I found a strange way to adress files in MacOS: Direct referencing via VolumeID and InodeID.
MacOS has a special folder for that: "/.vol"
If you list all files in there it seems empty...
But if you try this for example:
cat /.vol/234881026/4321840
you will get the file referenced by the volume (first part) and the inode (second part).
An example:
>:/$ stat /etc/hosts
234881026 4321840 -rw-r--r-- 1 root wheel 0 236 "Feb 22 12:04:33 2012" "Feb 2 21:25:28 2012" "Feb 2 21:25:28 2012" "Feb 2 21:25:28 2012" 4096 8 0 /etc/hosts
>:/$ cat /.vol/234881026/4321840
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
Groovy! =)
Mittwoch, 22. Februar 2012
Montag, 13. Februar 2012
Create a bootable Lion USB Stick
To install Lion on a new HDD or SSD you need some kind of installation medium (at least on older Macs). Here is an easy way to create a bootable Lion USB Stick from your "Install Mac OS X Lion" App. You'll need an empty 8 GB USB Stick.
0. Redownload the "Install Mac OS X Lion" Program from the App Store:
"(While holding down the OPTION key, click on the “Purchases” section
You should see “OS X Lion” and “Install” should now be gray and you can click that to re-download Lion (you may have to re-authenticate within the App Store with your Apple ID)."
(Thanks asorta from MacRumors)
1. Locate the "Install Mac OS X Lion" program in your application folder with the Finder.
2. Right click on it, and choose "Show Package Contents".
3. Navigate to "Contents/SharedSupport/InstallESD.dmg". This is the install disk.
4. Start "Disk Utility"
5. Click on your USB Stick (the device not the partition) and click on the "Partition" tab
6. Click on "Current" and choose "1 Partition". Choose "Mac OS Extended (Journaled)" as Format.
7. Press Apply. Now, choose the "Restore" Tab.
8. Drag your "InstallESD.dmg" disk image from the Finder into the left side of the Disk Utility.
9. In the Restore Tab, choose the InstallESD.dmg Image as Source, and your USB Stick as Destination.
10. After 30 Minutes (depends on the Stick), you are done. You can test it now by booting from your stick. Hold "alt" at startup to go into the boot device selection...
This stick is good fixing a broken installation, for installing Lion from it, reseting passwords or change the partition layout of your disks. Have fun!
Dienstag, 7. Februar 2012
Reset local user passwords in Lion and SL
Who doesn't know the pain of user leaving the company in anger, just throwing his equipment in the corner? Or someone who comes back from 6 weeks rafting in Canada, barely remembering where he works?
Snow Leopard (10.6)
In SL you can use the "resetpassword" tool as well, but you have to boot from your install disk.
Reseting your password in Single User mode is a lot faster, and does not need a cd.
I've tried both, works for me.
With a fully directory enabled network this poses no problem, you just reset the password as admin. But with local users (and no local company admin account) this means some work.
Lion (10.7)
In Lion, you can do this via the recovery partition. There is a tool called "resetpassword" that you can start in the terminal. Here is a screenshot:
That's quite comfortable. Just enter the recoverypartition by pressing "alt" while turning your mac on, and choose "Recovery HD".
Alternatively, you can do it in single user mode:
That's quite comfortable. Just enter the recoverypartition by pressing "alt" while turning your mac on, and choose "Recovery HD".
Alternatively, you can do it in single user mode:
- Hold "cmd-s" for Single User mode at start up
- Use the following commands (without $>):
$> /sbin/fsck -fy # Check Filesystem
$> /sbin/mount -uw / # Remount / as rewriteable
$> launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist # Load Directory Service
$> ls /Users # Show Users in System
$> passwd <user> # Change PW for User
$> reboot
Snow Leopard (10.6)
In SL you can use the "resetpassword" tool as well, but you have to boot from your install disk.
Reseting your password in Single User mode is a lot faster, and does not need a cd.
- Hold "cmd-s" for Single User mode at start up
- Use the following commands (without $>):
$> /sbin/fsck -fy # Check Filesystem $> /sbin/mount -uw / # Remount / as rewriteable $> launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist # Load Directory Service $> ls /Users # Show Users in System $> dscl . -passwd /Users/<user> <password> # Change PW for User $> reboot
I've tried both, works for me.
Freitag, 3. Februar 2012
Software Update, the client side of things.
Ok, now that the Server is running, we can turn to the clients.
We have a pure Open Directory without the smallest stain of Active Directory in our network.
Which is not to say that I dislike the AD. I works great, and it would have been a lot harder to f**k it up like the OD we have here. But I'm embracing Apple fan-boyishness to fulfill my role as Mac admin. I even started to cut out the little Apple logos on the accessory packaging and put them into my sideboard to treasure them...
Uhm, yeah, clients.
There arethree four ways to get your clients to access the local Software Update repository:
1. Use the OpenDirectory to push out the network path to the server.
This is accomplished in the Workgroup Manager in Preferences. It seems to work out of the box, but all of your users must be in OD, and login via OD as well.
