Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 12, 2009 at 3:46 pm in reply to: Using AD though OD #376437
    hondamusprime
    Participant

    sure thing….
    a few minor notes though… I have this writting to the system.log file as it makes it easy to check on. I haven’t bothered testing it for performance effects as it shouldn’t tax the CPU or memory being a very small script.

    the launch daemon just runs a shell script that is looking for a zero byte value on the kerberos file, so you’ll need to edit both the plist file for the launch agent, and the shell script for your environment.

    I have the shell script sitting in /Users/Shared/scripts

    here’s the launch agent… save it as com.YOURCOMPANYNAME.KerberosFixer.plist in /Library/LaunchAgents/

    [code]


    Label
    com.YOURCOMPANYNAME.KerberosFixer
    ProgramArguments

    /Users/Shared/scripts/KerberosFixer.sh

    OnDemand

         [/code]
    here’s the shell script:

    [code]

    #! /bin/sh
    #
    # Checks Kerberos plist file for corruption based on file size
    # Doesn’t replace the file, only removes corrupted files
    # The PLIST file will automatically be recreated.

    #establish the kerberos file in question

    kerberos_file=”/var/db/dslocal/nodes/Default/config/Kerberos:YOURDOMAIN.COM.plist”

    # Make sure only root can run our script
    if [ “$(id -u)” != “0” ]; then
    echo “This script must be run as root” 1>&2
    logger “KerberosFixer.sh was not run as root!”
    exit 1
    fi

    sleep 1
    echo “Checking Kerberos, please wait”
    echo “File location: $kerberos_file”

    #Check the file size on the KERBEROSFILE

    eval $(stat -s $kerberos_file)

    kerberos_filesize=”$st_size”

    if [ “$kerberos_filesize” == “0” ]

    then
    echo “Kerberos file corrupted, resetting file. Please wait…”
    rm $kerberos_file
    logger “KerberosFixer.sh has repaired your Kerberos file.”
    else
    echo “The Kerberos file appears to be okay. Have a nice day.”
    fi

    exit 0
    [/code]
    let me know if i left out any details, thanks for the quick reply too.

    June 12, 2009 at 12:47 pm in reply to: Using AD though OD #376431
    hondamusprime
    Participant

    [b]bezzoh[/b]

    has 10.5.7 fixed this issue for you? I haven’t seen this problem in about a month, and I’m hoping that 10.5.7 has resolved it.

    also, could you post the KB articles from Apple?

    my temporary solution has been to use a launch daemon to detect a zero byte value on the Kerberos plist file and remove it.

    you don’t need a full reboot in order for the file to be rebuilt, it should detect that the file is missing and rebuild it in about 90-120 seconds.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
Copyright © 2025 AFP548. All Rights Reserved.