|
|
|
|
|
|
|
|
| Home | Tips | Scientific | Links | Contact | |
||
Tips and Problem Resolution |
|||||||
Add Date to Menu Time Display (R.Hill 2/16/06)This from the March 2006 issue of MacAddict: How to add the date to your menu bar display. Yep, I am aware that there are applications to do this (like WClock). And there MAY be some issues doing it this way with date stamps in some applications (line iCal or iPhoto). Although I do not know of any (yet). Of course, it would be nice if Apple just made this a feature in the Date/Time preferences. There is a method for sort of doing this using custom International time display settings, but 1) it doesn't always work (honest) and it does cause (reported) some issues. So, how is it done: 1. Open Terminal 2. At the prompt, type: defaults write -g AppleICUTimeFormatStrings -dict-add 2 "MMMM d, y hh':'mm':'ss' 'a" Thu February 10 2006 09:09 AM 3. type: killall SystemUIServer Here's what to enter for the original setting: defaults write -g AppleICUTimeFormatStrings -dict-add 2 "hh':'mm':'ss' 'a" Here are some other settings and the resultant displays I have tried: defaults write -g AppleICUTimeFormatStrings -dict-add 2 "MMM d hh':'mm':'ss' 'a" defaults write -g AppleICUTimeFormatStrings -dict-add 2 "MMM d hh':'mm':'ss" defaults write -g AppleICUTimeFormatStrings -dict-add 2 "MMM d h':'mm':'ss" Finally, standard caveat applies about you being solely responsible for making/trying any of these changes (Iw ill not be helping you fix things if you break 'em!). Mac OS X Cyber Safety: Quick-Click Guide (Paul W. 9/27/05)I've put together a Quick-Click Guide to Mac OS X cyber safety. It is terse and bare-bones, but it does give you a recipe of things to click and check. http://computing.geology.ucdavis.edu/security/CyberSafety-MacQuickClick.php In addition to the common things you want to click and check to meet the Cyber Safety policy, it includes more esoteric items, such as setting password policy and complexity requirements for Mac OS X 10.4 (Tiger), and forcing a global policy of a 20-minute, locking screen saver (useful in Macintosh labs and iBook carts). And it turns out you CAN set password policy and complexity requirements for Mac OS X client -- but only for non-admin users. Note that the parameter list needs to be surrounded by double-quotes. This seems to work (all as one line): pwpolicy -a `whoami` -setglobalpolicy "usingHistory=10 minChars=10 requiresAlpha=1 requiresNumeric=1 maxFailedLoginAttempts=10 passwordCannotBeName=1" To verify the settings, use: pwpolicy -a `whoami` -getglobalpolicy The 'whoami' assumes you are logged in to an administrator account. (It just fills in your account name.) The newPasswordRequired parameter can be set for individual users. (BUT doesn't seem to work, just locks them out) epaul is the user short-name used in these examples. pwpolicy -a `whoami` -u epaul "newPasswordRequired=1" (Let me know if you get newPasswordRequired to work.) To verify the settings, use: pwpolicy -a `whoami` -u epaul -getpolicy Note that a user who gets maxFailedLoginAttempts will disappear from the login screen if you are using the icon display. They will need to be re-enabled with: pwpolicy -a `whoami` -u epaul -enableuser Similarly, you can disable logins for a user, leaving their files intact for later reuse, and removing their name and icon from the icon-view login window, with: pwpolicy -a `whoami` -u epaul -disableuser See: man pwpolicy for more details on what each option does. Opera web browser is now free. (Graham F. 9/20/05)The Opera web browser, which for a long time has earned a strong reputation for cross-platform reliability, is now free to download and use. They've done away with the ad-ware and appear now to be relying on support contracts and sales of the mobile version in order to fund development. Take a look: http://opera.com/products/desktop/ Versions are available for MacOS X, Windows, Linux, FreeBSD (x86), Solaris (SPARC), OS/2 (still ad-ware), and QNX. Local Admin Privileges in Tiger (Jarrod W. 9/7/2005)From our friends at http://www.afp548.com: Local Admin Privileges in Tiger Confusing at first, but smart in the long runA new "feature" of Tiger is that users in the LDAP, or other network directory, admin groups no longer have the ability to be local admins on the machine. For example, just because you are the diradmin user, this doesn't mean that you'll be able to use Server Admin to administer the server. Same goes for OS X client to. Just because you are in the LDAP admin group doesn't mean that you'll be able to change printer settings on the client machine.This caught me off-guard at first, and I must admit I was a bit peeved by it. However, I've actually grown to find this a rather clever dichotomy.Now you can easily delegate admin capabilities amongst your network systems. For example, you can create a "help desk" group in LDAP, then nest that group inside the