Category Archives: Apple

Give Standard Users the Ability to Manage Print Queues and Printers in MAC OS X 10.6

I ran into a problem the other day where the standard user accounts we have on our Apple lab computers were unable to resume the printer queues on the computers. Any time the printer queue would pause, we’d have to go and resume it with an account that has administrator permissions. Here is how I resolved this so that the standard users could resume printers and manage print queues.

First, if you’ve messed around with the cups.conf file already, set it to default CUPS config file by performing the following:

  1. Click on Go menu, Click on Go To Folder…, enter: /private/etc/cups
  2. Copy cupsd.conf.default to the desktop, rename it to cupsd.conf
  3. copy it back to /private/etc/cups, overwriting the original file.

Next Obtain user information for the standard account that needs the permission:

  1. Open System Preferences, and then go into “Accounts”
  2. Unlock the preference pane at the bottom and then right click on the user account that needs access. Click “Advanced Options…”
  3. Record the users case sensitive Account Name and the User’s ID.

Now it’s time to Make the change:

  1. Open Terminal
  2. Enter the following commands:
  3. sudo dscl . -append /Groups/lpadmin GroupMembership <User ID>
  4. and
  5. sudo dscl . -append /Groups/lpadmin GroupMembership <Account Name>
  6. Afterwards run this command to verify that both are listed in the group:
  7. dscl . -read /Groups/lpadmin

Log out and log back in as the user and verify that they can now manage print jobs, and pause and resume printers.

MAC Laptop can’t connect to Dell 55xx Series Switch

I ran into a problem with various Mac laptops being unable to obtain an IP, or determine network speed, when plugged into a Dell Power Connect 55xx series switch. Turns out this isen’t just effecting Apple products, it’s also a problem with some PC’s that have newer Intel network cards. The problem is stemming from some of the newer Green Ethernet standards and in this case the switch and computer are unable to work out power settings on the NIC and are unable to set the proper speed and duplex. If you set the computer’s network card to Full Duplex and set the speed you should be able to connect, but this becomes burdonsome. The best way to fix this issue it to disable “EEE” on the 55xx series switch. Follow these steps:

  1. Console into your switch and enter config mode by typing “config”.
  2. Enter the command “No eee enable”.
  3. Save the running config and then reboot the switch.

After the switch reboots, connect the Mac and verify that you can obtain network connectivity with the nic set to automatic.

Configuring IPSecuritas for Use with a SonicWall TZ190 Enhanced, Part 2 Configuring the Client Computer

This is part two of Configuring IPSecuritas with a Sonicwall TZ190 Enhanced. If you missed the first part you can go back and check it out here.

Find the information you recorded in Part 1, we’ll need it below.

  1. Download and Install IPSecuritas. Refer to installation manual if needed.
  2. Launch IPSecuritas and then launch the Connection window by clicking the Connections menu and then selecting Edit Connections….
  3. Click the Plus Sign ( + ) at the bottom left to create a new connection. (shown as “TEST CLIENT”) Enter the WAN IP Address of the sonicwall in the Remote IPSec Device field. Select Host in the Endpoint Mode (Local). Select Network in the Endpoint Mode (Remote). Enter your network Address. See Figure 1.
  4. Click the Phase 1 Tab. Enter the information from Part 1 Step Four28800, DH2, 3DES, SHA-1. Exchange Mode: Aggressive. Proposal Check: Obey. Nonce Size: 16. See Figure 2.
  5. Click the Phase 2 Tab. Enter the information from Step Four28800, 3DES, SHA-1. PFS Group: None. See Figure 3.
  6. Click the ID Tab. Local Identifier: Address. Remote Identifier: Set this to FQDN, Use the Firewall Identifier from Step Seven. Authentication Method: Preshared Key. Use Preshared Secret from Part 1 Step ThreeNOTE: If you are using XAUTH change Authentication Method to XAUTH PSK, enter User and Password  from Part 1 Step Ten and Preshared Secret from Part 1 Step Three. See Figure 4.
  7. Skip the DNS tab, Click the Options Tab. Make sure your Settings appear the same as the picture. See Figure 5.
  8. Click START from the IPSecuritas Program or Widget.

Again, these instructions have only been tested with a Sonicwall TZ190 Enhanced, These instructions may need to be alerted to work with other SonicWall Models. Please let me know if you’ve been able to get these instructions (or slightly modified instructions) to work on any other SonicWall routers.

