##osx-server

macmule: i'll get my sensible chuckle when its the windwos machines that finally get affected and they they are in "oh fuck" mode

if i remove the framework from the machine, delete the record in JSS, then recon the machine

it's fixed

micabeza: so i'm starting to look at our win10 deployment.. i'm the same in both camps.. bugger

our win10 machines cant even auth

10.10 machines will auth, but with those logs

its also really awesome for monile too

mobile too

micabeza: well i'm also going to redo our wireless infrastructure this year.. so that might be handy

everyday iphones need to reaccept the cert from the wifi

just ios8

micabeza: yea we see that.. but not every day... haven't tracked that down as i know it's broken anyways

im sure its the same thing

no LEAP again

cause the issue isnt present on our guest networks

just the WPA2 Enterprise

what are you using for wireless now? cisco?

yea cisco with MS win 2k8r2 for auth

macmule: sounds like you are in the same boat i'm in

certs keep failing for clients?

iOS keeps being prompted

just iOS?

just iOS8 here

7 devices are still fine

are they being managed?

nope!

micabeza: huh.. is it a self signed cert?

micabeza: how are they getting the cert?

i thought u meant managed in JAMF

well managed at all

its just an exchange 2k7 acct

like air watch, jamf

ok yeah thats unmanaged

how are they getting the cert for the wifi?

thats where im not 100% sure whats ont he back end yet

uses AD creds to auth

kinda new here and the dept is in total disarray...

micabeza: is they were managed you could push the cert..

they're personal devices and we have an extremely liberal IT policy

micabeza: so here is the workflow(correct me if i'm wrong). 1) BYOD 2)Exchange Mail Account on Device 3) WIFI using WPA2 Enterprise

correct?

yep

thats exactly it

ok are all of your wifi ap's set for roaming?

or are all of them just set at the same channel?

again, info im not provided with

ok, well here is the possible issue.

im sure its roaming as i see tha handoffs in my mac logs

ok, then if it's handoff, is it a 5g or 2.4g signal?

5ghz/n/20mhz channels is all i know

ok, with 5g you need to make sure your ap's are offset to each other's channels

that im sure they are

if you don't it will keep dropping the users even though you have roaming turned on

because the ap's are fighting over the airways

but the issue doesnt persists on just the WPA2 guest newirk w/o the AD auth

is that network setup exactly the same?

just just the WPA2 enterprise

and its just ios8

and 10.10

ok

which auth version are u using?

i knwo its the auth protocol

weve been using LEAP, but 10.10 and ios8 went peap

you see the auth logs i posted macmule?

yep

we knwo

micabeza: only way you can turn on LEAP is with apple configurator

or DEP

so BYOD is SOL

Hey, can an older version of OS X Server (Mavericks) push updates for newer OS X Clients (Yosemite) with the Software Update?

SUS?

zer0her0: There certainly were KBase articles on doing that around the "10.3 SUS serving 10.4" updates, but not finding any for 10.9 serving 10.10 updates

zer0her0: not out of the box..

foigus: would caching server work?

It probably would

As long as bandwidth reduction is the goal

If limiting updates the goal, the no

Ok. Two of the more rebellious designers have updated their machines w/o telling me.

Maybe it's just time to get everyone switched over.

well, do all your checks and balances.

zer0her0: This is either right, or not up to date http://support.apple.com/en-us/HT200117

foigus: we're looking at moving to caching server & then using: softwareupdate -ignore when needed

OS X Server on Mavericks can provide Apple Software Updates to OS X Mavericks, OS X Mountain Lion, OS X Lion, and Mac OS X v10.6 clients.

foigus: out of date.

May 2014

The lists of earlier OSes don't show any $current+1 options

Note: If you connect a Mac OS X client to a Software Update server not listed above, you may see some software updates listed, if those updates were released for multiple Mac OS X versions. However, you will not see the full list of updates available for your client unless you connect to a Software Update server running a version Mac OS X Server listed above.

foigus, thank you, that would suggest that is the case.

Huh, 10.6 Server could serve 10.7 updates, but that's the only one

That was our last server version, and probably why it wasn't an issue before.

zer0her0: you can serve updates for any version of OS X on just about any OS: https://github.com/wdas/reposado

No need to limit yourself to Apple's tools.

gneagle: beat me to it.. :)

gneagle, it's easier to upgrade our mini server to Yosemite then to use that. I'm only IT because I have the background, my real job is meant to be a video, media, and web designer.

zer0her0: It's not that scary.

What else does your mini server do zer0her0

gneagle, it's not about being scary, it's about having the time.

it's mostly just a file server, the SUS is just an added bonus to reduce bandwidth a bit.

You can install and configure reposado in far less time than you can upgrade a working server to Yosemite.

zer0her0: SUS lets you manage which updates are installed, if all you care about is caching and bandwidth you should look at caching server.

once again people, i'm not full time IT.

zer0her0: Agreed--if the goal is "less bandwidth usage" CS is a lot less work and less client configuration

Yes and since you're not full time IT there's no reason to run SUS over caching server if all you care about is bandwitdh.

zer0her0: it'll literally be turn on the service.. only work will be resetting the clients to look at Apple's SUS..

zer0her0: We've outlined options. Only you can decide which ones are right for you.

we have very little turn over here, i'm the "newest" employee, and i've been here 8 years next month. We upgrade our machines every 4-5 years, and we just got our upgrades this year, so we won't be seeing new machines for another 3-4 years.

zer0her0: But as macmule pointed out, to have your clients take advantage of your Caching Server, you'll need to tell them to _not_ look at your SUS.

A problem in the past was that if you upgraded an Apple SUS to server updates for 10.Z it stopped providing updates for 10.X

SUS is working just fine, just the two yahoos that wanted the latest and greatest w/o telling me they were upgrading then wondered why they stopped getting upgrades. It just looks like forced my hand to upgrade everyone sooner rather then later is all.

It was difficult to use an Apple SUS to provide updates for all the machines you might have

Once I switched to reposado I stopped paying attention to Apple's SUS, so I don't know if that's still an issue.

all our machines are able to run 10.10 just fine. so it's just making sure people have moved their data to the server (just in case) and do upgrades this week.

gneagle when I was on 10.6 server I had no issue providing updates to the various machines we had at the time. (when I came on it was a mish mash of all sorts of machines and set ups).

gneagle: http://support.apple.com/en-us/HT200117 server vs. client compatibility

foigus: looks like Apple has mostly addressed that issue, then

Except for the "providing updates to OSes newer than the server bit"

My reposado server runs on an Xserve running 10.6 Server and provides updates for 10.5-10.10

and will almost certainly handle 10.11 when it is available.

I liked this image when it came out: https://dl.dropboxusercontent.com/u/8119814/SUS...

gneagle, i'm not knocking Reposado, and I totally understand how it can be useful. Our dept is about a dozen work stations and they upgraded together as our designers often work on projects together so i, thankfully, don't need to worry about being out of step by more then 1 version.

Honestly, I'm gonna get rid of our SUS & move to caching server. We don't do testing branches etc..

gneagle: I like that image.

I can never keep track of whether it's TLDR; or TL;DR

Ditto macm

zer0her0: When I post info here it's for everyone. Use the info or don't -- that's up to you.

There's lots of great tools out there and not everyone knows about them.

oh agreed.

& some with fill a need for you & your org, others won't

1 orgs "best practice" won't apply to another... Etc...

truth.

double truth.