client's admin group. Now you're help desk personnel can click through authentication dialogs on the client, but have no admin abilities on the servers.Create another group "web server admins" and nest this inside the local admin group on your web servers and so on. Now you can have a bit more granularity with what users can be admins on what systems.You can automate this with the dseditgroup command. For example this command: dseditgroup -o edit -a helpdesk -t group -n /NetInfo/DefaultLocalNode adminwill nest the helpdesk group inside the local admin group.A further bit of confusion, or perhaps opportunity, lies in the fact that sudo is not aware of nested groups. I imagine this will be fixed, since it seems to be a bit of a bug. Until then, however, you can use visudo to add other groups besides the admin group to the sudoers list, which lives at /etc/sudoers.So, you can now have an LDAP-based helpdesk and clientadmin groups. Nest them both in the local admin group but only put clientadmin in the /etc/sudoers file. Now you have allow help desk users to admin the machine but not have sudo rights, and the client admin users to both admin and sudo on the machine. Corsaire white paper updated for Tiger (Rodd K. 9/2/05)http://www.corsaire.com/white-papers/050819-securing-mac-os-x-tiger.pdf Mac OS X: How to Configure Kerberos (Daniel R. 7/13/05)As of Mac OS X 10.4.2, Kerberized login window support is functioning. You need only configure Kerberos (as described here http://xbase.ucdavis.edu/itexpress/article.cfm?art=948) and have your Mac OS X "Short Name" match your UCD LoginID. One *does* have to make a change to one's /etc/authorization file in order to enable Kerberized login window support. The procedure is outlined here: http://tech.ait.iastate.edu/macosx/how-to/kerberized-login.shtml#10.4 This configuration is most suited to a Mac that has a persistent network connection. It will allow users of the Mac to authenticate using either their Kerberos userid and password or their local (NetInfo) username and password. The significant advantage of this method is that the users can use a single sign-on when authenticating on the Mac. If the user changes their Kerberos password, they can immediately begin using that password to log in to their Mac. I like this because I use Kerberos authentication in Apple Mail. When I authenticate at the login window with Kerberos, I am granted a Kerberos ticket which Mail uses for authentication on the campus mail servers. Java test for 10.3.9 (Jarrod W. 4/20/2005)After updating to Mac OS X 10.3.9, some systems may have issues with Java applications and Java-enabled websites when using Safari. Safari may unexpectedly quit, and standalone Java applications may unexpectedly quit or not launch. You can perform a simple test to verify whether your computer is experiencing this issue. If it is, you will need to reinstall one or two software updates to resolve the issue. Verifying the issue
If this issue affects your computer, you will get the the message, "Segmentation fault" (if you don't see this, your computer is not affected by this issue). To resolve the issue, reinstall one or both of the following software updates. Read more at the URL: Security Configuration Guide for Apple Mac OS X (Rod K. 10/29/2004)According to http://apple.slashdot.org/ Power Mac G5 (June 2004) Firmware Update 5.1.8f7 (Juan F. 11/18/2004)About Power Mac G5 (June 2004) Firmware Update This firmware update improves system stability for your Power Mac G5 (June 2004). To upgrade the firmware on your Power Mac G5, follow the instructions below. You can print these instructions so they are available while you upgrade your firmware. The Power Mac G5 Firmware Updater is installed in Applications/Utilities. 1. Save changes to open files and then quit all applications, if necessary. The firmware updater starts automatically. A status bar shows the progress of the update. You may see more than one status bar. After the update is complete, your system restarts automatically. When a message says your computer's firmware has been successfully updated to version 5.1.8f7, the update process is finished. See this URL for download: http://www.apple.com/support/downloads/powermacg5june2004firmwareupdate.html RAID Admin 1.3.2 (Juan F. 11/18/2004)RAID Admin is the Xserve RAID's powerful remote management software that dramatically simplifies setup and monitoring of storage volumes. This Java-based application provides an intuitive interface for creating protected storage volumes, logging events, managing preferences, and monitoring storage hardware from virtually any networked computer over TCP/IP. Monitoring panes display detailed information on arrays, drives, LUN mappings, Fibre Channel, network, thermal, power, and events. You can add new systems to the Admin via IP or Apple's innovative Rendezvous technology. What's new in Xserve RAID Admin Tools 1.3.2? This