Change Open Directory Network Interface

Similar Messages

• Open directory, network homes and MS Word

  We are running OS X & Server 10.4.8, and Word 11.2. Using network home directories, with 15users and 3 of them are portable. Running Open directory wih LDAPv3, SSL, SMB and AFP for the network homes (?).
  When one of the portable users try to save his Word files he recieves the following error-message: "Word cannot save this file because it is already open elsewhere"
  Google turned up the following results and suggestions from other ppl with the same problem:
  #1 - Create .TemporaryItems and/or modify owner(s) on the network share.
  #2 - Change the directory where files are saved via: Word > Preferences > File locaion > Document > 'Modify' (change to users 'Documents' folder.
  #3 - Delete .com.microsoft.Word.prefs.plist file in: User > Library > Preferences > Microsoft > (user is the name of the account having the prob)
  Link to someone with the same problem(contains most of the solutions):
  http://forums.macosxhints.com/archive/index.php/t-46413.html
  Link to a combination of solution #1 & #2 (and a descrip of the prob):
  http://www.macfixitforums.com/php/showflat.php?Cat=&Board=OfficeX&Number=721294& page=0&view=expanded&sb=5&o=31&fpart=
  I have tried all of the solutions above, the first one seemed promesing but the folder already existed so i just verified that the permissions were correct and moved on. User still has the problem.
  End of the last thread i posted suggests that there is no solution for this problem in Os X 10.4.2 and i read another place that it is related to Os X not closing connections to the file on the share, so it is tricked into thinking the file is open in two places when you save it the first time.
  Please help!!

  It was kindof a strange problem with RDC (Remote desktop connection, windows not apple).
  After i installed the script RDC stopped working and i had to uninstall the script to save RDC (it`s more important then the error message in office). But uninstalling didnt work, so i did some experimenting and found out that RDC started working again if he just moved to another computer where he hadnt loaded his user while the script was running.
  And even more surprislingly when he moved back to his own computer again it started working again there too. (We use network accounts)
  May i ask you how you uninstalled it?

• Change Open Directory Home Users Directory Command Line

  We have over 1,000 users in our first attempt at Open Directory. Right now they have all different home directories but we'd like to set them all to one location, the temp directory, it's for a student lab. What is the best way to programmatically run through every OD users, check their home directory setting, then change it?

  As an additional comment:
  I used the dscl -passwd CLI for over a year and it was effective. However, sometime around the update to 10.5.8 this command refused to work on my server and resulted in a dsLDAP error code. This happened even if run from a terminal window on the server. The OD master is still running strong without errors.
  Thanks to Galen Sprague who posted an alternative, I switched to pwpolicy as in:
  $ pwpolicy -a <LDAPadmin> -p <adminPW> -u <username> -setpassword <newpassword>
  This seems to work consistently from a Ruby invocation and at the terminal.
  The advantage is that an old password is not required only the new password.
  The disadvantage is that a user could change his/her own password using dscl -passwd without requiring the adminUser authentication.
  HTH,
  Harry

• Change open directory mac

  If I want all my downloads to go to my MAC desktop and choose open, the open files also save to the desktop.
  Is there a way to change the temp directory?

  Looks like this is a long-running feature request/discussion:
  https://bugzilla.mozilla.org/show_bug.cgi?id=311292 (look at all the duplicate bugs!)

• Change parameters on network interface card

  Hi,
  Ndd utility says that my ce0 adv_100fdx_cap, adv_100hdx_cap, adv_10fdx_cap, adv_10hdx_cap are read only. Can I set these capabilities to read write??? I'll get a permission denied message, if I try "ndd -set /dev/ce0 adv_100fdx_cap 1" in superuser. My goal is to force NIC to work at 100Mbps with full-duplex operation.
  Best regards,

