When Mac OSX SMB Connections Fail

Earlier today I had a problem with some Macs that could not establish SMB connections to our Windows File Server. There was no quick error, so the problem really “felt” like a firewall issue but strangely I was able to make a CLI connection to the file server using smbclient:


smbclient //server/share -U domain/username
Password:*******
Domain=[DOMAIN] OS=[Windows Server x] Server=[Windows Server x]
smb: \> exit

I started thinking that perhaps the Mac was doing NETBIOS name lookups and that nmbd might be knocking on the firewall. Turns out this was the problem. Opening up the following ports on the Windows File Server did the trick:

SMB uses ports:
UDP 137 (NETBIOS Name Service)
UDP 138 (NETBIOS Datagram Service)
TCP/UDP 139 (NETBIOS Session Service)

WARNING: Only open these ports to your trusted networks. Statistical data indicates that UDP ports 135 – 139 and TCP port 137 – 139 are amongst the most commonly scanned ports on remote computers.

Strange X11 Forwarding Problem

I started getting this error:
X11 connection rejected because of wrong authentication
when trying to forward X11 applications from a Linux server to my Mac. I had been forwarding the display on this server for years, so I was a little unsure what could be causing it. In the end, it turned out that I had filled up /var, and X11 could not write to “/var/log/XFree86.0.log”. It was an easy fix, but the error was certainly no help.

Mac OSX 10.5 Upgrade


Apple Online Store
I’ve just finished upgrading my Mac Mini to OSX 10.5, and I have to say, the upgrade could not be simpler. While it did take slightly over an hour to complete, there were fewer than 10 clicks throughout the entire upgrade process, so I can’t imagine how anyone could mung it up. The one detail that I found a little strange was the lack of any indication that the installer was going to perform an “upgrade” install rather than a “fresh” install. Zach simply took it on faith, but I insisted on clicking the “Details” button just to be certain.

The OS itself is quite nice, although it is a bit strange to get used to the finder looking like iTunes. Stacks is a great idea, but part of me wishes it behaved more like a launcher-type application than a different interface to folders. Who knows though. Maybe after using them, I will come to appreciate the feature a lot more.

One thing that I am very glad to see is “Spaces”. Basically virtual desktops, X Windows has had this feature since the very beginning, but it is just now becoming native in Mac OS. Granted, there has almost always been external applications that handle this, but it’s nice to see it wrapped in.

There is a lot of buzz about the “Cover Flow” features that have been added to the finder. I have to admit that it is extremely aesthetically cool and very very slick. How much I use it in my day to day life remains to be seen, but it will be nice to browse documents visually without having to depend only on the title to find them.

Time machine, basically well integrated filesystem snapshots, seems like it will be a wonderful addition, but I have not had the chance to use it yet because I don’t have an external fire wire drive. It’s on my shopping list though, so I will be enabling it just as soon as I have the gear to make it run.

All and all, I think it’s an outstanding upgrade, and well worth the money. Give it a shot… You won’t be sorry.

SMB Printing in Mac OSX

Most Mac users simply access network printers using LPR, but occasionally, you will need to interact with networks that are unfriendly to this method and find yourself having to use SMB printing. It’s a little inconvenient, but overall pretty easy to configure. I found some great instructions here. The method varies depending on which version of the operating system you have, but this site has directions for OS 10.2, 12.3, and 10.4, so it pretty much covers all the bases.

Recovering From a Corrupt NetInfo Database on OSX.4

I managed to corrupt my NetInfo database on an OS 10.4 server a few weeks ago by not cleanly unmounting the drive after booting from DVD and resetting the admin password. Long story short, this left me with no users on the system at all. With no users, I could not log in to create one, so I had to blow away the NetInfo database and restore it to factory defaults. This should only be done when you only have a small number of users, and don’t mind having to re-create them. Only the user account information is deleted, and the user directory is retained, but you will have to manually add any users you may have back into the system through the GUI, making sure that the new “user” references the old “user’s” account directory.

