Using the 10.5-style contextual dock menu in 10.6.x

November 8, 2009 at 1:02 pm | In Geeky, Mac OS X | Leave a Comment

One change in 10.6.x was that Apple added new behavior to the Dock’s contextual menu. In 10.5.x and earlier, when you clicked on a program’s icon, you’d get a contextual menu with that program’s Dock commands, along with the OS X system commands (Hide/Show, Quit, and Options).

10_5_mail-dock-contextual-menu

In 10.6.x, clicking and holding on an application icon in the 10.6 Dock invokes Exposé for that application. This is the same effect you see when pressing the F10 key in 10.4.x and later.

10_6_dock_contextual_expose

I personally found the new behavior aggravating, especially since my long-established habit is to use the Mail dock contextual menu to select “Get New Mail”. In 10.6, I found that I was launching Exposé instead. I could get the old contextual menus back by doing a Control-click on the dock icon, but I kept looking for a way to get the old behavior back.

Fortunately, somebody has found it. Here’s how you tell the Dock to use the 10.5.x-style dock contextual menu:

1. Open Terminal
2. Enter defaults write com.apple.Dock show-expose-menus -bool no and hit Return.

This change will take effect the next time that the Dock starts up, so if you want to automatically restart the Dock after applying the command, here’s the command you enter into Terminal:

defaults write com.apple.Dock show-expose-menus -bool no; killall Dock

10_6_control_click_contextual_menu

The night Loginwindow put out a hit on my user accounts.

October 11, 2009 at 10:53 am | In Geeky, Mac OS X, Mac OS X Server, Mac administration | Leave a Comment

I had an odd problem crop up while doing a server upgrade today, where some AD accounts that I’d set up on a server were disappearing after a reboot. I’d set them up, reboot and *poof* no more user accounts. After a few tries, I hit Google and found the following blog entry which pointed the finger at the loginwindow process clearing the accounts because it believes them to be inactive External Accounts. Sure enough, I checked /var/log/system.log and saw the following entries for each account that had mysteriously disappeared:

Oct 11 00:14:43 server-name com.apple.loginwindow[55]: -xaRemoveInactiveExternalAccounts: removing “username” with home “/Volumes/Data/Users/username” from DSLocal because account is not active.

However, not all accounts were disappearing; only the ones where the account’s home folder was stored on another hard drive in the same server.

In the end, I re-read the createmobileaccount man page and noticed the -x and -X switches:

usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [-e] [-q] [[-x] | [-X]] [[-s] | [-S]] [-u syncURL] [-v]
-n username : user record name
-h homepath : user home path; Default is “/Users/<username>”
-p password : user password
-P : prompt for password. A password is required for FileVault home
-e encrypt : encrypt new home with FileVault
-q quota : max size in bytes of FileVault home
-x : create as external account on non-boot volumes. Default
-X : create as mobile account account non-boot volumes.
-s : set home sync on if home created.
-S : set home sync off if home created. Default.
-u syncURL : server target of home synchronization
-v : verbose output

I’d been setting up the user accounts using the following command:

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -h /Volumes/Data/Users/username

Since I wasn’t specifying “-x” or “-X” in the command, by default, createmobileaccount was setting them up as external accounts because I’d specified a home folder on a non-boot volume.

Once I switched my command to be the following, my mobile accounts began surviving a reboot:

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -X -n username -h /Volumes/Data/Users/username

I sing the praises of VMWare!

September 16, 2009 at 12:58 am | In Geeky, Mac OS X, Mac OS X Server, VMWare | Leave a Comment

Over the past few years, I’ve been introduced to virtualization and have started to use it in my everyday work environment, especially with regards to using it heavily in my test environments. Here’s some of the uses I’ve found for it in the past couple of months:

Live backup testing – I’ve test my work backups on a regular basis, and it used to be much more of a chore. Before I started using VMs, my workflow went something like this:

1. Get a couple of test boxes (one Intel, one Power PC) to simulate my servers.
2. Partition the internal hard drive into however many boot drives I needed.
3. Clone the hard drives with a standard server build from another hard drive.
4. Boot the test box.
5. Restore the needed files from backup.
6. Test my backup.
7. Did it work? If yes, move on to next boot drive. If no, re-clone hard drive and try again.
8. Run all tests until successful.
9. Write it up, send it on to the Powers That Be.

