Macintosh-Admin

Just recently I had a consulting appointment with a school that needed to use a proxy server in order to block students from inappropriate websites. Previous to my visit they were using a tangerine iBook with OS9 and some piece of software that did the proxy work. After some thought we came up with the idea of using OS X Server (since they also were running that) as the proxy server. It was much more up to date and it seemed like it would be pretty easy to transfer the list from the iBook’s proxy software to OS X Server. Unfortunately, I have a feeling the list was so huge that it kept crashing the Web service, so it was back to the drawing board.

We finally decided to use OpenDNS and after some initial testing it all seemed to work fine. We assigned all the student computers static IPs and setup the DNS using the OS X Leopards IP and then OpenDNS. We included the the servers IP first because it allowed the clients to find the server for network home directory use and then I assumed it would use OpenDNS second (for all other queries).

Unfortunately, while we could login to the network home directories, OpenDNS and blocking in-appropriate websites failed to work. Puzzled, I searched for a way to allow us to use the server for initial DNS, but anything else had to pass through OpenDNS. A quick search through the knowledge base turned up this article. Basically you just had to add a few lines into one of the DNS configuration files. Really simple. When I restarted the DNS service, nothing worked. I believe that is because the article linked above is for OS X Server Tiger and previous versions. After looking around in the DNS service settings (via the Server Admin tool) I found a box called, ‘DNS Forwarding’. I simply plugged in the OpenDNS IP addresses and removed all but the servers IP from the client DNS servers.

Restarted the DNS service and rebooted the client machine for good luck and attempted to login to the network home directory. It worked! Next I tried loading a site on my OpenDNS blacklist and it too was blocked. It worked just as I had wanted it too.

DNS Forwarding in my understanding works like so;

1. The client machine use the server’s IP for it’s main DNS server.
2. In my case the server contains one DNS entry (well two if you count the reverse DNS record). The one record is of itself. That way the clients know of the server.
3. Anything that isn’t in the servers DNS list gets sent to the entries in your DNS Forward records. In this case it was OpenDNS so pretty much every request except one’s for the server were forwarded to OpenDNS.

Hopefully this article can help people out who use in-house DNS and are also looking for a way to send other DNS queries to other outside services such as their ISPs DNS servers or even OpenDNS.

This past weekend, I got to try out some of the new features that come in Mac OS X Leopard Server. First, let’s back up a bit to Tiger Server.

OS X Tiger Server is the first piece of server software I’ve used from Apple. I come from the world of Linux where most of the configuration is done by hand, you have to edit your own application configuration files. There’s no pretty GUI (graphical user interface) or buttons to click on. Tiger Server saved a lot of time because all I had to do was type a few things in, click ‘Go’ and I could have a very resourceful server. In just a matter of minutes, I could be running a web server, file server, DNS server, VPN server and more! Apple really made Tiger Server easy to setup and manage. They provided some really great tools too.

With Leopard Server they’ve made it even EASIER to setup and manage. I think Apple has really extended the potential of Leopard server; they’re making it so Leopard Server has a place in the home as well as large companies. They continue to provide some really awesome tools to manage it, and it includes loads of new and cool features. When I set up Leopard Server, I did a fresh install (no upgrade) so I am not sure if some of the things I am talking about will apply to people who choose to upgrade from Leopard Server.

Upon boot up after you install Leopard server, you can choose what type of server you want. There are three options: Standard, Workgroup or Advanced. Each of the three types just had a bit different configuration in which services it uses and sets up for you. While I think this is great for people who like things done for them, I prefer to configure each service by hand (I guess that’s the Linux-side of me coming out). People who really just want the easiest way to manage their server should probably choose either the Standard or Workgroup configurations. This will also allow you to use some of the new and nifty tools that Apple has included with Leopard Server. Unfortunately when you use the Advanced server type you loose the ability to use some of those tools (you can still use Server Admin, Workgroup Manager and command line utilities though).

I am torn between letting Apple do all of the hard stuff so I can use the new tools (using the Workgroup server type) or just using the Advanced server type and handling everything myself. I’m still deciding but I have to say I think it’s great that Apple is making their server software usable by most anyone with some experience in computer and networking. So after choosing the type of server you want, Apple will go about and work its magic, setting up the services and configuring them for you.

For my tests I chose the Workgroup type, so I got the iCal service, web server, iChat service, Mail service, Time Machine backup service, the Open Directory service and a few others. I have a feeling most people will choose the Workgroup type, because it includes a lot of services while still being able to easily manage it.

One of the new management applications that comes with Leopard Server is called Server Preferences. It looks very similar to System Preferences, but it allows you to easily manage the services on your server. Over the last 2-3 years I’ve gotten very used to using Server Admin and Workgroup Manager to manage all my services and users, so if I choose to use the Workgroup server type on my live server, I’ll have to get used to doing everything through the Server Preferences application. It’s definitely a great tool for people who are new to OS X Server.

A few of the things that I am really looking forward to actually using is the wiki server, the iCal server and possibly the Time Machine service. I run a couple wikis (think of Wikipedia.org but on a much smaller scale) so I would love to move them into this service. I have a few shared calendars that need to actually be editable by more then just one person, so the iCal server will surely help with that problem.

Regarding the Time Machine backup service, it sounds really interesting, but at this point I don’t know enough about how it works to rely on that as my only backup service. It sounds really great that client machines can back up to the server rather than a local disk. It saves me from having to buy multiple external drives for each client; instead I can just point them to the server and use that as my backup location. I guess I’ll just have to do some testing!

In the few days I spent playing with Leopard server, I have to say that I am really impressed with how easy Apple has made it for someone to set up and manage a fully featured server. They include some great tools and some really new and much-welcomed features.

Here are a couple of PDF files that I found quite useful when setting up Leopard Server; check them out:

Getting Started with OS X Leopard Server
Installation Setup & Worksheet