software release improves overall reliability and is recommended for all users. If you are using Xserve RAID in an Xsan environment, you must upgrade the Xserve RAID with the firmware in this release. The versions of RAID Admin and Xserve RAID firmware in this release should replace all earlier versions. Key enhancements include: - 400GB hard drive support - Improved integration with Xsan cluster file system software - Fixed LUN ID compatibility issue with older Xserve RAID firmware 1.1-117a and 1.2-116f - Enhanced "Repair LUN Map" function to repair entries with a missing LUN ID or more than one LUN ID - RAID Admin locks out certain operations on Xserve RAID units with older incompatible firmware - Fixed case where masking LUN 0 prevented other LUNs from being discovered on some host computers - Corrected response to SCSI REPORT LUNS command where large allocation length caused an incorrect LUN list length Download the Xserve RAID Admin Tools update at this URL: http://www.apple.com/downloads/macosx/apple/xserveraidadmintools133.html 10.2 Server to 10.3 Server Upgrade (Juan F. 11/8/2004)You might also make sure at least your Admin user is using an Open Directory password before upgrading. I have learned that if the admin account has a crypt password, you cannot administrate the LDAP domain after upgrading. 10.2 Server to 10.3 Server Upgrade (Paul W. 11/8/2004)1) The script to upgrade mail from Apple Mail Server to Postfix/Cyrus has a bug prior to 10.3.3 that does not correctly pull forward the IMAP flag fields for messages. All mail may all show up as "unread" after the upgrade. Let software update bring you up-to-date before starting the mail services. 2) OpenDirectory/Password Server can get tripped up by minor "flaws" in your database from previous versions ( for example, home directory paths with "short" servernames in the path instead of the fully qualified domain name, embedded RETURNs in comment fields--in my case from pasting in wrapped comments from FileMaker to Workgroup Manager, ...) Make a backup of your user database before upgrading, in case you need to import after the upgrade. Make sure you have separate local administrator and network administrator accounts (like: locadmin and netadmin) and that neither one has a password that starts with a dollar sign. (Apparently one of the upgrade scripts will misinterpret this as a shell variable instead of the password ??). 3) If you have customized the /etc/httpd/httpd_macosxserver.conf file, put a backup copy in a safe place. You may need to customize things after the upgrade has created separate files for each virtual host in the new /etc/httpd/sites directory. (See Rick Hill for more web-related issues.) Proxy server and Mac OS X (Daniel R. 7/13/2004)As of 10.3.2, Automatic Proxy Configuration is available in Mac OS X. This means that Safari (and I suppose Internet Explorer) can be used with the Library's proxy service. Here is how to configure Safari 1.2 to use the proxy service: Make sure that you're using Mac OS X version 10.3.2 (or higher) and Safari 1.2 (or higher). If necessary, start up System Preferences and use the"Software Update" control panel to download and install these upgrades. Start up Safari, and choose "Preferences" from the "Safari" menu. Click on the "Advanced" icon. In the "Proxies:" option, click the "Change Settings..." button. System Preferences should start up automatically, with the "Network" panel open and "Proxies" selected. You may need to log in with your Administrator password to make these changes. Under "Select a proxy server to configure:", choose "Automatic Proxy Configuration." (You may need to scroll down the list to the end to see this choice). In the "Proxy Configuration File" text box, enter the URL for the proxy server's configuration script: http://www.lib.ucdavis.edu/proxy/pacserve Close the Network control panel. It is not necessary to restart Safari to begin using the Library proxy server. HOSTNAME Issue (R. Hill 4/21/2004)I encountered some issues lately connecting to the campus Oracle servers. To make a long story shorter, I discovered that my Mac was sending a long hostname for my machine: the full DNS name for my system. In the sharing panel, I had set the host name to a short, single word, but if I included the hostname in my terminal prompt, it always came up with the DNS resolved name. (Turns out is this hostname is too long, the campus Oracle systems won't let you connect). The other hostname issue that sometimes folks encounter is that their hostname is always localhost. The resolution to both (all) issues is to edit the /etc/hostconfig file. As root, edit the file. At the top you will either see: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reboot and you're set! Setting up Mac OS X Server 10.3 with Apache, Lasso, SSL, and DistAuth (Shawn D. 2/24/2004)The machine: Power Mac G4 Server - Dual 500Mhz, 768MB, 36GB U160 SCSI drives.