Now, I still need to do this workflow for my Power PC servers. For my Intel servers, the workflow now goes something like this.

1. Fire up VMWare Fusion on a box with *LOTS* of RAM.
2. Clone as many virtual servers as I’m planning to test.
3. Snapshot the servers before boot.
4. Boot the test VM.
5. Restore the needed files from backup.
6. Test my backup.
7. Did it work? If yes, rollback to pre-boot snapshot (which both shuts down the VM and preps it for use the next time I need to test backups), and move on to the next VM. If not, rollback to the pre-boot snapshot and try again.
8. Run all tests until successful.
9. Write it up, send it on to the Powers That Be.

So what? Seems like the same number of steps. True, but step 7 is now much faster and (if the test is successful) allows me to prep for the next round of backup testing down the road. Cloning a hard drive can take about an hour. Cloning a VM (because you’re essentially copying a file) is more in the neighborhood of minutes. Rolling back a VMWare snapshot is a matter of seconds.

Test environments – I can’t overemphasize how useful VMs and the ability to make snapshots have been to me in my Mac OS X 10.6.x testing. Using a VM and remembering to snapshot allows me to completely destroy a box when a script goes wrong, but ten seconds later have a working test box again when I’ve rolled back to my previous snapshot.

Flat-out hosanna-singing rear-saving – I recently had a project where after the start of the project, disaster struck in areas I had minimal control over. This project involved importing data from a non-Microsoft calendar/contacts system to an Exchange 2007 server. Broken down into its component parts, it needed a Windows XP or Vista box, an Exchange 2007 SP1 server and an Active Directory domain controller. Without going into too much detail, we had some trouble getting good data out of this process. We discovered this only after we started the transition (i.e. told everybody involved “The old system is retiring and you’re moving!”, done the training, announced the migration dates, got the database we needed from the vendor and actually started the migration process.) Coordination between the organizationally-separate elements of the project broke down, the vendor was less than helpful, and we needed a Plan B fast!

VMWare to the rescue.

VMWare allowed us to build all three boxes that we needed fairly quickly (both servers were created from existing Windows Server 2003 R2 templates.) It also allowed us, at each critical step, to snapshot and save our changes. So when the database conversion testing screwed up at one point and we had 147 Exchange mailboxes filled with garbage? Rollback; mailboxes are pristine once more and we were ready for the next test. It was still a lot of work, it still ate the whole weekend (I was at the office with my coworker/savior a full 24 hours over the course of Saturday and Sunday), but it would have been impossible to have finished by the start of business on Monday (our deadline) without using VMWare. Flat impossible.

Is it always the answer? No. When you have resource-intensive services that demand every erg of power and whit of drive speed that a server can deliver, you’re better off with an actual box (an Exchange mail server is actually a good example here of something that *should* be on an actual box; fortunately, our power and speed needs were low during this project.) However, for other tasks that may be less “need for speed”, going the VM route can often be a great choice.

Preparing for WWDC 2009

June 4, 2009 at 8:37 pm | In Geeky, Mac OS X, WWDC 2009 | Leave a Comment

As I have done every summer since 2004, I’m getting ready to pack up and head out for the sold-out WWDC conference in beautiful San Francisco. Anybody wants to look me up, I’ll be one of the people with the red MacBook Pro.

Moved my last home server to Mac OS X Server 10.5.x

April 19, 2009 at 5:16 pm | In Geeky, Mac OS X Server, Mac administration | Leave a Comment

I’ve got two G4 desktops acting as my home servers, one of which was running web, Open Directory and Time Machine backup services for my home’s Macs and the other providing my DNS and VPN services. The OD server is running Mac OS X Server 10.5.x, but the other was running (until yesterday) Mac OS X Server 10.4.11. Since I usually try to keep my OSs current, I decided that it was time to upgrade. Using the Apple migration documentation, I installed Mac OS X Server 10.5.6 onto an external Firewire drive and used the data from my 10.4.11 boot drive to migrate the needed services. I migrated over my AFP and VPN services fairly easily, but I kept running into issues with migrating my DNS. The import (outlined on page 33 in the migration documentation) would go smoothly, but then my DNS entries would vanish out of Server Admin. DNS was apparently working, as I could do lookups, but I was unable to edit any entries or add new ones.

