Infusion Technology Solutions Blog – Page 3 – Technology related solutions, tips, tricks, and other interesting topics

How to Reset the Password for an OS X Open Directory Mobile Account

An OS X Open Directory account which is set to be a mobile account will cache its password locally in the event the computer cannot communicate with the Open Directory server. You can reset this locally cached password by doing the following:

Note: The following instructions work for local accounts AND mobile Open Directory accounts which have locally cached passwords.

Boot into single user mode (press Command-S at power on)
Type fsck -fy
Type mount -uw /
Type launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
Type dscl . -passwd /Users/username password, replacing username with the targeted user and password with the desired password.
Reboot

If you do this for an account that has its home directory encrypted with FileVault, then you’ll still be prompted to enter the old account password since that is what the encrypted FileVault file is using. After entering the old FileVault password, the password on the encrypted archive will be updated to the new account password so they are in sync.

If you do this on a mobile Open Directory account, then the user account password on the computer will be out of sync with what is stored on the Open Directory server and the computer won’t authenticate against the Open Directory server for that user account. To fix this, you need to delete the locally cached password for the user account on the computer. To do this make sure the computer is connected to the network in such a way that it can connect to the Open Directory server. Then issue the following command on the computer that you reset the account password on: dscl . -delete /Users/userName
- NOTE: If the user account is using FileVault, then this will break that feature. When you log into the account after doing the “dscl -delete” command, the FileVault archive containing the user’s home folder contents will not mount. You can still manually mount the encrypted archive which is in their home folder.
  - To fix this problem in Leopard, you need to readd the user account setting that lets OS X know to use a FileVault encrypted archive as the user’s home folder. Run the following terminal command:
```
sudo dscl . -create /Users/userName HomeDirectory '<home_dir><url>file://localhost/Users/userName/userName.sparsebundle</url></home_dir>'
```

Promise RAID

Terminal Command for Xserve Intel Hardware RAID Card

To control the hardware RAID card in the terminal on Intel Xserves with a hardware RAID card, you need to use the terminal command “raidutil”. To see a list of command line options run the following command in a terminal window:

raidutil -h

Mac OS X Terminal

How to Fix a Corrupted OS X Open Directory Account Password

Sometimes the diradmin account or some other admin account’s password becomes corrupted resulting in you unable to log into the Open Directory with admin rights. To reset the password to fix the corruption run the following commands:

sudo mkpassdb -setpassword 0x484f162b4b8b45670000000200000002

where the long hex string is the <slot id> for the diradmin account. You can find <slot id> values for Open Directory user accounts by running the command:

sudo mkpassdb -dump

To summarize, the command to reset an Open Directory user account password is:

sudo mkpassdb -setpassword

specifying your diradmin slot id and you’ll be prompted to reset the diradmin password.

How to Configure Splunk to use a Web Proxy Server

A Splunk server I installed was configured such that it could only communicate with hosts within the corporate network so it did not have direct internet access. This posed a problem when trying to use the “Browse Splunkbase” option in the Splunk administrator web interface. I also could not use the “iplocation” data-processing command.

This was the suggestion I got from Splunk Support which didn’t work for me for some reason. I am including it here for reference for someone where this solution may work for them:

You can set the environment variable HTTP_PROXY in the session shell.
You can set it in your /etc/bashrc or /etc/profile.

# Proxy Settings
http_proxy=http://proxy.domain.com:8080
https_proxy=https://proxy.domain.com:8080

I also found something in the forums:
http://www.splunk.com/support/forum:SplunkGeneral/2531

The Splunk install I was running was version 3.4.9 which was on a CentOS 5 server. The Splunk installation was configured to autostart on boot. I ended up getting this to work by editing the /etc/init.d/splunk startup script file by adding the following to it:

# Proxy settings
HTTP_PROXY="http://proxy.domain.com:8080"
export HTTP_PROXY

Change “proxy.domain.com:8080” to be the proxy server address and port for the proxy server that you want to use. So with the above lines added to my /etc/init.d/splunk file, the top portion of the file looked like this:

#!/bin/sh
#
# /etc/init.d/splunk
# init script for Splunk.
# generated by 'splunk enable boot-start'.
#
# chkconfig: 2345 90 60
# description: Splunk indexer service
#
SPLUNK_HOME="/opt/splunk"
RETVAL=0

# Proxy settings
HTTP_PROXY="http://proxy.domain.com:8080"
export HTTP_PROXY

I put the setting into effect by restarting my Splunk service with the command: /sbin/service splunk restart