Forum Replies Created

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • in reply to: Lion OD Replica Issue #381642
    aaronwyatt
    Participant

    I had this same issue and couldn’t find a way around it. I ended up demoting my OD master (server1) to stand alone, clients then failed over to the replica (server2). I upgraded server1 to 10.7 got everything up and running, and did some dancing around– promoting server2 to master, upgrading server2 to Lion, then turing server1 into a replica, then server2 demoted to stand alone, then server1 to master again, and finally server2 to replica again. And I still had to rebind most if not all clients.

    in reply to: Lion OD & Authenticated Binding #381631
    aaronwyatt
    Participant

    Regarding that error, I did figure out where it was coming form on my OD master. Several of the previously bound client computers have lost their entry in the password server database but keep attempting to change their passwords. In your log it tells you which machine specifically, but in my logs there was no such added info. I wrote the attached script to lookup either a user or computer’s password database entry and find out which computer it belongs to.

    Usage
    ./get_pws_entry.sh -c [i]hexidecimal_computer_entry_id[/i]
    ./get_pws_entry.sh -u [i]hexidecimal_user_entry_id[/i]

    [code]
    #!/bin/bash
    ###
    # get_pws_entry.sh
    ###
    # Aaron Wyatt
    # aaron [dot] wyatt [at] bc [dot] edu
    # 2/14/2012
    ###
    # Resolve a password service entry ID to
    # an Open Directory object name.
    ###

    SEARCHNODE=”/LDAPv3/127.0.0.1″
    DSPATH=”/Computers”
    DSSEARCHKEY=”AuthenticationAuthority”
    DSSEARCHVAL=$1

    while getopts “:c:u:” opt; do
    case $opt in
    c)
    DSPATH=”/Computers”
    DSSEARCHVAL=$OPTARG
    ;;
    u)
    DSPATH=”/Users”
    DSSEARCHVAL=$OPTARG
    ;;
    \?)
    echo “Invalid option: -$OPTARG” >&2
    ;;
    esac
    done

    # Cleanup the search value to get it in the format we’ll
    # see in the OD field
    DSSEARCHVAL=${DSSEARCHVAL//-/}
    DSSEARCHVAL=${DSSEARCHVAL//0x/}

    if [ “$DSSEARCHVAL” == “” ]
    then
    echo “Please specify an argument”
    exit
    fi

    complist=$(/usr/bin/dscl $SEARCHNODE list $DSPATH 2> /dev/null)

    for comp in $complist
    do
    searchresult=$(/usr/bin/dscl $SEARCHNODE read $DSPATH/$comp $DSSEARCHKEY 2> /dev/null)
    if [[ “$searchresult” =~ .*$DSSEARCHVAL.* ]]
    then
    echo “$comp”
    break
    fi

    done

    exit
    [/code]

    in reply to: Lion OD & Authenticated Binding #381629
    aaronwyatt
    Participant

    I’m getting one of those errors just pounding my logs on both my master and replica Lion servers:

    2/13/12 10:21:26.573 AM PasswordService: -[AuthDBFile getPasswordRec:putItHere:unObfuscate:]: no entries found for 4e569fbc-740f-551d-0000-025f00000a62

    That error is just scrolling past, with the entry guid changing every fourth line.

    I’m also seeing servermgrd chew up memory until it reaches about 4GB and then it finally crashes. Been having these symptoms since 10.7.0, hoping each dot release update would fix them. Sadly, no.

    in reply to: Questions about the chroot Jail #377501
    aaronwyatt
    Participant

    I’m also having this same inability to get my custom packages installed. Anyone still working on this?

    in reply to: CreateUser Difficulty #376169
    aaronwyatt
    Participant

    [QUOTE][u]Quote by: knowmad[/u][p]
    The Answer: VERY carefully go through your scripts and installers and see what gets added to the user folder.
    Reroute everything that can be rerouted to the default profile in english.lproj, and postpone the rest until after first login.
    [/p][/QUOTE]

    Knowmad– I like the theory, and that may be it, but not quite for the reason you say. Createuser is the last script I run, so how can previous installers be aware of the account it creates and put file’s in its home directory? Well, as I said in an earlier post, the account it creates happens to match an account already existing on the build machine. And since I packaged some of the custom apps on the same image as this build machine I suspect they are somehow touching this createuser-user’s home directory (even though i checked and they _install_ nothing to it). so in my case it might be a combo of building packages with an account that both exists on the image-build machine and is being creating by createuser in the image build process?

    i’ll try rebuilding my image on a machine where the createuser-user account does not exist. if that doesn’t work, i’ll have to change the short name of the createuser-user and see if that works. since i have so much free time, i’ll just whip this right up….

    in reply to: Firewall settings and MCX #375923
    aaronwyatt
    Participant

    I see what you mean, but this doesn’t address the fact that editing the plist will not hold a setting between reboots unless you re-enable each time you logout.

    in reply to: Firewall settings and MCX #375920
    aaronwyatt
    Participant

    Patrick-

    I tried your suggestion: “You may wish to try bouncing the firewall after configuring it or do your edits in the order of 1) disable, 2) configure, 3) enable. ”

    If you disable ALF, then only make edits to /Library/Preferences/com.apple.alf.plist, then reenable ALF, the settings get switched back to whatever is in /usr/libexec/ApplicationFirewall/com.apple.alf.plist and whatever you set in the /Library/Preferences/com.apple.alf.plist is reset (or at least, not applied).

