LinkBack URL
About LinkBacksDoes any one know how you set up the Mac update service to deploy updates to the mac clients just like the windows wsus does.
Mac Update Service (WSUS 4 MAC) Does any one know how you set up the Mac update service to deploy updates to the mac clients just like the windows wsus does.
If you have a mac server you an enable the update server on it to have a local mirror like wsus. It does take a couple of hours before it says the service has started as it downloads everything before reporting as being enabled. You can then point mac clients to it with the update setting in managed preferences.
There is still one huge issue with this, updates cannot be applied automatically and always prompt and require an admin password to be installed.
All it does is save on bandwidth.
you could run a cron job to auto update/install?
dont know if these cammands could be scripted, sorry bit out of touch on mac side these days
http://macenterprise.org/content/view/117/130/
edit again:
thinking about it i would probably not want a WSUS updating method, some updates can be very large and could cause some unwanted outcomes, i would advise to use the above commands with a tool such as Apple Remote Desktop to send the unix command to groups of machines. create Saved tasks for each room and then you can choose when to do it at a click of a button
you'd be crazy to deploy service packs on windows while people are using the computers!
Last edited by gaz350; 3rd December 2008 at 08:18 PM.
I didn't know about that! I've not even found it when googling about automatically applying updates. Just trying it out now.
yeah there is a cool ARD script that does a mexican wave with cd trays too :P
here you go
Macenterprise.org
If you have a bunch of emacs or orignal imacs with cd trays
video!
http://stream.qtv.apple.com/qtv/acst...ndunix_300.mov
Last edited by gaz350; 3rd December 2008 at 08:45 PM.
Does anyone know more info on how to use the unix commands for updates? Do any of you people have macs in the school and how do you update yours?
Each time i have tried to run software updates from ARD it never works. I just get an NSURL error or something like that. I can go to each client manually and run the software update tool and it fins my server just fine and downloads and installs the updates form it too.
I can also list the updates using ARD on the whole Suite of macs in our school using softwareupdate -l and running the command as root user. But the command fails as admin user but then when i run the command softwareupdate -i to install as root it fails and IIRC when run as admin fails as not enough access ? I could be wrong on the last bit though as its been a while since i last tried it. Running as admin may give the same error as root.
Is this a configuration error on my part or something that just doesn't work as expected?
I have asked this question numerous times but never really got a definitive answer. I have been told that softwareupdate -i doesn't work in ARD yet i read that some people have managed it.
Hi
Apple's Software Update Service will struggle (if it works at all) if access to the Apple's downloads servers (akugami.net) is via a Proxy Server. Of all the schools, colleges and other educational establishments I've been to up and down the country I've yet to implement this service because of this limiting factor.
SUS tends to work best in an Open Directory environment and when mac clients are joined to the LDAP node and have the Software Update as a managed preference. This can be done at either User, Computer or Groups level. I'm not sure if the service can be made to work in an AD-OD environment? However see above as to why.
It does not make any difference if the OD Master is 10.4 or 10.5.
As ever it always comes down to how well the DNS Service is configured. Especially the Reverse Pointer. I have been to schools where there is an existing Active Directory (supposedly working) only to find no Reverse Zone had been configured.
Apple's Open Directory tends to struggle if the network environment consists of HP ProCurve Switches with VLANs applied. Even if VLANs are not applied yet the tags remain it will still struggle. It also struggles with some Class C subnets - 255.255.192.0 for example but only if the information is provided by DHCP. It does work if the addresses are manually set.
By the way Netboot does not work with class A or B subnets unless the server and clients are within the same range/subnet or if there is a Netboot server for each range/subnet.
If your mac clients are a mix of 10.4 and 10.5 (previous OS are not supported) machines and you want to 'push' out SUS as a Managed Preference then your SUS Service must be on 10.5 Server. If your server is 10.4 and if your clients include 10.5 Client OS then these macs will only receive updates common to both OS. For example, iTunes, Safari etc updates. 10.4 Server cannot 'serve' 10.5 specific updates to 10.5 clients.
Bear in mind the updates I am talking about here are for Apple specific applications and Apple specific OS. If you have the suite of Adobe applications installed these are updated via Adobe's updates servers, not Apple's. SUS does not recognize other updates specific to the mac platform.
You can use the command line to point clients to your SUS server. Consult the relevant manual page (man defaults). The XML file (or property list - .plist - that is changed is the one found in /Library/Preferences, not the one in /User/Home/Library/Preferences. This can be hit and miss.
The other method of pushing out mac specific updates is as already mentioned here. However you would have to manually download these first. Makes sure they are all available on a mac used for administrative purposes that has ARD installed. You could install ARD on another mac (or multiple macs depending on your license) and use that/those as a Task Server or Task Servers. That way if you have lots of updates to 'push' out the load can be spread over two or more macs.
Clearly for the above method to work updates and/or applications must be in .pkg or .mpkg form.
Finally you can't provide updates to Apple specific software for the Windows platform. Yes I know Apple's own documentation says its possible however it is wrong. If some of you have consulted Apple's Server specific Administration software before you will have probably realized that quite a bit of the documentation is at best generalized and at worst inaccurate.
I hope this helps a little in clearing up what confusion there is regarding the Service, Apple Updates and other related matters in general?
Antonio Rocco (ACSA)
Thanks for helping out on this one Tony!
Hope you are well?
Paul
Last edited by kingswood; 9th December 2008 at 08:03 AM. Reason: Cold induced spelling mistakes
AntonioRocco (9th December 2008)
Hello Paul
You are more than welcome! I am well thank you and still very busy! Not unlike yourself?