After trying a couple of times to migrate the DNS service, I gave up and decided to re-create the entries. When I re-built the DNS entries by hand, I saw the same phenomenon happening. I was getting near the end of the job (having saved after every step, I saw the DNS entries disappear from Server Admin after I’d made the DNS entry for my wife’s laptop. When I looked in the log, I saw this (log entries altered to conceal internal DNS names and IPs):

18-Apr-2009 14:43:43.111 dns_rdata_fromtext: /var/named/zones/db.myinternal.net.zone.apple:18: near ‘Mac’: extra input text
18-Apr-2009 14:43:43.112 zone myinternal.net/IN/com.apple.ServerAdmin.DNS.public: loading from master file db.myinternal.net. failed: extra input text
18-Apr-2009 14:44:32.902 shutting down
18-Apr-2009 14:44:32.903 stopping command channel on 127.0.0.1#54
18-Apr-2009 14:44:32.904 no longer listening on 127.0.0.1#53
18-Apr-2009 14:44:32.904 no longer listening on 10.0.0.70#53
18-Apr-2009 14:44:32.934 exiting

When I looked at line 18 of /var/named/zones/db.myinternal.net.zone.apple, I saw the following:

littleshiny IN HINFO “PowerBook G4 12 “” “Mac OS X 10.5.x”

My whole problem with importing my DNS was a comment that I’d made in the Hardware info section of the DNS entry. I’d set it on 10.4.11’s DNS service as PowerBook G4 12″. 10.5’s DNS service didn’t know what to do with the extra in the configuration file, so it failed. I altered the entry to the following:

littleshiny IN HINFO “PowerBook G4 12 inch” “Mac OS X 10.5.x”

Once that change was made, DNS fired right up and everything appeared normal in Server Admin. DNS was the last remaining issue (VPN worked fine once I re-entered the shared secret, and AFP worked normally.) After that, I made one last backup of the 10.4.11 boot drive, then erased the boot drive and cloned my new 10.5.6 Server installation on to the boot drive.

Once the newly-minted 10.5 server was successfully booting from its internal boot drive, I was then able to set up the drive that I had been using to make a synchronized backup on 10.4.11, to now be the Time Machine backup drive for the server and let Time Machine back up the server overnight. 24 hours later, everything looks like its working like it should, so I’m calling this a success.

Using .bashrc with Terminal

April 6, 2009 at 6:48 pm | In Geeky, Mac OS X | Leave a Comment

I got a question from a user today that was pretty interesting. Boiled down, it was “I’ve set up a .bashrc file with my preferred settings. It works fine in XWindows with xterm, but is being ignored by Terminal. Why?”

This has to do with how the bash shell handles different shells. If you read the bash man page (‘man bash’), in the section on startup files, it explains which files are read when. The tricky part is that there are two types of shells: “login” shells and “non-login” shells, and bash reads different files depending on the type of shell.

A “login” shell reads ~/.profile but not ~/.bashrc
A “non-login” shell reads ~/.bashrc but not ~/.profile

A new Terminal window in OS X starts a “login” shell and hence reads ~/.profile but not ~/.bashrc
The situation is reversed for xterm (running under X11 in OS X).

What should fix it is to set up a .profile file to that sources your .bashrc file like this:

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

That way, you don’t have to worry about making changes to .profile; Terminal will just get the changes from .bashrc. For what it’s worth, this is an issue with several Unix-based OSs.

How to do a full Time Machine system restore without being booted from an install DVD

March 13, 2009 at 4:05 pm | In Mac OS X, Mac administration | Leave a Comment

Recently, I found that I needed to do a full system restore on a late-model MacBook Pro, but didn’t have a 10.5 install DVD available that would boot the laptop. I did have a FireWire utility drive that’s updated to 10.5.6, which would boot the laptop, but there is no obvious way to run the “Restore System from Backup” utility without being booted from an install DVD.

