I had trouble getting the home directory to be created properly in some cases. Please test on
one machine before you blast through to your lab. This creates a new user called 'New User'
with a shortname of 'newuser'.
dscl / -create /Users/newuser
dscl / -create /Users/newuser UserShell /bin/bash
dscl / -create /Users/newuser RealName "New User"
dscl / -create /Users/newuser UniqueID 510
dscl / -create /Users/newuser PrimaryGroupID 1000
dscl / -create /Users/newuser NFSHomeDirectory /Users/newuser
This next line creates the password exactly as you type it. It is case sensitive. The sample creates the password 'PASSWORD' in uppercase.
dscl / -passwd /Users/newuser PASSWORD
If you want to add admin privileges to the user:
dscl / -append /Groups/admin GroupMembership newuser
Tuesday, August 5, 2008
Logging in as a user via commandline to the loginwindow
This is from macoshints.com. I could not get it to work past bringing
up the users login name and presenting the password field, but it may
provide some bread crumbs for the adventurous.
osascript -e 'tell application "System Events" to keystroke "LOGIN_NAME"'; \
osascript -e 'tell application "System Events" to keystroke tab'; \
osascript -e 'tell application "System Events" to delay 0.5'; \
osascript -e 'tell application "System Events" to keystroke "PASSWORDHERE"'; \
osascript -e 'tell application "System Events" to delay 0.5'; \
osascript -e 'tell application "System Events" to keystroke return'
Friday, June 27, 2008
Force an account to logout after a specified period
To force an account to logout after a specified period regardless of activity:
Warning: this is an evil script as is and will for a user logout every 300 count. When set correctly, this script can be very handy if you are working on a server remotely and lose connection to the server leaving it vulnerable to local inhabitants.
---------
while [i]; do
cd system/library/coreservices/menu extras/user.menu/contents/resources
./cgsession - suspend
sleep 300
---------
Script courtesy of Schoun Regan during the Apple East Coast Education Conference.
Warning: this is an evil script as is and will for a user logout every 300 count. When set correctly, this script can be very handy if you are working on a server remotely and lose connection to the server leaving it vulnerable to local inhabitants.
---------
while [i]; do
cd system/library/coreservices/menu extras/user.menu/contents/resources
./cgsession - suspend
sleep 300
---------
Script courtesy of Schoun Regan during the Apple East Coast Education Conference.
Wednesday, June 25, 2008
Restoring a .dmg image from the command line
If you have pulled your hair out because the diskutility refuses to allow you to drag the target disk you want to the target field in the restore window, do the following:
Quit Disk Utility
Open Terminal (available under the Utilities menu - top of screen)
At the prompt type
asr -source your.dmg.file -target your.drive.to.image -erase
Generally if you are using an external firewire (or similar) drive the syntax may look like:
asr -source tiger-06-06-08.dmg -target /volumes/Macintosh HD -erase
Quit Disk Utility
Open Terminal (available under the Utilities menu - top of screen)
At the prompt type
asr -source your.dmg.file -target your.drive.to.image -erase
Generally if you are using an external firewire (or similar) drive the syntax may look like:
asr -source tiger-06-06-08.dmg -target /volumes/Macintosh HD -erase
Setting the time on multiple computers at once
usage: date [-nu] [-r seconds] [+format]
date [-u] mmddhhmm[[cc]yy]
-u Display or set the date in UTC (universal) time.
cc The first two digits of the year (the century).
yy The second two digits of the year. If ``yy'' is specified,
but ``cc'' is not, a value for ``yy'' between 69 and 99
results in a ``cc'' value of 19. Otherwise, a ``cc'' value
of 20 is used.
mm The month of the year, from 1 to 12.
dd The day of the month, from 1 to 31.
hh The hour of the day, from 0 to 23.
In ARD run the unix command as root.
>date 011512022008
Will set the date and time to Jan 15 , 2008 12:02 p.m.
date [-u] mmddhhmm[[cc]yy]
-u Display or set the date in UTC (universal) time.
cc The first two digits of the year (the century).
yy The second two digits of the year. If ``yy'' is specified,
but ``cc'' is not, a value for ``yy'' between 69 and 99
results in a ``cc'' value of 19. Otherwise, a ``cc'' value
of 20 is used.
mm The month of the year, from 1 to 12.
dd The day of the month, from 1 to 31.
hh The hour of the day, from 0 to 23.
In ARD run the unix command as root.
>date 011512022008
Will set the date and time to Jan 15 , 2008 12:02 p.m.
Monday, June 16, 2008
Mac OS X Server ChangeIP script
I am not a great fan of this script (or method). I have never been able to get this script to work consistently and without subsequent problems to the server that I ultimately had to rebuild it anyway.
- Caveat Emptor [sic]. You may end up rebuilding it all AND losing your ldap directory information that you meticulously backed up beforehand.
