802.1x TLS (Machine certifcate) authentication in Snow Leopard

Similar Messages

• I had to restore my 2006 MacBook Pro back to factory settings (Tiger 10.4). Can I use my Time Machine back up from Snow Leopard to put it back the way it was?

  I cannot locate my Snow Leopard disks but I was able to use the Tiger disk that came with the computer to restore it. However, it completely erased it and set it back to Tiger. Can I use my Time Machine to put Snow Leopard and my data back on the computer?

  You can't restore a Time Machine backup made with Snow Leopard onto a system with Tiger. You can, but you will damage Mac OS X.
  In order to restore your Time Machine backup, you should have your Snow Leopard disc. Then, insert it and hold the C key while your MacBook Pro is starting. Finally, choose your language, go to Utilities menu (on the menu bar), choose the option to restore the backup and follow its steps, so you will recover Mac OS X Snow Leopard

• Ubuntu Karmic authentication against Snow leopard open directory server

  Hi,
  I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
  Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
  Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
  (I've changed the hostname and ldap url)
  /etc/ldap.conf has:-
  base dc=server,dc=domain,dc=com
  ldap_version 3
  rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
  bind_policy soft
  pam_password md5
  /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
  /etc/pam.d/common-passwd :-
  password sufficient pam_ldap.so md5
  password required pam_unix.so nullok obscure md5
  password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
  /etc/pam.d/common-auth:-
  auth [success=2 default=ignore] pam_unix.so nullok_secure
  auth [success=1 default=ignore] pam_ldap.so usefirstpass
  auth requisite pam_deny.so
  auth required pam_permit.so
  /etc/pam.d/common-account:-
  account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
  account [success=1 default=ignore] pam_ldap.so
  account requisite pam_deny.so
  account required pam_permit.so
  /etc/pam.d/common-session
  session [default=1] pam_permit.so
  session requisite pam_deny.so
  session required pam_permit.so
  session required pam_unix.so
  session optional pam_ldap.so
  session optional pamckconnector.so nox11
  Does anyone have any ideas where to go from here?
  Message was edited by: zebardy

  Hi
  It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
  You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
  An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
  Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
  http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
  Page 55 onwards.
  From Page 64:
  "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
  If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
  HTH?
  Tony

• Retrieving files from Time Machine after updating to Snow Leopard

  Updated my 2 year old iMac to Snow Leopard and erased the hard disk first to do a clean start. Having carried out all the updates and loaded on iLife11 tried to use the migration assistant to retrieve data from Time Machine backup but will only find the updated iMac! How do I get it to retrieve from previous Time Machine backups? Know they are on the external Hard Drive somewhere as it still has 400GB on it. Thanks

  +Setup Assistant+ and +Migration Assistant+ automatically use the most recent backup. There's no choice. See #19 in [Time Machine - Frequently Asked Questions|http://web.me.com/pondini/Time_Machine/FAQ.html] (or use the link in *User Tips* at the top of this forum).
  Your best bet is to do a +full system restore+ per #14 in the FAQ. Choose the last backup before the upgrade. That will, of course, put you back on Leopard.
  Then just install Snow Leopard (there are no +Erase and Install+ or +Archive and Install+ options anymore). That will install the new version of OSX, without touching anything else.
  Potential problems with using +Migration Assistant+ (after setting-up a user account), are that you end up with an extra account; and the accounts you migrate may not be recognized as the same ones as on your backups or other volumes, and won't have the proper permissions to them.
  Message was edited by: Pondini

• Cannot enter Time Machine after upgrading from Snow Leopard

  Hi all,
  I've had Lion installed for a few days now and am enjoying the changes to OSX.
  Last night I wanted to delete a few redundant files out of my TimeMachine backup and found I could not open the application at all.
  I can still backup to Time Machine successfully (so it indicates with preparing, backing up progress (xGB of yGB), finishing, etc).  So for the last few days everything appeared to be functioning as expected until last night, when I tried to enter Time Machine.
  My specs:
  iMac (Oct 2010), 4GB, 1TB, 3.6GHz, backing up to a WD My Passport Essential (1TB) via USB 2.0 (25% full)
  I can see the destination drive (and its contents) on my desktop, via Finder and can select it via TimeMachine System Preferences (Select drive).  There are no issues 'seeing' or accessing the drive in normal use.
  Trying to open the Time Machine application, I have tried via the TimeMachine icon in the TitleBar (ie 'Enter Time Machine'), via Mission Control (double-clicking on Time Machine),  typing 'Time Machine' into Spotlight and selecting it from the resulting list, but  in all scenarios, nothing happens.  Nothing at all.  And yet I can  backup to Time Machine without a hitch.
  I have seen a number of online conversations about the AFP spec having been changed by Apple and third party periphial manufacturers being slow to comply, but using USB, I'm not sure this applies to my case?  I have used Macs at home for 8 years and have never heard of AFP until now... So I don't really know if I am impacted by this or not (don't think so).
  There have been some troubleshooting solutions involving identifying and deleting the com.apple.timemachine.plist from the Library/Preferences folder (going from memory here) which I did (had to use PathFinder to find the file).
  Unfortunately that did not help and Time Machine still refuses to open.  There are no errors appearing as a result of trying to open TimeMachine.  I have checked the Console, but nothing obvious appears there.  I have read others are prompted with an error about AFP, but I get no such error.  I can copy files to the drive okay so I can't see how it is the drive.  Just Time Machine not wanting to play...
  Can anyone suggest anything?
  I do have Snow Leopard SuperDupered to another 320GB WD drive if I need to go back, but I don't really want to if I can help it...
  Thanks,
  Alex Makin

