Enterprise Mac Administrators Guide (eBook)

Charles Edge has been working with Apple products since he was a child. Professionally, Charles started with the Mac OS and Apple server offerings in 1999 after years working with various flavors of Unix. Charles began his consulting career working with Support Technologies and Andersen Consulting. In 2000, he found a new home at 318, Inc., a consulting firm in Santa Monica, California which is now the largest Mac consultancy in the country. At 318, Charles leads a team of over 40 engineers and has worked with network architecture, security and storage for various vertical and horizontal markets. Charles has spoken at a variety of conferences including DefCon, BlackHat, LinuxWorld, MacWorld and the WorldWide Developers Conference. Charles' first book, Mac Tiger Server Little Black Book, can be purchased through Paraglyph Press. Charles recently hung up his surfboard and moved to Minneapolis, Minnesota, with his wife, Lisa. Charles can be contacted at krypted@mac.com.

Contents at a Glance 5
Table of Contents 6
About the Authors 15
About the Technical Reviewers 16
Acknowledgments 17
Introduction 18
Paradigm Shifts 18
Measure Twice, Cut Once 19
Application Availability 19
How This Book Is Organized 20
Chaos Theory 21
Chapter 1 Directory Services 22
Local Accounts 23
Creating Accounts 24
Granting Administrative Privileges 25
The Root Account 27
How the Local Directory Service Works 29
dscl 32
Changing Accounts En Masse 35
Account Creation Scripts 36
Parachuting Accounts into Clients 36
Hiding Administrative Accounts 37
Raw Mode 38
Set Search Paths 39
Create Additional Local Directory Nodes 39
External Accounts 40
Open Directory 41
LDAP 41
Kerberos 42
Setting up Open Directory Using Server Admin 45
Setting up Open Directory from the Command Line 49
Demoting an Open Directory Master 50
Set up an Open Directory Replica 50
Removing a Replica 51
Using Workgroup Manager to Create New Users 51
Backing up Open Directory 54
Troubleshooting Directory Services 56
Directory Services Debug Logs 56
Cache 56
Verifying Authentication 57
Summary 58
Chapter 2 Directory Services Clients 60
The Lay of the Land 61
Basic Binding 67
Plug-ins 68
Unauthenticated Dynamic Binding 70
Unauthenticated Static Binding 72
Trusted Static Binding 76
Pushing Out SSL Certificates 78
Custom LDAP Settings 82
Managing the Search Policy 88
Binding with the Command Line 91
Scripting Binding 93
NIS 93
Kerberos 96
Kerberising Services 102
Troubleshooting Kerberised Services 105
Directory Services Preferences 110
Summary 111
Chapter 3 Active Directory 112
Binding to Active Directory 114
Directory Utility 114
Testing Your Connection 119
Testing Authentication 123
Testing Authentication at the Login Window 124
Home Directories and the Apple Active Directory Plug-in 125
DNS Concerns 126
Bind to AD 127
Naming Conventions and Scripting Automated Binding 129
Map UID and GID 132
Namespace Support Using dsconfigad 133
Active Directory Packet Encryption Options 133
Dual Directory 134
Nesting 136
MCX via Dual Directory 137
MCX via Active Directory 140
Configuring AD Admin Groups 143
Nesting Administrators in the Local Admin Group 144
Third-Party Solutions 145
Centrify’s DirectControl 145
DirectControl Installation 145
Configuring DirectControl 148
Using DirectControl 152
Likewise 154
Likewise Enterprise 155
Thursby ADmitMac 155
Quest 156
Summary 159
Chapter 4 Storage 161
Client Storage 161
AFP 162
SMB 164
NFS 165
Automounts 166
Home-Directory Storage Provisioning 169
SAN Storage 169
