I bought a new D-Link DIR-625 router and got it to work with all my computers except one -- an older PowerBook Pismo with an AirPort wireless card. I kept getting the error that it couldn't connect to the airport network. The machine would connect to my old router, and to my neighbor's router, just not my new D-Link router. For days, I tried everything I could find to fix it. I called support multiple times, and tried everything that they suggested. Their suggestions were of no help, however.
I finally stumbled on to the fix myself. I had to change the wireless mode from "B,G and N" to just "B and G," and then it worked fine. The problem is that my new MacBook has N wireless and now can't use my new N router at full speed. I guess that is why it is still called "draft" N router!
I wrote a free widget for switching HTTP, FTP or HTTPS proxies, and it currently works for Ethernet or AirPort networks.
The widget is basically a front end for a bash script, which does the hard work. I also had to write an Objective C tool for parsing of current configuration information. It is all free, so if somebody would like to see the source, just let me know.
Are you having difficulty redirecting X11 to your Mac running Leopard without using ssh -X? Someone figured out that Leopard turns off listening to X11 traffic on TCP port 6000 by default. The following steps will TCP listening back on, so that the X11 server will service a client request.
First see if your server has TCP listening turned off by executing the following command: defaults read org.x.X11 | grep nolisten. The output will read either "nolisten_tcp" = 1; which is bad, or "nolisten_tcp" = 0; which is good. If TCP listening is off, turn it back on. I did this both as root and my default non-root username, as I didn't know which one took precedence:
Shut down your X11.app, then in Terminal, type xterm, and as normal, the X11 terminal should pop-up. In the xterm, enable all remote users by typing xhost +. Back in Terminal, type the following to see if the server is now listening for inbound TCP requests: netstat -na | grep 6000. You should see something like this output:
Now on your remote system things should be as before. Just setup your DISPLAY to point to the Mac and fire away. I assume this is persistent across a reboot, but I didn't try. The original solution was found here by Johannes Overmann.
Instead of using Apple's MobileMe account and losing control over your data, you can instead use dotmac for data synchronization and iDisk-like storage space. It requires a machine running either Linux or OS X with Apache and some Perl modules installed. It works fine here with OS X 10.5.5.
[robg adds: I hadn't heard of this project before, and it looks intriguing, claiming to support data sync for any app that uses .Mac (iCal, Address Book, etc.), iDisk-like remote storage, and support for Backup. Note that the setup process requires a fair bit of work in Terminal. Also, if you want the true benefits of .Mac (offsite hosted storage available anywhere), you'll need to set up your replacement server in the same manner. I haven't tested this one.]
My machine is being hit by a lot of automated attacks that try to guess account names and passwords on sshd. (This problem has been touched in this hint.) Thanks to Little Snitch, it is very easy to see that this happens. Anyway, it is annoying, and I wanted to add an ipfw rule to block those machines that fail to log in fifteen or more times. So I wrote a launchd script to do this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>se.sics.lra.denyhosts</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/awk</string>
<string>
substr( $5, 0, 4) == "sshd" && $6 == "Failed" {
ip = $13
count[ip] += 1
}
END {
s = "ipfw delete 101; "
sep = "ipfw add 101 deny src-ip "
for (ip in count) {
if (count[ip] > 15) {
s = s sep ip
sep = ", "
print count[ip] " failed attempts from " ip
}
}
print
system(s)
}
</string>
<string>/var/log/secure.log</string>
</array>
<key>StartInterval</key>
<integer>20</integer>
<key>UserName</key>
<string>root</string>
<key>StandardOutPath</key>
<string>/tmp/denyhosts.out</string>
</dict>
</plist>
I put the finished script in /Library/LaunchAgents/se.sics.lra.denyhosts.plist, and set the owner as root:
The script scans /var/log/system.log every 20 seconds for failing ssh logins. If it finds more than 15 from a particular address, that address is disabled by ipfw. Do sudo ipfw list to see the active rules. Note that when the entries disappear from the log file, the ipfw rules are removed. The script must unfortunately run as root, as only root has permisson to read /var/log/system.log and to modify ipfw rules.