  Well finally, after 2 days of trying to work out what was the issue, I have resolved the problem.
  Its very strange given that I can successfully back up but not restore, as described in my original post.
  One thing I neglected to mention was the fact I had set up my Time Machine backup to use 'sparsebundles'.  This allows me to have the external drive plugged into my Airport Extreme and use much like Time Capsule.
  It didn't seem relevant at the time since I could backup successfully (and still now, I can't understand why Time Machine knows where to back up to, but doesn't know where to restore from).
  I didn't have the Time Machine icon sitting in my dock (never needed to since if I need to restore, I access TM from the TitleBar icon).  So in putting the TM app in the dock I played a little around with it by clicking it (as you would normally for any other app in the dock) and eventually held down the mouse key to bring up the menu.  Tried 'Enter Time Machine' a couple of times without luck, before trying a menu item along the lines of "Try another backup destination' and voila!! Time Machine opens, animated stars, vertical time line, etc.
  Well hang on now... Why the heck can't TM have worked this out already?? Why do I need to look somewhere else for my Time Machine backup, when I've already told TM (in System Preferences) where the backup is?
  Pretty darn odd, but there you have it.  It was there the whole time, but according to TM, it wasn't...
  I still have to select the menu item 'Try another backup destination' each time I want to enter TM, but at least I know where to find it...
  I'm assumming its the sparsebundles setting (which I'm sticking with), but at least I know its not my iMac, its not the hard drive, its not Lion (well, it sort of is as Snow Leopard knew where to find it...)
  Alex Makin

• Time Machine not opening after Snow Leopard 10.6.3 install

  The install from Leopard 10.5.8 seemed to go well but I'm unable to open Time Machine now...I get this error message:
  The operation can't be completed
  An unexpected error occurred (error code -43)

  Alls lost wrote:
  I upgraded from Leopard to Snow Leopard on my existing MacBook. I'd never done any work on Time Machine on the old version outside of opening it and am obviously completely ignorant of the entire application.
  I'm still not clear -- had you done any backups while you were on Leopard?
  I wanted to start using it and am receiving that error message when I try to open it so I can't get into it to do any manipulation...etc. Maybe my best bet is to go to an Apple store and get some basic help with it including reloading.
  I'm still not clear on what's going on, but I don't think you need to reload anything.
  If you've never done any backups, then you won't see anything when you click the Time Machine icon in your Dock.
  If you want to start using Time Machine, you'll need an external HD, or perhaps a Time Capsule, for Time Machine to store the backups on. You set that up via +System Preferences > Time Machine.+ Once there are some backups, you should be able to view them via the Time Machine application.
  You might want to review the [Time Machine Tutorial|http://www.apple.com/findouthow/mac/#timemachinebasics] and perhaps browse [Time Machine - Frequently Asked Questions|http://web.me.com/pondini/Time_Machine/FAQ.html] (or use the link in *User Tips* at the top of this forum).
  Then post back with any questions.

• Time Machine not visible from SNow Leopard

  I have a Time Capsule that has been performing sterling duty on my iMac and Macbook for the past couple of years.
  Having just upgraded the Macbook to Snow Leopard I set it to backup for the first time (>60 GB) which took a day or so over Wifi - at this point the backup was visible and browsable.
  After the backup the time capsule is visible in the Finder and I can see the sparsebundle, however the preferences suggest that I need a new backup and I cannot enter Time Machine.
  The iMac, still running 10.5.8, can still see it's own backups.
  There is approx. 250GB left on the Time Capsule.
  Any help?