Sadly, that's not the case with our users, which are all local users that only use Kerberos tickets to access the fileshares and linux.
I am going to change that, but did not find a good way to migrate all these local users to mobile users jet.
2. Update your local SoftwareUpdate.plist to use the new path
Run this in the terminal (replace the <...> with your update server):
I've tested it with Lion and SL clients, works for me.
Remember, this is an SnowLeopard Server. I think this will not work anymore with a Lion Server as something changed.
You can go back to the original Apple servers if you delete the entry again:
3. Change you local DNS Server to redirect the clients to your server
This could be seen as a horrible hack, but has some nice effects, not possible with other solutions:
To integrate this into you network you need to create a new DNS zone, modify the "hosts" file of your update server and use a webserver to redirect some path. This is necessary because the original Apple update server uses different paths then the Software Update service. If you are already using a webserver on port 80 on the Software Update server, you can use another one (but you'll have to change the redirect paths).
This will need some maintenance in the future!
If the Apples swscan.apple.com changes its IP...
If Apple introduces a new DNS name for their update server...
If a new version of MacOS X comes out...
If some automatism in a update changes some part of this...
But it works for now. We use this for Lion and SL client.
First the DNS Zone:
That's it. You can try it by using the "host" command in the terminal:
original:
:~$ host swscan.apple.com
swscan.apple.com has address 17.250.248.95
modified:
:$ host swscan.apple.com
swscan.apple.com has address 10.0.109.204
While you are on the commandline, you need to add the original IP of the Apple server to the /etc/hosts of your update server. If you fail to do that, your server will not be able to get new updates.
As root:
echo "17.250.248.95 swscan.apple.com" >> /etc/hosts
Second, the web server:
You should now be able to download software updates from your server, without any editing on you system. Try it by entering the URL in you browser:
4. Use your HTTP proxy server to accomplish the above
A college showed me this, I didn't try it out but this is an real alternative:
You are using your squid installation to redirect http traffic to you local update server. This gets you the same benefits as the DNS method, without messing in you DNS config.
Here is the source link (german!):
http://www.heise.de/mac-and-i/artikel/Update-Zweigstelle-1424907.html
We have a pure Open Directory without the smallest stain of Active Directory in our network.
Which is not to say that I dislike the AD. I works great, and it would have been a lot harder to f**k it up like the OD we have here. But I'm embracing Apple fan-boyishness to fulfill my role as Mac admin. I even started to cut out the little Apple logos on the accessory packaging and put them into my sideboard to treasure them...
Uhm, yeah, clients.
There are
1. Use the OpenDirectory to push out the network path to the server.
This is accomplished in the Workgroup Manager in Preferences. It seems to work out of the box, but all of your users must be in OD, and login via OD as well.
Sadly, that's not the case with our users, which are all local users that only use Kerberos tickets to access the fileshares and linux.
I am going to change that, but did not find a good way to migrate all these local users to mobile users jet.
2. Update your local SoftwareUpdate.plist to use the new path
Run this in the terminal (replace the <...> with your update server):
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL '<COMPLETE_URL_TO_SERVER>'Some other how-tos state that you can enter this line without the complete path to "com.apple.SoftwareUpdate". At least in my setup, this is wrong.
I've tested it with Lion and SL clients, works for me.
Remember, this is an SnowLeopard Server. I think this will not work anymore with a Lion Server as something changed.
You can go back to the original Apple servers if you delete the entry again:
sudo defaults delete /Library/Preferences/com.apple.SoftwareUpdate CatalogURL
3. Change you local DNS Server to redirect the clients to your server
This could be seen as a horrible hack, but has some nice effects, not possible with other solutions:
- unmanaged clients are caught as well, you don't have to touch your clients
- MacBooks can still access Apples servers if outside the LAN
To integrate this into you network you need to create a new DNS zone, modify the "hosts" file of your update server and use a webserver to redirect some path. This is necessary because the original Apple update server uses different paths then the Software Update service. If you are already using a webserver on port 80 on the Software Update server, you can use another one (but you'll have to change the redirect paths).
This will need some maintenance in the future!
If the Apples swscan.apple.com changes its IP...
If Apple introduces a new DNS name for their update server...
If a new version of MacOS X comes out...
If some automatism in a update changes some part of this...
But it works for now. We use this for Lion and SL client.
First the DNS Zone:
- Go into the Server Admin tool and open the DNS Service.
- Add a zone "swscan.apple.com."(mind the dot at the end!)
- Enter you local DNS server as "Nameserver Hostname"
- Add a A record in this zone: "swscan.apple.com." (mind the dot again!!)
- Don't forget to save.
That's it. You can try it by using the "host" command in the terminal:
original:
:~$ host swscan.apple.com
swscan.apple.com has address 17.250.248.95
modified:
:$ host swscan.apple.com
swscan.apple.com has address 10.0.109.204
While you are on the commandline, you need to add the original IP of the Apple server to the /etc/hosts of your update server. If you fail to do that, your server will not be able to get new updates.
As root:
echo "17.250.248.95 swscan.apple.com" >> /etc/hosts
Second, the web server:
- Enable the web server in the Server Admin tool (Settings/Services).
