Install OS – Use OS X 10.3 (Panther).
Always use the HFS – Mac OS Extended (Journaled) file system. Do NOT use
UNIX file system. The Mac OS + updates from Apple will work fine with the UNIX
file system. Certain important applications will not. In particular Symantec
Antivirus for Macintosh will not run. Microsoft Office will install and run,
but the last update to it will delete files randomly from the Applications folder.
The Mac OS Extended file system does not have these problems. This may be due
to sloppy coding. The UNIX file system is case sensitive; the Mac OS Extended
file system is not.
During the install a default user account is created with administrator privileges. When prompted, name this account with a different name than will be used for normal users. This will become your administrative account. USE A SECURE PASSWORD! We will create a user account in a later step.
Insert third disk of OS X set – Run the installer and install all items.
Install Apple updates – This happens automatically if you do
a default install.
The updater needs to run twice. Restart is required after the first set of updates.
Be sure to check all items on both sets of updates.
Note: The updater will not be able to connect to Apple until the hardware address is registered. You may register temporarily by using a web browser and filling out the form for a temporary registration. This must be renewed daily and has a limit of three days. To register, simply open the browser and attempt to connect to any URL. You will be directed to the temporary registration form.
Set TCP/IP preferences – Do this for each network interface.
Click the icon in the dock with the light switch. This is the System preferences.
Click the “Network” icon. Select a network interface and click TCP/IP.
Normal setting for Fermilab is DHCP. In the DHCP Client ID box type the fully
qualified network name(computername.dhcp.fnal.gov) the computer will be known
by. Do this for each network interface. While you are in the network interface,
click the Ethernet tab and note the “Ethernet ID” (A.K.A. hardware
mac address). You need the Ethernet ID from each interface.
Register the hardware address – This must be done before you
can access the Fermilab network.
Using the Ethernet ID obtained in the previous step, register the address with
the Fermilab Node Form in the usual manner. The URL is http://fncdug1.fnal.gov:7777/pls/nodereg/node_registration.html
Set Sharing Preferences –
Open personal shares are not allowed by Computer Security. Unless you know how
to properly set up security on a shared service it should be off. As a general
rule, network services that are not needed should always be off. Open the System
preferences control panel (light switch icon) and click “Sharing”.
Verify that all unused services are off.
While this panel is open, verify the Computer Name box has the correct name for your computer (computername.dhcp.fnal.gov). This will ensure that it’s name will be dynamically registered with the DNS server. The name will be registered as computername.dhcp.fnal.gov. If you have two network interfaces active (wireless & wired for example), only the first one to connect will be registered with that name.
Set the Master Password – This setp is only needed if you will
be using File Vault.
Click the System Preferences icon > Click Security icon > Click Change
While in this dialog it is recommended that you also check “Require password
to wake this computer” and “Disable automatic login”.
Create a “Normal” user – This is where you set up
the default log on for normal work.
Click the System Preferences icon > Click Accounts icon > Click Login
Options. Click the “Name and password” button. Check the “Enable
fast user switching” check box.
Click the System Preferences icon > Click Accounts icon > Click the “+”>
Click the Password tab. Enter the user name and password information. This will
create a user without system administrator privileges.
To remove a user click the “-“.
Set Bluetooth preferences – Unrestricted Bluetooth can be a backdoor
into Macs.
Click System Preferences > Bluetooth > Settings tab. Uncheck “Discoverable”
Click System Preferences > Bluetooth > File Exchange tab. Uncheck “Allow
other devices to browse this computer”
Trackpad preferences –
Click System Preferences > Keyboard and Mouse > Trackpad tab. Check Clicking
and Dragging.
Set the time and date – Time and Date will usually be correct
but the time zone will need to be set.
Click System Preferences > Date & Time > Time Zone tab > pick CST
from list.
Set Dock preferences – Optional according to taste.
Install the Kerberos client and tools – This is the MIT Kerberos.
The instructions contain a Fermilab specific configuration.
The instructions are in Chapter 23 of the document at:
http://www.fnal.gov/docs/strongauth/webhelp/wwhelp/wwhimpl/java/html/wwhelp.htm
You will need to obtain a Host Principal if you wish to connect to the Macintosh
from another computer. Host Principals are NOT needed to connect to other computers
FROM the Macinstosh. Instructions are included for this at the above hyperlink.
Install AFS – To access AFS space directly from your Macintosh
you will need to install OpenAFS.
To be added.
Install Fermilab VPN – This is recommended if you are working
from offsite locations.
The VPN software is easy use. The Fermilab VPN uses the Cisco VPN client. You
must have and account on the VPN server. There is no documentation specific
to the Macintosh. The installer does not need any user intervention.
To request and account: https://www-dcg.fnal.gov/vpn/vpn_reg.cgi
More information: http://computing.fnal.gov/vpn/
If you already have a VPN account, and a Fermilab .pcf file, you can skip the downloading step.
The downloading process is a little unusual. There are two logons. After registration you will receive an email with instructions and a URL. After clicking the URL you will be sent to a page that has a graphically encrypted password. Type the password into the provided space. This logon times out in 30 seconds. A username/password logon appears next. Type the username and password provided in the email and select “MacOS” from the list box. This username and password are only good for the week. These are NOT your account username and password. The download prompt appears and downloading of the software begins.
Two files are downloaded. The Cisco VPN software for Macintosh in .tar.gz format and a .pcf file. The .pcf file contains a Fermilab VPN profile containing server address and logon settings. The VPN software will be expanded to a .dmg file. Double-click the file and it will create a disk image on the desktop. In this virtual disk double-click the .mpkg file. The VPN will install. You will be prompted for an administrator account name and password.
The install creates a VPN applicaton in the Applications folder. To use the VPN double-click the icon. When it has opened, click the “import” button. Navigate to the location you have stored the .pcf file and select it. Click Open. That completes the installation and setup.
To use the VPN, double-click the application icon. After the application starts, click the “Connect” button. You will be prompted for the VPN account name and password which you requested.
A copy of needed files can be obtained from John Urish or Andy Lego if downloading is not available.