  JonSeph wrote:
  Hi James - I realised the error in Carolyn's file path, so it was the 'right' prefs file I deleted. Should have mentioned that.
  Here's the log from last backup using +Time Machine Buddy+.
  "Starting standard backup
  Backing up to: /Volumes/TM Backup/Backups.backupdb
  No pre-backup thinning needed: 676.2 MB requested (including padding), 640.59 GB available
  Copied 135 files (109 KB) from volume Macintosh HD.
  No pre-backup thinning needed: 677.1 MB requested (including padding), 640.59 GB available
  Copied 10 files (93 bytes) from volume Macintosh HD.
  Starting post-backup thinning
  Deleted backup /Volumes/TM Backup/Backups.backupdb/JonSeph MacBook Pro/2009-09-16-113240: 640.59 GB now available
  Post-back up thinning complete: 1 expired backups removed
  Backup completed successfully."
  All seems fine, but no backup made of any new files!
  Yes, just not finding anything changed. What's in the +Do not back up+ box in TM Preferences > Options, and what's the "Estimated size of full backup? just below it?
  Are you running File Vault?

• TIme machine backup made under snow leopard to be used in leopard

  Hi I have just down-graded back to leopard from snow leopard due to problems i was encountering. Prior to re-installing leopard OS10.5 I made a backup of my hard drive with time machine under snow leopard 10.6. now i have tried to restore this hard drive back-up once i had succesfully re-installed leopard 10.5 but it wont allow me. is there any way around this? do the back-ups have to be from same operating systems. any advice much appreciated

  willouk2 wrote:
  What I wanted to acheive was for my macbook to look the same to when before i installed snow leopard, as in with all files in place, apps, desktop etc! so having made a time machine backup in 10.6 I Inserted Leopard disk OSX 10.5, held down the C key and rebooted, formatted HDD, installed Leopard
  There's no point to installing OSX, then restoring +*your entire system+* from backups: "your entire system" includes OSX. The first thing it does (as you're warned on the screen) is erase the HD.
  The message you got was apparently the Leopard installer (on the disc) saying you can't use it to restore a complete Snow Leopard system. But if it had, you'd have been back on SL.
  If you don't have a backup from Leopard, you can't make your system look exactly like it was under SL but with a Leopard version of OSX. Even getting close won't be easy: you no doubt have many files that were created in SL, or upgraded by SL. They're not compatible with Leopard; OSX and Leopard apps may not work right, if at all, with them.
  At this point, you've got two options:
  First (and almost certainly best) is to restore your entire system to the way it was at the time of the backup (by using the Snow Leopard install disc). Then fix whatever problems you were having.
  If you really want to go back, do an Erase and Install of Leopard. When it boots up, and asks if you already have a Mac and want to "transfer" data from it, say no. Set up your first user, etc,. Then download and install the "combo" update to get back to 10.5.8. Info and download available at: http://support.apple.com/downloads/MacOS_X_10_5_8_ComboUpdate Be sure to do a +Repair Permissions+ via Disk Utility (in your Applications/Utilities folder) afterwards.
  Then reinstall all apps that came with installers (and are compatible with Leopard) from the original discs.
  You'll have to set up all your email accounts, passwords, and other preferences and settings.
  Then you might be able to selectively restore some things from your Snow Leopard backup, but be aware that you may be restoring incompatible versions of files. The behavior of OSX and your apps will be unpredictable at best.

• No 802.11n on early Intel iMac under Snow Leopard

  Hello,
  After installing Snow Leopard on my white Intel iMac (first Intel iMac model) I have lost 802.11n functionality. I had to patch the iMac under Leopard with the AirPort Extreme 802.11n Enabler to get 802.11n working (http://store.apple.com/uk/product/D4141ZM/A). Snow Leopard appears to of changed the Airport Extreme settings, and under system profiler it just shows: ‘Supported PHY Modes as 802.11 a/b/g’
  I can no longer use the 802.11n enabler under Snow Leopard as it comes up with an error message "You cannot install AirPort Extreme 802.11n Enabler on this volume. This volume does not meet the requirements for this update." - this is due to an Airport Extreme 2007-002 upgrade being required (http://support.apple.com/downloads/AirPortExtreme_Update_2007002), which also won't install under Snow Leopard.
  Help! Is this a known issue and will Apple be releasing a Snow Leopard compatible 802.11n enabler? OR, is there a work around/fix under Snow Leopard.
  Essentially, accessing my home server for work is a nightmare as 802.11g is just not fast enough for the media files I work with.
  All help would be greatly appreciated.
  Regards,
  Graham Johnson.
  Message was edited by: orch5