Xsan 170
Cabling and Transceivers 170
Storage 171
Virtualized Storage 172
Initiators 172
Switches 173
Brocade Switches 175
Emulex Switches 175
QLogic Switches 175
Cisco Switches 175
Zones 175
Configuring Storage 176
Promise Vtrak 177
Xserve RAID 178
Configuring Ethernet 183
Setting up the Xsan 184
Installation 184
Creating a Volume 189
Adding a Computer 197
Resharing the Volume 197
Xsan Block Sizes 198
AFP Tuning 198
Tickle Times 199
Using Third-Party Clients 200
Installing Linux Clients 200
Windows Clients 201
Xsan Management 203
Reinstalling the Software 203
Upgrades to your Xsan 203
Operating System Upgrades 204
Upgrading the Volume 204
Changing IP Addresses 206
Common Xsan Repair and Troubleshooting Procedures 207
Resetting Xsan Client settings 207
Rebuilding an Array on an Xserve RAID 207
Rebuilding an Array on a Promise RAID 207
Latency 208
Schedules 209
Fragmentation 209
Backup 210
The Xsan Command Line 210
Fibreconfig 211
Labeling LUNs 212
cvadmin 213
Repairing Volumes 215
Other Commands 215
iSCSI 216
ExtremeZ-IP 222
Setting up AFP in ExtremeZ-IP 222
Configuring ExtremeZ-IP 224
Setting up DFS in ExtremeZ-IP 227
Managing Filesystem Permissions in OS X 227
POSIX-Based Permissions 227
Access Control Lists 230
Administration 232
Read Permissions 232
Write Permissions 232
Inheritance 233
Using chown and chmod to manage permissions 234
.DS_Store Files 235
Summary 236
Chapter 5 Messaging andGroupware 238
Exchange Integration 239
Entourage 239
Paths 240
Troubleshooting Exchange 2007 Virtual Directories 241
Entourage Setup 242
Automatic Client Configuration 249
Deploying the Package 250
Custom Package Installation 250
Account Setup 252
Postflight Tasks 252
AutoUpdate 253
Disable Sync Services 254
Archiving Mail 254
Native Groupware Support 255
Manual Setup 255
GroupWise and Lotus Notes 260
iCal Server 260
Setting up iCal Server 260
Managing Calendars 265
Delegating Access 269
Backing up Calendars 270
Clustering CalDAV 270
Wiki Integration 271
Troubleshooting 271
Address Book Server 273
Setting up Address Book Server 273
Connecting to the Address Book Server 277
Backing up Address Books 280
Instant Messaging 280
Solutions 280
Microsoft Messenger 280
iChat Server 281
Transcripts 282
Archiving Transcripts via iChat 284
Autobuddy 285
Mac OS X Mail Server 286
Setting up a Mail Server 286
Configuring Mail with ServerAdmin 287
Protecting the Mail Servers 290
Mailing Lists 295
Logging 295
The Command Line 296
Choosing Mailbox Locations 297
The Dovecot Mailstore 298
Setting up Public folders 300
Backing up Mail 300
Clustering Mail Services 301
Leveraging Push Notification 304
Summary 305
Further Reading 305
Chapter 6 Mass Deployment 306
Planning Your Mass Deployment 307
Monolithic vs. Package-Based Imaging 309
Automation 312
Image Delivery 313
Creating an Image 313
Creating an Image from the Command Line 316
Operating System Packaging with Composer 320
Bare-Metal Images 321
Deploying Images 321
Restoring with Disk Utility 322
Using Apple Software Restore 324
NetInstall 326
Boot Modifier Keys 330
Bless 331
Apple’s NetRestore 333
DeployStudio 336
Other Third-Party Solutions 348
Casper Suite 349
Automation 349
Types of Automations 349
User Templates 351
Migrating from Monolithic Images 351
Custom Packages with Composer 352
InstallEase and Iceberg 356
FileWave 356
PackageMaker 357
Negative Packages 361
Installing a Package 363
Package Scripts 363
Customizing Prebuilt Packages 364
Customizing OS X Preferences 365
PlistBuddy 369
When Not to Use PlistBuddy 371
Defaults 366
When Not to Use Defaults 368
