Ricoh Printer Driver Fix

Workgroup Manager is wonderful, but it doesn’t tell computers which printer drivers to use. Which is annoying when a certain Ricoh printer/copier doesn’t work with the default OSX supplied driver (unless you have postscript fonts installed on the printer) and instead just spews out pages of garbled nonsense.

Thankfully, there is a reasonably easy fix!

1. Follow this page to create a custom PPD file, with exactly the driver you do want to use. Gutenprint ones work fine!

2. Follow this page to point your Macs to that custom PPD file using Workgroup Manager.

Tada!

Gigabit Ethernet

Today our trusty and heroic ICT technician installed gigabit Ethernet switches across the school, whilst our patient and long-suffering teachers put up with occasional blips in network connectivity. And the result? Faster than fast: remote desktop becomes a dream, gigabytes of files copy in minutes, generally the network plays nicely. The only issue is that our ageing .local server doesn’t have a gigabit Ethernet card. Ho hum!

More Reasons Why I Think Mountain Lion Will Be A Free Upgrade

Interesting article about why Mountain Lion could well be a free upgrade. It seems that Apple are starting to account for Mac sales in a subscription manner, at least in part, which means that upgrades can be given for free. Free updates is one thing that I’d love to go from iOS back to the Mac!

RAv3 and VNC

One of the joys of LGfL 2.0 is that a lovely firewall is installed in your school, which by default blocks nearly anything getting in or out. One of the things that is blocked is Log Me In, a remote access tools used by schools to log into servers etc when offsite. This has not been enormously popular, but thankfully there is an alternative which is in many ways better. It’s called RAv3.

RAv3 is a service offered by Atomwide, which uses some clever Cisco back-end to allow secure remote access. I don’t really understand it all completely, but there’s quite a lot of information on their support site. Once it’s turned on, you can set up which servers or computers you want remote access to and then which users get which access. There is a web-based portal at rav3.lgfl.org.uk with various different options.

One of the technologies is called ‘any connect’, which basically opens up a secure VPN tunnel into the LGfL 2.0 network, using your USO to authenticate. For the Mac, it involves downloading a bit of software, but that means you can also go in direct from the app rather than using the web-based portal.

Once you’re in, you can then use Screen Sharing to view any servers using VNC (such as a Mac server in our case). At first I was at a bit of a loss to know how to do this, as obviously all the servers don’t appear in the network browser in the Mac. But then I discovered I just needed to use Finder’s ‘Connect to Server…’ and then type vnc:// followed by the IP address of the server. Amazing! Now I can check my server wherever I am…

LGfL 2.0 attempt 1.0.1

Tomorrow we plan to revert back to our old Synetrix broadband. Now that’s what I call a broadband fail! The only advantage for the Admin network was faster broadband, but the downside was no access to Curriculum shared files and no VPN access from our second site. Not a great trade off if you ask me.

Instead we’re going to wait until the next holidays (April) and attempt it then, merging our Admin and Curriculum networks into one and extending our IP range to accommodate more devices as well. It’s a big job – let’s hope that it works better than the last time.

LGfL 2.0 attempt 1.0

We had quite an ambitious but not unreasonable plan today of switching over our broadband at school to LGfL 2.0 by the end of the day. We nearly managed it, but with several large stumbling blocks.

We started out tackling our admin network, as they only have 13 computers and a server. This was working quite well until we realised that users could browse the internet but couldn’t access any services from the server (such as shared documents and databases etc.). Not good. This is because LGfL 2.0 does web filtering by requiring each computer to use a given external DNS rather than a local one, or something like 8.8.8.8 from Google. If you set the external DNS first, then you can’t see the server; if you set the internal DNS first, then you can’t see the Internet. Aaarrrghhhh!

After several fraught conversations with Atomwide we eventually got it to work by getting the server’s DNS to forward external requests to the external DNS. We had tried this previously, but we only got it to work by completely rebuilding the DNS.