  Hello,
  No, you cannot change the "cap" value. That is fixed, as it is the "CAPability" of the card's driver. Hence read only. What you can change is the "adv_cap .. " params, in other words, what the card is "ADVertising" for capabilities.
  Some folks still use a startup script, but this changes the interface settings long after the card is initialized (since it has to wait for init to run). A bad idea if you are using IPMP or other processes that want the interfaces setup from the kernel.
  The other method is to setup ce.conf. You will need pathing info from /etc/path_to_inst to construct the proper syntax for that file. i don't recall that file exists by default, but you have to create it.
  Not using auto_negotiation is a very bad idea and I don't recommend that. I've sat through waaaay too many confcalls with waaaay too many people to sort through and explain the problems that fixing interface speed/duplex causes. I will bear those scars forever. So that is all I wish to say on this matter : )
  FWIW!

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• Xerox Accounting in an Open Directory

  Hi there,
  I have a small network running with about 30 Workstations ( iMac 10.8.3 ) connecting to an Open Directory ( OSX 10.8.2 - Server 2.2.1 ) and I'm completely stumped trying to get accounting working on our Xerox Workstation ( 5775 )..
  I previously had an HP Laser Printer that I managed with Work Group Manager which worked great.  I used the PKG installer for the Xerox and installed the driver on all machines.  As administrator I logged into a couple sample machines and configured accounting (which is a silly process I must say) and the settings aren't retained when I log in an OD User.  I logged in as an OD User and again configured accounting and the settings still aren't saving saving.
  Can someone suggest what steps I need to take to sucessfully integrate the Xerox with accounting on my Open Directory Network?
  Regards,

  This is for anyone who has ever had a problem like this between his/her local and network accounts. Apparently, when Mac OS X SL Server creates the network account, it tries to duplicate the basic file structures one would find in an independent (i.e. non-networked) machine. My goal was to be able to use my network account, at home, as my standard so that I would be able to take advantage of the networked file services. I succeeded in this and was able to transfer successfully my iTunes library as well. However, the iSync Manager did not duplicate in the new Open Directory account. Upon reading past posts to Apple Discussion groups I determined that there are two files that the iSync Manager uses in order to function. They are as follows:
  ~/Library/Application Support/SyncServices/Local/
  and
  ~/Library/Application Support/iSync/
  Copy these two files from your local account to the Open Directory account in their same relative places in the file structure and your iSync Manager will start and you will be able to sync your iPhone calendars and contacts with iTunes.

• Open Directory access from outside of network / internet

  Hello all,
  Got a question I'd love to get some help on, I have some users who are outside of my network and I'd like them to connect into the open directory on our leopard server so they can use the Shared iCal calendars, addresses, etc.
  So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
  B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
  Hope that makes sense, I can't seem to find the answers I need in the manuals, if I knew how this was meant to work I could probably have a fair go at figuring out how to actually do it (firewall changes etc)
  Thanks in advance for the help
  Martin

  So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
  If your OD server is visible from the internet -- i.e., it has a public address -- then you can do this without the VPN. However, it's not advisable to have a server exposed in that fashion.
  You would be better off doing this through the VPN:
  - Remote user connects to internet at hotel, for example.
  - Remote user initiates VPN connection.
  - Remote user now has access to iCal server and directory information.
  Explain to the users that this information is private to the company, and private company resources are only available through the VPN. Allowing access without the VPN would be similar to the company posting its Employee roster and meeting calendars on the face of the building where any person (or competitor) could see them.
  B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
  It's just one extra step: Connect to VPN. You're still the same local user on the computer.
  If you're talking about laptop users needing directory access to authenticate when logging into their computers, well...That sounds like a whole other situation.
  Hopefully this helps.
  Bryan Vines

• Changing the Name of an Open Directory Server while preserving users, etc.