  I am a bit confused as to which iMac you are trying to use with 802.11n.
  You say that you have the first white iMac that was Intel. But the first three white Intel iMacs do not have 802.11n capabilities; neither the Early '06 Core Duo, the Mid '06 Core Duo, nor the Late '06 Core 2 Duo CD have AirPort Extreme cards capable of 802.11n. But you profile is showing a 2.16 GHz iMac C2D which is Late '06 and does have the AirPort Extreme card with 802.11n capabilities.
  Is that the Mac that now appears to have lost this capability?
  What does Apple say? Did you buy Apple Care? Is it still in its last weeks of warranty?
  Dah•veed

• Losing connection to time machine since upgrading to snow leopard

  My wife's mac mini has routinely started saying 'no connection available' since we upgraded to snow leopard. It also keeps asking for the network password, which it has never done before on my time machine. I thought it was a fluke with the mini, till my macbook started doing the same thing.
  Please have someone look at the issue between the dual band time capsule and snow leopard.
  Thanks.

  You're not talking to Apple here -- this is a user-to user forum.
  Try just re-selecting the Time Capsule in TM Preferences. If that doesn't help, try restarting both the Macs and the TC.
  To contact Apple directly, call AppleCare at (800-275-2273), or make an appointment at the Genius Bar at your local Apple store, and take your TC and one or both Macs along.
  This appears to be a Time Capsule problem, not a Time Machine problem, so you'll probably do better in the +Time Capsule+ forum, hiding in the +Digital Life+ section, at: http://discussions.apple.com/forum.jspa?forumID=1253

• 802.1x eap-tls machine + user authentication (wired)

  Hi everybody,
  right now we try to authenticate the machines and users which are plugged to our switches over 802.1X eap-tls. Works just fine with windows.
  You plug a windows laptop to a switchport and machine authenticates over eap-tls with computer certificate. Now the user logsin and our RADIUS (Cisco ACS) authenticates the user as well, with the user certificate. After eap-tls user-authentication the RADIUS checks if the workstation on which the user is currently logged in is authenticated as well. If yes = success, if no the switchport will not allow any traffic.
  Now we have to implement the same befaviour on our MacBooks Pro. Here the problems start. First of all I installed user and computer certificates issued by our CA (Win 2008 R2). So far so good. Now I have no idea how to implement the same chain of authentication. I was reading countless blogs, discussions, documentations etc. about how to create .mobileconfig profiles. Right now im able to authenticate the machine, and _only_ if I login. As soon as I logout eap-tls stops to work. It seems that loginwindow does not know how to authenticate.
  1) how do I tell Mavericks to authenticate with computer certificate while no user is loged in ? already tried profiles with
  <key>SetupModes</key>
  <array>
      <string>System</string>
      <string>Loginwindow</string>
  </array>
  <key>PayloadScope</key>
      <string>System</string>
  but it does not work
  2) How do I tell Mavericks to reauthenticate with user certificate when user logs in ?
  Thanks

  Unfortunatelly this documents do not describe how to do what I want.
  I already have an working 802.1x. But the mac only authenticates when the user is loged in. I have to say that even this does not work like it should. If Im loged in sometimes i need to click on "Connect" under networksettings and sometimes it connects just automatically. Thats really strange.
  I set the eapolclient to debugging mode and see following in /var/log/system.log when I logout.
  Feb 20 18:39:09 MacBook-Pro.local eapolclient[734]: [eaptls_plugin.c:189] eaptls_start(): failed to find client cert/identity, paramErr (-50)
  Feb 20 18:39:09 MacBook-Pro.local eapolclient[734]: en0 EAP-TLS: authentication failed with status 1001
  Feb 20 18:39:22 MacBook-Pro.local eapolclient[734]: [eaptls_plugin.c:189] eaptls_start(): failed to find client cert/identity, paramErr (-50)
  Feb 20 18:39:22 MacBook-Pro.local eapolclient[734]: en0 EAP-TLS: authentication failed with status 1001
  this are only debugging messages I get. Looks to me like eapolclient is not able to find a certificate (?)
  The certificates are in my System keychain.
  Unfortunatelly apple also changed the loging behaviour of eapolclient, I dont see any eapolclient.*.log under /var/log
  Any ideas ?

