Changing OS X Settings for Profiles bound to clients results in Managed Client changes (mcxread shows them) and inserts the info into Managed Client in this order: User Computer Computer Group Everyone User Group The data in the managed client attributes is replaced completely and not per-key. Installing profiles from the command line provides more information as to what is going on behind the scenes. Having said this, in some cases I can get a Provisioning Profile Validation: failed to read CMS (-25257) error when attempting to install the same profile a second time. In other cases it just fails if I try to run verbosely (in those cases it…
-
-
Lion Server: Using Profile Manager's Debug Mode
I’ve seen a lot of traffic about people troubleshooting problems with Mac OS X Server’s new Profile Manager service. One of the more useful things in troubleshooting anything (including Profile Manager in Lion) is the debug mode. It’s easy to turn on, just run the following command from any Lion Server with Profile Manager installed: sudo defaults write /Library/Preferences/com.apple.ProfileManager debugMode 3 You will then get more information in the logs and be well armed to troubleshoot issues that arise in Mac OS X Server 10.7’s Profile Manager.
-
Change H: on SMB PDCs
Samba can be a PDC, allowing Windows clients to join a single line domain name and then access domain resources (such as roaming profiles) as though the domain were Windows NT-based. When you set this up the default behavior for Mac OS X Server based domains is to create a drive mapping for H: to the users profile path (as specified in the homeDirectory attribute) on the server. H: is kinda’ low for some computers with a lot of drives and it can also conflict with other drive mappings you may choose to use. Therefore you may find that in some cases you need to change the H:. To do…
-
Sandboxed Out of My Own Boxen
Playing with Sandbox can be tricky. The other day my own box (luckily one not FDE’d) started to kernel panic and I’d just activated about 12 sandbox profiles. To fix, I booted to single user mode (Command-S), mounted the drive (using the command mount -uw /). Then I did a find for all *.sb files (assuming you use the sb extension for your sandbox files) touched that day, deactivated them and rebooted. Oddly, still no dice. Did I miss one? Next, just to verify it was a sandbox issue, I went back into single user mode, remounted the volume and used this command to move the Seatbelt kernel extension to…
-
Mac OS X Server: Disable Roaming Profiles Globally
To disable roaming profiles you can just edit the smb.conf, adding a blank path to the logon path setting disables roaming profiles. So just add this line to your global /etc/smb.conf settings: logon path =