[vogtstev]

I did check my local user and group ID’s. I don’t see any conflicting. createUser has picked them with the exception of one hidden acount I have for extra administration. This user had an ID of 499, but so far everything seems to be working fine with that one.

I am pretty convinced that it is something to do with the record augmentation happening, but I’m not sure how to stop if from doing that.

[vogtstev]

Ah that totally makes sense!!! I’m guessing if I change my local UID’s if any others are created they will run into the same issue because Leopard will start with the next available UID. I asked about changing on the server and the system admin is looking into it, although I guess the accounts are tied to a lot of things.

Looking at things from a different angle, in our situation we shouldn’t need the augmentation. Is there actually a way to disable it easily on each client?

Thanks for the great advice!!!

[vogtstev]

One other thing I noticed: It’s not like the user is completely coming off the LDAP server. It’s as if it’s logging in with the proper local name and password, but looking on the server for the home directory of user 501 and 502. hmmm.

[vogtstev]

OK, so I did a lot of “catting” around as well as using dscl read. Everything on the local system appeared normal as I could tell. I did notice something though. There happens to be users on the server with names postmaster and httpd that happen to have corresponding UID’s to my local users (501 and 502). So I think it may be looking at the LDAP directory before the local directory. However, Directory Utility shows local as being the first thing to search. Hmmm.

The LDAP server was the same server we were using with our Tiger clients. Nothing has changed to my knowledge. Even the schema is the same although we are about to update it. We are using an OpenLDAP server.

Not sure if I’m going about it the right way, but in my InstaDMG build I have a package that installs the “Directory Service” directory into /Library to give my clients all the LDAP settings.

Hope this gives more clues. Keep the ideas coming! Thank you! Thank you for you fast response!!

[vogtstev]

Just out or curiosity last night before I read this I moved all my Apple items including iLife and it’s updates to the AppleUpdates folder so I could keep them straight against all my custom packages like adobe, environment, etc. Is there a disadvantage to doing this for now? Also are you adding a folder or just changing the name? I’m pretty over organized sometimes and extra folder would be sweet.

~Steve

[vogtstev]

Oops, hahaha. about the .edu. I’ve never noticed I’ve been doing that all year!!! 😀

Anyway, I can break this down a little more. i just reread my original post and it definitely was kind of confusing.

# Call Name Computer Sciprt
/Library/Management/scripts/setcomputername.command
[b]Doesn’t seem to be running until the user actually logs in. It seems like the login process is happening to fast to happen otherwise. Last year I had this as part of my login hook. I just want it to run once this year. This does not need root privileges to my knowledges. The script is just using scutil to set names.[/b]

# Activate SPSS 16
cd /Applications/SPSS16/SPSS16.0.app/Contents/bin/
./licenseafter.sh
[b]This also does not need root privileges. This one is working fine.[/b]

# Remove Files
rm -R /Library/LaunchAgents/com.gustavus.firstlogin.plist
rm -R /Library/Management/firstlogin
[b]This is where the root privileges come in. I can’t delete /Library/LaunchAgents/com.gustavus.firstlogin.plist without this it seems. In the command line I can only delete if I use sudo or su.[/b]

Hope that makes more sense!!
I’m looking at that website now.
Thanks!!
Steve

[vogtstev]

just tried it. seemed to work fine.

[vogtstev]

OK, I found one thing myself –
I accidently put the -d in dsenableroot and i should have put my passwords in ‘password”. It was evaluating the goofy characters.

Oops

[vogtstev]

One other thing to add:

This package runs during the build after the admin accounts are created with the “Create User” packages.

[vogtstev]

Thanks guys! I was just about to try the new script. I added those lines to another script and made a payload free package. However, I now have another set of lines in question. I tried making this package previously and it did not seem to execute the commands. I’m trying to set the Date & Time and Enable Root. I know I shouldn’t put the root password in the package and I’m hoping to eventually set this up with password hash, but for testing purposes I have the following:

#!/bin/sh

cd “$3″/

# Enable root
“$3″/usr/sbin/dsenableroot -d -u admin -p adminpassword -r rootpassword

# Set Time
“$3″/usr/sbin/systemsetup -settimezone America/Chicago
“$3″/usr/sbin/systemsetup -setnetworktimeserver time.apple.com
“$3″/usr/sbin/systemsetup -setusingnetworktime on

# Setup Login
defaults write “$3″/private/var/root/Library/Preferences/com.apple.loginwindow LoginHook “/Library/Management/scripts/byhostfix-105.pl”
defaults write “$3″/private/var/root/Library/Preferences/com.apple.loginwindow DesktopPicture “/Library/Management/backgrounds/crown.jpg”

Let me know if you see any more problems! Thanks so much!!!

[vogtstev]

BTW – Wasn’t Acrobat 8 the first Adobe product to become Universal?