• Cisco ISE - EAP-TLS - Machine / User Authentication - Multiple Certificate Authentication Profiles (CAP)

  Hello,
  I'm trying to do machine and user authentication using EAP-TLS and digital certificates.  Machines have certificates where the Principal Username is SAN:DNS, user certificates (smartcards) use SAN:Other Name as the Principal Username.
  In ISE, I can define multiple Certificate Authentication Profiles (CAP).  For example CAP1 (Machine) - SAN:DNS, CAP2 (User) - SAN:Other Name
  Problem is how do you specify ISE to check both in the Authentication Policy?  The Identity Store Sequence only accepts one CAP, so if I created an authentication policy for Dot1x to check CAP1 -> AD -> Internal, it will match the machine cert, but fail on user cert.  
  Any way to resolve this?
  Thanks,
  Steve

  You need to use the AnyConnect NAM supplicant on your windows machines, and use the feature called eap-chaining for that, windows own supplicant won't work.
  an example (uses user/pass though, but same concept)
  http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

• Time Machine not backing after Snow Leopard

  This seems one that hasn't been encountered yet.
  After installing SL, Time Machine apparently works fine and doesn't report any problems. 'Last Backup' time always fine, icon revolves etc. Problem is that even going back 1 hour goes back to the day SL was installed. Backing up to the same USB disc as previous - under 10.5.x always fine.
  Any ideas?

  JonSeph wrote:
  Hi James - I realised the error in Carolyn's file path, so it was the 'right' prefs file I deleted. Should have mentioned that.
  Here's the log from last backup using +Time Machine Buddy+.
  "Starting standard backup
  Backing up to: /Volumes/TM Backup/Backups.backupdb
  No pre-backup thinning needed: 676.2 MB requested (including padding), 640.59 GB available
  Copied 135 files (109 KB) from volume Macintosh HD.
  No pre-backup thinning needed: 677.1 MB requested (including padding), 640.59 GB available
  Copied 10 files (93 bytes) from volume Macintosh HD.
  Starting post-backup thinning
  Deleted backup /Volumes/TM Backup/Backups.backupdb/JonSeph MacBook Pro/2009-09-16-113240: 640.59 GB now available
  Post-back up thinning complete: 1 expired backups removed
  Backup completed successfully."
  All seems fine, but no backup made of any new files!
  Yes, just not finding anything changed. What's in the +Do not back up+ box in TM Preferences > Options, and what's the "Estimated size of full backup? just below it?
  Are you running File Vault?

• I want to use my time machine backup to go back to Snow Leopard

  I can't live without having my great old golf game (Tiger Woods PGA Tour 2003) readily available, and playable, which I always had on my iMac with Snow Leopard. Since upgrading to Mavericks - and using Parallels with Mac OS X 10.6 Server - I am told there's a color/display problem (something about 16-bit color) and I can't get the game to play even though it's the same computer, only upgraded to Mavericks. Parallels says it's an Apple (Mac OS X Server 10.6) problem but from what I can see the server version of this OS is exactly the same as the non-server version - at least insofar as the display/color/graphics is concerned - and Parallels either doesn't want to help (with an appropriate graphics controller) or can't.... so I'm left with having to go back to Snow Leopard from Mavericks. What a huge disappointment! Can I use - and how do I do it - my Time Machine backup of my Snow Leopard OS, apps, documents, iTunes, etc. to wipe out Mavericks?

  Yes, the machine came with Snow Leopard but not sure where the install disc(s) are. Perhaps they got lost in the shuffle as we moved a few months ago. I do have a Snow Leopard install disc - can I use that and if so, is there a different way to do the install than if I was using the original install discs that came with the computer? Maybe I will jsut have to try it and see what comes up....
  But for the computer's inability to play the game, I would have stayed with Mavericks. Now I'm installing a trial version of VMware Fusion but probably the results will be the same as for Parallels. I'll report back in a few minutes!

• Can I restore a time machine osx lion backup using snow leopard install DVD?

  Hi.
  I've been using osx lion but my hard drive died. Fortunately I have been making time machine backups.  Since I downloaded lion from the app store I only have the snow leopard install disks. 
  I know there is an option to restore from a time machine backup using the snow leopard disk, but since the time machine backup is of a later operating system (lion) will that  time machine restore work?
  If it won't, can you recommend how to restore from my time machine backup?
  Thanks.

  Once the replacement hard drive is installed, boot from your original Snow Leopard Installation Disk.  From there format the harddrive and install Snow Leopard and then download and install its Updates. Next, navigate to the Mac App Store and login using the Exact same Apple User ID that you did the first time you downloaded Lion.  You will now be able to download and install the Lion OS for Free. Download and install the Lion Updates.  Lastly, using Migration Assistant, migrate your Apps and Data from the Time Machine external hard drive to your internal Lion harddrive.  This method should give you a very stable version of Lion on your internal harddrive complete with all your previous settings, Apps and Data.
  Hope this helps