Thanks to “seibert” on the PGP forums, it looks like there is a way to run a system restore without needing to be booted from the 10.5 install DVD (though you’ll still need to have one available.) Here’s the procedure:

1. Boot your Mac with a drive that has 10.5.x installed. This volume cannot be the target volume when you restore from Time Machine later.

2. Attach your Time Machine drive or volume.

3. Insert the 10.5 install DVD.

4. Open the Terminal and run the following command:

sudo “/Volumes/Mac OS X Install Disc 1/System/Installation/CDIS/Mac OS X Installer.app/Contents/MacOS/Mac OS X Installer” “/Volumes/Mac OS X Install Disc 1/System/Installation/Packages/OSInstall.mpkg”

You may need to replace “Mac OS X Install Disc 1″ with whatever the name of your Leopard installer DVD is. Mine came with my MacBook, so it has this name because there are two disks. sudo is required because the Installer needs root permissions to be be able to set permissions on the target volume when you perform the restoration.

5. The installer will show the usual Leopard installation screen, which you can ignore. Go to the Utilities menu and select “Restore System from Backup”. Follow instructions as you usually would for a Time Machine restore.

“Seibert”’s procedure was designed for use with a PGP encrypted drive, but this should work with both encrypted and unencrypted Macs.

Binding to Active Directory fails with an authentication error

March 12, 2009 at 7:33 pm | In Mac OS X, Mac administration | Leave a Comment

I had a problem today with unbinding and rebinding my MacBook Pro from work’s AD domain (this process was started by my AD account lookups failing, which made me think that my Mac wasn’t talking to AD as well as it thought it was.) When I tried to unbind, I got an error stating “Invalid user name and password combination”. Thinking that my DirectoryService preferences were hosed, I tossed my /Library/Preferences/DirectoryService folder which should have cleared out my AD settings, then restarted. After the restart, I was able to connect back to my OD server without a problem, but then ran into the same “Invalid user name and password combination” error when I tried to bind to AD again.

After googling to see if anyone else had the same problem, I ran across this Apple Support discussion thread, where PetarM suggested the following:
I was having trouble logging in with my AD account to some iMacs added to our AD. In fact, not a single AD account was able to login. Directory Utility claimed it can’t see the domain controller (which it could, since it was online, in the same subnet as other identical computers, it could ping the domain and packets were sent back and forth between it and the domain, without loss). Unbinding it didn’t work, but it offered to force the ubind, which I did. Then I was unable to bind it back (updated to 10.5.6 rebooted, still not binding). The error I kept getting was invalid username and password (after entering the domain username and password that we use for binding). Using the same username and password worked on other computers (either brand new, or existing computers that I unbound, then bound back with no issues — again same subnet, same image). I deleted the computer accounts from the domain, but the problem persisted. Finally, I used fseventer to see what’s being access during the bind process. The system threw the error message not after communicating with the domain, but after checking the plists in /Library/Preferences/DirectoryService and /var/db/dslocal/nodes/Default/config — so I deleted these two folders and was able to bind back with no issues! WARNING: This deletes a lot of directory service settings, so use it at your own risk! Here are the commands I used:
sudo rm -rdfv /Library/Preferences/DirectoryService

sudo rm -rdfv /var/db/dslocal/nodes/Default/config

sudo sudo killall -USR1 DirectoryService

I tried those commands on my own laptop, and behold! It wiped my DirectoryService settings (as noted above), but I could now rebind to AD!