On a side note, I just tried made an image with this fix off Adobe Forums. It doesn’t seem like it should completely work, but many people claim it does. I’ll report back when I find out for sure.

Do this:

Go to
1) – Applications -> Adobe Acrobat 8 Professional -> Adobe Acrobat Professional ->
Contents -> MacOS in here you will find a file called AcroENUPro80SelfHeal.xml

2) Open this file with a text editor and do a search for “Utilities/” (without the ” ) you will
find 2 of them, press delete

old string looks like this = Contents/MacOS/SelfHealFiles/Applications/Utilities/Adobe Utilities.localized/Adobe Updater5/Adobe Updater.app

new string will look like this after u delete the Utilities/ = Contents/MacOS/SelfHealFiles/Applications/Adobe Utilities.localized/Adobe Updater5/Adobe Updater.app

3) save the file

4) in the same folder you fill find a folder called SelfHealFiles

Go to.
5) SelfHealFiles -> Applications -> Utilities and make a copy of the Adobe Utilities folder
to ur Desktop.

6) move back to SelfHealFiles -> Applications and delete the Utilities Folder.

7) move the Adobe Utilities folder from your Desktop to the SelfHealFiles -> Applications.

before it looked like this = SelfHealFiles -> Applications -> Utilities -> Adobe Utilities

and now = SelfHealFiles -> Applications -> Adobe Utilities

Close all ur windows.

Go to:

9) Library -> Application Support -> Adobe -> Acrobat in here u will find a file called
AcroENUPro80SelfHeal.xml

10) Open this file with a text editor and do a search for “Utilities/” (without the ” ) u will
find 2 of them, press delete

11) save the file

DONE!!!!!

[vogtstev]

Ok. Sorry it took so long. I haven’t been able to work on this for a few days since I was out of the office. Anyway, I ran the terminal command to give me verobse ichat output and this is what I got. Nothing stuck out at me. Maybe someone else sees something. Thanks!