If you have more than just one or two users, you should use the procedure to recover from one of your NetInfo database backups. A backup of your this database is made at 3:15 every day so long as the computer is running. It is stored in “/var/backups/”, and here are some instructions on how to recover it from it. If, however, you don’t care about re-adding users, and simply want to get into your system quickly, or if you don’t have a backup to restore from, here is how you can do it:

BEWARE: THIS WILL COMPLETELY ERASE ALL USER ACCOUNT INFORMATION FROM THE SYSTEM!!! You are warned.

1) Start by booting your Mac into single user mode. To do this, hold down both the “Apple” and the “s” keys as the system boots.

2) The system will have mounted the “/” filesystem read-only to protect against data loss. To get “/” mounted read-write, we have to run two commands:

# /sbin/fsck -fy

# /sbin/mount -uw /

3) Now “/” is mounted read-write, so we can start with the real work. First, rename your existing NetInfo database to something else so the OS will not see it on the way up:

# mv /var/db/netinfo/local.nidb /var/db/netinfo/local.nidb.bad

# mv /var/db/netinfo/network.nidb /var/db/netinfo/network.nidb.bad

4) Next, remove the “.AppleSetupDone” file so the OS will kick you back into the installer upon boot and you can recreate your users.

# rm /var/db/.AppleSetupDone

5) Finally, reboot your system and recreate your users, making sure they are pointed towards their existing account directories.

# reboot

Blank Window When SSH Forwarding X11 Sessions

There are a number of applications running on our servers that have GUI’s that I need to display on the Mac in my office. While the traditional method of exporting the server-side display to my desktop works, it is inherently insecure because the entire session, including any passwords that may be sent are all transmitted in clear-text.

Better to use SSH X11 forwarding. This way the entire session is encrypted and nobody can snoop your passwords. The process of using SSH X11 Forwarding goes something like this:

On the server-side (the machine from which you want to forward the display, make sure this line is in your /etc/ssh/sshd_config file:

X11Forwarding yes

If you had to add it, restart the sshd service.

/sbin/service sshd restart

Now, from the client-side (the machine on which you want to display the forwarded X11 application) connect to the server-side machine with the -X flag. Like so:

ssh -X username@remoteserver

Now you should be able to start X applications and have them display on your client machine through an ssh tunnel. If you are like me, however, some Java applications will not display correctly. Instead of popping up a window with the full application in it, I would only see a totally useless blank window. This frustrated me for months until I found this article at kraftek.com that details how to resolve the problem.

It turns out that all you have to do is put this line in the ssh_config file on your client-side:

ForwardX11Trusted yes

After logging out and back into the server-side machine, everything worked perfectly.

VMware Fusion Evaluation

Since much of my job involves rolling out Linux solutions I’ve been experimenting with VMware Fusion Beta for the Macintosh in my development environment. Given that the product is still in beta, I have very few complaints about its actual stability. Most of the features work reliably as advertised, but there are some basic points of functionality that I feel the software is lacking. More on that later.

First, let’s take a look at exactly what VMware Fusion is. At its core, the package allows the user to create and run virtual machines on the Macintosh. For those who are new to virtualization, it is a way to run multiple virtual computers on one actual computer. The hardware resources are abstracted and shared to the virtual machines through the virtualization software — in this case VMware Fusion. A complete description on virtualization can be found here.

Previous to Fusion, only VMware player was available to Macintosh users, so it is nice to actually be able to create virtual machines locally. The snapshot feature is also very nice for development purposes since you can instantly roll back to a previous working state should you corrupt the software on the virtual machine.

Perhaps the problem that annoyed me most, however, was the fact that there is no clear way to delete virtual machines from within the software. I actually tried to get rid of one by deleting this folder:

/Volumes/Macintosh HD/Users/myaccount/Documents/Virtual Machines/Mymachine.vmwarevm

But I just ended up breaking the “Virtual Machine Library” application and having to uninstall and reinstall everything from scratch. The process detailing how to delete a virtual machine did not exist anywhere in the VMware Fusion FAQ or documentation as far as I could tell. Granted, it’s beta software, but I would think this should be a core feature of any virtualization product. At least they provide an “Uninstaller” script.

VMware Fusion is a basic piece of software that succeeds in fulfilling the most fundamental of virtualization requirements. If all you want to do is be able to run a virtual machine or two on your Mac, it will most likely work for you. If you are looking to deploy it as part of an enterprise solution, I would suggest letting the product mature a while and using something like Parallels instead.