MarcoMC Tech, Cuisine, Traveling…my hobbies, my life

October 16, 2010

What to do if the AFP service needs to be restarted periodically?

Filed under: Apple & Mac,IT,Troubleshooting — Tags: , , — marcomc @ 15:39
Listen to me!
Audio MP3
download mp3

Recently, after upgrading my Mac Mini Core 2 Duo (turned into server) to Snow Leopard Server 10.6.4, I started experiencing a very annoying problem, the AFP service was periodically stopping to share the chosen folders (Shared Points) to the clients.

I noticed that this is sometimes related with the server resources and performance.
For instance the AFP may stop working properly during intensive file transfer such remote backup via TimeMachine or when another service is keep the CPU at 100% usage.
It especially happens in my MacMini as the RAM is limited to only 1GB and then a lot of disk activity is generated for swapping.

Basically the service is not crashed or discontinued, the AFP server process is still running and still allows the users to log in from any workstation connected, the problem is that once logged in the users is able to see only its own home folder but all the other Shared Points configured in the Server Admin control panel are not listed.q

The solution has been for a long while to periodically monitor the service and when I noticed the misbehaviour I restarted the service and in a few second the users were able to connect to all the shared points again.

I wasn’t happy with this inelegant solution, so when I had a little of spare time I investigated better the problem and I found an old thread on the Apple Support page, it was describing the same issue performing on Leopard server 10.5 series:

https://discussions.apple.com/message.jspa?messageID=6145016

Apparently for the Leopard server the solution is a little tricky and involve a script that periodically toggle the Guest Account access option.

Then the idea, EUREKA! CARAMBA! I had a little check and I found that for security reasons I disabled the access for the Guest Account.

The Solution has been quite fast, I enabled again the Guest Access to the AFP service from the Server Admin, AFP service, Settings panel, Access tab (as shown in the picture below). This fix is still woking for me and the service never stopped again!

AFP_Settings_Access_GuestAccess

AFP_Settings_Access_GuestAccess_Toggle

Anyway I wanted to prevent access to the Shared Points of the AFP services to the Guest Account so I disable the Guest Account specifically for each Shared Point.

From the Server Admin, AFP service, Shared Point panel, I selected the Shared Points individually, I accessed the Protocol Options and I disabled the Guest Access toggle (as shown in the picture).

AFP SharedPoint GuestAccess Toggle

AFP SharedPoint GuestAccess Toggle

Doing so I allow the Guest Access to log in to the AFP service but I prevent it to use any Shared Point (shared directory). For further security it’s possible to limit the access to the AFP service to a selected number of user groups (they must NOT include the Guest account as their member) through the Services Access settings of the Server Admin tool, according to my experience this is as a ‘best practice’ operation that we should apply in most of the AFP servers we set up.

Please feel free to reply this thread if you have found better solutions to this issue.

October 10, 2010

How-To open multiple instances of an application with OS X

Filed under: Apple & Mac,How-To,IT — Tags: , , — marcomc @ 01:52
Listen to me!
Audio MP3

download mp3
It happened to me to have the need to run at the same time the Skype application in Mac OS X  being logged with two different accounts, this was needed to test the messaging and file sharing capabilities or simply to be able to receive calls on two different accounts or registered numbers at the same time.

That practice is not actually permitted with the current version of Skype for Mac OS X (Skype Version 2.8.0.251) so I had to find a DIY solution.

At the beginning I tried to copy the application bundle and launch it, wishing that the system was recognising this as a distinct application but unfortunately that didn’t work and Mac OS X was complaining that the application was already running and it could not open a second instance of it (due to a conflict of resources).

I then started wondering why in GNU/Linux (that is a not-so-far cousin of Mac OS X UNIX subsystem), wasn’t that difficult to launch from command-line a second instance of an application, so it came to my mind the ‘open’ command that sometimes I use with AppleScript to launch some applications.

Reading the manual of ‘open’ I discovered these two ‘magical’ options:

  • The ‘-n’ option, that guarantees the opening of a new instance of the application;
  • The ‘-a’ option, that permits to specify the name of an application without the bundle extension ‘.app’ and without specifying the absolute path of the application (that in this case would generally be ‘/Applications/Skype.app’;

I ended up with this ‘best solution’ to open a second (or further) copy of an application with Mac OS X using the given CLI command ‘open’ as follows:

# open -na <application_name>

September 14, 2010

Instant Search for iTunes and App Store

Filed under: Apple & Mac — Tags: , , , , , — marcomc @ 02:30

These are very interesting instant search engines to explore the content of the App Store and iTunes catalog in an extremely fast way thanks to the ‘search-as-you-type’ feature.

iTunes Instant

App Store Instant

Enjoy!!!

September 12, 2010

How-To officially and legally unlock your iPhone with O2

Filed under: Apple & Mac,How-To — Tags: , , , , — marcomc @ 00:29

If you own a Pay-As-You-Go or O2 contract iPhone and you want to unlock it to be able to use different SIMs from UK or from foreign countries when you’re off for work or holidays you need to fill in O2’s standard unlocking form.
You’ll receive a text confirmation of your request. Unlocking will take up to 14 days.