Configuring IPSecuritas for Use with a SonicWall TZ190 Enhanced

Okay here’s another guide that probably should have been put online sooner, but hey better late than never right? I’m sure there are probably a ton of TZ 1×0’s kicking around and if you’ve got a MAC and want to VPN in, but don’t have the SSL vpn software then you’ll need this guide. I’ve not tested this with anything other than a TZ190 Enhanced, but I’m pretty confident that it would work with at least any Enhanced OS in that same generation of SonicWalls, and maybe even outside of that generation as well.

This is the equivalent Global VPN Client for Mac.

Here is Part 1 – Router Side Configuration:

  • Note: Identify whether or not the SonicWall will hand out DHCP addresses. Make note of this as we’ll need it later in the configuration.
  1. Start by clicking the VPN tab and then select Settings. See Figure 1.
  2. Click on the WAN GroupVPN Configure button. See Figure 2.
  3. Set your Authentication Method to IKE using Preshared Secret and Record your Shared Secret. See Figure 3.
  4. Click the Proposals Tab. Record your settings. In this case we are using DH 2, 3DES, SHA1, and 28800 for Phase 1 & 3DES, SHA1, and 28800 for Phase 2. See Figure 4.
  5. Click the Advanced Tab. Without XAUTH (As Shown See Figure 5.): Set Allow Unauthenticated VPN Client Access to Firewalled Subnets. Or With XAUTH (not shown): Check Require Authentication of VPN Client via XAUTH. Change User Group for XAUTH users to Trusted Users.
  6. Click the Client Tab. Change the Cache XAUTH User Name and Password on Client to Never. Change the Virtual Adapter settings: to DHCP Lease or Manual Configuration. Check the Use Default Key for Simple Client provisioning. Uncheck all other options. See Figure 6.
  7. Click Ok. Return to the VPN Settings page. Record your Sonicwall’s Unique ID. See Figure 7.
  8. Click DHCP Over VPN. Click the Configure button. See Figure 8.
  9. If the SonicWall is acting as the DHCP server (as shown, See Figure 9.) then Check Use Internal DHCP Server. Check For Global VPN Client. Or If the SonicWall is NOT acting as the DHCP server (not shown) then Check Send DHCP requests to the server addresses listed belowClick Add… and Add your DHCP’s Server’s IP address.
  10. (OPTIONAL) If you configured Trusted Users as the XAUTH group in Step Five continue with the steps below, Otherwise Skip to configuring the Client.

  • Click the Users Tab, Select Local Users, Click Add User…
  • Add a new user for each remote user and record the passwords.
  • Change to the Groups tab for each user and add that user to the Trusted Users group.
  • Click OK to Exit the New User… Window and then click the Users tab, select Local Groups, and then click the configure button for Trusted Users
  • Click the VPN Access tab, add Firewalled Subnets into the Access List: section. Click Ok

Once You’ve completed these steps and Recorded all of the necessary information that you were asked to record, download and install IPSecuritas from the link HERE, and then Hop over to Part 2 – Configuring the IPSecuritas Client on a Mac, Here.

OSX 10.6.7 Update Breaks Sonicwall Net Extender (Again)

More Sonicwall NetExtender fun. This time it’s 10.6.7 changing permissions on the /usr/sbin/pppd folder.

I had users over the weekend update Mac OS X 10.6 to version 10.6.7, after the update they were unable to connect to thier Net Extender . When they tried to connect, it failed and then displayed the connetion log. The log contained the following entries:

[general warn 28598] NetExtender 881 closed unexpectedly; attempting to cleanup pppd 28566
[dns info 28608] Restarting mDNSResponder

I’ve only tested this fix for Net Extender version 5.0.680, but I’ve confirmed that it’s working with that version. We’ll need to adjust the permissions on the folder /usr/sbin/pppd:

Open terminal, and enter the following command:

sudo chmod u+s /usr/sbin/pppd

Enter your password at the prompt, allow the command to complete. Once that’s been entered, close and reopen the Net Extender, and then you should be able to connect.

Creating a new Outlook 2011 Profile (Identity )

The first thing to remember is Outlook 2011 is the first Outlook version on Mac, it’s a replacement for Entourage, so when searching for how to create a new Profile, you’re really searching for how to create a new Identity, that’s what Entourage used to call them. If you’re coming from a Windows environment (like me) then you’ll just be calling it a Profile, but that’s why you’ve ended up at my post instead of somewhere else, you’re calling it by the wrong name.