After doing a second sweep of the Admin computers to check they worked properly, we moved onto the Curriculum network. At first, this seemed pretty straightforward as the old proxy server could be turned off on the PCs with a judicial tweak of the Group Policies and the Macs could be adjusted by pushing out the following commands using Apple Remote Desktop:

networksetup -setwebproxystate Ethernet off
networksetup -setsecurewebproxystate Ethernet off

Bargain. Changing the DNS settings on the server seemed to be a little more straightforward and soon the Internet was up and running successfully.

Sophos on OSX proved a little more tricky to fix, as I couldn’t convince it to change its preferences with Workgroup Manager. Instead I had to log onto each machine and put in the new update URL, which is now as follows:

http://sophos10.lgfl.org.uk/escosx

The next big problem then struck, in that the Internet connection was flaking out. It would sometimes connect, but would then timeout repeatedly. We tracked down the problem to the fact that both the Curriculum and Admin networks were plugged in at the same time (not unreasonable!). We’re still awaiting a fix on this from Atomwide, so in the meantime we’ve switched the Curriculum back to our old provider.

LGfL 2.0 install tomorrow

Tomorrow I’m helping our genius technician do the switchover of our network to LGfL 2.0. I sure know how to spend a half term!

LGfL 2.0 is a London-wide project where they’re switching over broadband from BT cables to Virgin Media instead. This is an epic undertaking, but from our end it just means that they install lots of new routers and firewall boxes and then let us do the physical switch-over when we’re ready. (In a slightly ironic twist, Virgin Media don’t actually have any fibre-optic cables in our area so we had to use BT’s anyway.) We did a little test a few weeks ago and the speeds are about 4x faster – yay!

The main difference with the setup at school is that there no longer is a proxy server for web filtering but instead Virgin Media’s DNS server blocks or lets sites through. We’ve got our own internal DNS server so hopefully we’ll just have to change the settings on that rather than for every machine. I’m also hoping that a Apple Remote Desktop UNIX command to all the Macs should be enough to turn off the proxy server settings. But we shall see!

It ‘Just Works’

The latest point update to OSX 10.7 was released last week and I was pleasantly surprised today to discover that all of the Lion machines had already updated themselves thanks to Munki.

I know this is not the most exciting news in the world, but I was happy to see it as our Mac server is only running 10.6 and had to be fiddled with to get it to dish up Lion updates. I followed Apple’s instructions on how to do this but at first I didn’t think it had worked. Now I guess it was just caching them all as Lion clients now seem to be happily updating themselves. Yay!

I guess that now frees up my half term to do the LGfL 2.0 switchover with our trusty IT technician Ji. Looking forward to that job…

Munki Munki Munki

When wandering around school, my heart is warmed whenever I see a Mac quietly updating itself via the unassuming genius that is Munki. (Yes, I know that I am a geek!) Usually it’s only the latest iTunes release, but even that is helpful, if only to prevent a ‘download update?’ nag screen for the user.

The only main sticking point has been with the Mac Minis that teachers use. These tend to be on all day long with very little time sitting on the login screen, which is the only time I’ve set Munki to run. I’ve set the Macs, via managed preferences, to turn themselves on at the weekend, which does help with most. The problem comes when one of the updates fail, leaving that machine increasingly behind on its update schedule. The only solution for that is to manually sit there with the computer and run a few updates at a time until it gets past the dodgy package. Whilst being a minor pain, it’s much more preferable that sending a UNIX command with Apple Remote Desktop every half-term holiday and spending a morning making sure everything has updated properly.

Wiki Server = no Fronter?

Now here’s a thought. Has Wiki Server on OSX Server basically got all it takes to do away with Fronter (our wonderful pan-London VLE via LGfL)? I think it just might…

It can do pages that are easy to edit
You could put a message board on as a blog?
You can do calendaring
It has the huge advantage that you don’t need to log in when in school to use it

Certainly worth some consideration anyway.