  Hi Everyone,
  Not an emergency - but I have been wrestling with this dilemma for almost a year now.
  The good news is nothing has to be done right away. But I will ultimately need a solution.
  We have inherited a server system at a traditional elementary school from a previous IT person who was immature to say the least.
  When he set up the server system, he named the open directory server something that, while innocuous is inappropriate for a school setting.  I am sure he thought it was clever and cheeky at the time. But a few years later it is simply unprofessional. And we are being expected to ultimately be able to change it so something like "XXXdirectory.domainname.edu" The more it hangs around - the longer it looks like we did this and it makes us look unprofessional.
  So here is my dilemma. 
  This is an OD Master with iCal and network homes attached to it. It also runs DNS.
  I would like to set up a new server and name it "xxxdirectory.schooldomainname.edu"
  Setting up the new server is easy and getting all the client machines to bind to it - no problem.
  The problem is how to migrate all the users to the new server.  It seems a restore wont work because if the new server is named differently, the restore will fail. I also can't do a server migration because the stupid name migrates to the new server.
  My old server is 10.5.8 Server.  The new one is 10.7.1 Server . But could be 10.6.8 Server if need be. 
  The main problem is how do I get all the accounts onto a new server with a new OD master name?
  I don't mind command line stuff. So throw whatever you got at me.
  Thanks in advance for your help everyone.  Don't worry - I won't be a pain in the butt or argue.  I just need some good solid guidance, even if it is a "Not possible" answer - at least I have something to tell the administration when they want to know why we can't change the OD Master name from mcnugget.schoolname.edu.
  Please let me know if you need more details.  I am happy to provide.
  Thanks again.
  Tony

  If you don't mind resetting everybodies password then you can export the users and groups and wipe the server for a clean install or turn it into a standalone server then back into od master  then import the users and groups.

• I can't start a open directory, it gives an error saying: check network config

  Hi,
  to begin with, i'm dutch so sorry for my bad writing.
  Setup:
  Mac mini OSX server mountion lion 10.8.5
  local users
  cisco rvs4000
  I'm having an issue since i changed my networks WANIP because we got a new and better internet line.
  Also the new inviroment comes with a new router.
  Now here's the problem, since this change i couldn't set up a VPN L2TP connection anymore..
  So i looked at the VPN log, but there wasn't any text referring to a VPN L2TP connection. And yes i forwarded ervery port,
  UDP 1701,500,4500 and the ESP 50 protocol is forwarded by the cisco router with the standard VPN passtrough option.
  The next thing i tried is setting up an PPTP connection, after this i got the error: identity is not accepted. this time the VPN log gives me
  an error:
  0x0> <magic 0x628df8e6> <pcomp> <accomp>]
  Thu Oct 17 12:42:33 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2b13fb41> <pcomp> <accomp>]
  Thu Oct 17 12:42:33 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2b13fb41> <pcomp> <accomp>]
  Thu Oct 17 12:42:33 2013 : sent [LCP EchoReq id=0x0 magic=0x2b13fb41]
  Thu Oct 17 12:42:33 2013 : sent [CHAP Challenge id=0x2f <7b651c211c2065155c574d41732c394e>, name = "server.xxxxxx.private"]
  Thu Oct 17 12:42:33 2013 : rcvd [LCP EchoReq id=0x0 magic=0x628df8e6]
  Thu Oct 17 12:42:33 2013 : sent [LCP EchoRep id=0x0 magic=0x2b13fb41]
  Thu Oct 17 12:42:33 2013 : rcvd [LCP EchoRep id=0x0 magic=0x628df8e6]
  Thu Oct 17 12:42:33 2013 : rcvd [CHAP Response id=0x2f <eb158db194714bbd1f17f0aeae993927000000000000000012f827aea75c2b6cb2dbcbbd3bfabb 1bb6a7534d96d956f300>, name = "vpnuser"]
  Thu Oct 17 12:42:33 2013 : DSAuth plugin: unsupported authen authority: recved Kerberosv5;;vpnuser@LKDC:SHA1.F0E4A62A66239C74E50793F3F30997F086074A1E;LKDC:SHA1 .F0E4A62A66239C74E50793F3F30997F086074A1E, want ApplePasswordServer
  Thu Oct 17 12:42:33 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
  Thu Oct 17 12:42:34 2013 : sent [CHAP Failure id=0x2f "S=4E4083190FD57B13DA38015F52FE14F8F594766A M=Access granted"]
  Thu Oct 17 12:42:34 2013 : CHAP peer authentication failed for vpnuser
  Thu Oct 17 12:42:34 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
  Thu Oct 17 12:42:34 2013 : Connection terminated.
  Thu Oct 17 12:42:34 2013 : PPTP disconnecting...
  Thu Oct 17 12:42:34 2013 : PPTP disconnected
  2013-10-17 12:42:34 CEST       --> Client with address = 192.168.1.205 has hungup
  When i googled for this problem all the awnsers were based on OD users and my in situation there were only local users.
  So i thought if i just add all my users ( 10 local users ) to an OD it should fix my problem but here comes the next thing.
  When i tried to configure an Open directory it gives me an error that the OD couldn't finish and to check my network settings.
  sudo changeip -checkhostname gives me the right adress, dns seems to be ok. The error that console constantly gives is:
  servermgd: servermgr_accounts: got error 5000 trying to auth to local LDAP node
  and
  WARING found KDC certificate
  and
  ntdp: GetConfig: Couldn't open </private/etc/ntp_opendirectory.conf
  I'm stuck at this point, never seen this problem before.. someone knows a fix or work around for this??
  thanks in advance