PlistBuddy 369
When Not to Use PlistBuddy 371
Image Regression Testing 371
Summary 372
Chapter 7 Client Management 374
Managed Preferences 375
Preference Interactions 377
Utilizing Tiered Management 379
Managed Preferences in Action 380
Preference Manifests and Custom Preferences 380
Setting MCX from the Command Line 382
Automated Client Setup 383
Mail 383
iCal 385
Address Book 386
Application Preferences 387
Deploying Proxy Settings via a PAC File 390
Network Printing 391
Restricting Applications 394
Computer Access Filters 397
Common Tasks 399
Troubleshooting and Testing 402
User Home Folders 404
Local Home Folders 404
Local Home Folder Configuration 407
No Directory Services 408
Open Directory 408
Active Directory 410
Third Party LDAP Directory 410
Network Home Folders 410
Redirection 412
Network Home Folder Configuration 417
Open Directory 417
Home Directory Syncing 420
Troubleshooting Syncing Issues 425
Password Policies 426
Password Changes at Loginwindow 428
Managing Keychains 429
Apple Remote Desktop 430
Scanning Networks with ARD 431
Controlling machines 431
Sending Commands, Packages, and Scripts 432
Enabling Directory Service groups 434
Enabling Directory-Based Administrator Groups 435
Quota Management 436
Login Hooks 437
Software Update Server 439
Further Reading 441
Chapter 8 AutomatingAdministrative Tasks 442
The Basics 443
Scripting the Bash Shell 447
Declaring Variables 448
Variable Mangling 450
Standard Streams and Pipelines 452
If and Case Statements 453
For, While, and Until Statements 457
Arrays 459
Exit Codes 460
Constructing a Shell Script 461
Passing Arguments to Shell Scripts 465
Scheduling Automations 466
launchd 466
cron 468
Daily, Weekly & Monthly Scripts
Triggered Automations 470
Self-Destructing Scripts 471
Automating User Creation from a Third-Party Database 472
Logging 477
Working with Date and Time 478
Automating System Tasks 479
Configuring Local Administrative Permissions 479
Allow Local Users to Manage Printers 483
Home Folder Permission Maintenance 484
Enabling the Software Firewall 491
Managing Items in ARD 494
Disk Utilization 494
Network Setup 495
Power Management 500
ServerAdmin Backups and Change Monitoring 502
Xserve Lights-Out Management 506
Troubleshooting 507
Further Reading 509
Chapter 9 Virtualization 511
Boot Camp 512
Thin Clients 513
VMware 513
VMware Fusion in Monolithic Imaging 514
VMware Fusion with a Package-Based Deployment 519
Virtual Machines 521
Preparing the Virtual Machine for Mass Deployment 523
Virtual Machine Deployment 524
Populating the Virtual Machine List 528
Parallels 529
Parallels on a Monolithic Image 530
Virtual Machine Deployment 532
Automating the Parallels Installation 537
Automated Virtual Machine Deployment 538
Managing Windows 539
Sysprep 539
Configuration Management 543
Policies and Open Directory 545
Computer Configurations 546
User Configurations 547
Other Virtualization Solutions 547
Wine 547
Managing VMs and Boot camp Through GPOs 548
AntiVirus 550
Further Resources 550
Chapter 10 iPhone 552
The iPhone Simulator 553
Email 554
IMAP, POP, and SMTP 555
Setting Up the Exchange Client 557
Installing Certificates 559
Network Connections 561
Leveraging the Web Browser 563
Citrix 563
iPhone Configuration Utility 565
Building Configurations 565
Deploying Configurations 581
Importing and Exporting Profiles 584
The App Store 586
KACE 587
Managing iTunes 588
Troubleshooting 589
Updates 590
Leveraging the Logs 591
Backup and Restoration 591
Bypassing the Passcode 593
Further Reading 593
Index 594