There is lots more I could post if I'm asked.
Take care and have yourself a nice Christmas!
Tony
Lots of information there. A fountain of all knowledge as always Tony.
I have the Software Update Service running relatively fine within my AD-OD structure. It accesses my Apple servers Software update service for updates so bypasses the proxy to the local addresses but not through ARD. I can deploy packages through ARD that I have downloaded beforehand, except the security update for the DNS issue that they deployed. This one failed on every machine every time. So i had no choice but to do it manually.
I run this command
The error i get is this one:Code:softwareupdate -i -a
When run as admin it says it needs to be run as root.Error: Operation could not be completed. (NSURLErrorDomain error -1100.)
Software Update Tool
When using the command:
as root i get:Code:softwareupdate -l
But when run as admin i get:Operation could not be completed. (NSURLErrorDomain error -1100.)
Software Update Tool
This suggests to me that the command line Software update tool wants the admin user instead of the root user, but it can't run under admin to install, giving you a catch 22 situation. These commands were all run against the same computer one after the other.Software Update Tool
Copyright 2002-2007 Apple
Software Update found the following new or updated software:
* iPhoto715-7.1.5
iPhoto Update (7.1.5), 11180K [recommended]
* FrontRowUpdate2.1.6-2.1.6
Front Row Update (2.1.6), 13430K [recommended]
* DVDorCDSharingSetup-1.1
Migration and DVD ⁄ CD Sharing Update (1.1), 11350K [recommended]
* AirPortExtremeUpdate2008004-1.0
AirPort Extreme Update 2008-004 (1.0), 2259K [recommended] [restart]
* RAWCamera23-2.3
Digital Camera Raw Compatibility Update (2.3), 4370K [recommended] [restart]
* CompatibilityUpdateforQT755-7.5.5
QuickTime H.264 Compatibility Update (7.5.5), 3410K [recommended] [restart]
* iTunesX-8.0.2
iTunes (8.0.2), 61740K [recommended]
* JavaForMacOSX10.5Update2-1.0
Java For Mac OS X 10.5 Update 2 (1.0), 139950K [recommended]
* SecUpd2008-007-1.0
Security Update 2008-007 (1.0), 31810K [recommended] [restart]
How Apple have implemented the managed preferences for proxy and exceptions is also very strange. You can still actually edit the fields if given enough permissions to get to them. I can't remember now if they actually changed anything when the fields were changed, but the fact that you can edit the contents of these fields is confusing. They have also done away with the managed preference for managing the default mail and web browser.
Very much missed here
The documentation is where Apple are way behind MS (apart from their Server software anyway). It needs to be dramatically improved. MS may have more issues, but maybe its because they admit to them more.
Just my second 2p worth
Last edited by HodgeHi; 9th December 2008 at 09:46 AM. Reason: MS admitting
Hello Mark!
Thank you for your kind words! I trust you are well?
Firstly congratulations on getting SUS to work in an AD-OD environment. I'm not surprised you had to bypass the Proxy.
I have nothing but respect for all of you Windows System Admins working in the environments you find yourselves in. I've seen how tough it can be. Most of the time you're on your own with not much control over the budgets and at the mercy of every teacher's whims and wants. A lot of them from wht I've seen generally impractical or even a waste of time.
I was at one site recently which was a new build, Cat 6 throughout yet not one Gigabit Switch anywhere. One step forwards, two steps backwards? This is not a criticism only an observation.
Of course you are right. There are those oddities and inconsistencies you mention. We have to do the best we can and work with what is there. Nothing is ever perfect regardless of whether its Microsoft or Apple. But of course you know this already.
In my experience the error message you see is sometimes indicative of a DNS Resolution or authentication problem? Which is strange as I happen to know your internal DNS Service is as good as it can be. Perhaps its a DHCP problem? Have you considered assigning fixed IP addresses to your Mac clients and trying again? Perhaps the error message might change? At least that way you know the problem has moved forwards in some way?
The commands you listed are ones I generally run although you could also try sudo softwareupdate -i -r instead.
At this moment I can't think of anything else to offer?
Tony
HodgeHi (9th December 2008)
I'm keeping very well Thanks Tony.
At this moment in time all my clients are using DHCP with manual address. This allows me to set the IP of the machine and set the DNS entries to be fixed as well. There is then two entries for the reverse lookup. One being the XP side and the other being the OS X side. I have never had an issue with anything else in regards to the DNS setup here.
I currently have perhaps the most DNS demanding OS X service running here, for instance, iCal service with augmented AD users along with kerberos authentication to the service, iChat service with AD users in the Buddies list, online group Wiki,blog and Calendar service as well as email for both Pupils (internal only and on separate server from Staff but can mail to staff) and Staff email which can also mail externally) and netboot using FQDn in Net-restore's config files.
I think most of it works like it should (with a bit of a shove in the right direction). The weakest link from the whole server setup has been SUS and it's interaction with ARD. I don't think it worked correctly with ARD in 10.4.11 either. Is it just me???????
Hello Mark
No I don't think its you at all. I already knew a little of your environment. You are one of the few I know of who is pushing these technologies as far as you can take them
I did have a 'What if' which I'm guessing you may have already tried? As an experiment and only if it's possible take AD and OD out of the mix completely? For example if you can get your hands on a 'vanilla' mac client or unbind an existing client from both nodes. ARD should work with the local admin account alone in the way you've already mentioned without throwing an error message.
Tony
HodgeHi (9th December 2008)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