This information is linked from:
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/changeip.8.html
------------------------------------------------------------------------------------------------------------
- Caveat Emptor [sic]. You may end up rebuilding it all AND losing your ldap directory information that you meticulously backed up beforehand.
This information is linked from:
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/changeip.8.html
------------------------------------------------------------------------------------------------------------
changeip(8) BSD System Manager's Manual changeip(8)
NAME
changeip -- Change service configuration files with hard-coded IP addresses
SYNOPSIS
changeip [-v] [-d path] directory-node old-ip new-ip [old-hostname new-hostname]
changeip -checkhostname
changeip -h
DESCRIPTION
changeip is used to update configuration records when a server's IP address or hostname changes.
In typical usage, this command is used by an administrator to correct affected services when a server's
network information changes. Preferably, changeip should be invoked before the change is applied. In
this invocation, the arguments consist of a target directory, the server's current and pending IP
addresses, and optionally the existing and new host name. Their usage and valid values include
directory-node For machines hosting an LDAP directory, this should be /LDAPv3/127.0.0.1.
For servers connecting to an external directory, the Open Directory path to the
directory node must be used, e.g. /LDAPv3/192.12.0.43.
To manipulate only the local directory, use a dash (-).
Depending on the directory, the tool may prompt for administrator credentials to
the target directory node.
old-ip If the IP address has not yet been changed, this is the existing IP address of
the server. If the IP has already been changed, this is the previous address.
(This is the value that will be replaced in the server's directory service and
relevant configuration files.)
new-ip If the IP address has not yet been changed, this is the IP address that will be
assigned to the server. If the IP has already been changed, this is the existing
IP address. This value will replace old-ip in the machine's configuration.
old-hostname As with old-ip, the existing or previous fully qualified domain name ("FQDN" or
sometimes "DNS name") for this server. If only the IP address was affected, this
argument and the next may be omitted.
new-hostname If old-hostname was provided, this argument must also be provided. The machine's
fully qualified domain name and related service configuration will be set to this
value.
Once the tool has successfully completed, the administrator must change the machine's network settings
in the Network Control Panel to match new-ip and immediately reboot the server.
The second invocation, -checkhostname, provides a diagnostic tool that compares the current IP address
and hostname to the information returned by DNS.
The final invocation prints usage information.
changeip must be run as root.
OPTIONS
The following options are available:
-d path Iterate over the executables in path instead of the default /usr/libexec/changeip.
-h Print usage summary and exit.
-v Run verbosely, that is with additional diagnostic output.
FILES & FOLDERS
/usr/sbin/changeip
- daemon
/usr/libexec/changeip/
- directory containing service-specific tools
EXAMPLES
Standard examples can be extrapolated from the above description. One common invocation is to change
the IP and name of an Open Directory master:
changeip /LDAPv3/127.0.0.1 192.0.0.12 192.0.1.10 old.example.com new.example.com
This prepares for changing the address and DNS names of a machine hosting an LDAP master. Note that it
may still be necessary to change the configuration of machines binding to this master.
For standalone machines, the above example only needs to replace the directory node:
changeip - 192.0.0.12 192.0.1.10 old.example.com new.example.com
As noted above, for machines connecting to another OD master, the master's node path must be used:
changeip /LDAPv3/192.12.0.43 192.0.0.12 192.0.1.10 old.example.com new.example.com
Authentication to the directory master will almost certainly be requested.
It is also possible to leave the host name intact and only change the IP address:
changeip - 192.0.0.12 192.0.1.10
Its complement could be used to change only the host names, perhaps because the DNS tables have been
changed:
changeip - 192.0.0.12 192.0.0.12 old.example.com new.example.com
Note how the IP addresses are required, but that they are identical.
DIAGNOSTICS
The changeip utility exits 0 on success, and >0 if an error occurs.
changeip must be run as root. Because changeip modifies system-wide resources, it must be executed by
the root user.
Invalid IP Address: One of the IP address arguments was invalid.
SEE ALSO
dscl(1), DirectoryServiceAttributes(7), DirectoryService(8), scutil(8)
KNOWN ISSUES
The script does not perform the actual change of IP address; this is by design.
HISTORY
A version of changeip has been present in Mac OS X Server since at least version 10.3 (Panther).
Mac OS X Server 10.5 December 12, 2006 Mac OS X Server 10.5
Wednesday, June 4, 2008
A unix script to unbind and bind a Macintosh Computer to a Server
*******************************
Must be run as root when using Apple Remote Desktop or sudo when using ssh
*******************************
To unbind a computer:
dsconfigldap -v -r oldserver.somewhere.lan
dscl /Search -delete / CSPSearchPath /LDAPv3/oldserver.somewhere.lan
To bind a compter:
dsconfigldap -v -a newserver.somewhere.lan
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search -append / CSPSearchPath /LDAPv3/newserver.somewhere.lan
Must be run as root when using Apple Remote Desktop or sudo when using ssh
*******************************
To unbind a computer:
dsconfigldap -v -r oldserver.somewhere.lan
dscl /Search -delete / CSPSearchPath /LDAPv3/oldserver.somewhere.lan
To bind a compter:
dsconfigldap -v -a newserver.somewhere.lan
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search -append / CSPSearchPath /LDAPv3/newserver.somewhere.lan
Friday, April 11, 2008
ARD Kickstarting
All the wonderful commands to kickstart ARD when it's being stubborn:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent
Note: All commands presented in this document should be typed as one line of text. It's OK if the text wraps as you enter it, just be sure not to enter hard carriage returns.
