[Eden.Nelson]

This problem seems to related to auto mounts.
Verify your OD auto mounts are configured correctly. Use dscl, and/or WGM(using the inspector) to do this.
You may want to re-establish the auto mounts.

Also I wonder why you want to turn off guest access. I find guest access to be extremely useful.
OS X workstations want to mount auto mounts with guest access. Workstations will sometimes fill the logs with denied auto mount logins.

Let me know if you need me to clarify anything.

[Eden.Nelson]

Here are some troubleshooting steps I would try.

Mount the share via SMB on both mac 10.4, 10.5 and Windows, and AFP as well on the macs.
Look at the permissions. Are the permissions different?
Change the permissions on the root of the share and all contents to read+write for everyone.
Can the Win clients write yet?
Do you have inherited permissions turned on?

Turn off sharing on the directory completely and share it again.

Stop samba.
Backup /etc/smb.conf and replace it with a copy of /etc/smb.conf.default
Restart samba and see what happens.

Try to replicate the issue on another system.

[Eden.Nelson]

I can not help when it comes to java.

If you can get java to interact with the command line this may help. Otherwise I guess you will have to use the DirectoryService API to do it.
This man page describes how to create an account via command line.
[url]http://developer.apple.com/documentation/Darwin/Reference/ManPages/man1/dsimport.1.html[/url]

[Eden.Nelson]

Adding the OD Administrator or admin group to the local admin group will give your directory admins access to your local machines.

[Eden.Nelson]

[QUOTE][u]Quote by: josh.humphrey[/u][p]Thanks for your response, that did help.
Is there a way to manage which serial number a program is using? Example, I push out iWork package through Apple Remote Desktop. Is there a way to put the iWork serial number in to Work Group manager for a specific group of computers so to prevent from touching each computer? If this can not be done through workgroup manager, is there another way to get this done?[/p][/QUOTE]

I would suggest using packaging to get this done.

See Zack Smiths Article on Packaging. [url]https://www.afp548.com/article.php?story=20070820193811465&query=pkggen[/url]
Also check out my packaging page on del.icio.us [url]http://del.icio.us/eden.nelson/Packaging[/url]

[Eden.Nelson]

First I want to remind you to think about security when you nest users and groups from different directories.

Bind your machine to OD.
install Server Admin tools on your machine.
Open Worgroup Manger.
From the Severs menu select “View Directories”.
At the top left you will see, a blue icon, and Viewing local directory: /NetInfo/DefaultLocalNode.
Click on the icon and select Other…, select LDAPv3, then select your ODM.
Now to the right, click the padlock, and authenticate as your OD Administrator.
Select the OD group you want to add the user to.
Click the (+) button.
At the Top of the User/Groups draw, you will see “Directory: /LDAPv3/odm.example.com
Change the Directory to Local.
Find the User that you want to add to the group, and drag them into the group membership list.
Click Save.

If you see a “Upgrade Legacy Group” button in the group Member ship tab. Make sure to upgrade the group first.

[Eden.Nelson]

I did not see the presentation you are referring to but, basically you can drag any plist into the details tab and manage them with mcx.

So if you wanted to mange say iMovie 08:
Open Workgroup Manager, selected the object (User,Group, or ComputerList) you want to effect.
Select Preferences, then the details tab, then click the Add… button.
Navigate to your Library/Preferences
Select com.apple.iMovie7.plist, and click the Add button.

At this point the preferences you set for yourself will be enforces on the object.
Notice I say the preferences you set for yourself, because we just added [i]your[/i] iMovie plist.
When you import plists this way they are enforced “Often” by default. This means that users can change the settings.

Maybe you just want to make sure the users default export location for iMovie 08 is the users Movies folder, and you want it to always be enforced.
Then select com.apple.iMovie7 from the list of managed preferences in the details tab.
Under “Often” in the plist I see lots of different settings but I just want to manged one key, “exportFolder” with a value of “~/Movies”.
Delete all the keys from the Often section, and add a new key to Always section, name it “exportFolder”, set the type to “string”, and give it the value of “~/Movies”.
Now whenever a user goes to export a iMovie 08 project it defaults to the users Movies folder.

[Eden.Nelson]

Automatic rebuild is an option that is not turned on by default when creating a software raid.
Either way, backup your data, pop a new drive in, open disk utility if it starts rebuilding automatically then good.
If not select the raid volume select the raid tab and click rebuild.

[Eden.Nelson]

[i][quote]The account was created in the same OD and has an OD password. The issue is affecting 300+ accounts. New accounts are not affected.[/quote][/i]
[code]LastSyncFailedAttempt
2007-08-28T16:09:28Z[/code]
This seems to be the last time it had a problem syncing, not the last time it synced correctly.

