dsconfigad did not support signing of LDAP packets in 10.4.x. However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in. Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable. To force LDAP signing, just run the following command: dsconfigad -packetsigning required To then disable signing if your environment doesn’t support it use the following command: dsconfigad -packetsigning disable The default variable is allow, which will use LDAP signing when possible.
-
-
Better Late than Never
New Apple security update. Not that it fixes everything it intends but it’s a good start… http://support.apple.com/kb/HT2647
-
Mac OS X Server 10.5: Customizing Trust Time for the adplugin
You can use the adplugin to customize the amount of time a client is trusted by Active Directory. It can be done by using the following command: dsconfigad -passinterval 30
-
Mac OS X Server 10.5: Using NATd to turn the Server into a Router
There are certain aspects of Mac OS X Server that it just isn’t that great at. One of them is acting as a router. It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server. So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point… 😉 You can use the /etc/net/natd.plist. The key you’ll want to edit is the redirect_port, one per port or a range of all in one key… …
-
DNS Caching and Apple
In the article at http://www.macworld.com/article/134793/2008/07/apple_dns.html John Welch goes off on Apple for their delay in the whole DNS Poisoning exploit. It’s kindof amusing…
-
ARD Root Escalation Using AppleScript
They can explain it better than me: http://it.slashdot.org/it/08/06/18/1919224.shtml (this has been fixed with the August 2008 Security Update).
-
Mac OS X: Reset Open Firmware Password
To reset the open firmware password you can either reboot while resetting PRAM 3 or more times or just pull out the RAM, reboot and reseat it after the next restart. Have fun with that.
-
opfw
You can use the command line tool opfw to set open firmware passwords. It is available for download over at MacEnterprise.org. You can also use opfw to mass deploy open firmware passwords, which is basically what NetRestore does when you use their setting for this.
-
Did you know?
Firewire gives direct access to a systems memory.
-
Mac OS X: Require Password at Single User Mode
By default, Mac OS X will simply give you a shell when you perform a Single User Mode startup. However, you can force OS X to ask for a password in order to gain shell access. To do so, vi the /etc/ttys and change secure to insecure. Once you have done so, create a password in /etc/master.passwd for root.