Looking for some quick How-To’s?  Always wondered how others may be doing something you are looking to integrate?  This is the spot to look!


Finding duplicate computers in WorkGroup Manager

How often has this happened to you?  You are trying to add in a new computer to WorkGroup Manager, and you get the lovely message saying you are unable to add it since another computer with macAddress 00:11:22:33:44:55 already exists.  Now is the task of finding that dang duplicate computer.  How do you do it quickly?  Well, there are two ways.  One is for 10.6 using a GUI, and the other is a command-line solution that can work on any LDAP structure.


If you are using 10.6 Server Admin Tools along with a 10.6.X or 10.5.8 OD system, you can go to the computer record area then click on the little magnifying glass and select “Ethernet Address Is”.  From there, just plop in the MAC address and you are in business.


If you are like me and prefer the copy and paste solution that you can show off to others to make you look REALLY cool, then here is a snippet of code you can use to find the duplicate computer:

ldapsearch -x -h YOUR_LDAP_HOST -b cn=Your_computer_searchbase,dc=YOUR,dc=DOMAIN "(macAddress=ad:dr:es:s2:fi:nd)" cn macAddress

The “-x” is a flag for anonymous binding.  If you require binding to your LDAP server you will need to specify that in the command.  By adding “cn macAddress” to the end of the command the name of the computer, as well as the MAC address will be displayed.

Now, if you know AppleScript or Interface Builder and want to make a GUI wrapper for that command to return back the name and the MAC address, please let me know.  I would love to get a tool like that out there.  Likewise, if you already know of a tool and want to pass that along, please do!

Using dual NICs on OS X


Using 802.3ad (Link Aggregation Control Protocol – LACP) on servers can be a great way to introduce fault tolerance to physical network failures while still ensuring services are accessible.  Utilizing link aggregation also allows for additional bandwidth to reach servers.  The configure this, both your switch and server need to be on the same page, mainly that two physical interfaces should operate as one single logical unit.  This is easily done on OS X Server in System Preferences, Network, and adding a new virtual interface via the action menu (the gear).  To do so, you select the option to Manage Virtual Interfaces, and create a new Link Aggregate.  Select the member NICs you wish to have participate, and create the new interface.

I was talking to David Colville about this setup, and he gave me a bit of information that was new to me.  Make sure to “Make Inactive” the physical link as well in the networking preference pane.  To do this, select the physical interface in the Network System Preference Pane and select “Make Service Inactive”.  Why would you need to do this?  Well, if you don’t do this, the two interfaced will obtain link-local addresses (169.254.something.something).  Initially, I thought this was how OS X Internalizes and makes sense of the bonded interface.  Needless to say, I was wrong.

One issue that can arise from this is your computer will report its DNS as server-domain.local, and for some services, it will cause problems.  The moral of the story?  When using Link Aggregation on OS X server, once you establish the logical interface, disable the physical interfaces.


Cleaning up OpenDirectory & PasswordServer issues


Well, it is that summer-time for myself and other educators and with that, typically that means it is time to take care of all the Directory Service maintenance items that have been put off.  One such problem I ran into was new user accounts no longer accepting and creating PasswordServer entry slots with OpenDirectory typed passwords.  This can happen when PasswordServer runs into some issues of not knowing which password slots are open anymore.  This can appear in WorkGroup Manager as a plugin error with a -14XXX code when attempting to set the users password.  However, when changing it back to crypt, the user password takes.  Here is the solution I used to fix this:

  1. Create a backup of OpenDirectory
  2. Boot the OD Master into Single User Mode
  3. Run fsck on the volume (/sbin/fsck -fy )
  4. Mount the volume (/sbin/mount -uw / )
  5. cd into /var/db/authserver
  6. Remove the authserverfree file from this directory (rm /var/db/authserver/authserverfree)
  7. Remove the overflow files (rm *overflow* )
  8. Reboot the machine

You may need to reset passwords of any valid users who were in the overflow files.


System Image Utility + 10.5.6 + Aluminum iMacs


After playing around with the new SIU from Apple, it was time to update an image.  After setting model restrictions so only computers that could run 10.5.6 was completed, I tried booting an iMac and also using Startup Disk to select the image.  No Luck.  I enabled the previous image (created with the previous version of SIU) and it showed up.  It looks like the model isn’t being put into the NetInstall plist.  Here is a workaround to get the image allowing these models.

  1. Navigate to the SharePoint hosting your NetBoot / NetInstall Images (Default is /Library/NetBoot/NetBootSP0).
  2. Open your newly created .nbi folder and make a backup copy of the “NBImageInfo.plist” file.
  3. Open the plist in Property List Editor and expand the array “EnabledSystemIdentifiers”
  4. Add a new Child Entry to the array with a value of “iMac8,1”
  5. Save your changes
  6. Restart NetBoot.

That should get your Aluminum 20″ iMac seeing your newly created image.


One response

13 02 2009

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: