From paul.suh at ps-enable.com Tue Jan 29 09:12:37 2008 From: paul.suh at ps-enable.com (Paul Suh) Date: Tue Jan 29 09:12:45 2008 Subject: [Newsletter] Preventing Reboot Post-Installation, Wiki Server and the Contacts Search Path, 7 Steps for the Newbie Message-ID: <1DC23E33-5FBE-40DA-8BA3-0378632079F0@ps-enable.com> Folks, It's been a while, and I really meant to send this out before Macworld, but better late than never. I'll write up some more stuff in a little bit. Preventing Server Reboot After Installation ------------------------------------------------------------ There are times that I want to keep a server from rebooting into setup mode after the installation finishes. For instance, when preparing new ASR images, I don't want the newly installed system from actually booting for the first time. The trick is to open up the Install Log window after the install has started. This will prevent the 30-second reboot timer from starting after the install completes. Wiki Server and the Contacts Search Path ------------------------------------------------------------ I was having one heckuva time setting up the Leopard Server Wiki for a client, who wanted to authenticate against his existing Active Directory master. I followed the instructions in Apple's KBase article at , but users were still unable to log in. The error was: 'NoneType' object has no attribute 'shortName' From tracing the exception flow in the Python source code files at / usr/share/wikid/lib/apple_utilities/SessionHandler.py, it was apparent that the actual authentication was succeeding, but then when wikid tried to retrieve the user record info it was unable to do so, and thus the login process failed. Now, I had done this setup on one of my testbed setups a few days prior, so I knew that it did work, but why was it failing at the client's location? I did DirectoryService debug tracing to watch the series of calls that was happening. ('sudo killall -USR1 DirectoryService', then 'tail -f / Library/Logs/DirectoryService/DirectoryService.debug.log') I saw that there were calls to look at: /Contacts /Local /BSD /LDAPv3/127.0.0.1 Why weren't there any calls to /Active Directory/All Domains? Much pounding of head against keyboard later, I realized that the key was in the first line: "/Contacts". In doing my usual conservative, least- privilege setup, I had AD in the Authentication search path, but not the Contacts search path. For some reason wikid was using the Contacts search path rather than the Authentication search path to look up user information. Once I added AD to the Contacts search path as well as the Authentication search path, everything worked. I don't understand why the wikid team used the Contacts search path instead of the Authentication search path for this, but there it is. I've filed a bug in Radar, and hopefully there'll be some sort of resolution from Apple engineering soon. 7 Steps to Getting Your New Computer Running Right -------------------------------------------------------------------------------- Here's a useful link to forward to people who have gotten a new computer: "7 Steps to Getting Your New Computer Running Right" It's an article by Rob Pegoraro, an acquaintance of mine at the Washington Post, and it covers both Macs and Windows machines. FWIW I agree with him for everything except turning on the Mac OS X's built- in firewall; the firewall isn't necessary to secure a Mac. --Paul Paul Suh http://www.ps-enable.com/ paul.suh@ps-enable.com (240) 672-4212 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2615 bytes Desc: not available Url : http://lists.ps-enable.com/pipermail/newsletter/attachments/20080129/87ccde95/smime.bin