I would double check the OD records for these accounts vs. a new account that is not effected.
I would do this through dscl, its to hard to see the whole record in WGM.

Also try switching one of the users password to crypt, and then back to OD.
This will generate a new password slot, and do some work toward isolation of the problem.

[Eden.Nelson]

The easy way of setting the default background is, Use System Preferences to set your background to what you want the default to be.
You need to keep the background image in a shared location, /Library/Desktop Pictures/ works fine for this.

then open the terminal and issue these commands to copy and set the proper permissions:
[code]sudo cp ~/Library/Preferences/com.apple.desktop.plist /System/Library/User\ Template/English.lproj/Library/Preferences
sudo chmod 600 /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.desktop.plist
sudo chown root:wheel /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.desktop.plist[/code]

For the finder again, set the prefs how you what them and issue these commands.
[code]sudo cp ~/Library/Preferences/com.apple.finder.plist /System/Library/User\ Template/English.lproj/Library/Preferences
sudo chmod 600 /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.finder.plist
sudo chown root:wheel /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.finder.plist[/code]

It is best to use defaults, or Property List Editor.app and double check the keys in these plists before you copy them.
Some may have paths, others may have “remembered data” like last items used, or last server connected to.

[Eden.Nelson]

This should get you what you want. Assuming that these are local users, not OD.

Set “Authenticated users see:” to “Home Directory with Share Points”.
Usering WGM apply a ACL:
User “Everyone”, Type “Deny”, Permission “Full Control”, Path “/Library/FTPServer/FTPRoot”

This makes the FTPRoot disappear in when browsing with a ftp client.

Now you need to give your users access to the resources they should have access to.
So I would create a new FTP root for them and call it UserFTPRoot.
Then I would create symlinks to the shares the user needs to access.
[code]
mkdir /Users/(USERNAME)/UserFTPRoot
ln -s /(PATH)/(TO)/(SHARE)/(SHARENAME1) /Users/(USERNAME)/UserFTPRoot/(SHARENAME1)
ln -s /(PATH)/(TO)/(SHARE)/(SHARENAME2) /Users/(USERNAME)/UserFTPRoot/(SHARENAME2)
[/code]

You would probably want to script the creation of these symlinks.
Let me know if you need help with that.

[Eden.Nelson]

Here is what I would do

I would have a script like this run from launchd or cron every [i]n[/i] minutes.
[code]
#!/bin/bash –
# /usr/local/bin/fixpermissions.sh
# Eden Nelson – 4/14/08
#set -vx

SHAREPOINTPATH=”/Users/Shared”
CHMODMODE=”775″
CHMODUSER=”root”
CHMODGROUP=”wheel”

chown -R “$CHMODUSER”:”$CHMODGROUP” “$SHAREPOINTPATH”
chmod -R “$CHMODMODE” “$SHAREPOINTPATH”

exit
[/code]
Use a launchd manifiest to this effect.
[code]


Label
com.edennelson.fixpermissions
ProgramArguments

/usr/local/bin/fixpermissions.sh

RunAtLoad
ServiceDescription
Fix permissions on share point
StandardOutPath
/dev/null
StartInterval
3600
[/code]

[Eden.Nelson]

First look at dscl make sure that everything is showing up correctly.
$ dscl localhost
> cd LDAPv3
> cd [i](YOURODMFQDN)[/i]
> cd Users
> read [i](USERNAME)[/i] MCXSettings
> cd ../Groups
> read [i](GROUPNAME)[/i] MCXSettings
> cd ../ComputersLists
> read [i](LISTNAME)[/i] MCXSettings

If you are unsure about what it should look like, you can get an idea from turning on the inspector in WGM. then click on the tab with the icon of a target.

Make sure your binding is correct, use from Server.
You can also try turning on debugging on DirectoryService, and mcxd.
$ sudo killall -USR1 DirectoryService –to turn DirectoryService debug on and off.
$ tail -f /var/log/system.log –to view the log in real time, or use console.app
$ sudo defaults write /Library/Preferences/com.apple.MCXDebug debugOutput [i](0-3)[/i] –to turn mcxd debug level up and down.
$ tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log

[Eden.Nelson]

I had this issue,
The problem is that your DVD is missing the kext need to support the drives/controllers.
The good news is that one of the combo updates has the kext. I assume here that you have a copy of 10.4 Server Universal, and your XServe is not so new that you are locked out of running 10.4 completely.

Boot with the your DVD.
Install to external drive (firewire).
Boot to 10.4 on the external drive, and run software update.
Reboot, and your internal drives show up.

You can now make an image of the system, update architecture on your NetRestore .nbi/netboot set, and/or clone the system over to the internal drives using CCC.

Eden Nelson

[Author]

Posts