Steve

leo:~ admin$ /Applications/iChat.app/Contents/MacOS/iChat -errorLogLevel 7
211729.325285 ER_AddFilter (0): Adding [[email protected]]->[0]
211729.326087 setLocalUserName: [email protected]
211729.337387 Default video size is (320 x 240)
211729.356169 H264: (320 x 240) @ 30 fps
211729.356780 H264: (160 x 120) @ 30 fps
211729.357270 H263: (352 x 288) @ 30 fps
211729.357722 H263: (176 x 144) @ 15 fps
211729.358978 ######################################
211729.365404 # SoundDec_Create(81536 –> 393219) #
211729.365939 ######################################
211729.380903 Leaving SoundDec_Create
211729.381994 ### NEW STATE: to: VC_INIT, from: VC_INVALID
211729.382717 ### NEW STATE: to: VC_IDLE, from: VC_INIT
211729.383231 ++++++++++ confStatusMapRemoveAll
211729.383637 ( ) — mapUserIDToSecurityInfo cleared —
211729.384127 NATTraversal created
211729.384929 Bandwidth based on QT prefs = 384
211729.484059 Selected microphone is the null device microphone.
211729.485158 vcCapabilitiesOfCPU returns: 0x00000fff
211729.485691 VCCapAudio
211729.486081 VCCapVideo
211729.486447 VCCapMultiAudio
211729.486808 VCCapMultiVideo
211729.487296 VCCapMultiAudioHost
211729.487718 VCCapMultiVideoHost
211729.488096 VCCapRDClient
211729.488477 VCCapRDServer
211729.488856 VCCapRecordAudio
211729.489230 VCCapRecordVideo
211729.489603 VCCapAuxVideoSend
211729.489979 VCCapAuxVideoRecv
211729.491124 BWD: GotBandwidth: 379084967/245762711 (up/down) @[138.236.128.78:255.255.255.0]
211729.492085 BWD bandwidth: 379084 kbits up, 245762 kbits down.
211729.492751 videoNetworkCapable: 1 — 3 max participants.
211729.493459 audioNetworkCapable: 1 — 9 max participants.
211729.493930 Supports PCMU wideband for audio: 1 / video: 1
211729.494037 SNATMAP Configuration: snatmap.mac.com:5678
211729.495379 vcCapabilitiesOfNetwork returns: 0x00000fff
211729.495929 VCCapAudio
211729.496336 VCCapVideo
211729.496712 VCCapMultiAudio
211729.497091 VCCapMultiVideo
211729.497472 VCCapMultiAudioHost
211729.497854 VCCapMultiVideoHost
211729.498231 VCCapRDClient
211729.498610 VCCapRDServer
211729.498982 VCCapRecordAudio
211729.499363 VCCapRecordVideo
211729.499742 VCCapAuxVideoSend
211729.500115 VCCapAuxVideoRecv
211729.500490 vcCapabilities returns: 0x00000fff
211729.501053 VCCapAudio
211729.501481 VCCapVideo
211729.502077 VCCapMultiAudio
211729.502557 VCCapMultiVideo
211729.502984 VCCapMultiAudioHost
211729.503386 VCCapMultiVideoHost
211729.503766 VCCapRDClient
211729.504253 VCCapRDServer
211729.504638 VCCapRecordAudio
211729.505009 VCCapRecordVideo
211729.505443 VCCapAuxVideoSend
211729.505830 VCCapAuxVideoRecv
211729.510230 Found 0 cameras:
211729.514188 Microphone devices:
211729.515262 Line In
211729.515876 Digital In
211729.516773 Selected microphone is the null device microphone.
211729.517648 vcCapabilitiesOfCPU returns: 0x00000fff
211729.519599 VCCapAudio
211729.529995 VCCapVideo
211729.530062 VCCapMultiAudio
211729.530074 VCCapMultiVideo
211729.530088 VCCapMultiAudioHost
211729.530098 VCCapMultiVideoHost
211729.530109 VCCapRDClient
211729.530119 VCCapRDServer
211729.530130 VCCapRecordAudio
211729.530141 VCCapRecordVideo
211729.530151 VCCapAuxVideoSend
211729.530162 VCCapAuxVideoRecv
211729.531389 BWD: GotBandwidth: 379084967/245762711 (up/down) @[138.236.128.78:255.255.255.0]
211729.531898 BWD bandwidth: 379084 kbits up, 245762 kbits down.
211729.531955 videoNetworkCapable: 1 — 3 max participants.
211729.531968 audioNetworkCapable: 1 — 9 max participants.
211729.531981 Supports PCMU wideband for audio: 1 / video: 1
211729.532528 vcCapabilitiesOfNetwork returns: 0x00000fff
211729.532582 VCCapAudio
211729.532594 VCCapVideo
211729.532605 VCCapMultiAudio
211729.532787 VCCapMultiVideo
211729.532807 VCCapMultiAudioHost
211729.532818 VCCapMultiVideoHost
211729.532828 VCCapRDClient
211729.532839 VCCapRDServer
211729.532849 VCCapRecordAudio
211729.532859 VCCapRecordVideo
211729.532869 VCCapAuxVideoSend
211729.532880 VCCapAuxVideoRecv
211729.532891 vcCapabilities returns: 0x00000fff
211729.532902 VCCapAudio
211729.532912 VCCapVideo
211729.532922 VCCapMultiAudio
211729.532932 VCCapMultiVideo
211729.532943 VCCapMultiAudioHost
211729.532953 VCCapMultiVideoHost
211729.532963 VCCapRDClient
211729.532973 VCCapRDServer
211729.532984 VCCapRecordAudio
211729.532994 VCCapRecordVideo
211729.533004 VCCapAuxVideoSend
211729.533015 VCCapAuxVideoRecv
211729.533485 Found 0 cameras:
211729.533687 Found 0 cameras:
211729.534090 selectCamera: returned 0
211729.537189 Microphone devices:
211729.537937 Line In
211729.538019 Digital In
211729.538653 Selected null device microphone.
211729.549547 Selected microphone is the null device microphone.
211729.564819 Comm reporting flags: 00000112
211729.619680 CommNAT result:
External IP: 138.x.x.x
External Ports: 16403, 16403, 16403
CNAT_BADTEST ……. 0
CNAT_ISFULLCONE …. 1
CNAT_ISPAT ……… 0
CNAT_ISPATHOST ….. 0
CNAT_TRYPRESERVE … 1
CNAT_PATINORDER …. 0
CNAT_BLOCKIP ……. 0
CNAT_BLOCKPORT ….. 0
CNAT_LOOPBACK …… 1
211730.261783 UPnP not found (-3)
211730.262042 UPnP shutdown

[vogtstev]

Just on a side note. I installed a different intermediate chaining file as instructed by GoDaddy. Everything chains up correctly, but I still get the exact same problem.
Also if I verify the *.gac.edu cert in keychain assistant using x.509 anchors it get: Certificate Status: Good; Evaluation Status: No root cert found.

hmmmm

[vogtstev]

So just to be on the safe side I did a complete fresh install of the server, reimported the certificates, etc.

——————————————————————————————————————————————

So before I edited the files as in the previous post I received:

openssl s_client -connect leo.gac.edu:5223
connect: Connection refused
connect:errno=61

I also received the exact same thing after editing the files and NOT commenting out the CACHAIN line.

