[jgardner]

Here’s a version that resets the rule numbering, but keeps the existing blacklisted hosts and TTLs intact.

[code]
#!/bin/sh
BF=/var/db/af/blacklist
MAX=`/usr/bin/cut -f3 $BF | /usr/bin/sort -n | /usr/bin/tail -1`
if [ $MAX -gt 12000 ]
then
/bin/mv $BF $BF.old
/sbin/ipfw delete set 17
/usr/libexec/afctl
CT=`/bin/date +%s`
for IP in `/usr/bin/cut -f1 $BF.old | /usr/bin/grep -v “#”`
do
EXP=`/usr/bin/grep $IP $BF.old | /usr/bin/cut -f2 | /usr/bin/cut -f1 -d’.’`
TTL=`/bin/expr $EXP / 60 – $CT / 60`
/usr/libexec/afctl -a $IP -t $TTL
done
fi
[/code]

[jgardner]

Had sieve working great. After updating to 10.3.9 and fixing sieve according to the instructions, I’m seeing the following log entries when I access the filters through squirrelmail, and mail is not getting filtered:

Apr 25 02:36:09 kim master[567]: service sieve pid 3 in BUSY state: sent unavailable message but it is already busy

Apr 25 02:36:09 kim timsieved[7994]: unable to open LA file: /usr/lib/sasl2/pwauxprop.la

Apr 25 02:36:09 kim timsieved[7994]: unable to dlopen /usr/lib/sasl2/pwauxprop.so: dlcompat: can't read object file

Apr 25 02:36:09 kim timsieved[7994]: Bad IPLOCALPORT value

Apr 25 02:36:10 kim timsieved[7994]: login: [local] jon PLAIN User logged in

Any ideas?

P.S. Never mind…following epaulsen5’s instructions (previous page) fixed it.

[jgardner]

Check the file permissions on /etc/procmailrc and on the .procmailrc file in your home directory. Be sure the “mail” group has read permissions.

[jgardner]

After playing with it for awhile, I have realized that Apple has made some significant changes in their Samba integration with Jaguar, mostly for the better.

* The standard procedure for adding PDC functionality still works. That’s all covered elsewhere (see https://www.afp548.com./Articles/system/sambapdc.html), so I won’t repeat it here.

* No longer will Server Settings overwrite your customizations in /etc/smb.conf, so you don’t have to do the “sudo chflags uchg /etc/smb.conf” bit (though there’s a catch to this: once you’ve made your manual changes, you should reboot the server before running the Windows config in Server Settings, as it seems to cache the startup settings somewhere, and it *will* overwrite your customizations until you restart–at least, that’s what it does to me!).

* A separate standalone install of Samba (in /usr/local/samba, typically) does not seem to work properly, as it used to in 10.1.x. There are issues with network browsing etc. that seem to stem from the different user authentication scheme in Jaguar.

* Workgroup Manager still will not allow you to add a user with a trailing “$”. When adding a Windows host to the domain, you still must use the root username & password to authenticate.

* Machine accounts do not have to use Password Server, but any user accounts that need to logon from Windows must use Password Server authentication.

Here is the business end of my smb.conf file, for what it’s worth:

[global]
        local master = YES
        domain master = YES
        preferred master = YES
        domain logons = YES
        os level = 64
        security = USER
        admin users = admin, joe
        logon drive = U:
        logon home = \\%N\Users\%u
        logon path = \\%N\profiles\%u
        domain admin group = admin @wheel
        guest account = unknown
        max smbd processes = 0
        encrypt passwords = YES
        print command = /usr/sbin/PrintServiceAccess printps %p  %s
        lpq command = /usr/sbin/PrintServiceAccess jobs %p
        lprm command = /usr/sbin/PrintServiceAccess remove %p  %j
        lppause command = /usr/sbin/PrintServiceAccess hold %p  %j
        lpresume command = /usr/sbin/PrintServiceAccess release %p  %j
        printer admin = unknown, @staff
        server string = Mac OS X Server (Samba %v)
        client code page = 437
        coding system = utf8
        log file = /Library/Logs/WindowsServices/WindowsFileService.log
        netbios name = JAGUAR
        workgroup = NT-DOMAIN-NAME
        wins support = NO
        log level = 2
[netlogon]
        path = /Shared Items/PDC/netlogon
        writeable = NO
        write list = ntadmin
        comment = Windows netlogon
[homes]
        path = /Users/%u
        read only = NO
        create mask = 0600
        directory mask = 0700
        comment = Windows user homes
[profiles]
        path = /Shared Items/PDC/profiles
        writeable = YES
        create mask = 0600
        directory mask = 0700
        comment = Windows user profiles
[Users]
        path = /Users
        public = NO
        create mask = 0644
        directory mask = 0755
        read only = NO
        comment = macosx

[jgardner]

One of my astute comrades discovered a nifty Java utility that will scan your LDAP server and give you a list of possible searchbases. Not as much fun as a debug log, but much more convenient. 😉
http://www.iit.edu/%7Egawojar/ldap/index.html

[jgardner]

Using a searchbase of cn=users,dc=tamu,dc=edu doesn’t work in Entourage or Address Book. To get Entourage to work, I have to use “ou=People,o=Food Services,c=US” as a searchbase. Go figure.

The trick is to run slapd in debug mode. Kill slapd, then run:

/usr/libexec/slapd -d 1

This will dump a bunch of crap to your screen. Do an LDAP search with Address Book sans searchbase, which should work. Then look in the crap on the screen for the line beginning “send_search_entry”. This line should contain the searchbase (ignoring the uid value) you need to use in Entourage. For example, mine read:

=> send_search_entry: dn=”uid=joyceh,ou=People,o=Food Services,c=US”

Hope this helps somebody.

[Author]

Posts