Important: Read before installing
- The installation process should not be interrupted, even if the progress bar remains unchanged for several minutes. If a power outage or other interruption occurs during installation, use the standalone installer (see below) from Apple Support Downloads to update.
- You must have an administrator account password that does not contain spaces or Option-keyed characters to install this update. The password may not be left blank. If you need to change your password, see this article.
- You may experience unexpected results if you've installed third-party system software modifications, or if you have modified the operating system through other means. (This doesn't apply to normal software installation.)
- This update can be installed on non-startup volumes, but you should only do this if the current startup volume has already been updated to Mac OS X Server version 10.5.3. The simplest way to avoid issues from an improper installation is to start up from the volume that you wish to update.
- You must use version 10.5.3 of the Mac OS X Server Admin Tools to administer a server running 10.5.3. This version of the Admin Tools is included in the Mac OS X Server 10.5.3 Update. They are also available from Apple Support Downloads for installation on Mac OS X 10.5.3 (client).
- This update overwrites the "required configuration" section of the /etc/smb.conf file. As noted in that file, parameters inside the required configuration block should not be altered. They may be changed at any time by updates or other automated processes. Any changes to the /etc/smb.conf file should be added after the end of the "required configuration" section. If you have made changes within this section, you should back up this file before installing the update.
There are three ways to update to Mac OS X Server 10.5.3: Use Software Update, install from a standalone installer, or install on a remote server via Server Admin or the softwareupdate command-line utility.
Software Update installation
Software Update may have referred you to this document. For more information on this feature, see this article. Because some updates are prerequisites for others, you may need to use Software Update more than once to obtain all available updates.
Download and manually install the update. The installer is available from Apple Support Downloads. This a useful option when you need to update multiple computers but only want to download the necessary update once.
Note: there are two separate standalone installers. The Mac OS X Server 10.5.3 Update is for installation on Mac OS X Server 10.5.2 only. The Mac OS X Server Combo Update can be installed on Mac OS X Server 10.5 or 10.5.1.
If you need to install the update on a remote server, you can do so using the Server Admin application or the softwareupdate command-line tool. Important: be sure to enter the command sudo -s before using the softwareupdate command, so that you remain logged in as the root user after installation. Once the update has been installed, use the reboot command to restart the server immediately.
This update includes improvements delivered in the Mac OS X Server 10.5.1 and 10.5.2 updates, in addition to the improvements listed below.
- Addresses an issue that could cause the AppleFileServer process to stop accepting connections while consuming most of the available CPU time on the server.
- The smb.conf file is updated to include the line "acl check permissions = no" in order to provide expected permissions behavior for Windows clients connecting to the SMB service.
- Addresses an issue that could cause the Apple File Service refuse new connections after DirectoryService becomes unresponsive, and improves stability of DirectoryService.
- When a Mac OS X client is bound to a Mac OS X Server, the server now creates one computer record with 3 names, rather than 3 separate computer records.
- Administrators can now create an Open Directory master on a server with the same IP address on more than one interface, for instance when link aggregation is enabled.
Active Directory Plugin
- Eliminates a delay when logging into a Mac OS X server or client bound to an Active Directory domain whose name ends in ".local".
- Mac OS X servers and clients can now bind to an Active Directory domain even if there is no A record for the AD domain name in DNS.
- Addresses issues with Global Catalog and Kerberos queries which could prevent users from logging in on Mac OS X servers and clients in in non-hierarchical AD forests.
- Eliminates a delay when logging in, for users with a large list of managed printers.
- Several improvements to Preference Manifests, including wildcard handling.
- If client management is configured to create a mobile account without requiring confirmation by the user, and the location of the user account is also managed, users are no longer presented with the choice of whether to create the mobile account.
- No longer allows users to choose a single workgroup when 'Combine available workgroup settings' is enabled on the server.
- Addresses an issue where a network user couldn't be turned into a mobile account because the option was disabled in Accounts system preferences.
- For clients in a mixed Open Directory/Active Directory environment, addresses an issue that could cause management settings to be lost if the client goes off the network.
- The mcxquery tool now returns results from the local directory.
- Improves Wiki editing in Safari, Firefox and Internet Explorer.
- Podcast content can now be uploaded to user blogs.
- Podcast content can now be uploaded to group blogs by non-Open Directory users, when configured as described here.
- iCal Service now supports private events. To enable this support on the server, see the instructions in article TS1694.
- No longer sets reply_threshold_seconds and correctly sets net_address values in the /etc/bootpd.plist file to ensure the DHCP server responds to client requests promptly and clients are able to get an IP address, respectively.
- Nameservers of a primary zone are now listed in order in the Server Admin user interface.
- Allows entries of DNS labels with only one character, which allows setting up secondary reverse zones.
- Administrators can now allow transferring on Reverse Zones in DNS.
- General UI improvements for creating and editing DNS records in Server Admin
- Addresses an issue which could cause Japanese characters in the subject or first line of an email message to be garbled.
- Addresses an issue that could cause mailing lists to stop working after using the Repair Permissions feature of Disk Utility.
- Improves reliability of Portable Home Directory synchronization.
- AutoServerSetup records now work with servers that have mixed-case DNS host names.
- Administrators can now send "Invitation" email messages to users on demand.
- Improved user interface for importing users and working with nested groups.
- Setting a customized machine name for NetBoot/NetInstall clients now works correctly in System Image Utility.
- Introduces menu item for creating augmented user records. For more information see search for "augmented" in Workgroup Manager Help.