What are you bitching about and IPv6?

Over the past several months, my company has been dealing with AD/OD integrations with Lion 10.7.2 and the customer’s environment is using “.local”. If you are not familiar with the history between “.local” and Apple computers simply put: they don’t mix. PERIOD. It all stems from Apple OS X Clients using the naming convention of “ComputerName.local” as its address for Bonjour services. When an Active Directory (AD) environment uses something like “company.local”, Lion doesn’t know if you are talking DNS or Bonjour… so it just tries everything, thus giving you delayed authentication (login) against your AD controllers.

With the release of OS X Lion, Apple stepped up the complexity notch and introduced IPv6 in its broadcast for resolving names, thus now you have four sets of timeouts to compete with:

1. IPv4 DNS
2. IPv4 Bonjour
3. IPv6 DNS
4. IPv6 Bonjour

Normally, if we can’t get DNS working from the customer on their Windows AD domain controller, we’ll utilize Apple’s DNS service to place GOOD values until the customer can work out the “fun” of Windows DNS (hint, the more domains and the more domain controllers… it seems difficult in keeping records versus AD replication making things automagically disappear). One issue, Server Admin doesn’t allow for creating IPv6 records (a.k.a AAAA records) so we’re going to crank these out by hand!

Configuring Mac OS X DNS for IPv6 Records

Before we go any farther, I’m warning you now… modifying BIND configuration files by hand could will cause you grief later. You have just committed yourself to the rest of your life on hand modification of DNS records because once you start using Server Admin again… it may (and most likely) remove anything it doesn’t understand. That’s the joys of Apple’s Server Admin tool.

If you have never looked at creating and/or adjusting BIND records on an Apple Server, I would first HIGHLY recommend you pick up a copy of Ed Marczak’s Mac OS X Advanced System Administration v10.5. It explains a lot about DNS and configuring BIND from command line starting at page 89 – 104. I’m not going to over the intricacies, I’m going for the dirty nibbles of IPv6 and what files you will adjust or create.

Read the rest of this entry »

What is IPv6?

I don’t feel that anyone reading this in 2012 has never heard of IPv6. The easiest way to put it it’s a combinations of HEX values to make a big ugly “thing” that represents your computer. IPv4 was simple; four octets made up of a value from 0-255; thus 192.168.1.111. IPv6 takes this to a new other level. From Wikipedia:

IPv6 addresses have two logical parts: a 64-bit network prefix, and a 64-bit host address part. (The host address is often automatically generated from the interface MAC address.[37]) An IPv6 address is represented by 8 groups of 16-bit hexadecimal values separated by colons (:) shown as follows:

2001:0db8:85a3:0000:0000:8a2e:0370:7334

The hexadecimal digits are case-insensitive.

The 128-bit IPv6 address can be abbreviated with the following rules:

• Rule one: Leading zeroes within a 16-bit value may be omitted. For example, the address

  fe80:0000:0000:0000:0202:b3ff:fe1e:8329

  may be written as

  fe80:0:0:0:202:b3ff:fe1e:8329

• Rule two: One group of consecutive zeroes within an address may be replaced by a double colon. For example,

  fe80:0:0:0:202:b3ff:fe1e:8329

  becomes

  fe80::202:b3ff:fe1e:8329

A single IPv6 address can be represented in several different ways, such as 2001:db8::1:0:0:1 and 2001:0DB8:0:0:1::1. RFC 5952 recommends a canonical textual representation

How do I get an IPv6 Address on Lion

You most likely already have one! If you navigate to System Preferences => Network and click on the “Advance…” button on your Ethernet settings, you should see “Configure IPv6″ and it’s set to automatic. You’re DONE!

