dirt is a command line goodie that lets you test directory services without the pain of logging in and out to discover if it will let you authenticate. For example:

dirt -u username -n

will check if the username exists in any of the directories defined on the computer and list what directory it was found in.

To force software updates residing on Mac OS X software update server removed everything in the /usr/share/swupd/html folder.

In part 1 we looked at how Workgroup Manager allows you to manage users, groups, computers, shares and preferences. This article will give you an overview of two more administration applications called Server Administrator and Server Monitor .

Server Administrator

Server Administrator allows you to configure Mac OS X Server’s services such as file sharing, network services including DHCP and other internet services. Beyond service configuration the application provides you with statistics and logs.

Configuration of services is similar to setting up options in other day to day applications. The interface consists of tabs, fields and pull down menus. All service configurations are done in the Settings tab. To turn on a service such as Windows file sharing it’s as easy as configuring the service and then clicking Start Service in the main toolbar.

Statistics can be viewed of most services via the Overview, Connections and Graphs . Depending on the service, information that is displayed ranges from how long the service has been running, to the amount of users and throughput. Raw logs can also be accessed for most services.

Server Monitor

Server Monitor gives you valuable feedback on the status of your servers with information from what version of the operating system is in use, to the temperature and speed of the fans in systems that support it. As with Server Administrator you can add more than one server to monitor.

Mac OS X Server’s Admin Tools provide every administrator with a collection of applications designed to make administration as easy as Apple is legendary for. I hope that you have a better understanding of what app does what. This concludes the two part article Get to Know Mac OS X Admin Tools.

The Mac OS X Server admin tools are where you spend a lot of your time tinkering with service settings to get them working just right, maintaining your user list and monitoring performance. For those of you just getting started with Mac OS X this article aims to give you an overview of what you can expect to do with each of the admin applications.

The admin apps can be installed on any Mac OS X computer. Best practice is not use the server to run anything - including the management tools. The installation is as simple as installing any other Mac OS X software.

Workgroup Manager

Workgroup manager (WGM) is the most useful application after configuration is complete. It manages users, groups, shares and client preferences. Expect to spend most of your time in this application.

Users are added, removed and modified via the Accounts button on the toolbar. Creating a new user is as simple as clicking New User - similarly to remove users. The accounts section of WGM allows you to create user groups, assign users to groups and assign and create computer groups.

The Sharing button is used to set up share points for your users to access. Mac OS X Server allows you to share to a variety of platforms from Windows to UNIX and including Mac OS X. This section is where you configure who can access what share point and via what services.

Preferences allows you to specify how your clients user environment looks and behaves. They can be assigned by individual users, groups or computer groups. Most settings can be defined for your users including hard disk drives appearing on the desktop, specify what system preferences can be used to what applications can be accessed.

This has been a brief overview of what one of the Mac OS X Server admin tools offers. Continue to part 2 where we take a look at Server Administrator and Server Monitor .

When using Mac OS X computers in a managed environment with individual users the desktop pictures cache fills up very quickly. Removing the folder will free over a gigabyte of disk space on the client computers (with around 1000 users logging in over a period of time).

Tip: You could include this maintenance as part of your login process by implementing login scripts.

Simply remove the desktop pictures folder from:

/Library/Cache/

To run software update via a terminal session just run:

softwareupdate -i -a

This automatically downloads and installs all appropriate updates. Using the -r instead of -a switch downloads only recommended updates.

This command is helpful when used with Apple Remote Desktop’s send unix command tool.

Requirements

• Microsoft Excel to create data. If creating manually, Excel is not required.
• Microsoft Word to replace tabs with manual line breaks. If creating manually, Word is not required.
• VIM

To create the home directories, set permissions and assign user access, we use the following commands and execute them via a shell script. This provides a quick painless way to create the user’s home folder, plus the “Documents” folder to direct Windows users to save into:

An example of the commands is featured below:

mkdir -p /path/to/user/home/userHomeDir/Documents
chgrp -R 1026 /path/to/user/home/userHomeDir
chown -R 2001102 /path/to/user/home/userHomeDir
chmod -R 772 /path/to/user/home/userHomeDir

To create this from existing user information as used in the entry into Active Directory I used the concatenate function once again, with the username (sAMAccountName) and UID (postalCode). Once the information is manipulated to the desired results the spreadsheet should be saved to a tab delimited text file then opened in Microsoft Word. The reason for this is to replace all the tab characters with line breaks. Any editor capable of this will be fine.

Once you have the data sorted out, fire up a terminal one the computer you want the home directories made and issue:

vim /path/to/desired/save/location/fileName

Press i to insert text. Simply copy the text from your text editor, and paste into vim. To exit and save the file, press esc then type :wq!