  To check the local network for some of the common configuration problems, launch Terminal.app and issue the following diagnostic command:
  sudo changeip -checkhostname
  That'll report some local configuration information and then either no errors detected and no changes required, or it'll point to whatever configuration errors or issues it might detect.  That doesn't catch everything, but it catches the common errors.
  FWIW, 192.168.0.0/24 and 192.168.1.0/24 are poor choices for the local network, as VPNs are based on IP routing and IP routing gets tangled when the same subnet is used on both ends of the VPN. 192.168.0.0/24 and 192.168.1.0/24 are near ubiquitous in home networks and coffee shops.

• How to repair Open Directory Master after Changing Hostname

  Summary:
  How to repair Open Directory after Changing your Server's Hostname (see separate post)
  Problem:
  I had to change our server's hostname from a private hostname (server.name.private) to a public hostname (name.dyndns.org).
  Procedure:
  1. Precautions:
  Since I was anticipating major dramas I tested the change of hostname on a clone ( I used Super Duper, and I very strongly advise everybody to heed this warning because a change of hostname will corrupt your server services, in particular Open Directory)
  Second, I exported the network users from Server Admin and copied the archive to the Drop Folder of the server's local account (because the network accounts will be unavailable after demoting the OD Master.)
  2. Change hostname and demote OD Master
  a) I re-booted the server from the clone
  b) I changed the hostname in Server App and I noticed that the Open Directory Password and the Kerberos database were still stuck with the old hostname.
  c)  I then demoted to a standalone directory (Server Admin) and I tried to promote the server to an OD Master using the Server App (Manage Network Accounts). Server App always returned an error saying I should check my network settings.
  3. List of 'fixes'
  I tried the following fixes to no avail (which does not mean that you can skip them)
  a) I checked the DNS entries, forward and reverse were working fine (sudo checkip -changehostname)
  b) Checked with Lookup in Network Utility, all was fine
  c) I deleted all system certificates (Keychain) which showed the name of the previous hostname
  ( N.B. you need not delete email certificate and private/public keys)
  d) I tried to assign a new static IP in Networking Preferences (had no visible result)
  e) I re-booted from the working drive and I re-paired permissions on the clone; I ran disk repairs.
  Despite all this I could not re-create an OD Master.
  I then looked for this dubious folder /var/root/Library/Application Support/Certificate Authority.
  I could not find this folder when using the Finder's Go To Folder, nor did "Easy Find" see this folder.
  I was about to give up when I read the posts on this page and I entered the Terminal commands
  sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/
  I had not much hope when I set about to re-create the OD Master from the Server App.
  But lo and behold !!! I did not trust my eyes when Server App claimed that the OD Master had been successfully created. And indeed, Server admin showed a running OD Master, LDAP, Kerberos and Password Server all running again !
  Final touch: re-import the user accounts.
  Epilogue:
  I woud not have been able to fix this issue had not so many others shared their experience and the working solution.
  (Refer : https://discussions.apple.com/thread/3219325?start=0&tstart=0 )
  Thank you all !
  Let's hope that Apple will fix this annoying issue in the next server update.
  Regards,
  Twistan