Now, finding is your IPv6 address is another story. The best way to discover your IPv6 address is running the following command in Terminal:

ifconfig en0

You should get back something like the following:

justinrummel@jrummel-mbp:~$ ifconfig en0
en0: flags=8863 mtu 1500
	options=27
	ether 00:25:bc:dc:99:24
	inet6 fe80::225:bcff:fedc:9924%en0 prefixlen 64 scopeid 0x4
	inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
	media: autoselect (1000baseT )
	status: active

You can see the inet6 value that starts with the hex values “fe80″, that is my IPv6 address. Notice at the end of that string is “%en0″, you don’t need that part. An easy way only to get the IPv6 Address in one line could be:

ifconfig en0 | grep inet6 | awk -F " " '{print $2}' | sed 's/%en0//'

How to test IPv6 on your local network

Normally to test if a computer is on your network you would initiate a “ping” to the IP address of your target machine. IPv6 has the same capabilities, however, the function is not embedded into the “ping” command… it’s now “ping6″!

The interesting part of ping6 is that you have to declare the interface you are using to send the command. So on a standard Mac machine (and non-MB Air), you have two interfaces to choose from:

1. Ethernet: en0
2. WiFi (f.k.a AirPort): en1

So if I wanted to ping from my laptop to a target machine IPv6 address of “fe80::c62c:3ff:fe21:cc0e”, I would perform a ping6 the following:

justinrummel@jrummel-mbp:~$ ping6 -I en0 -c 1 fe80::c62c:3ff:fe21:cc0e
PING6(56=40+8+8 bytes) fe80::225:bcff:fedc:9924%en0 --> fe80::c62c:3ff:fe21:cc0e
16 bytes from fe80::c62c:3ff:fe21:cc0e%en0, icmp_seq=0 hlim=64 time=0.406 ms

--- fe80::c62c:3ff:fe21:cc0e ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.406/0.406/0.406/0.000 ms

Sources

• http://en.wikipedia.org/wiki/IPv6#Address_Format – Wikipedia IPv6
• http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/ping6.8.html – ping6 man page
  

MacIT® Conference

Friday, January 27, 2012 (10:20am – 11:05am)

Overview
This discussion will review the major changes between Snow Leopard and Lion, and what it takes to configure these services. There are many changes in Lion–some subtle, and some no so subtle. In either case, though, an admin needs to be aware of the changes and how it impacts them. There are changes in Directory Services, Kerberos, Database Services, Server Control, Machine Management and more. Lion is growing to be a major change vs. little differences that was experienced from Leopard to Snow Leopard. It will be easier to grasp seeing what was once performed is now accomplished by “this new process”.

During the week of November 14th, 2011, through the combination of Qivliq Village Partnerships and the NANA BWISE program I was able to visited two villages within the Northwest Arctic: Kiana and Buckland.

I really do enjoy these trips to the Northwest Arctic, even when the “high” temperature is about zero degrees, with the coldest always around 7am which hit -25 degrees (just another day in paradise). During this time several items were achieved:

• A short 1hr discussion with several middle school and hight school classes on Technology Jobs (which included: Helpdesk, Call Center Staff, System Administrator, Integrator, Instructor, Developer, and Subject Matter Expert.) Included in this discussion were key items when a business is hiring that ranged from Higher Education, industry standard Certificates, and portraying NANA values during interviews (Respect for Others, Hard Work, and Hunter Success).
• A Presentation Skills all-day training session was provided that took students from start to finish on collecting, outlining, creating and presenting a presentation to others. This year, our training focused on teaching parents and elders a “Macintosh Computers: a first time experience) assuming they have either a) never touch a Mac, or b) never touched a computer.
• Lastly, during both the short 1hr discussions and at the end of the Macintosh Computers presentation; I was able to remind people to watch nana.com for Jobs, Scholarships, and for Internship announcements in January. We were also able to guide a few parents for their first time experience with Powerschool (an online real-time grade and attendance record keeping that is used throughout the school district).

Wow… I’ve been slacking off on writing posts.  I know I’m highly overdue on S/MIME on iOS, I’ll be working on that soon… just finding a few snags and using MDM deployments.  For now here are several sets of pictures I’ve been taking over the past month.

Compared to last year’s collection, these are weak except for the landscape pictures I was able to take out of the airplane window traveling to CA and returning home to DC. MacTech was an awesome conference and I hope to present again next year!