December 2015 Archives
Mon Dec 14 14:35:02 ICT 2015
Installing pine/alpine on FreeBSD
pine/alpine need a patch to read maildir mailboxes; the package on FreeBSD does not offer this patch.
In /usr/ports/mail/alpine do a make patch.
Change to work directory and apply the patch from ~on/Alpine-2.20/maildir.patch.
The patch fails to install the files maildir.h and maildir.c in the proper directory imap/c-client/, you have to do that by hand.
Change to alpine-2.20 directory and run configure with the needed options, you must at least disable SSL (--without-ssl), other options like IPv6, kerberos, tcl are not needed either. I used:
./configure --without-ipv6 --without-tcl --without-ldap --without-krb5 --without-ssl
make and install by hand.
Wed Dec 2 13:19:05 ICT 2015
Configuring Mac OS X for CSIM
Quite some work is needed to make Mac OS X behave in CSIM environment. The default configuration of Apple system is not much stadard. In this note, I tried to list all I had to do to configure our iMac.
When installing Mac OS X, a local account is created on the machine, with root. privileges. The account name is toor and the password is the administrator password of the PCs.
Host name
Set the hot name at command line with:
sudo scutil --set Hostname name
Then set the host name in the Sharing panel in the Preferences. Also selet Remote Login, for All Users to allo sshd.
Mounting /home
To mount CSIM home directories automatically, create the directory /home then add:
oak.cs.ait.ac.th:/home /home nfs -P,-i, -b 0 0
in /etc/fstab
The mount(8) must be automatically executed at boot time, this is done by adding ~on/MacOSX/fstab.plist into /Library/LaunchDaemon.
Mail service
postfix must be configured to send all email to CSIM mail server, you must configure the fle /etc/postfix/main.cf and add the lines:
masquerade_domains = cs.ait.ac.th relayhost = mail.cs.ait.ac.th mydomain = cs.ait.ac.th myorigin = $mydomain
Printers
Printers are configured with he service lpr on the remote host banyan.cs.ait.ac.th.
Install AIT root certificates
Install http://cs.ait.ac.th/ait-itserv.crt and http://cs.ait.ac.th/ait-new.crt.
With Mac OS X 10.11, only the second one is necessary, the system will not allow self signed root CA with MD5 algorithm.
Root certificates must be installed to be allways trusted.
User authentication with OpenLDAP
In the control panel for Users, in Account login option, select Allow net user to login at login window
In Open Directory, add one entry for ldap2.cs.ait.ac.th. The exact configuration for LDAP is obtained by copying ~on/MacOSX/ldap2.cs.ait.ac.th.plist into /Library/preferences/OpenDirectory/Configuration/LDAPv3.
This .plist file contains all the configuration the LDAP server, including the mapping of Apple Open Diretory attributes into OpenLDAP attributes.
It also contains an important section that disable SASL authentication for DIGEST-MDS, GSSAPI, CRAM-MD5 and NTLM. In Mac OS X 10.6, there were not such a problem as authentication was only basend on Simple Bind. But 10.7 and later introduced SASL authentication; it must be disabled.
Denied SASL Methods = Array {
DIGEST-MD5
GSSAPI
CRAM-MD5
NTLM
}
The .plist file is read and edited with /usr/libexec/PlistBuddy.
In the Directory Utility, you must add LDAP to the Search Policy for both Authentication and Contacts. Authorisation should read:
/local/default /LDAPv3/ldap2.cs.ait.ac.th
and Contacts should read:
/LDAPv3/ldap2.cs.ait.ac.th /local/default
Users that are members of LDAP Group admin have
administrator and
Configure the screen saver
In the Preference, change the Energy saving to never turn the system to sleep: the system is not really clever at recognizing when it is active and would turn to sleep in the middle of a file transfer!
Set a screen saver and in the Security and Privacy panel set the Require password immediately after sleep or screen saver.