I have a somewhat unique lion server setup, but it's experiencing a couple issues.
The main goal is to provide a transparent update server for computers on the network, but to allow them to default back to apple's servers when not in the office (ie, zero client-side changes)
in my office network, I have a DNS entry pointing swscan.apple.com to my mac server, so all local macs are looking at the server for updates.
on the mac server itself, i have /etc/hosts as follows:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
17.250.248.95 swscan.apple.com
17.250.248.93 swquery.apple.com
74.203.241.19 swcdn.apple.com
74.203.241.25 swcdn.apple.com
when a local mac pings swscan, they resolve to the local server as expected.
when the mac server pings swscan, it resolves to apple as expected.
if i choose apple menu / software update on the mac server, it checks apples servers for updates as expected.
the software update service however, is giving me a "cant connect to apple" error.
anyone have any insight? im aware this setup isnt "the apple way" of doing things, but would work best for my network.
Best Answer
Well, looking at this kb article, I would think that you could script something client side to adjust where they look for updates? If you look at the unmanaged clients section at the bottom, it gives two commands you can run to have clients look to your server for updates and how to change them back to Apple's. Maybe you could write a script that runs in
cronthat tries to detect whether they're inside or outside of the network. Depending on the discovery, you could update the server it's using to the appropriate one.With something like this in place, you could set up the Software Update service to run like it's supposed to and drop all the DNS/host file voodoo you're trying to pull off.