——————————————————————————————————————————————

After editing the file AND commenting out the CACHAIN line I received:
(part of cert removed for security)

openssl s_client -connect leo.gac.edu:5223
CONNECTED(00000003)
depth=0 /O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
verify error:num=27:certificate not trusted
verify return:1
depth=0 /O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
verify error:num=21:unable to verify the first certificate
verify return:1
—
Certificate chain
0 s:/O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIE2DCCA8CgAwIBAgIDP1JRMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UE
ChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0
ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzAe
Fw0wNzAyMDExNTQwNTNaFw0wODAzMDExNDE3MzJaMEsxEjAQBgNVBAoTCSouZ2Fj
LmVkdTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRIwEAYDVQQD
B2dhYy5lZHUwDQYJKoZIhvcNAQEFBQADggEBADaP8RSu2YIplRIhSIeRkakC4cts
zieg1y17jq4WMHk/x4cBctyaytmiHEr1Zq2htnU7gWwyAi7vTQ1jjFeIQV3tOEs6
nk9VZdqk9sedVAkR8egbuXfnBETVKNnxkYcNxMRg1sFCLxr1tS0IPVc1OKdB0tHk
obLg1BIUyNfgYJdR8/0X+of0htKXLSwWrbFw3stWAws9OpAT8t+4iujnN/8JjIjF
lBAfH7rvCbxvSDbPgtfw5cnlXfEi9MZw6b44WcRkH4mSxmRQQCQMfaW6kv0x0Coh
Pv1fDFYvVMPnaWXNA9utgPQ0JQ03fVxvu92He2VsmtKy9ifzrbVYMTPl5oU=
—–END CERTIFICATE—–
subject=/O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
—
No client certificate CA names sent
—
SSL handshake has read 1406 bytes and written 316 bytes
—
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 713A31A101884EC9F7F0C1BFE6279D98847657DD9396C64E77EA91C57F3513AE
Session-ID-ctx:
Master-Key: E50CD20E8C6902E652F2F7DD8BEFBA256C7D955D191D59969A48EB74B310E40A0A5B3E2124FB56B00643422952F41231
Key-Arg : None
Start Time: 1199995620
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
—

——————————————————————————————————————————————

I don’t know if this helps, but this is what I received when I used the cert on the web port 443, which functions fine.
(part of cert removed for security purposes)

openssl s_client -connect leo.gac.edu:443
CONNECTED(00000003)
depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
—
Certificate chain
0 s:/O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
—
Server certificate
—–BEGIN CERTIFICATE—–
MIIE2DCCA8CgAwIBAgIDP1JRMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UE
ChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0
ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzAe
Fw0wNzAyMDExNTQwNTNaFw0wODAzMDExNDE3MzJaMEsxEjAQBgNVBAoTCSouZ2Fj
BQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wSgYIKwYBBQUHMAKGPmh0dHA6
Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1l
ZGlhdGUuY3J0MB0GA1UdDgQWBBSZ5s5HOPgG/hDn7N2MnVbwD+gSTTAfBgNVHSME
GDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zAdBgNVHREEFjAUggkqLmdhYy5lZHWC
B2dhYy5lZHUwDQYJKoZIhvcNAQEFBQADggEBADaP8RSu2YIplRIhSIeRkakC4cts
zieg1y17jq4WMHk/x4cBctyaytmiHEr1Zq2htnU7gWwyAi7vTQ1jjFeIQV3tOEs6
nk9VZdqk9sedVAkR8egbuXfnBETVKNnxkYcNxMRg1sFCLxr1tS0IPVc1OKdB0tHk
obLg1BIUyNfgYJdR8/0X+of0htKXLSwWrbFw3stWAws9OpAT8t+4iujnN/8JjIjF
lBAfH7rvCbxvSDbPgtfw5cnlXfEi9MZw6b44WcRkH4mSxmRQQCQMfaW6kv0x0Coh
Pv1fDFYvVMPnaWXNA9utgPQ0JQ03fVxvu92He2VsmtKy9ifzrbVYMTPl5oU=
—–END CERTIFICATE—–
subject=/O=*.gac.edu/OU=Domain Control Validated/CN=*.gac.edu
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
—
No client certificate CA names sent
—
SSL handshake has read 4092 bytes and written 316 bytes
—
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: DD6C42055B65733457B15315728E88636B2BF6E3A9FE6479BE0060342B5AA4B7
Session-ID-ctx:
Master-Key: E0E8CA5585E17B8D081BBEF82B55F8CDDB8475EF46D40A0A7E240EFDF0516C855FA714000FFB5E40EAD226BEB7E77E7A
Key-Arg : None
Start Time: 1199993071
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

——————————————————————————————————————————————
Thanks so much for helping me look into this very frustrating and long going problem.

[vogtstev]

Thanks for your help! It doesn’t appear that there was a passphrase on the cert, but I followed your directions and this time it worked with one exception. If I comment out the cachain line ichat connected, but asked me if i could trust the cert. If I uncommented it, users couldn’t connect. I am using GoDaddy as my cert provider and they have an intermediate chain file that I had to install. If you have any other ideas let me know.

Thank you so much!

[Author]

Posts