Re: Workgroup Manager: screwed up home directories

It sounds like you configured your server as an Open Directory Master.
What you're seeing is confusion between the local domain and the global
domain. The documentation for proper management is weak and the GUI
tools will happily let you scramble the whole thing. The only solution
I could find was to disable directory services. (I can't remember where
that is done.)

Intrusion detection is turned on when the firewall is turned on.
Repeated authentication failures causes the offending IP address to be
temporarily blocked with ipfw. The firewall GUI is configured by
default to block everything and only allow selected services to run. It
can be helpful to create a single service rule covering ports 1024 to
65535 so it doesn't mess with peer-to-peer communications.


In article <00c8dbb2$0$32362$c3e8da3@xxxxxxxxxxxxxxxxx>,
JF Mezei <jfmezei.spamnot@xxxxxxxxxxxxx> wrote:

Don't know how I got there.

But workgroup manager, working with the LDAP server has decided to
change the home directories of any user I have edited by adding 2
entries that are wrong, cannot be edited nor deleted. (as if it was
applying some uneditable template to them).

When I try to login to my account via a serial port or telnet, I get
placed in /99 instead of /Users/jfmezei (which isn't even listed in the
Workgroup Admin !).

When I try to login on the GUI console, it seems to accept my password
(it says Logging in after having grown the login box) but after, it
starts to shake the box and refuse to log me in.

I can login on the one account that was created locally (aka: not on the
LDAP side of things).

I was confident enough that things worked with my account that I started
to add more accounts to transfer them from my VMS boxes. And then all
hell broke loose and not only are the new acocunts broken, but it also
broke my own account !!!!

Logfiles don't provide any hint of a problem.

My fear right now is that I may have to use DiskUtility from the DVD to
zap the system disk and start from scratch.

Or can anyone tell me what files need to be deleted to completely remove
that open directory/LDAP/kerberos config so I could start that one from
scratch ?

I know the above is vague. But I am quite tiured and frustrated. Just
went though hudreds of pages of the Apple "Leopard Server Security
Config" manual with 90% of it related to how to disable something on the
GUI, very little about actual security.


I *despise* system management software that prevents me from doing what
I need to do. As a system manager, I should be able to delete any
record/attribute or edit them. Arghhhh !

So far, I am not impressed with the OS-X security. There is a whole
chapter on "intrusion detection", but it is just one page and points to
a non existant web page on the apple web site. ! But I did find out in a
previous chapter that I need to install additional auditing software to
audit log files.

Apple still has some ways to go before it even approaches the
comprehensive, YET SIMPLE security of VMS.

I realise I am new at this,and I should really give it more time to
better learn it. But when you are not even allowed to fix stupid home
directiry definitions for a user, that does not inspire confidence.

What if I had 10,000 users that all got screwed when I tried to create
the 10,001 and the systenm won't let me fix it ?
--
I won't see Goolge Groups replies because I must filter them as spam
.

Relevant Pages

  • Re: write with cURL
    ... you can stop making excuses. ... Part of Jerrys' security is not letting you on his server... ... up an account for you, process the billing, etc. ...
    (alt.php)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: write with cURL
    ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ...
    (alt.php)
  • Re: having problems creating packages - access denied..
    ... I've given a global group (which contains all of the site server computer ... full share permission and also full local security permission. ... SMS uses the site server computer account to connect to ...
    (microsoft.public.sms.admin)
  • Mysterious "Support" account created on Win2k server
    ... One of my web servers appears to have had an intrusion. ... Advanced Server, SP3, up to date on all security patches. ... I discovered that the Local Security ... single local account called "Support" that I did not recognize. ...
    (Incidents)