I have an Xserve G5 running Mac OS X Server 10.5.8 configured as an Open Directory master. I have also enabled and configured Software Update service on the machine. The SUS is configured to serve Tiger, Leopard and Snow Leopard clients (see http://discussions.apple.com/message.jspa?messageID=10297359#10297359)
The clients bound to the OD are a variety of Mac's running OS X 10.4, 10.5 or 10.6. In Workgroup Manager, I have created 3 machine groups for each client OS. Each group is configured with a custom SUS URL, and the managed client computers are members accordingly (see http://discussions.apple.com/thread.jspa?messageID=10493154#10493154)
My problem is that the server pushes the SUS settings to some of the client machines, but not all. When I first configured all this stuff on the server (a few weeks ago) I was closely monitoring a few of the client machines to confirm that they received the custom settings. I noticed that some of the clients (10.4/5/6 alike) seemed to get the settings immediately, others didn't show the new settings until after a reboot. As I said, results are mixed across OS's, but some clients will not "sync" at all.
My immediate thought was to unbind/rebind the problematic machines. I did this on several client computers with no success.
For example, today I was working on one of the Tiger clients. I noticed it was not pointed at my local SUS, so I checked the OD binding; it was fine. Just to be sure I unbound the machine. Next, I checked WM and confirmed the computer record was gone. I noticed the machine group still had a residual (broken?) member from the unbound client; I manually removed this. Finally, I re-bound the client to OD and re-added the machine to it's correct group in WM. Unfortunately, the client still pings apple's SUS for updates. Just to play it safe I rebooted the client, but to no avail, it will not see my local SUS.
To confirm that there is nothing wrong with the server, or the client's connection to it, forcefully pointed the machine at my SUS:
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "$LOCAL_SUS_URL"
and the machine successfully updated off my local server.
Great, successful updates, but problem not solved.
I've done exhaustive reading on discussions.apple.com (not saying I read everything, I'm just saying I have read a lot) without a good answer. The discouraging thing is that a lot of OD problems I've read about only result in the sysadmin completely reinstalling the server, or OD, or some other similarly heavy-handed operation. At this point, I am not willing to go that route. I still have hope that I can find the reason for this flaky behavior.
If anyone can point me in a helpful direction it would be much appreciated.
EDIT:
Indeed, some files are being pushed to the client:
# from client machine:
$ sudo find /Library -type f -name com.apple.SoftwareUpdate.plist
/Library/Managed Preferences/com.apple.SoftwareUpdate.plist
/Library/Managed Preferences/username/com.apple.SoftwareUpdate.plist
/Library/Preferences/com.apple.SoftwareUpdate.plist
A few weeks ago, prior to my (previously mentioned) modifications, the SUS was still running "stock". Which meant it could not serve SL (10.6) machines. At that time, the Software Update settings were setup in WM under User Groups. This didn't make any sense because some users work on multiple machines with different OS's.
Before creating Machine Groups in WM, I deleted all the SU settings from the User Group Preferences. This just makes the whole thing more confusing, because when I see a file here:
/Library/Managed Preferences/username/com.apple.SoftwareUpdate.plist
I assume it's still remaining from the "old" settings, because I wouldn't think a Machine Setting belongs there.
Despite all the com.apple.SoftwareUpdate.plist hanging around under the Managed Preferences, why does the client machine still call home to Apple and not my SUS?
# on client machine:
$ date
Tue Jan 25 17:01:46 EST 2011
$ softwareupdate --list
Software Update Tool
Copyright 2002-2005 Apple
No new software available.
switch terminals...
# on server:
$ tail -n1 /var/log/swupd/swupd_access_log
10.x.x.x - - [25/Jan/2011:15:54:29 -0500] XXXX POST "/cgi-bin/SoftwareUpdateServerStats" 200 13 ...
Notice the date of the client softwareupdate and the latest access to the SUS server; the server never heard a peep from that client.