OSX 10.6 AD Domain User Logon Fails

Issue:

Active Directory users are unable to logon to Apple computers when the ‘Create mobile account at login’ box is ticked for OSX 10.6 users. The computer is bound to the domain, in the correct OU, and you can get user information from directory services with commands like id, su etc.

Common log messages you see around this issue:

com.apple.DirectoryServices[15] Enter machine password:
com.apple.DirectoryServices[15] DNS update failed!

SecurityAgent[735] Could not get user record for 'username' from Directory Services
SecurityAgent[735] User infor context values set for usernameSecurityAgent[735] unknown-user (username) login attempt PASSED for auditing
SecurityAgent[735] Could not get the user record for 'username' from Directory Services

Work around:

To still have the mobile accounts enabled (for users who are not always connected to the network for authentication) mobile accounts need to be manually created for each user of a computer.

The following should be run in a terminal window to do this:

cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources
sudo ./createmobileaccount –n
sudo createhomedir -c -u

Links:

http://discussions.apple.com/thread.jspa?threadID=2131654

Robocopy

Explaination of typical Robocopy uses.

Make a copy of a whole directory, in restartable mode (incase something happens during copy) include all files and folders but don't copy any permissions.
robocopy /Z /E

Useful Options.

/Z Restartable mode (good for network transfers etc, will continue when connection is re-established)
/E Copies ALL subdirectories, including empty ones
/R:1 Retry number of times - This is how many times a file copy should be retried before continuing
/PURGE Deletes any files/folders in the destination DIR that don't exist in the SOURCE. This is useful for backing up data etc.
/MOVE Deletes files and directories from the SOURCE once they are copied
/LOG+: Adds all output to a log file
/COPYALL Copies all file info (date/time/attributes/ACLs)

Smoothwall 3.0 - QoS in detail

How to see ports/services detail for Smoothwall QoS

The file /var/smoothwall/traffic/settings contains entries in the form

R_=label,tcp,udp,ports,class,comment

where ports can consist of just a single port or a semicolon separated list or a colon separated range.

The Gaming rule for example:

R_208='Gaming,on,on,both,27910;7777;4000;6112:6119;27051;88;3074,high, Gaming should either be high priority if you need realtime response or low if you don't want game playing to impact other traffic.'

Decoded this is port
27910
7777
4000
6112 through 6119
27051
88
and 3074

Links:
http://community.smoothwall.org/forum/viewtopic.php?t=22954&highlight=qos+modify

Smoothwall 3.0 - Block specific sites

Problem:
Blocking certain sites through Smoothwall. A bit difficult to configure as there is no out-of-the-box option in the web GUI for it.

Process:
Make sure that you have Squid (web proxy) enabled on Smoothwall. Its also worth noting that if you do not enable transparent mode, this will not work for people who do not have the proxy set in the browser on their computer.

These are the steps:

1. login to the Smoothwall box as root
2. type: cd /var/smoothwall/proxy/
3. type vi badsites.txt (this will create a new text file which you can write all the site names you wish to block in)
4. press the 'i' key to enter 'insert mode'
   
5. Enter each site you want to block on a seperate line
6. When finished type :wq and hit enter, this will write the document and quit it.
7. Now we need to block the sites in this text file in the Squid acl file. So type: vi acl
8. find a spare line and hit the 'a' key to enter append mode
9. Insert the following lines:
   acl blocked_sites url_regex "/var/smoothwall/proxy/badsites.txt"
   http_access deny blocked_sites
10. Then type ':wq' to save and quit.
11. Go to the http configuration for Smoothwall and click on the web proxy. Click the save button in order to restart the proxy service.

The entered sites should now throw a denied error when they are trying to be accessed on your network.

Links:
http://martybugs.net/smoothwall/squid.cgi

Installing Smoothwall in a VirtualBox VM - Vista

Aim
I wanted a router/firewall system for capturing internet usage by IP address. There are some Linux/BSD distributions that do this plus a LOT more which are interesting to have. Enter: Smoothwall
The catch was most of these distro's are run on a separate, standalone box. I already have a box that runs full time for file sharing among other things and I really didn't want to add the power consumption of another box to that. So Running it in a virtual machine is the answer.

