Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Who to Believe?

I won’t go into all the gory details, because I don’t want to speak ill of any person. Suffice it to say that events transpired in my church that led to the departure of a respected member, someone who had shown Christ in his/her actions every step of the way. If you’re a Christian, you know the kind of person I’m talking about—he/she is the one that you really respect, that you can just tell His Presence is with him/her. He/she is the one that you can always trust to be honest with you, even when the truth is not what you want to hear. He or she is that person that always speaks respectfully of others, even when in strong disagreement with those others. This was the kind of person that left our church, and in my humble opinion our church is lessened by his/her departure.

(Read more...)

A Couple Cool Mac Discoveries

The first of these discoveries I found while working on the Kerberos SSO article, and while verifying information for my updated Linux-AD integration instructions for Windows Server 2003 R2.

(Read more...) API Change

Fortunately, the fix for Cocoalicious is really straightforward; simply go into the preferences, change the API URI to “”, click OK, then exit and restart the application. All should be well after that. (At least, it worked for me.)

(Read more...)

Kerberos-Based SSO with Apache

The key to the magic here is the mod_auth_kerb module, which adds Kerberos authentication to Apache. This module not only allows Apache to use Kerberos on the “back-end,” so to speak, but also supports the SPNEGO and GSS-API stuff on the “front-end” that allow it to transparently authenticate users connecting with supported browsers, without ever prompting for a password.

(Read more...)

Linux, Active Directory, and Windows Server 2003 R2 Revisited

UPDATE: A revised version of these instructions is available here.

(Read more...)

VMware on Mac OS X

Various sources (this notice on and this notice on MacNN) alerted me this morning to the announcement by VMware of a Mac OS X-based version of VMware Workstation, intended to run on any Intel-based Mac system.

(Read more...)

Assorted Links

I have a variety of links and articles, mostly security related, that aren’t really substantial enough for a full-blown entry, but I wanted to mention them anyway.

(Read more...)

Disabling AD Replication

Replication is bidirectional, occurring both inbound and outbound. Each of these directions can be disabled/enabled indepedently of the other using the repadmin command. The repadmin command is part of the support tools, included on the Windows 2000 and Windows Server 2003 CDs but not installed by default. (Installing them is highly recommended in all situations.)

(Read more...)

Complex Queries Against Active Directory

For example, consider a situation where you may need to compare two different attributes in Active Directory and list those accounts where the two attributes aren’t the same. One excellent example is the situation where an organization has standardized on UPN (User Principal Name; looks like an RFC 822-compliant e-mail address) logons, and each user’s UPN is supposed to match that user’s e-mail address. How do you go about finding those accounts where the UPN and primary e-mail address don’t match?

(Read more...)

Best Practices Analyzers

The Exchange Best Practices Analyzer (ExBPA) has been around for a while now, and is a very useful tool in making sure that your Exchange implementation is following recommended best practices from Microsoft for optimal performance, reliability, and scalability. The ExBPA was recently updated to include the ability to check the overall Exchange topology for readiness to upgrade to Exchange Server 2007. The Exchange team blog has full details on the new “Readiness Check” in this posting.

(Read more...)