- In the Web service page, edit the default root site (the one with the *)
- Give it the Host Name "swscan.apple.com
- Under Aliases, add the following entries as Redirects in the bottom box:
/content/catalogs/index-1.sucatalog
http://swscan.apple.com:8088/index.sucatalog
/content/catalogs/others/index-leopard.merged-1.sucatalog
http://swscan.apple.com:8088/index-leopard.merged-1.sucatalog
/content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog
http://swscan.apple.com:8088/index-leopard-snowleopard.merged-1.sucatalog
/content/catalogs/others/index-lion-snowleopard-leopard.merged-1.sucatalog
http://swscan.apple.com:8088/index-lion-snowleopard-leopard.merged-1.sucatalog
- You can disable the default services (wiki, blog, calendar) in the tab "Web Services"
- Don't forget to save
You should now be able to download software updates from your server, without any editing on you system. Try it by entering the URL in you browser:
http://swscan.apple.com/content/catalogs/index-1.sucatalogThe Software Update access log (in Server Admin) should show you your access.
4. Use your HTTP proxy server to accomplish the above
A college showed me this, I didn't try it out but this is an real alternative:
You are using your squid installation to redirect http traffic to you local update server. This gets you the same benefits as the DNS method, without messing in you DNS config.
Here is the source link (german!):
http://www.heise.de/mac-and-i/artikel/Update-Zweigstelle-1424907.html
Donnerstag, 2. Februar 2012
Software Update, go!
I spend the day installing a centralized update server on on of our Mac Mini Servers (on SL).
Great, so now SL and Lion updates are on the system, nothing left to stop us, right?
Well, the clients need to be configured. But I'll do that tomorrow...
Apple provides a service called "Software Update" to accomplish this.
Configuration is strait forward, just enable it in the Server Admin, configure the destination directory for the update cache and wait for it to finish downloading. Easy as it should be.
As we have a mixed environment of Snow Leopard and Lion, the update server needs to host both types.
This needs a few modifications in the config files. And this is where it gets ugly.
Apple has documented the configuration here:
Sadly, it does not work like that. Maybe it did one time, it does not anymore.
In short, two files need to be edited but these get changed back every time the service starts again. Apple fail.
In short, two files need to be edited but these get changed back every time the service starts again. Apple fail.
Thx to leifsehn, I've found the correct way to do this:
Hello All...I originally was having the same issue with the files reverting back to the original but I was able to get the lion updates working by doing the following:
1. Login to your server as root, turn off SUS and Quit Server Admin.
2. Goto /System/Library/PrivateFrameworks/SUServer.framework/Versions/A/Resources/
3. Edit the swupd.conf to contain the new lion entry as per apple.
4. Delete the swupd.conf that is located in /etc/swupd
5. Run the command "sudo /usr/libexec/PlistBuddy -c 'add :otherCatalogs:2 string index-lion-snowleopard-leopard.merged-1.sucatalog' /etc/swupd/swupd.plist"
6. Resart the server
7. Start the Server Admin and Start the SUS.
8. Now the server should be reflecting the new Lion Updates.
Tested this with a managed computer and after I enabled the Lion updates I was able to instalt the 10.7.1 update.
Hope this helps.
Source: https://discussions.apple.com/message/15962462#15962462You can check if it's working correctly by accessing the Software Update repository in a browser:
http://softwareupdate.pretentco.com:8088/index.sucatalogYou should see an XML starting with "<?xml version="1.0" encoding="UTF-8"?>"
Great, so now SL and Lion updates are on the system, nothing left to stop us, right?
Well, the clients need to be configured. But I'll do that tomorrow...
And here I am.
I am a newly made MacOS administrator!
I've got a lot of experience with linux and unix systems but used MacOS only as a "couch device", so my experience was limited. I'm now 4 weeks into the new job, and am torn about the system:
- Yay, MacOS combines the wonderful core and shell of unix/bsd, some cool new concepts and a beautiful, usable, stable gui into a great package, fit for a lot of users from mums to developers.
- Boh, Apple obviously does not care for the enterprise. Bad documentation, delayed security fixes, incomplete or broken features, stupid licensing... it goes on like that.
Well, the mission of this blog is to document my work and experience with MacOS X in an enterprise environment.
I hope I will keep up writing, and that some of the posts will help others. =)
-Tarwin
I've got a lot of experience with linux and unix systems but used MacOS only as a "couch device", so my experience was limited. I'm now 4 weeks into the new job, and am torn about the system:
- Yay, MacOS combines the wonderful core and shell of unix/bsd, some cool new concepts and a beautiful, usable, stable gui into a great package, fit for a lot of users from mums to developers.
- Boh, Apple obviously does not care for the enterprise. Bad documentation, delayed security fixes, incomplete or broken features, stupid licensing... it goes on like that.
Well, the mission of this blog is to document my work and experience with MacOS X in an enterprise environment.
I hope I will keep up writing, and that some of the posts will help others. =)
-Tarwin
Abonnieren
Posts (Atom)