(I also checked out pfSense. Unfortunately I couldn't find an easy way to get IP usage monitoring on this distro, whereas Smoothwall 3.0 does it out of the box. I like pfSense a little better in all other ways though, it seems abit more user friendly and really easy to configure)

Specifics:
Machine: Host OS is Vista 64bit Home Premium. The actual box actually has 2 ethernet ports, however I only used one of them in this setup (running both Red and Green interfaces on Smoothwall!) as there is only one network connection in its physical location and the box cannot be moved.
Sun VirtualBox (64bit version for my OS) used to create the Smoothwall VM
Smoothwall Express 3.0 (64-bit) ISO

Network: Most of these Smoothwall based router/firewall setups have an external and internal IP interface. (Smoothwall calls the external the 'Red' interface, internal 'Green'). With my network setup though, I didnt want the Red interface to actually have the internet IP because my box is physically located a fair distance from my ADSL line. So in my setup, the ADSL router is still the internet facing device and traffic needs to be routed through Smoothwall.

Setup:
First things first of course. Install VirutalBox. This is simple, so I won't go into detail.

Before I install Smoothwall into a VM, its important to get my head around the network setup. Everything is actually going to be on the same IP range, which is abit weird for a Smoothwall install. Basically here is how I setup my network to get it working the way I want with my ADSL router:

1. Disable all DHCP. Smoothwall will take care of this, and as a result all internet traffic will route through Smoothwall as it will assign itself as the gateway and DNS server, so internet traffic will come to the Red interface and then traffic will be forwarded to the ADSL router.
2. I also enabled a DHCP forwarding function on my ADSL router. I don't think this is necessary as all the internal network is in the same IP range and Smoothwall will broadcast that its the DHCP server, but I ticked this setting anyway.
3. Enabled DMZ on the router to be the Red IP address of Smoothwall. This will forward all incoming internet traffic to Smoothwall, so Smoothwall will still be acting as a firewall. (and saves me from forwarding ports on 1000 devices).
4. The IP range of my network is 192.168.0.1/24 Basically my network setup so that device self assigned IP's are between 200-254, statically assigned (via DHCP) IP's are between 100-200, and all other DHCP is between 2-99. 192.168.0.1 is my router.

Smoothwall Installation.
To install Smoothwall in VirtualBox, these were the steps I took.

1. Create new VM by clicking 'New'
2. Create a name (Smoothwall for ex.), set the OS to Linux, version to Other Linux
3. Set the RAM size for the install, mine was 128MB
4. Create new hard disk (select Dynamically expanding storage, check location to be somewhere you want it, and set the Size to 2.00GB)
5. Finish the wizard
6. Click Settings for the new VM
7. Go to Network, set the following setting for both the Adapter 1 and Adapter 2 tabs (these will be the Red and Green interfaces on Soothwall:
   
   1. Tick Enable Network Adapter
   2. For Adapter Type, select 'Intel PRO/1000 MT Desktop'
   3. Set Attached to 'Bridged adapter' *Note the cog to the right, it will give you the MAC Address of the interface, which can be useful to write down and refer to while installing Smoothwall.
      
   4. Select your current computers network connect from the Name dropdown box
8. Click OK to finish
9. Click Start to boot up the virtual machine
10. It will ask to you mount a CD image as nothing is installed on the machine yet. Point the wizard to you Smoothwall.iso image file on the computer.
11. Smoothwall CD should boot on the screen, press enter to begin setup.
12. Run through the Smoothwall setup. It asks you all the questions it needs to know. A couple of points on what needs to be setup is below.
13. Once setup is complete, the VM will restart. You can remove the CD: Right-click the CD icon on the bottom of the VM window and select to unmount the image.
    