So, for those who need it, here’s another thing to try on 10.5.x when you can’t bind to AD:

1. Log in with your admin account and open Terminal.

2. Run the following commands

sudo rm -rdfv /Library/Preferences/DirectoryService

sudo rm -rdfv /var/db/dslocal/nodes/Default/config

sudo killall -USR1 DirectoryService

3. Try to rebind again.

Notes on replacing a bad tape drive

February 13, 2009 at 12:41 am | In Geeky, Mac OS X Server, Mac administration | Leave a Comment

About two years ago, I had problems with a tape library at work. Well, in late January 2009, the tape drive broke again and this time my management decided to replace the library entirely with a new one. Based on my research, a Tandberg StorageLibrary T24 with an LTO-3 drive seemed like a good bet, as it had a fibre channel option, was supported by Retrospect (our backup software) and we could re-use our existing LTO-2 tapes. Two weeks of hell later, here’s the lessons learned that will hopefully help someone else.

1. On Mac OS X 10.4.x and Mac OS X Server 10.4.x, Retrospect has some compatibility issues with Apple’s fibre channel cards. Upgrading to Mac OS X 10.5.x and Mac OS X Server 10.5.x should help with this.

2. You really want to segregate your tape library from your attached storage if they’re both connecting over fibre channel. Tandberg has a write-up on this as it applies to Apple products. For my own setup, I wound up putting a second fibre channel card in my XServe (an Apple-branded LSI 7202XP), setting up a spare fibre channel switch, and plugging the second fibre channel card and my tape library into that. You can also zone your existing fibre channel switch as mentioned in Tandberg’s write-up, but honestly I just wanted the pain to stop and I had the spare kit available.

3. If you’re using Retrospect, and you get error -36 when it’s writing to a new catalog, switch to saving your catalogs on another drive. This is a disk i/o error, and comes through Retrospect straight from the Finder’s error reporting. I’d recommend checking out the drive for problems. In my case, it was a RAID that was used for storing Retrospect catalogs and restores. Shortly after reporting the problem, it spontaneously unmounted. I backed up the essential files off of the RAID, destroyed the RAID array and rebuilt from scratch. No problems since then.

4. Posting rants to EMC’s Retrospect forum can be theraputic but may not get you any feedback (useful or otherwise.)

5. Sometimes, you get a dud. I spent three days with the first (of two) Tandberg Storage Library T24s all but ripping my hair out when it didn’t work, convinced I was missing something. Then it started rebooting itself spontaneously and repeatedly, which made me feel a little better because it was obviously a dud and I wasn’t a gigantic drooling idiot.

6. Sometimes you’ll get the absolute last of something in the United States, and they have to send back to the manufacturer in China. No joke. When I called to get our dud library returned and replaced, our vendor’s warehouse was out, and so was Tandberg’s. To Tandberg’s credit, I reported the problems with the first tape library on Tuesday and I had a replacement unit sent to me International Warp Speed Overnight Before 10AM FedEx delivery by Friday morning.

7. The Tandberg StorageLibrary T24 is also known as the Magnum 224. Two names, same product. However, searching on Google for “Magnum 224″ gets you more useful information than “StorageLibrary T24″.

8. Double-check your fibre channel optical cables by shining a bright flashlight or a small handheld laser pointer down one end and see what comes out the other. The ones I’d been using with my old library didn’t seem to be conducting light as well as they should, so I swapped out for another set of cables. Shorter cables are generally better.

Hope this helps the next guy or girl. For myself, I’m just glad I’m able to sleep and eat normally again (stress tends to keep me up and depress my appetite.)

Airport Extreme update: Rebooting nightly wasn’t the answer.

February 6, 2009 at 6:42 pm | In Geeky | Leave a Comment

Back in November, I’d posted this entry describing how I’d started rebooting my Airport Extreme on a nightly basis to fix a problem where it was becoming unresponsive every couple of days. I was still having the problem (even with a nightly reboot) through December and January, so a few days ago, I decided to move the Airport upstairs so that at least I wouldn’t have to head down into the basement all the time. I disconnected it from the gigabit switch downstairs, unplugged everything, then brought it upstairs. Once there, I installed it in our entertainment center behind the TV and connected it to the small 10/100 switch that I use to connect my home theater Mac Mini to our home’s network. Lo and behold, it’s been five days since the change and the wireless network hasn’t gone offline once.

At this point, I’m inclined to blame the gigabit switch in the basement for the problem, but I don’t have anything to base that on other than the fact that the problem went away.

Next Page »

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.