Following are some examples of other things you could do.
1. Activate Remote Desktop Sharing, enable access privileges for all users, restart ARD Agent:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all
2. Activate Remote Desktop Sharing, enable access privileges for the users "admin", grant full privileges for the users "admin", restart ARD Agent and Menu extra:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu
Note: The -users flag should reference the shortname of a user of the system.
3. Activate Remote Desktop Sharing, disable access privileges for all users:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off
4. If you just want to stop the ARD Agent process:
# sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -agent -stop
5. If you want to deactivate it:
# sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
6. ARD 3.2 or later only: Allow access for only these users (the users must be specified in a separate command)
$ ./kickstart -configure -allowAccessFor -specifiedUsers
7. ARD 3.2 or later only: Allow access for all users and give all users full access
$ ./kickstart -configure -allowAccessFor -allUsers -privs -all
Note: Unlike other kickstart options, you CANNOT combine the allowAccessFor options with other kickstart options. You must use it like one of the examples above (items 6 and 7 above). This means you may have to call kickstart more than one time to completely configure a computer.
Tip: For more information about using the kickstart command, add the -help flag. For example:
# sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -help
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent
Note: All commands presented in this document should be typed as one line of text. It's OK if the text wraps as you enter it, just be sure not to enter hard carriage returns.
Following are some examples of other things you could do.
1. Activate Remote Desktop Sharing, enable access privileges for all users, restart ARD Agent:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all
2. Activate Remote Desktop Sharing, enable access privileges for the users "admin", grant full privileges for the users "admin", restart ARD Agent and Menu extra:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu
Note: The -users flag should reference the shortname of a user of the system.
3. Activate Remote Desktop Sharing, disable access privileges for all users:
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off
4. If you just want to stop the ARD Agent process:
# sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -agent -stop
5. If you want to deactivate it:
# sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
6. ARD 3.2 or later only: Allow access for only these users (the users must be specified in a separate command)
$ ./kickstart -configure -allowAccessFor -specifiedUsers
7. ARD 3.2 or later only: Allow access for all users and give all users full access
$ ./kickstart -configure -allowAccessFor -allUsers -privs -all
Note: Unlike other kickstart options, you CANNOT combine the allowAccessFor options with other kickstart options. You must use it like one of the examples above (items 6 and 7 above). This means you may have to call kickstart more than one time to completely configure a computer.
Tip: For more information about using the kickstart command, add the -help flag. For example:
# sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -help
How to suspend cgsession
A handy little script for your server to force CGsession to suspend (force a logout) after a given period of time - in this case 300 seconds or 5 minutes.
cd system/library/coresvcs/menu extras/user.menu/contents/resources
while [i]; do
./cgsession -suspend
sleep 300
cd system/library/coresvcs/menu extras/user.menu/contents/resources
while [i]; do
./cgsession -suspend
sleep 300
Thursday, April 10, 2008
Are you a Macintosh computer user?
I'm a Macintosh network person. I used to say that I don't have a religion - well, I still don't - whether it's Mac OS, Windows, Linux, Unix, CP-M, MS-Dos, or RPG-III. Wait, I never used RPG-III. CP-M was made for an earlier species of humans. MSDos was okay for while, then Mac OS arrived in the early 1980's and many of us looked and said, wha? But over time it sure has changed, grown, matured, expanded, exceeded, and soared to the top the list as one of the most advanced, stable operating systems around.
I love my Mac. I love OS X Server. It comes with magic pixie dust that it sprinkles on itself when there's a problem. Less than 1 percent of the time the pixie dust misses and there is an actual crash, but for the most part they're robust and reliable.
An that's why I like my Macintosh. It also runs Windows XP faster than my PC does, and that's on a Parallels virtual machine. If only I could run OS 9 virtually on the Intel hardware. Wait, what am I saying????? Ah, back to the grind.
I love my Mac. I love OS X Server. It comes with magic pixie dust that it sprinkles on itself when there's a problem. Less than 1 percent of the time the pixie dust misses and there is an actual crash, but for the most part they're robust and reliable.
An that's why I like my Macintosh. It also runs Windows XP faster than my PC does, and that's on a Parallels virtual machine. If only I could run OS 9 virtually on the Intel hardware. Wait, what am I saying????? Ah, back to the grind.
Subscribe to:
Posts (Atom)