Points for the Smoothwall installation setup:

• My Red IP address was manually set to 192.168.0.210, so DHCP is disabled on this adapter (ie. it does not get an IP from DHCP). When manually set you also need to set Gateway and DNS server. In my case both of these are the ADSL router that Smoothwall will be forwarding to, 192.168.0.1
• My Green IP address was 192.168.0.204
• Also make sure you enable DHCP while going through the setup (use space bar to put a * in the DHCP field)
• Make sure you remember your root and admin passwords you set. You need these to configure Smoothwall via a browser and to login to Smoothwall
  

Once Smoothwall has rebooted from the installation, it should be running. DHCP should work and you will be able to get an IP address on the host assigned by Smoothwall. (run ipconfig /release and ipconfig /renew on Windows to do this)

We can now configure all the settings we need via Smoothwalls HTTP configuration. Bring up a web browser and type: //:81 this should ask for you login and then you can start playing with the setup.

Info about the internet IP usage is under the About section. Traffic Graphs is a good place to start.

Problems:
There are a few things to keep in mind with this setup. Obviously anyone on the network can change their DNS and Gateway manually to be 192.168.0.1 which would then bypass Smoothwall. This isn't a problem for me, its just a home setup for getting info about who uses what.

Windows in its inherent nature needs to be restarted from time to time. Obviously this is a disadvantage of running Smoothwall in a VM since it will also need to stop for that time and won't provide access for other people on the network.

There is also security issues with running a firewall in a VM. Obviously if someone gets control over the host OS all the security in Smoothwall will be useless. Again this isn't a huge concern for me because its a home network. More details about the security can be found on the net... I'm not an expert.

What else could be done?
It would be nice for there to also be a way that the VM starts and stops istelf when I restart the computer. Or at least runs in the background. If I get this operational I will put another post up, but I have tried at length to run the VM in a service which is, frankly, down right annoyingly painful on Vista. I've been through a number of HowTo's about running VirtualBox VM's as a service, which normally will work ok on XP. Vista has huge issues with permissions from what I could see.

Links:
Smoothwall:
http://www.smoothwall.org/
http://community.smoothwall.org/forum/viewtopic.php?t=2873 - Smoothwall Addin's

VirtualBox:
http://www.virtualbox.org/

pfSense:
http://www.pfsense.org/

Installing Apache on Vista (Home Premium)

Pretty simple post on another blog about this which I followed to get it working properly. My biggest problem was access control by the Apache service (when I tried to change the default location of the document root) but changing the install location from default 'Program Files' makes life SO much easier.

I didn't need to really follow some of it exactly (turning off UAC for example) But it does point out a few common areas problem occur.

Link:
http://smittysblog.wordpress.com/2008/02/18/how-to-install-apache-web-server-on-vista-and-avoid-problems/

Installing XP Pro (tablet edition) from USB stick (HP 2730p)

Basically:

Used a software that creates all the necessary boot information for the USB drive, found here:
http://www.msfn.org/board/install-usb-winsetupfromusb-gui-t120444.html

Original Problem:

Had a HP 2730p laptop which has no internal CD drive and would not boot from any external CD drives I had. Boots from USB stick fine though so getting a bootable USB solution is what worked. It needed to be loaded with the Tablet edition of XP Pro.

How to solve it:

The software from the link above provides an easy enough GUI to make a bootable USB. Basically I installed it onto windows XP VM and ran the software over a USB stick. Formatted it with NTFS and pointed the source to the first (of 2) CD's for XP Pro Tablet edition. It will do the rest itself and provide you with questions that need to be answered. Quite a useful piece of software.

Once you boot from USB it will automatically select the settings to start the windows install. You can actually put more than one install on the flash drive with this software so it will ask you what one you are wanting to install. Just let it do it all automatically if you only have the one OS on the USB stick.

Links:

How to install Win7/Vista (64bit) on a Hp Elitebook 2730p (on USB) - Useful for abit more info as well
http://xhdev.wordpress.com/2009/08/16/how-to-install-win7vista-64bit-on-a-hp-elitebook-2730p-on-usb/

Also tried a win Vista/7 'apprently' easy USB install, but obviously doenst work for XP. It also needs to be created with Vista/7 as the version of diskpart in lower OS releases doesnt have the same function:
http://www.techmixer.com/install-windows-vista-from-bootable-usb-flash-memory-drive/

First Post

This is a blog purely for my own benefit. I'm sick to death of finding solutions to many computer related problems only to find a month later I need to solve the same problem again and can't remember what intricate google search I did to find the right site with the information to solve it.

So all success stories will be posted in how-to formats.