OSX Server - What works and what Doesnt

So after 2 months of using OSX server, here's the update:

What we're using it for:

1) Central file server - I often have to fix permissions on the shares as someone will copy things into a share and the file will be read only to others in the same group. Since the UI is messed in Leopard (see previous post) you have to fix this through a VNC connection on the server which means you need to be an admin. Apple really needs to fix that.

2) DHCP - this is working, although some of the engineers have complained that the OSX DHCP server seems slow.

3) DNS - no real complaints here

4) Mail - The UI around the mail setup was weak and broken. Has anyone tested that? Some things we had to do:

    /etc/postfix/master.cf -> uncomment submission inet n       -       n       -       -       smtpd
        enables port 587

    /etc/postfix/main.cf -> add tls_random_source = dev:/dev/urandom (gets rid of some error messages)
        "no entropy source specified with parameter tls_random_source" 

    /etc/imapd.conf -> add tls_ca_file: /etc/certificates/wasabi.nasuni.net.crt (gets rid of more error messages)
        "TLS server engine: No CA file specified. Client side certs may not work"
  
        http://www.corpmac.co.uk/2008/09/30/tls-no-ca-file-specified-reason-and-solution/

They also don't let you add aliases other than Groups so you need to:

sudo vi /etc/aliases
sudo newaliases

Also note that when you stop the mail server and restart it through their UI (i.e. after you changed some settings) you often lose the first email that gets sent after restart. Nice.

Generally i'd recommend using someone else's mail server. The experience was not an "apple" one.

5) Open Directory - Apple uses this for all the user/group management and I havent had to touch it.

6) Radius - We use this for Cisco VPN authentication. Note that OSX server didn't really support this in the UI, so you need to follow some instructions.

7) Software update - saves multiple macs downloading to the same spot. Note that the first time you turn this on its really painful as it brings in a lot of updates.

8) Backups - the server time machine's itself and presents itself as a time machine target for any clients to use.

What we're NOT using it for:

1) Wiki - I used the Apple Wiki quite a bit. Its VERY limited. The WYSIWYG is nice, but you don't always get what you see and it can do some odd formatting stuff. If you want to do more advanced stuff you get thrown into HTML and the HTML is cluttered and hard to manage. You can't do a lot of basic stuff and eventually I punted and went with the tried-and-true MediaWiki which i'm very happy with. Its running as its own VM.

2) Web Hosting - I didn't really even try this. I wanted a server that wasn't hosting all the stuff above to be our external web host. So I created a standard Linux VM and am hosting the site via Apache.

3) Firewall - We have a decent Cisco firewall so I didn't try the OSX server firewall.

4) Our source code control/bug tracking etc is off on Linux VMs.

OSX Server bonding issues

We had some crazy issues with our OSX server setup. When we had clients join the server we had odd permission problems, synchronization issues with passwords etc. After much mucking around it turns out it was mostly our fault. Our OSX server is also a target for SSH from the outside (not on the normal port 22 and requiring certificates). To support logging in I had created some local user accounts on the OSX server machine, and for convenience I had given them the same names as the server accounts.

DONT DO THAT

OSX server gets very confused if you have local accounts with the same names as the server accounts. And you don't need the local accounts anyway as you can enable the server accounts to login/get a shell through the admin tools. Deleting all the local user accounts and enabling the ones we needed to login helped a lot of the issues.

The Leopard client still does odd things when you're looking at group/user permissions (and ACLs) on network shares. Seems that Apple messed this up in the UI in Leopard so that if you look at them you see things that just don't make sense as the users/groups are not getting copied over from the server and displayed correctly. Under the covers of the UI the right things seem to be happening but it can be confusing for the users.

OSX Environment and IE

In our vision for an All-Mac office we sort of expected to be able to pull that off without any bumps. I mentioned previously that I ran into early bumps of some office environment management apps that required windows. Later I found out that our bank (Silicon Valley Bank) and our payroll group (ADP) both have web sites that are not friendly to non-Windows/Internet Explorer environments. I proceeded to setup a new VM with Vista Home ($199 for the full install) for our office admin to run just for IE for these sites but otherwise to use the Mac side of things. When you run into mainstream companies that lack support for non-Windows platforms with their websites you really get a sense of the size of the Linux/OSX market on the business side of things.

Another thing i'm amazed at is that Vista Business sells for $300, but I can buy a full Netbook with Vista Home for $300, or a Dell Inspirion 531 with Vista Home for $249. Vista Home sells for $199 for a fresh install which is required for VM use. So the hardware is worth $49. You can setup a VM for $199 or you can have dedicated hardware for $249. While I went the VM approach mostly because I dont want more hardware to deal with (power, cooling, all that) the economics just don't make sense. 

EveryTrail

Just got back from a bike ride with the kid. Got to use my new iPhone attachment for the bike and EveryTrail iPhone app. Thats a nice combination and lets you keep track of rides.

Ride with Lydia

Widget powered by EveryTrail: GPS Geotagging

Netflix, Flexplay, and RedBox

I'm currently a Netflix subscriber (cheap plan, 1 out at a month unlimited with Blu-Ray = $10.99/month). I average about 3 movies a month. This means each movie costs me about $3.65 to watch. Whenever possible I watch them in BluRay format. 

The other day I noticed how many RedBox outlets there are around where I travel. Gas stations, grocery stores etc. With RedBox you pay $1/night and you can reserve movies. They have pretty current movies, but no BluRay options. There's no subscription fees and you only pay for what you use. This could possibly drop my monthly cost, but i'd have to know in advance that i'd be able to watch a movie in a given night or i'd end up paying for an extra night (and feel the pressure to watch soon). The fact that the price can stack up if you don't watch it once you take it out puts me off. The lack of BluRay is disappointing too. 

Shortly after running into RedBox I noticed a 48-hour self destructing DVD option at Staples called FlexPlay. It chemically self destructs its playability (in a way that doesn't break your DVD player) 48 hours after you open it. Staples generally sells the disks for $1. The outlets aren't as convenient (in this case tied to Staples store hours) and the movies aren't usually as new as Netflix and RedBox (or updated as frequently). On the positive side your expense is capped at $1/movie and you can "queue" them up by buying several and having them handy and watch whatever suits your mood. If you rent via their web site they "rent" the movies at $4.99, they're not going to win the war with that kind of pricing. At $1 and with more outlets I can see how they could be competitive with RedBox. With the limited availability, older movies, and poor pricing direct they're out.

Ok, you're probably wondering why I dont just do video-on-demand and pay just for what I watch. A couple reasons, my bankruptcy-declaring cable company charges $5.99 per rental (HD). Thats more than my average cost via NetFlix. In addition, their movie selection is worse than Netflix and RedBox. And finally about 50% of the time there are issues with the video on demand playback.

Currently NetFlix appears to be the best option as it gives me the most flexibility when I play the movies and the quality/availability of what I want. Its largest downside is the fact that I have to wait 3-4 days after watching one to watch another. I could pay more to have more flexibility but given how few I watch it doesnt seem worth it. If someone could deliver HD video on demand at an equivalent cost to NetFlix then i'd switch but given where I live and the monopoly of the local TV provider, i'm stuck for a while.

iTunes Music Video Playing Problems

If you happen to be having problems playing music videos in iTunes I
found an odd behavior: If you use multiple speakers normally for
playing music, then Videos won't play when you have multiple speakers
selected. You have to choose just the speakers of your mac and then
the videos will play. Seems like a bug to me -- there should at least
be a warning.