I've currently got a PC running windows server 2000 acting as a print server. It's essentially just sharing it's printers, but all computers in the department use the shared printers on this computer. It runs very well even though the computer is about 8 years old. We've also got PaperCut NG install with unlimited user license which gives each user £2 credit each week and deletes any jobs costing more then what the user has in credit. It's saved a lot of money down to wasted prints!
Just one problem we have now is that if this old computer fails, no one can print in the department. My plan is to copy the printers from this computer to another and if the server fails, simply rename the new computer to the old computers name and everything should go quite smoothly. The only thing which won't work is the print quotas, but this wouldn't take too long to fix.
So, after reading up on how other people do it (and also trying your simple copy and paste and other menu's on the computer) I found this where they talk about Print Migration Utility. Works like a dream. Load it up on the original computer, backup the printers to a cab file. Load the program on the new computer and restore it from the cab file. Takes a while as it installs all the correct printer drivers, but what amazed me was that it was from windows server 2000 to windows xp. Perfect.
Monday 28 March 2011
Tuesday 15 March 2011
Adding local users to OS X via Command Line - Apple Remote Desktop
Media wanted all apple macs to have a "Media" login, and show a list of users for the login window. As I'd done this before I thought it'd be pretty straight forward. I found the script I used to do an apple event previously:
dscl / -create /Users/apple
dscl / -create /Users/apple UserShell /bin/bash
dscl / -create /Users/apple RealName "Apple"
dscl / -create /Users/apple UniqueID 505
dscl / -create /Users/apple PrimaryGroupID 1000
dscl / -create /Users/apple NFSHomeDirectory /Users/apple
dscl / -passwd /Users/apple "apassword"
Unfortunatley it came up with an error:
Data source (/) is not valid
I figured last time I used the command it was on OS X 10.4.11, and we're now on OS X 10.5.8. I searched on the old internet and found this post, which might have been where I originally got the commands. I also found someone else having the same error. There was a few solutions, but by far the easiest was simply replacing the '/' with a '.' . i.e.
dscl . -create /Users/media
dscl . -create /Users/media UserShell /bin/bash
dscl . -create /Users/media RealName "Media"
dscl . -create /Users/media UniqueID 505
dscl . -create /Users/media PrimaryGroupID 1000
dscl . -create /Users/media NFSHomeDirectory /Users/media
dscl . -passwd /Users/media "adifferentpassword"
The only problem I had after this (if you can call it a problem) was getting it to use a different picture. The one it seems to set is a networked picture. I did a little searching but found nothing. I'm sure the 'dscl' command could probably do it, but it seems to have a large man page on it, doh! If I get more time (unlikely) then you can get the dscl command to read the settings for a user already set up.
To set up the login screen I simply used the settings in Workgroup Managers computer management settings for "Login". Simple.
Anyway. this has definitely saved me a little time in the future!!
dscl / -create /Users/apple
dscl / -create /Users/apple UserShell /bin/bash
dscl / -create /Users/apple RealName "Apple"
dscl / -create /Users/apple UniqueID 505
dscl / -create /Users/apple PrimaryGroupID 1000
dscl / -create /Users/apple NFSHomeDirectory /Users/apple
dscl / -passwd /Users/apple "apassword"
Unfortunatley it came up with an error:
Data source (/) is not valid
I figured last time I used the command it was on OS X 10.4.11, and we're now on OS X 10.5.8. I searched on the old internet and found this post, which might have been where I originally got the commands. I also found someone else having the same error. There was a few solutions, but by far the easiest was simply replacing the '/' with a '.' . i.e.
dscl . -create /Users/media
dscl . -create /Users/media UserShell /bin/bash
dscl . -create /Users/media RealName "Media"
dscl . -create /Users/media UniqueID 505
dscl . -create /Users/media PrimaryGroupID 1000
dscl . -create /Users/media NFSHomeDirectory /Users/media
dscl . -passwd /Users/media "adifferentpassword"
The only problem I had after this (if you can call it a problem) was getting it to use a different picture. The one it seems to set is a networked picture. I did a little searching but found nothing. I'm sure the 'dscl' command could probably do it, but it seems to have a large man page on it, doh! If I get more time (unlikely) then you can get the dscl command to read the settings for a user already set up.
To set up the login screen I simply used the settings in Workgroup Managers computer management settings for "Login". Simple.
Anyway. this has definitely saved me a little time in the future!!
Wednesday 2 March 2011
Squid proxy server setup for iTunes authentication through another proxy
Yay, nice new shinny iPads. What could possibly go wrong. Doh! iTunes doesn't like the proxy server.