When you have a non-O2 SIM in the iPhone, plug it into iTunes and iTunes will confirm the iPhone has been unlocked.

Additionally visit the Unlock my iPhone page from O2 official website.

September 10, 2010

How-To set the Bundle attribute to a file in Mac OS X

Filed under: Apple & Mac,How-To,IT — Tags: , — marcomc @ 01:25

If you want to make a folder to appear like a Bundle File (a single transportable file) preventing the user to access a file (and possibly mess with its content) what you have to do is to set the Bundle attribute with this simple CLI command:

SetFile -a B <bundle file name>

You can use this technique if you want to restore the bundle attribute after a bundle-file (a directory container with bundle attribute) is transported through a bundle-incompatible file system like Linux and Windows file systems generally are.

August 27, 2010

How-To change hostname in Mac OS X Server Snow Leopard with scutil

Filed under: Apple & Mac,How-To,IT — Tags: , — marcomc @ 10:05

scutil provides a command line interface to the “dynamic store” data maintained by configd. [from the scutil manual]

sudo scutil --set HostName hostname[.domain]

if the domain is not specified the hostname will be automatically configured as .local

August 19, 2010

Snow 303 Notebook

Filed under: Apple & Mac,IT — Tags: , , , , , , , — marcomc @ 19:25

My personal notebook made in preparation for the Snow 303 exam for the Apple Certified Specialist – Security and Mobility 10.6 certification on Mac OS X Server 10.6 Snow Leoaprd.

Mac OS X Mobility and Security v10.6

This notebook can be used complementary to the book Mac OS X Security and Mobility v10.6 by Robert Kite, Ph.D., Michele Hjörleifsson, and Patrick Gallagher published by Peachpit Press.

June 2, 2010

How-To backup and restore cydia packages

Filed under: Apple & Mac,How-To — Tags: , , , , — marcomc @ 15:32

When upgrading the iPhone or iPad firmware, if you own a jailbroken iDevice, you may want to make a backup of the list of installed Cydia (deb) packages to be able to perform a bulk installation of them after the firmware upgrade and jailbreak.

This procedure come from, and is suitable for, any deb (apt) unix system that need a bulk installation of packages, usually for deployment purposes, i.e. Mac OS X configured with Fink, GNU/Debian based Linux distributions like Ubuntu probably the ANDROID mobile phones too.

The following procedure will show you the necessary command-line instruction necessary to backup and restore the list of current installed packages on Cydia, please mind that the configuration of the installed packages will not be preserved, you need to follow other instruction to backup and restore your personalised configurations:

  1. Before upgrading or restoring the device firmware login to the console of you iPhone or iPad via a terminal application, possibly from an external computer and issue the following command:
    dpkg –get-selections > packages_list.txt
  2. Save the packages_list.txt file (and your packages personalised configurations) in an external location like your computer or a web site and then you can perform the upgrade or restore of the device firmware.
  3. After the iPhone has been reinstalled and jailbroken update the Cydia sources and then install OpenSSH to be able to remotely connect the the device in command-line.
  4. Copy the file packages_list.txt to the iPhone or iPad and from the console issue the following commands (you can copy and paste):

    apt-get update;
    dpkg –set-selections < packages_list.txt;
    apt-get -u dselect-upgrade;
    rm /private/var/mobile/Library/Caches/com.apple.mobile.Installation.plist;
    killall SpringBoard
  5. Restore your package personalised settings according to the backup method you used to save them.

May 23, 2010

Resetting the Firewall to the Default Setting in Mac OS X Server 10.6

A server can become unreachable for remote administration due to an error with the firewall configuration. In such a case, you must reset the firewall to its default state so Server Admin can access the server.

This recovery procedure requires you to use the command-line interface and must be done by an administrator who has physical access to the server.

To reset the firewall to its default setting:

  1. Disconnect the server from the Internet.
  2. Restart the server in single-user mode by holding down the Command–s keys during startup.
  3. Remove or rename the address groups file found at /etc/ipfilter/ip_address_groups.plist.
  4. Remove or rename the ipfw configuration file found at /etc/ipfilter/ipfw.conf.
  5. Force-flush the firewall rules by entering the following in Terminal:
  6. $ ipfw -f flush
  7. Edit the /etc/hostconfig file and set IPFILTER=-YES-.
  8. Complete the startup sequence in the login window by entering exit:
    the computer starts up with the default firewall rules and firewall enabled. Use Server Admin to refine the firewall configuration.
  9. Log in to your server’s local administrator account to confirm that the firewall is restored to its default configuration.
  10. Reconnect your host to the Internet.

Dead Men’s Switch with OS X Server

Filed under: Apple & Mac,IT — Tags: , , , , — marcomc @ 13:28

Dead men’s switch (name taken from the railroad industry) is a technique you can use to protect yourself against accidental lockout while configure firewalls.

A dead men’s switch enables a service but allows the administrator a temporary backdoor to remediate a temporary lockout.

i.e. on Mac OS X Server 10.6 Snow Leopard with bash in command line:

# sudo ls; sleep 90; sudo serveradmin start ipfilter; sudo server admin stop ipfilter

this process will enable the firewall and automatically disable the firewall in 90 seconds.

« Newer PostsOlder Posts »

Powered by WordPress