[uurf]

This KB Doc describes how to use kickstart, which does exactly what I was looking for:

http://docs.info.apple.com/article.html?artnum=108030

“Apple Remote Desktop 2 includes the “kickstart” command line utility. It allows you to install, uninstall, activate, configure, and restart components of Apple Remote Desktop without restarting the computer. You can configure all the features found in Apple Remote Desktop preferences.

The kickstart utility is located here:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart”

[uurf]

I applied it to our test bed. The combo installer hung during “Optimizing Volume”. Had to quit the installer, reboot, and run the Combo installer again.

Things seem to be in order now, but it’s not under the same loads as our production environment.

[uurf]

so having tried changing:
url==afp://;AUTH=NO%20USER%20AUTHENT@machineName/Library

and trying:
url==afp://;@machineName/Library
and
url==afp://machineName/Library

…but neither worked (/Network/Library turned back into alias with missing target). ANy thoughts?

[uurf]

[QUOTE]yes just remove and see what happens.[/QUOTE]

there’s two places that url==afp: is listed – VFSOpts, and dsAttrTypeNative:mountOption.

In which entry should the edits occur (or both)?

[uurf]

there’s two places that url==afp: is listed – VFSOpts, and dsAttrTypeNative:mountOption. In which entry should the edits occur (or both?

so just remove NO%20USER%20AUTHENT

from

url==afp://;AUTH=NO%20USER%20AUTHENT@machineName/Library

or replace it with KERBEROS or similar?

[uurf]

MT,

Our server has both Open directory and Kerberos working (however, only some of the clients are ever challenged for Kerberos authentication). Would love any tips you might have.

Thanks,

Chris

[uurf]

So here’s the immediate implications:

All users (including local users) of all machines bound to our Directory Service have /Network/Library and /Network/Applications. (not optimal)

All users of any machine in our domain can connect as AFP User: Guest and access volumes “Applications” and “Library”, and therefore any of our fonts or apps that might live there. This is a BIG Problem, since both Fonts and Applications require licenses.

If I turn of Access Everyone:Read in the Workgroup Manager Sharepoints:General, the /Network/Library and /Network/Applications/ mounts don’t work (back to white doc icon with alias badge for which “Original cannot be found”).

SURELY there is a way to share these resources to a constrained group of users. Does anyone have a suggestions/workarounds to achieve this?

Thanks – Chris

[uurf]

So two issues here.

Got Shared Applications and Shared Library to work, finally. The key seems to be having Guest access enabled in the AFP settings.

What are the security implications of that, beyond open access to users’ Public directories? It seems that only bound machines would be able to access /Network/Applications and /Network/Library, but I’m not sure, and don’t really want to share a bunch of fonts and apps with our whole network.

Accessing Fonts in individual users’ network home directories (~/Library/Fonts) appears to still not work. Well, that is, it works for the first login after reboot, but not for any subsequent logins. Has anyone else experienced this and could perhaps suggest a workaround?

[Author]

Posts