[foilpan]

since the installer is already a .mpkg, you don’t necessarily need to repackage it.

i haven’t worked with office 2011 yet, but for the most part, you could drop the office 2008 installer into your instadmg build hierarchy, and it would work.

try it without repackaging first and keep an eye on this forum. i know others are incorporating or testing the new office mpkgs in their builds.

[foilpan]

try running directoryservice in debug mode and tailing the debug log.

[code]
killall -USR1 DirectoryService
tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log
[/code]

also, be sure you can login as a local admin or ssh in to lookup accounts in AD. a simple “id ” should suffice. if that succeeds, you’re on the right track. if not, i’d look to your bind script or policy to ensure it’s doing what you expect.

[foilpan]

i think the password required for vnc access is encrypted differently.

try this:

http://www.macgeekery.com/tips/cli/setting_remote_desktops_vnc_password_in_terminal

[foilpan]

uhh… what?

development focuses on 10.6 of late, as far as i know. and at that, the instadmg.bash script itself hasn’t changed much in awhile. if you need it changed to accommodate your environment, it’s freely editable. just make the change, post back here with your findings and don’t assume someone is willfully ignoring you.

[foilpan]

yeah, not sure there…

the version i checked out this afternoon shows this:

Path: .
URL: http://instadmg.googlecode.com/svn/trunk
Repository Root: http://instadmg.googlecode.com/svn
Repository UUID: 1c3b0b9f-8c52-0410-a063-7121983eb4f7
Revision: 331
Node Kind: directory
Schedule: normal
Last Changed Author: kuehn.karl
Last Changed Rev: 331
Last Changed Date: 2010-08-08 03:26:12 -0400 (Sun, 08 Aug 2010)

the instadmg.bash script appeared to be updated on my build machine, but it contained that undefined variable. the same script and revision checked out on my laptop doesn’t contain the undefined variable. go figure…

[foilpan]

login via single user mode, mount the drive r/w, run [code]launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist[/code] to get directory service going, then change the user’s password with passwd or dscl.

[foilpan]

i’m not mr. gallagher, but thanks. 😀

dseditgroup might only work on a booted system, as i believe it depends on directoryservice to be running. if you need to do this all pre-boot, you’re going to have to mess with editing plists with whatever method is most convenient.

[foilpan]

i’d probably use dseditgroup to add the local admin group to com.apple.access.ssh.

check here for some pointers: http://blog.macadmincorner.com/securing-ssh/

as far as enabling ssh goes, i’d load the launchd plist like you are but manage the sshd_config file to set options.

here’s an example of a puppet manifest that works for me:

[code]
class ssh {
file { “/System/Library/LaunchDaemons/ssh.plist”:
owner => root,
group => wheel,
mode => 644,
}

service { “com.openssh.sshd”:
enable => true,
ensure => running,
require => File[“/System/Library/LaunchDaemons/ssh.plist”],
}
}
[/code]

[foilpan]

are you doing the following in your image?

[code]
/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array username
[/code]

i set hidden admin users’ UIDs to something unused below 500 and ensure the above is applied at some point. haven’t had any problems.

[foilpan]

aside from [code]softwareupdate –schedule off[/code], you could do something drastic like removing the executable bit on the actual binary.

[foilpan]

“compile” is the casper term, and i’m not entirely sure how their process differs.

but, yes, i’ve built 10.5.8 and 10.6.3 images including all recent updates with instadmg. just use the most recent version, build on the same major OS version as mentioned above, and it should work.

[foilpan]

have you tried building an image via just the instadmg script and not using casper’s workflow? i’ve never had any major problem that way.

[foilpan]

you could also change it to the following and check for both 10.5 or 10.6:

[code]
if ( echo $HOST_SW_VERS | egrep “^10.5|^10.6″>/dev/null ); then[/code]

or more simply:

[code]
if ( echo $HOST_SW_VERS | egrep “^10.[5-6]”>/dev/null ); then[/code]

[foilpan]

not that it’s any consolation, but i haven’t found afctl yet under 10.6. seems to be gone…

[foilpan]

i was attempting to wrap up the whole thing to avoid having to apply another updater, but it doesn’t really matter in the grand scheme of things. it’s simpler to deploy one pkg than two.

[Author]

Posts