# ----------------------------------------------------------------------
# WARNING - do not edit this template unless you know what you are doing
# ----------------------------------------------------------------------
# the parent cache
cache_peer xxx.xxx.1.3 parent 8080 7 no-query no-digest no-netdb-exchange default login=username:password
# disk and memory cache settings
acl everything src all
cache deny everything
maximum_object_size 4096 KB
# store coredumps in the first cache dir
coredump_dir /usr/local/squid/var/logs
# the hostname squid displays in error messages
visible_hostname localhost
# log & process ID file details
cache_access_log /usr/local/squid/var/logs/squid-access.log
cache_log /usr/local/squid/var/logs/squid-cache.log
cache_store_log /usr/local/squid/var/logs/squid-store
pid_filename /tmp/squid.pid
# Squid listening port
http_port 8080
# Access Control lists
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl allowed src 127.0.0.1
acl godirect dstdomain .somewhere.co.uk
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# protect web apps running on the proxy host from external users
http_access deny to_localhost
# rules for client access go here
http_access allow localhost
http_access allow allowed
# after allowed hosts, deny all other access to this proxy
# don't list any other access settings below this point
http_access deny all
# specify which hosts have direct access (bypassing the parent proxy)
always_direct allow godirect
always_direct deny all
# hierarchy stop list (squid-recommended)
hierarchy_stoplist cgi-bin ?
# refresh patterns (squid-recommended)
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
always_direct deny all
never_direct allow all
In the end, I just used the default settings, under General I put HTTP port to 8080, Visible hostame to localhost.
After speaking with the Network administrator, he showed me a mac already in use with ipod touches. The set-up on this machine uses a deamon called "Squid", which acts as a local proxy server. So this authenitcates itself with the real proxy server, and all programs on the machine communicate with squid as a localhost, so everything works just fine. It starts at startup,but I think it should start at login.
Here's the config files, squid.conf:
# ----------------------------------------------------------------------
# WARNING - do not edit this template unless you know what you are doing
# ----------------------------------------------------------------------
# the parent cache
cache_peer xxx.xxx.1.3 parent 8080 7 no-query no-digest no-netdb-exchange default login=username:password
# disk and memory cache settings
acl everything src all
cache deny everything
maximum_object_size 4096 KB
# store coredumps in the first cache dir
coredump_dir /usr/local/squid/var/logs
# the hostname squid displays in error messages
visible_hostname localhost
# log & process ID file details
cache_access_log /usr/local/squid/var/logs/squid-access.log
cache_log /usr/local/squid/var/logs/squid-cache.log
cache_store_log /usr/local/squid/var/logs/squid-store
pid_filename /tmp/squid.pid
# Squid listening port
http_port 8080
# Access Control lists
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl allowed src 127.0.0.1
acl godirect dstdomain .somewhere.co.uk
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# protect web apps running on the proxy host from external users
http_access deny to_localhost
# rules for client access go here
http_access allow localhost
http_access allow allowed
# after allowed hosts, deny all other access to this proxy
# don't list any other access settings below this point
http_access deny all
# specify which hosts have direct access (bypassing the parent proxy)
always_direct allow godirect
always_direct deny all
# hierarchy stop list (squid-recommended)
hierarchy_stoplist cgi-bin ?
# refresh patterns (squid-recommended)
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
always_direct deny all
never_direct allow all
To get this running there is some things to run, there might be a GUI. But thinking about it, the machine was running 10.6, and I'm running 10.5, doh! I'll have to check out if it works on this first.
So, it doesn't come with 10.5. Downloaded latest version and found this website. Didn't work. You need a compiler which doesn't come on the mac, doh! Tried installing GCC compiler, which doesn't work either! Doh!
So I searched for a GUI for Squid and found SquidMan. Works very nicely, with no messing about with compiling, yay. Had a little trouble getting it to work. What is also good is that you can manipulate the config file it uses! So I copied and pasted from above, but errors came up about permission to write to log files. I left the log files section alone and pasted the rest but it came up with permission denied.
In the end, I just used the default settings, under General I put HTTP port to 8080, Visible hostame to localhost. 
Under parent I put "Use a parent proxy server", hostname proxy.chesterfield.ac.uk port 8080, and ticked "Parent requires authentication. But putting username and password here doesn't seem to work. Leaving them blank asks you for a username and password when the service starts and works without putting domains in. Yay!
Subscribe to:
Posts (Atom)