  Hi Rhyan,
  Please try clearing the security cache
  http://www.sharepointanalysthq.com/2014/05/active-directory-groups-and-sharepoint-security/
  https://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
  http://webactivedirectory.com/active-directory/windows-active-directory-cached-user-credentials/
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Changing a Network Interface in DAG Replication Network after going P2V

  I have a DAG member suffering severe hardware failure so I have gone P2V with it.  It's functioning fine, except that the DAG Network Interfaces have changed - The MAPI Interface was on "Local Area Network" on the physical server, and is now
  on Local Area Connection 7 on the VM.   However, the DAG settings still point to "Local Area Network" and will not let me change it.  Same thing for the replication network.
  I have lost redundancy due to this, so I need to get it repaired pretty promptly.
  Removing and re-adding the subnet in the DAG network has no effect - it still references the old physical NIC instead of the new virtual NIC, despite the new virtual NIC having the same IP as the old physical NIC.

  Try to change the network binding on the server
  http://technet.microsoft.com/en-us/library/cc732472(WS.10).aspx
  Try to delete the hidden network adapters as well. 
  Open Device Manager, from the File menu, expand the View and select the Show Hidden Devices option. This will enable and show any old un-used devices in the window
  http://www.gfi.com/blog/how-to-remove-hidden-network-adapters-from-virtual-machines/
  Thanks,
  MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Open Directory users prompted to change password after 10.8 to 10.9 server upgrade

  I just upgraded our 10.8.5 server to 10.9.3. I also upgraded Server.app to the most recent version (3.1.2). I made a complete backup first as a precaution.
  Existing non-admin users are being prompted to change their password when logging in. I've narrowed the problem down to a checkbox in the "Global Password Policy" settings in Server.app, specifically this checkbox: "Passwords must: be reset on first user login". I had that box checked in 10.8 so that new users would be prompted to create a password the first time they logged into a bound computer. It worked great and I'd like to continue using this feature in 10.9.
  If I uncheck this box in Server.app in 10.9.3, existing users can log in just fine with their existing passwords. If I re-check the box, non-admin users are suddenly prompted to change their password when logging in, even though they've logged in countless times in the past.
  Here are some things I've tried:
  * stopping and restarting the Open Directory service in Server.app
  * restarting the server
  * disabling and re-enabling an existing user account
  * inspecting user records in Directory Utility for any peculiar attributes
  * I used the mkpassdb -dump command to verify that the correct "last login time" is present for a particular user, but I'm not enough of an Open Directory expert to know if this is the attribute that the Global Password Policy relies on.
  Does anyone have any other ideas or suggestions?

  UPDATE: It looks like this issue applies to new (post-upgrade) accounts, too, suggesting that this has nothing to do with the upgrade process. Can anyone confirm this behavior? It's easy to test:
  1) Make sure the "Passwords must: be reset on first user login" box is unchecked.
  2) Create a new user in Open Directory.
  3) Log in once. No problem.
  4) Now check the "Passwords must: be reset on first user login" box.
  5) Try to log in again. Were you prompted to change your password? Logically, you shouldn't have been prompted, but users on my server are being prompted.