When returned to the input prompt, enter the following. This will execute the script we created in VIM.

sh /path/to/desired/save/location/FileName

Once the process is finished, you will be presented with the usual input prompt.

Requirements
Mac OS X 10.4 client

Notes
I had some problems connecting to the home directories via AFP so it is set up to connect over SMB. This means your file server must be running windows file services and that window preferences will not be saved.

With the relase of Mac OS X 10.4 (Tiger) Apple refined its active directory connectivity. I have not tried this solution on a server to connect to AD but it works fine on clients.

First, open Directory Access which is located in /Applications/Utilities. You may need to click the lock and enter your username and password on the local machine to make changes.

Select Active Directory and click on configure. This will bring up the configuration window where we can enter all of the information.

Enter the active directory domain name in the Active Directory Domain field. You can modify the computer name from the default computer name if you wish - this name will appear in active directory.

Click Bind to connect to the active directory. Enter the usual password and username that you would connecting a Windows client to AD.

Click on the down arrow button to show advanced options.

To continue using network home directories untick Force local home directory on startup disk and make sure Use UNC path from Active Directory to derive network home location is ticked. I tried to use AFP but the computer could never mount the home directory. Selecting SMB worked without any problems.

Click on the Mappings tab. This is where you can map extra attributes. Since my system is still supporting 10.3 via my previous methods I continued to map UID to postalCode. This provides the computer with the same UID that we have manually defined for users. You can leave these options all turned off and Mac OS will fill it in dynamically.

Click OK. You’re done!

Requirements
Mac OS X 10.2 and higher

Notes
Alternatively you can use Apple’s Active Directory plug-in. This guide was created using Mac OS X 10.2 for our 2003 setup. The process has stayed the same for our 2005 setup but with the addition of GID added to telephoneNumber.

Apple made it easy to authenticate to other LDAP based directory servers with a little plug-in called LDAPv3. This is how to get the server (or Mac OS X CLIENT) to grab its user list from Active Directory, which in turn will enable you to add users to Macintosh Manager. Following is a step by step guide for setting up the LDAP plugin.

First open Directory Access which is located in /Applications/Utilities. You may need to click the lock and enter your username and password on the local machine to make changes.

Highlight LDAPv3 and click configure. This is where you enter the location of the Active Directory server. Name the configuration, put in the ADs IP address or DNS name, then under “LDAP Mappings” make sure you choose Active Directory from the pull down menu.

Next, a window will pop up asking for a “Search Base Suffix”. Now what’s this? It’s just the Windows 2000 domain - in full. The domain at our site is simply “WHS” so i would enter DC=WHS. But most Windows 2000 configurations would have something on the end, such as a .com. Enter your domain name here.

The configuration now needs editing. Click edit. Under the “connection” tab, enter in a user name and password combination to allow Mac OS X to query AD. Any user will do. I’ve made a normal user called LDAP with a password on my Active Directory. Tick “Use authentication when connecting” and in the “Distinguished Name:” field, enter “CN=USER_NAME,CN=Users,DC=YOURDOMAIN”. USER_NAME being a user in your AD, and YOURDOMAIN being the information you typed in just before under the Search Base Suffix.

Just a quick note, CN=Users is where the user is kept in AD. If it is kept in an Organisational Unit you would need to replace the CN with OU. More discussion a little down the track.

Now onto the “Search & Mappings” tab. This is where you set up how Mac OS X looks for information on Active Directory. Let’s look at the “Users” entry first. Click on it, and you’ll notice under “Search Base” is CN=Users, DC=YOURDOMAIN, DC=com, DC=au. You need to modify this to where all of your users are kept in the AD. If they all live in the group Users, then just leave how it is, or input the location that the users are stored in the AD.

Note: the LDAPv3 plug-in will only query one configuration per server. This isn’t good if your users are organised in the AD (as was our case) in organisational units Staff and Students in the root of the AD. To get around this, we created an OU “AllUsers” of which the OU’s Staff and Students are contained.

Now click the arrow next to “Users” to expand it. You need to change the mappings for the following:

RecordName needs sAMAccountName added, and cn removed.
UniqueID needs postalCode added.
RealName needs to have cn removed and sAMAccountName added (this is because when logging on, Mac OS uses the full name, which will make problems when connecting to the home directory located on the Windows 2000 server.
HomeDirectory needs homeDirectory removed, and replaced with streetAddress
NFSHomeDirectory needs userSharedFolderOther removed, and “info” added.

Now click OK, and OK again. Now under the “Authentication” tab, we need to make the computer look at the LDAP server we just configured. Select “Custom Path” from the pull down, then click add and select the configuration.

Click Apply and then restart the computer.

On the server you can assign users to groups via workgroup manager if you wish.