More on administering Mac OS X Server

After my previous post on OS X Server, I got a lot of good feedback from the Mac Enterprise folks. It was very helpful as I dug deeper into getting our room full of Mac minis into coherent shape.

For example, I learned that you can turn a shell script into a double-clickable executable by changing its extension to “.command”. That means that having a shell script run at logon becomes trivial, which in turn made it super-easy to start our complex Java app when the captive student account logs in. Score one for the good guys.

In regards to my complaint about binding machines to the domain, I learned (courtesy of James Relph) that you can in fact do it just like Windows does:

Regarding binding machines to the domain, just go into Server Admin > Open Directory > Settings > Policies > Binding and tick “Require authenticated binding between directory and clients”. That will ensure that when a client is joined to the domain it will ask for a domain admin account and create an associated computer record in the directory.

I learned how useful the Apple Remote Desktop “kickstart” app is, too, for setting up various aspects of ARD without manual intervention. Sadly, I also learned that there’s no way to easily apply an existing ARD task to a different set of machines, though the MacEnterprise folks helped with a couple of workarounds.

Some of the rough edges I noted earlier have disappeared as I’ve learned more about what I’m doing. One piece of excellent advice that I received is never to trust the GUI. Odd, given that Apple is supposed to be masters of all things GUI, but absolutely true. Often what you see in the GUI of the various admin tools is only loosely related to the actual status of the machine or component you’re looking at.

There are a few more serious problems lurking, too. One is that automatic logon just flat out doesn’t work if you specify an Open Directory account as the target. This is annoying, but it’s not the end of the world. Worse is that Apple pretty much leaves disaster recovery and repair up to oral tradition. There’s very little documentation on how to properly back up and restore a Mac OS X Server system. I can tell you from bitter experience that using Time Machine to back it up will only preserve files that aren’t open at the time of the backup, meaning you’ll lose your Open Directory database. Oooops. Apple doesn’t document anything about the best (or even worst) method of replacing a failed OD server, which is a real shame.

I still have a lot more to learn, including how to use the systemsetup and scutil commands, and how to tame launchd to make it do what I want to. One of these days I’ll probably feel like I know what I’m doing…


Filed under General Tech Stuff

2 responses to “More on administering Mac OS X Server

  1. Very interesting. Please keep these posts coming!

  2. Test comment– I see Michael’s comment, so this one should appear too.