For more information, feel free to contact Shawn DeArmond: sgdearmond@ucdavis.edu OS X 10.2 and 10.3 Tips (Jarrod W. 2/2/2004)10.2 Tips (requires Adobe
Acrobat Reader) 10.3 Tips (requires Adobe
Acrobat Reader) Using Disk Utility in Panther to protect just one "folder" (R. Hill 12/18/2003)One of the new features in Panther (OS X 10.3.X) is FileVault. When FileVault is enabled for a user account, that user's home directory is encrypted. It is unlocked when the user logs on. I wanted to use file encryption to create a FileVault secured folder. I did not want to encrypt my entire home directory. After some reading and fiddling, here's my solution. Create an encrypted disk image with Disk Utility. This uses the same AES-128 encryption as File Vault. Question: How do I reset the power manager for my PowerBook?Answer: A separate Knowledge Base article titled PowerBook: Resetting Power Manager describes how to reset the power manager for all PowerBook computers. Resetting the power manager is recommended when the computer is not powering on, not waking from sleep, not charging the battery, or not seeing the AC Adapter. http://docs.info.apple.com/article.html?artnum=14449 Notes on making secure AFS connections (Paul W. 7/22/2003)At today's Mac SIG we discussed making secure Apple File Server (AS) connections. To ensure that every AFS connection makes use of SSH, modify the user's ~/Library/Preferences/.GlobalPreferences.plist Look for the afp_cleartext_allow key and make sure it is false: <key>afp_cleartext_allow</key> <false/> and look for the afp_ssh_force key and make it true: <key>afp_ssh_force</key> <true/> I found these notes on page 214 of "Mac OS X Security" by Bruce Potter, Preston Norvell, and Brian Wotring; 2003, New Riders Publishing. Useful software: More Internet (Leng S. 7/15/2003)Internet Explorer had somehow hijacked ftp URLs from the Finder. I could not find any way to return control back to the Finder for opening ftp URLs. After banging my head on macosxhints and macfixit, I found "More Internet" on Versiontracker. It is a simple pref pane that allows you to add/edit/delete protocol helpers. Although you can do something similar in IE, IE would not let me choose the Finder as my protocol helper. I am now able to click on ftp URLs in a web page and have it mounted as a browseable volume on my desktop! More
Internet OS X Install Disks (Jarrod W. 6/25/2003)I have been asked in the past about why the
install process fails on some systems. I just found this out: 10.2.1 would be a CPU specific install disk. This would fail on systems that are of a different generation that the system you got the CD from. Default Folder Permissions (Rodd K. 5/29/2003)From this Apple discussion it sounds as if Apple does not provide a way to change the default folder permissions. There is a script at: http://www.illusionati.com/os_x/umaskMod.html However, I believe you'd have to run this script on all your clients, which is rather unpractical if you have many users, which is rather likely if you're running a server in the first place. Beginning with OS X Server 10.2.3, there is a way to set the default folder permissions created in an AFP share point to inherit from the parent. Are you ready to upgrade yet? If you're a brave Unix warrior, download the tar file and peruse the scripts to see how they work. Instructions on how to reset OS X w/o a CD (Jarrod W. 5/28/2003)
**the new password will need to be at least 5 characters Oracle, Filemaker and Mac OS X (Tom F. 5/27/2003) For Mac OS X/Oracle connectivity, I have found the Oracle JDBC
Thin Driver 9.0.1 to work For Filemaker, we purchased SQL Plug-in 2.1.2, for SQL queries, we purchased SQL4X Manager J I haven't gotten much farther than verifying these all work with
Banner (both live and extract) How to configure Apple's Address Book to use the UC Davis LDAP directory. (Rodd K. - 5/27/2003) The following instructions have been confirmed using: PDF version (requires Adobe
Acrobat Reader)
EXTRA CREDIT A nest of links to help troubleshooting on the OS X platform (Daniel R. - 3/28/2003)Configuring
LDAP for Mail on Mac OS X Configuring Mac OS X for a Dial-up Connection to the Internet Connecting to ResNet or Campus DHCP using Mac OS X Release a DHCP lease in Mac OS X Mac OS X - Ethernet link status Mac OS X - Identify DHCP Server Settings for 128 Bit SSL on OS X Server (Rick H. - 3/13/2003)OS: Mac OSX Server 10.2.3 Eudora doesn't start (Jackie S. - 2/28/2003)OS: MacOS X 10.2.4/9.2.2 |
|||||||
 |
| Home
| Tips | Computing
| Links | Contact
| | Engineering Home | UC Davis Home | My UC Davis | Disclaimer | |
||||||
