of Three18′s companies here in Los Angeles. His 10+ years of experience, coupled with his in-depth knowledge of IP Routing, MAC OS, Windows and Linux have made him a valuable asset to both Three18 and its prestigious roster of clients.

Charles maintains certifications with Apple, Microsoft, Cisco and Comptia and is currently writing MAC OS X SERVER book for O’Reilly publishing, which should be on the shelves in early September 2004.

Posted in Mac OS X Server, Security | Comments Off

vi cheat sheet

Sunday, May 9th, 2004

VI Reference SOP

Creating and opening Files
Running a vi command without a file name will open a new file. Running a vi command with a existing file name will open that file for editing. For example, using vi test.txt will open a document called test.txt if it’s in the working directory.

VI Modes
Command mode treats input from the keyboard as vi commands. Command mode cannot be used for entering text. When a file is first opened, you start out in command mode and you will not see the words you are typing on the screen . To enter and edit text you have to switch to insert mode by pressing the i or a keys. Use command mode to move to the part of the file you want to edit and then use insert mode to enter text in the file. To switch back to command mode use the Escape key.

COMMAND MODE
Moving around the file
h Move the cursor one column to the left
i Move the cursor one column to the right
k Move the cursor one line up
j Move the cursor one line down
^ & B Go to the beginning of the current line
$ Go to the end of the current line
) Go to the next sentence
( Go to the previous sentence
} Go to the next paragraph
{ Go to the previous paragraph
:$ Go to the end of the file
w Move the cursor one character forward
W Move the cursor one word forward
: Go to the number you specify

Inserting and Appending Text :
i inserts text to the left of the cursor
I inserts text in the beginning of line
a appends text to right of cursor
A appends text to the end of the line

Adding New Line
o Add a new line below the current line
O Adds a new line above the current line.

Deleting Text
X deletes the text character to the right of the cursor
dd deletes the current line
d deletes the line specified by NUMBER
D delete all of the data until the end of the current line.

Replacing Words and Characters
r replace the character above the cursor
R replaces characters until Esc is pressed
C replaces till end of line.

Substitute
s substitutes the current character
S substitutes the entire line

Repeating Last Command
. repeats the last command

Undo the last change
u undo the last change
U undo changes to the current line

Copy and pasting lines
yy copy the current line into buffer
p pastes the information in the current buffer

Searching
:/name searches for the word name in the file
n continues search forward.
N searches backwards.
Search and Substite :s///g

Saving
:w is a simple save command
:wq saves & quits VI
:q! quit VI without saving any changes

Posted in Linux, Mac OS X, Mac OS X Server | Comments Off

Newer Entries »