Oliver Helm

Some general musings.

Posts Tagged ‘HowTo’

Re-building the kerberos database on OS X 10.6 server.

May 12th, 2010

I had a problem with a testing server earlier today where the kerberos database had become corrupt. For any users on my Open Directory Master the kerberos passwords were flagged as incorrect, and changing them from work group manager had no effect. Changing them from the command line was not an option as this relies on knowing the users original password – which was corrupt.

The kerberos service can be restarted by greping the output of the ‘ps aux’ command for the kerberos process, (usually named ‘krd5kdc’) and then issuing a kill command against its PID. The service will then automatically restart.

ps aux | grep krd
kill kerberos_PID

This slightly improved the problem as it allowed newly created users to use kerberos with their correct password.

Re-building the kerberos database is done with the following command:

slapconfig -kerberize -f diradmin

This needs to be run as root, either directly of via sudo. The -f flag forces the current set up to be over written.
I would recommend taking a full backup of your users and groups, as well as an archive of your Open Directory server from server admin. Stopping any services that rely on kerberos would also be a good idea.

Re-building the kerberos database from scratch.

If neither of the above options worked then it is possible to rebuild your kerberos database from scratch – nuking your old database. This would also be necessary if you are changing the the Kerberos Domain, however don’t forget that if doing this you would also have to change the search path in all your LDAM and Password Server databases.

To completely rebuild kerberos.

1) Stop the OD Service.
2) Log into a shell as root and run the following command:

sso_util remove -k 0a diradmin -p your_diradmin_password -r your_kerberos_realm

3) Remove the following files and directories from your system:

/var/db/krb5kdv/
/Library/Preferences/edu.mit.Kerberos
/etc/krb5.keytab

4) Run the following set of commands as root:

dscl 127.0.0.1
cd /LDAPv3/127.0.0.1/Config/
auth diradmin (and enter your diradmin password)
delete KerberosKDC
delete KerberosClient
quit

5) find and kerberos process (krb5kdc) and kadmind processed and kill them, (as shown above).
6) Re-build your kerberos database:

slapconfig -kerberize diradmin

Testing Kerberos:

You can check if the users’ passwords are now being accepted using the ‘kpasswd’ command. The ‘kinit’ command can also be used to test creating a kerberos ticket.

14 comments »

Posted in ICT, OS X Server, sysadmin

Tags: Apple Mac HowTo kerberos Open Directory OS X 10.6 OS X Server OS X sysadmin sysadmin

.fstemp files on OS X

April 15th, 2010

.fstemp files are the temporary files that Mac OS X creates when synchronising files. They are predominantly used for Home Syncing by network clients and syncing with Apples iDisk product. Normally once a the task / process has finished the .fstemp files will be removed, however if errors occur or the process is interrupted the .fstemp files will be left.

These temporary files can get very large, and often end up consuming large amounts of disk space. – Yet as they are not visible from the finder it’s not immediately apparent where the space has gone. Removing the .fstemp files is often a good place to start regaining that invisible, and illusive, missing disk space!

.fstemp files can be seen by running the ls –la command from the terminal (shell). As the filename starts with a ‘.’ it is a hidden file. To see how many you have lurking on your mac run the following command in a shell. On busy servers this can be huge number:

find . -name ‘.fstemp’ | wc -l

The easiest way to remove them all is to run this command in a shell. Run it as root if needs be:

find . -name ‘.fstemp’ | xargs rm -fr

How can I stop .fstemp files from getting left?

One of the best ways is to stop background syncing by network clients. By syncing only at time of log out or log in you’re ensuring all applications are closed and nothing will be preventing copying.

I’ve also found that they seem most common when syncing the larger files. Not syncing the users iPhoto library’s or iMovie projects helped on my system.

If you do want to keep using background sync, not synchronizing the users library often helps although this will loose the backup of any preferences they have saved.

Can I just delete all .fstemp files?

I’ve never had any problems from doing this. Best to do it when the servers quiet if possible. On troublesome servers I sometimes add it into the cron for the early hours of the morning.

How can I delete all .fstemp files easily?

Removing .fstemp files on OS X can be done by run the following command from a shell (terminal). It will tell you how many there are and then delete them all:

find . -name ‘.fstemp’ | wc -l && find . -name ‘.fstemp’ | xargs rm -fr

No comments »

Posted in ICT, OS X Server

Tags: Apple Mac fstemp HowTo OS X 10.5 OS X 10.6 OS X Server OS X sysadmin

Submitting your website to the Yahoo Directory for free.

February 9th, 2010

I’ve just had to remind my self where you go to submit a website to the Yahoo directory for crawling – it seems there’s are a lot of sites out there suggesting fantastically complicated methods and broken links. In fact, it’s very simple. The link is:

http://search.yahoo.com/info/submit.html

Once you have submitted your site you should expect a wait of several weeks before your site is crawled. Alternatively you can pay for an express submission (within 48 hours) here.

Simple!

- Oliver

No comments »

Posted in ICT, Search Engine Optimisation (SEO)

Tags: advertising HowTo search engine optimisation SEM SEO Yahoo

Moving files around on OS X. (without losing the important bits!)

November 9th, 2009

If your moving shared files or directories around on os x you have to be particular careful about keeping all of the extra bids of data (permissions and resource forks). If your doing it from the GUI then this will be done automatically, but if your working from a shell you need to be cautious as the ‘cp’ command, used on UNIX systems, will not keep these extras in tact. Resource Forks make a users life simpler – among other things they allow the OS to know what program to open a file in if no extension is append to the files name.

The best methods for copying files on OS X are:

ditto -X <copy from> <copy to>

Flags:
X – Do not descend into directories with a different device ID if copying one or more source directories.

Usage:
For a one time copy.

rsync -vaR <copy from> <copy to>

Flags:
v - Verbose.
a – Archive mode.
R – Use relative paths.

Usage:
Allows you to update a copied directory incrementally. (eg it will only copy the files that need updating, not the whole data set).