Macintosh Affinity Group Notes March 28, 2006 Attendees: Anne Connell - Design Kim Daboo - HSS Jim Hawthorne - Psychology Craig Lewis - SEI Nick Pegg - Psychology Drew Potratz - Chem Mike Riley - SCS Jim Schubert - SEI Rashid Siddiqui - Libraries Marc Siskin - Modern Languages Paul Vranesevic - SCS Daniel Willard - Math Comp Svcs: Duane Mengo Yerin Kay Justin Angelo David Baisley Joe Jackson Debbie Cherry Ted Pham Jim Foraker Laura Valentine Sachal Lakhavani Some of the major issues addressed were: * using Carnegie Mellon authentication, but needing to restrict access to the department, or grant guest access * backup and imaging solutions * Active Directory access & general Mac access to Windows shares * maintaining and updating machines automatically * finding peripherals & drivers Useful websites: * macenterprise.org is good place to look for admin tools * http://www.cmu.edu/computing/project/macosx/ Software: * Imaging o radmind - Computing Svcs uses this for image distribution from servers to machines. www.radmind.org * Backups o TiBS (teradactyl.com) - H&SS, SCS * One driver for a switch to TiBS was that it can write to a drive and then to tape, so it's faster. Retrospect only writes to tape. * Design needs to handle large backups - 40+ gigs - TiBS is probably a better solution than Retrospect for this o Retrospect - MLRC, Libraries o Time Navigator - ACIS CMU Authentication * Documentation on setting up a Mac to use this is good (http://www.cmu.edu/computing/project/macosx/) * Problem: can't grant guest access (Libraries has a day pass for non-CMU users; doesn't work on Mac because Mac needs a real Andrew account) o Solution: when network guest accounts are implemented, should solve this * Problem: Need to restrict access to machines to a department o Solution: LDAP Groups, when available, should help with this Active Directory access & general Mac access to Windows shares: * Computing Svcs is looking at ADmitMac (admitmac.com; thursby.com) and Centrify (centrify.com) o Centrify can use Win policy to make a Mac machine part of AD o ADmitMac is not working as well as hoped, because it passes userid/password in the clear * Integrating Intel Macs into existing infrastructure? o Drew Potratz (Chemistry) is holding off on this. o Kim Daboo (H&SS) is having problems with having Intel Macs access files on domain PCs. MS UAM doesn't work. Microsoft sent someone to work on the problem for 3 weeks but then stopped, but now there is renewed interest. * Note: MacOS 10.4.6 supposedly solves this problem Maintaining and updating machines automatically * There is a command line version of Software Update that can be set up to run as a cron job. * Problem: There are sometimes isses for certain updates (such as QuickTime) that ask the user for a key, and the update will stop and wait for this information. o Solution: ARD (Apple Remote Desktop) Agent lets you work around this (Debbie says mostly after the fact, not before) o Solution: before running Software Update, set an environment variable: * For csh/tcsh: setenv COMMAND_LINE_INSTALL 1 * For bash/sh: setenv COMAND_LINE_INSTALL=1 export COMMAND_LINE_INSTALL * Problem: People may have their machines shut off when a cron job is supposed to run. o Solution: Anacron is a utility which checks to see if greater than a certain period has elapsed between jobs running, and runs them when the machine is next on after that period has elapsed. Finding peripherals & drivers * Mac-compatible 11x17 scanner - Epson XLs. (Design has these; they are expensive flatbed USB scanners and sometimes can be found refurbished.) * When peripherals are unmarked as to compatibility, often contacting a Mac-specific vendor like MacMall can help * Because large companies have different groups for Europe and North America, sometimes you can find Mac drivers for peripherals on the European sites when they aren't available on the NA sites. * Debbie says: There are third-parties that make drivers/scanner software for many models. VueScan www.hamrick.com and Silverfast www.silverfast.com are two of the most common. Also [not mentioned at the meeting] many Epson scanners will work with Apple's Image Capture, unfortunately Apple hasn't updated the tech note since 10.2 . Organizational issues: * Meeting timing: quarterly is acceptable for most people * Suggest NOT on a Forum day - perhaps a Friday half-a-month from the Forum? * Best way of organizing information & getting it out to people? Wiki page with contact information?