I'm the administrator for a group of creative artists and have a number of Macs (of most all flavors) running on our network. While I love OS X Server, it remains (for me) too hard and complex to do what I need. I want an easy path to manage all my Mac users on a central server farm (preferably HP servers, since that is what our IT department has in our data center). I've heard about Mac OS X server running virtually, but only on Xserve.
My quest for running OS X virtually only led to more frustration:
I don't really want to virtualize OS X Server.
I don't need or want to manage two licenses (one on the server and one on the client).
We don't have Xserves and probably never will.
Then Bingo! I found DiscCloud -- and it works perfectly, with the help of this hint, of course! Here are some tips to help get it running:
The first mistake I made was downloading the wrong version of VMware Server. You'll need the older version, located here. Be sure to pick the right download for your system (our HP servers run Windows).
To demo the full version of DiscCloud, you'll need an eval license. You used to have to dig around on the DiscCloud forums to find this, but now they've added it to their download page.
That did the trick. I was able to follow the video instructions (with the exception of the VMware installation bit, as mine is for Windows), and create a MacBook Air user having a one terbayte home directory! I can back up the MacBook as a virtual machine running on our HPs -- I love it!
[robg adds: To download the trial, you'll need to register for a free account. I haven't tested this one beyond verifying the download works.]
On the Macs in my home, we have permissions issues when copying files into other users' Drop Boxes. If my wife, for example, sends me a file via the Drop Box, and I move it to another folder, the permissions are not appropriate for me -- files only open as read only, because the ownership is not correct. So to use files sent this way, we have to Option-drag them from the Drop Box. This creates a copy, with the appropriate ownership.
I'm not sure if this happens to others, but for us, it's an annoyance. As long, however, as we Option-drag, we can use the files as we want to.
[robg adds: I don't see this issue here, and in talking with Kirk about the problem, we compared the Permissions section of the Get Info dialog for our Drop Box folders. On my machines, including a brand-new iMac that's fresh from the factory, there are two entries for my user in the Permissions section -- one with Custom privileges, and one with Read & Write privileges. On his machines, the Custom permissions entry is missing.
I found this thread on our forums that talks about the same problem ... what makes this really odd, though, is that it doesn't seem to be universal, as it's working well here. If anyone has an explanation/permanent fix for this odd behavior, please post in the comments -- repairing permissions doesn't help, because that won't change things within the user's folder (and yes, Kirk tried it anyway).]
A lot of 3G (or EDGE) external modems (USB or ExpressCard) require special software to build up a connection. My two modems from different providers use GlobeTrotter Connect and E-plus Online Connect (the latter a re-branding by my provider). As I understand it, these applications set up new network interfaces and group them in a new location setting. All existing network interfaces get disabled when a connection is established and the system is switched to this location.
This may be obvious, but it took me a while before I tried it out. One can simply re-add other network interface (i.e. Wifi or Ethernet) to these locations, and then be connected to both the internet via the 3G modem, and to local networks at the same time (eg, for streaming to an Airport Express).
I may have found a culprit in the OS X10.5 Active Directory integration problem (see the comments on this post at AFP548.com for more info on the problem). I noticed that after a 10.5 machine is bound, it mostly freezes up when it's trying to authenticate. I started looking around and noticed interesting things in the /Library/Preferences/edu.mit.Kerberos file.
I've been running djbdns on all of my servers for several years. I've also been running it on OSX for about three years.
Under 10.4 and earlier, when I specified a custom nameserver, the system would use only the nameserver(s) I specified. However, under 10.5 Apple has apparently changed that behavior, and uses my specified nameservers in addition to the DNS servers specified by the DHCP server. It shows the DHCP-provided server IP on the list, greyed out, so you can't delete it.
For a while, I adopted a "grin and bear it" attitude -- after all, the DHCP server at home is handing out the IP of my internal Linux server (also running djbdns) as the DNS server, so I was only unsafe when I used the laptop outside the house. However, with the recently announced vulnerability in the DNS protocol, the massive world-wide patch effort by major DNS vendors, and the fact that many networks haven't applied the patches yet, I don't really feel safe relying on anybody else's nameservers.
I may have found a culprit in the OS X10.5 Active Directory integration problem (see the comments on 