• [SOLVED] Network interface name keeps changing

  My network interface name keeps changing between wlp2s0 and wlan0. This is a real pain, since I never know what name will be generated at boot. Most of the time it's called wlp2s0, so this is what netctl is set up to handle by itself. At boots were wlan0 is generated I have to connect manually.
  I've tried making the name static by adding a rule to the /etc/udev/rules.d/10-network.rules. The rule i added was:
  SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="48:5d:60:7e:64:e9", NAME="wlp2s0"
  Wlp2s0 is generated at boot alright, but I still have to connect manually with this solution. As if the "new" wlp2s0 is not recognized as the old one (same MAC). What gives?
  This is on an Asus Eee 1001PXD, with the Qualcomm Atheros AR9285.
  Last edited by madr (2013-05-18 20:09:34)

  I've now been able to replicate the issue, and run the command:
  journalctl -b
  I did find the output:
  mai 18 02:30:02 <hostname> systemd-udevd[126]: error changing net interface name wlan0 to wlp2s0: Device or resource busy
  I haven't been able to process the whole output yet (I'll continue tomorrow if necessary), but I've found some things that I hope will clearify things. I get similar outputs to the following a lot throughout:
  mai 18 02:30:03 <hostname> dhcpcd[237]: wlan0: carrier lost
  mai 18 02:30:03 <hostname> dhcpcd[237]: wlan0: waiting for carrier
  mai 18 02:30:04 <hostname> systemd[1]: [email protected]: control process exited, code=exited status=1
  mai 18 02:30:04 <hostname> systemd[1]: Failed to start Automatic wireless network connection using netctl profiles.
  mai 18 02:30:04 <hostname> systemd[1]: Unit [email protected] entered failed state.
  mai 18 02:30:04 <hostname> systemd[1]: Starting Network.
  mai 18 02:30:04 <hostname> systemd[1]: Reached target Network.
  EDIT:
  I see now that this is later in time, so that's not so strange after all. I'll look some more.
  EDIT2:
  The error code that a name change i impossible is the first time the term 'wlan0' occurs in the log. However there's a line much earlier that talks about wlp2s0:
  mai 18 02:29:59 <hostname> systemd[1]: Expecting device sys-subsystem-net-devices-wlp2s0.device...
  But as I said, if this information doesn't help, I'll have a closer look at the output tomorrow. Getting late here in Norway now.
  Last edited by madr (2013-05-18 01:20:50)

• How can I enforce Parental Controls on a group of network users on an Open Directory client?

  I have a Mac mini running OS X Server (Mountain Lion) and have a client family iMac that is a client of the Open Directory server. I have created network users for my kids and put them into a group and created Parental Control restrictions that apply to members of the group. However, the kids can log into the iMac with the same network accounts and no Parental Control policies are enforced on the iMac.
  I'd like to restrict times and hours per day, as well as the obvious content/website restrictions. I'm not sure why the Parental Control policy isn't being enforced. While I'm not great at it, I do have a basic understanding/overview of knowledge on Windows Server administration, but OS X Server seems to be waaay different...
  I have fiddled with the certificate, and I have told the client iMac to trust the certificate coming from my Open Directory server, but it doesn't seem to make much of a difference with the enforcement of the kids group's Parental Control policies.
  Can anyone assist or offer any suggestions?

  Related logs from the OD client iMac below:
  2013-07-13 20:37:45 -0400 mdmclient[12003]: *** ERROR *** [Agent:501] Sending 'OTA-Phase2' request to server: https://server.local/devicemanagement/api/device/ota_service (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";
      NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1001 \"The request timed out.\" UserInfo=0x7fef6a82b2b0 {NSErrorFailingURLStringKey=https://server.local/devicemanagement/api/device/ota_service, NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://server.local/devicemanagement/api/device/ota_service}";
  2013-07-13 20:37:45 -0400 mdmclient[12003]: *** ERROR *** [Agent:501] ProcessOTABootstrapProfileCore (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";
      NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1001 \"The request timed out.\" UserInfo=0x7fef6a82b2b0 {NSErrorFailingURLStringKey=https://server.local/devicemanagement/api/device/ota_service, NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://server.local/devicemanagement/api/device/ota_service}";
  2013-07-13 20:37:45 -0400 System Preferences[11138]: *** ERROR *** [CPInstallerUI:501] Profile installation (Device Enrollment (com.apple.ota.server.local.bootstrap)) (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";