    I think you’re right about your first statement. There’s something disconnected between what the GUI is doing and what we expect on the CLI. What I don’t get is that when i manually set the firewall settings in the GUI, they stick. I’ve even done this while running fseventer and the ONLY file that gets modified is our standard /Library/Preferences/com.apple.alf.plist AND this holds between reboots.

    in reply to: Firewall settings and MCX #375905
    aaronwyatt
    Participant

    [QUOTE][u]Quote by: tecnobabble[/u][p]I’m not sure about the prefs sitting in /usr, there is a entry in there to read the old prefs, my guess is that it’s just reading the /Library/Preferences/com.apple.alf plist.
    [/p][/QUOTE]

    i’m not sure about the prefs in /usr either (as in, “why are you breaking convention with your prefs Mr. Alf?”) but if you change the globalstate boolean in that plist, it fixes the issue and holds between reboots.

    aaron

    in reply to: Firewall settings and MCX #375901
    aaronwyatt
    Participant

    I am having the same problem (but didn’t realize it until I read this post, ironically).

    So, for some reason, the global application firewall prefs are kept in /usr/libexec/ApplicationFirewall/com.apple.alf.plist.

    The following solution works and holds between reboots:

    [code]
    /usr/bin/defaults write /Library/Preferences/com.apple.alf globalstate 1
    /usr/bin/defaults write /usr/libexec/ApplicationFirewall/com.apple.alf globalstate 1
    [/code]

    aaron

    in reply to: Computer Name #375869
    aaronwyatt
    Participant

    Why do you need to populate a generic name in the image creation process?

    in reply to: CreateUser Difficulty #375868
    aaronwyatt
    Participant

    I’ve also run InstaDMG from a different account (that is, different username and password than the account I was adding via CreateUser) and i still had these symptoms. However, an account with the username I was creating existed on the local machine (just not logged in as it) as well as the server.

    in reply to: CreateUser Difficulty #375863
    aaronwyatt
    Participant

    For some reason, the CreateUser package runs and works mostly fine, i.e. it creates an account with the encrypted password I specified, but it also is missing some stuff. Every single time I create an image with InstaDMG, the user account created is missing the following folders from the home directory:
    •Documents
    •Public
    •Sites
    •Music
    •Movies
    •Pictures

    Also I found this primary user account has cached info stored in the “Connect to Server” dialogue box. Any thoughts on how or where I’m dragging this in from? I use the same account username and password in the default account as is on the machine I’m “building” the image on, so is it possible that CreateUser is confused about where the account lives?

    in reply to: Set timezone and NTP #375862
    aaronwyatt
    Participant

    In the interest of sharing what we’ve done, I use the following in a first boot script:

    [code]
    ###########################
    # Configure the Time Zone #
    ###########################

    # link the localtime file in /private/etc/ to your time zone /usr/share/zoneinfo:
    /bin/ln -s -f /usr/share/zoneinfo/US/Eastern /private/etc/localtime

    # Configure the GlobalPreferences file with the exact city you live in:
    # clear out the array in case default info is hanging around:
    /usr/libexec/PlistBuddy -c “Delete :com.apple.TimeZonePref.Last_Selected_City” /Library/Preferences/.GlobalPreferences.plist
    # recreate the array for selected city:
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City array” /Library/Preferences/.GlobalPreferences.plist

    # add lat, long, zone, country, city, etc.:
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:0 string 42.333336” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:1 string -71.083336” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:2 string 6” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:3 string ‘US/Eastern'” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:4 string ‘US'” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:5 string Boston” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:6 string U.S.A.” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:7 string Boston” /Library/Preferences/.GlobalPreferences.plist
    /usr/libexec/PlistBuddy -c “Add :com.apple.TimeZonePref.Last_Selected_City:8 string U.S.A.” /Library/Preferences/.GlobalPreferences.plist

    #################################
    # Set network time server prefs #
    #################################
    # There are three parts to configuring network time services:
    # 1) set the ntp server
    # 2) turn on autosync in the legacy /private/etc/hostconfig file (this file will be going away in later versions of Mac OS X)
    # 3) set the ntpd launch daemon to “enabled”
    ###

    # set the network time server:
    /bin/echo “server time.domain.edu” > /private/etc/ntp.conf

    # make a backup of the hostconfig file before editing:
    /bin/cp /private/etc/hostconfig /private/tmp/hostconfig.backup

    # now set the hostconfig settings to autosync with the network time:
    /usr/bin/sed ‘s/^TIMESYNC=-NO-$/TIMESYNC=-YES-/’ /private/tmp/hostconfig.backup > /private/etc/hostconfig

    # now delete the key which disables the ntpd daemon and keeps it from running at boot:
    /usr/libexec/PlistBuddy -c “Delete :Disabled” /System/Library/LaunchDaemons/org.ntp.ntpd.plist

    # and now kickstart the service incase its not already loaded:
    /bin/launchctl load /System/Library/LaunchDaemons/org.ntp.ntpd.plist
    [/code]

Viewing 13 posts - 1 through 13 (of 13 total)