Tag Archives: active directory

Adding an Active Directory group to local admin on Mac OS X 10.5

Posted on by
Reply

One of the standard methods of configuring Mac OS X in the enterprise has become known as the magic triangle or golden triangle. This is generally described as a setup involving Active Directory (AD) for authentication of the clients and services and Open Directory (OD) for managing the client preferences.  The triangle comes from the fact that you have the Mac clients talking to AD, the clients also talking to OD, and the Mac server talking to AD. (Apple officially calls this the magic triangle setup in the Snow Leopard Server Open Directory Administration documentation.)

One of the issues I ran into was granting a non-admin in AD the ability to perform administrative functions on the clients bound to AD.  The way this is handled with the Windows clients is for the particular AD user to be a member of a group that grants local administrator privileges.

Unfortunately there is no simple equivalent on the OD side of the equation to allow this for the technicians working on the Mac OS X clients.  If you add an AD user to the system level group Open Directory Administrators using Workgroup Manager (WGM) this has no effect on whether a user is granted local administrator privileges to a connected client machine.

The solution to this involves:

  1. creating a group in OD to hold the members of AD that should have local administrative privileges,
  2. adding this OD group to the requisite local workstation groups to mimic the standard administrative privileges, and
  3. adding the OD group to the sudoers file

Continue reading

SSLSessionCache error on Apache for Windows

Posted on by
10

While setting up Apache for Windows to use SSPI so that I could implement Alain O’Dea’s method of combining Active Directory authentication with SVN I ran into an interesting path problem.

After following Alain’s instructions I kept receiving the following error:

SSLSessionCache: Invalid argument: size has to be >= 8192 bytes

After some investigation it runs out that this is due to the way the path in the configuration file was being parsed.  This is partially due to my environment.  On Windows Server 2008 when installing a 32-bit application, the installer drops the files into C:\Program Files (x86)\… unless otherwise directed.

It turns out that the extra set of parenthesis was causing Apache to bomb out.  I tried wrapping the path in quotes, as well as falling back to the Windows 98 naming scheme of using C:\Progra~2\Apache Software Foundation\Apache2.2\… but that didn’t work out either.  What I ended up doing was making a shortcut on the root of the C: drive called apache that pointed to the contents of C:\Program Files (x86)\Apache Software Foundation\ making the final path in the configuration file:

C:/apache/Apache2.2/logs/ssl_scache(512000)

References

  1. http://www.mail-archive.com/modssl-users@modssl.org/msg17862.html
  2. http://wiki.apache.org/httpd/SSLSessionCache
  3. http://concise-software.blogspot.com/2009/02/instant-windows-svn-server-with-ssl-and.html