FreeBSD file server for Mac clients
I've written a new, very exhaustive guide on replacing Mac file servers with FreeBSD. I discuss using ZFS, NFS, Netatalk for AFP, Samba for SMB/CIFS, and tying it all together. This is heavily geared towards folks using Mac OS X file servers to provide network homes to Mac OS X clients (academia, k-12, etc).
See it here (http://signalboxes.net/howto/freebsd-file-server-for-mac-clients)
WordPress: HTTPS admin and broken preview button
On the WordPress implementations I've done, I've always enabled SSL (https) for the administration backend. Unfortunately, this seemed to break the "Preview" button in some instances. When clicking the preview button, you're taken to a non-SSL preview. I'm not sure if the breakage is related to using such things as Varnish or what, but in any event, here's a fix for that:
In .htaccess, put the following:
RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} (preview=true) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Reliable LDAP timeout with nslcd
I recently migrated a flock of servers over to libnss-ldapd from libnss-ldap and was running into the infamous login hangs if the LDAP server is unreachable. For example, SSH may return:
Connection closed by remote host
It seems there's no such option as bind_policy or some of the nss_timeout options in libnss-ldapd.
Fortunately, a reliable method lies directly in the pam_ldap module (see man pam_ldap)
ignore_authinfo_unavail
Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server.
This causes the PAM framework to ignore this module.
What that might look like in your respective /etc/pam.d/ files is:
auth [success=1 default=ignore] pam_ldap.so use_first_pass ignore_authinfo_unavail
Command line love
Reason #4310 to love the command line:
Resizing a large directory of images within different subdirectories.
1 | find . -iname "*.jpg" -size +500k -exec convert -geometry 800 {} {} \; |
Office saving issues with network homes
I've recently had to deal with an issue of Microsoft Office having bizarre behavior when attempting to save to network homes (Mac clients). One particular error was worded as, "Word cannot save this document due to a naming or permissions error on the destination volume." Another possible error was something about the document already being opened elsewhere. Permissions on homes were fine.
Apparently, Office uses a ".TemporaryItems" directory at the root level of the share point they're saving to as a scratch space. So, if the share point for the homes is, for example, afp://servername/userhomes/ a ".TemporaryItems" directory needs to be created on "userhomes" that the users will have permissions to write to. I solved it by:
1 2 3 4 | cd /path/to/share mkdir .TemporaryItems chgrp staff .TemporaryItems chmod 3777 .TemporaryItems |
This will ensure the users can write to it, but not interfere with other users' data.
Welcome
Welcome to signalboxes.net
More things will be added here eventually. If you're here, you were probably sent here for a reason.
PHP Ldap_chpass
Ideally, you'll have one directory service for your users and they'll only have to worry about one set of credentials. Unfortunately, that's not always the case. Maybe you're transitioning from one to the other, have services for legacy support, and so on.
We had a need for users to change any of their passwords using a single web interface. The web interface is ran on a Linux server with Apache and PHP (with LDAP support).
This class supports, in my environment anyway, OpenLDAP, Open Directory (on Snow Leopard), and Active Directory.
Word of warning: Since this is being ran on a Linux server, the Open Directory passwords are actually being changed by sending a remote shell command (using SSH with a keypair) to interface with dscl. That said, passwords with apostrophes aren't working (due to using escapeshellargs()). If you have a fix, please send it to me. Open Directory doesn't store its passwords in LDAP.
Another note - Active Directory passwords are reset by using a user with elevated privileges. See this article for information on this.
Howto / Notes
Config Files
Contact