Whatever you want to call it, you can change it and Delete it by going to the following location:
Open Finder
Click on Applications
Open the folder "Office 2011"
Open the folder "Add-ins"
Open the "Microsoft Database Utility"

You can use the Plus and Minus at the bottom to add new or remove Identities (Profiles) for Outlook 2011

How to edit the hosts file on a Mac

The easiest way to edit a Hosts file on a Mac is to drop to the command line and enter the following command:

sudo nano /private/etc/hosts

First Open which is located under the Applications\Utilities folder in Finder.

Type the command as it appears above, and when prompted re-enter in your password. See Fig. 1 Note: You’ll need to be logged in with an account that has Administrator access.

Fig. 1

Once you’ve opened the hosts file use the arrow keys to start a new line under your loopback adapters. You’ll enter hosts by typing in their IP Addresses, pressing tab, and then typing in their host names. Press enter to go to a new line after every IP address and host name combination. In Fig 2. you’ll see that I’ve added two hosts, host1 and host2.

Fig. 2

When you’re done adding hosts and you’ve double checked the spelling and IP Addresses press Control and O at the same to to write-out, or save, the file. You’ll be prompted for a name and location for the file, keep the defaults and press enter. You’ll also be able to see this at the bottom of Fig. 2.

When you’re done saving the file press Control and X to exit the nano application and return to the terminal.

Now try a ping or some other method to make sure that you’re hosts file is working as expected.

Attached Files:

Mac OS 10.6 Clients unable to resolve DNS on Net Extender SSL VPN

Over the last few days I’ve been running into a problem with Mac OS 10.6 clients and the SonicWall SSL VPN client, NetExtender. The client computers were able to resolve DNS properly prior to installation. The problem didn’t appear until after the software was connected to a endpoint, and then disconnected. Once the connection was ended, boom, no DNS resolution.

I had already updated the endpoint device, a SRA 1200, and the NetExtender was whatever version came with SRA 1200 firmware SonicOS SSL-VPN, which was the most recent firmware available at the time of writing.

I started with a review of the release notes of the SonicWall firmware, which mention a problem with Mac OS prior to version 10.6.5 and NetExtender. I updated one of the client Macs to 10.6.5, but still no luck.

A call to SonicWall ended up with them giving me a new version of the NetExtender software for the Mac, version 5.0.680. I updated the first client and Success! I was able to connect, disconnect, and then continue to resolve DNS.

I thought my problems were over until I re-connected to test that the VPN was still working. Now on version 5.0.680 I was unable to resolve DNS on the other end of the VPN tunnel when connected. I could resolve DNS on my local subnet, and on the internet, but I was unable to resolve anything on the internal DNS servers at the main office that I was connecting to. I verified that I could telnet to port 53 across the tunnel, a NSlookup test proved that I the records I was looking for did exist.

I flushed the dns cache, I verified the /etc/resolv.conf file had the two DNS servers that the NetExtender had placed in there when I connected, and I verified with telnet that a firewall was not blocking DNS to the DNS servers.

I called SonicWall back and after much discussion they recommended that we roll back to version 5.0.679. I downloaded the file, removed the current NetExtender and then attempted to re-install the version 5.0.679. It would not allow me to re-install, stating that a more current version was already installed.

I was able to bypass this error by performing the following:

Drop to Command line and enter the following commands:

sudo rm /private/var/db/receipts/
sudo rm /private/var/db/receipts/com.sonicwall.NetExtender.plist
sudo rm /etc/ppp/sslvpn.*

I then rebooted the Mac and was able to install NetExtender version 5.0.679. Once installed I tested again. I was able to connect and resolve DNS, good. I was able to disconnect and continue to resolve DNS, even better. And Finally I was able to connect again and continue to resolve DNS still.  Version 5.0.679 on Mac OS 10.6.5 was what ended up working for me.

I’ve attached version 5.0.679 for download if you’re experiencing the same problem. NetExtender.MacOSX.5.0.679

Update 1: Upon further review, it appears that NetExtender version 5.0.679 breaks the bonjour protocol on the Macs that it is installed on. To circumvent this problem we actually went back to version 5.0.680, and statically configured a hosts file for all of the major resources on the other end of the VPN tunnel. Click Here to see how to manually edit a hosts file on a Mac. You can download version 5.0.680 here: NetExtender.MacOSX.5.0.680

Update 2: Thomas (see below) pointed out that it doesn’t matter what’s in the resolv.conf file as Mac OS 10.6 and higher no longer uses this file to determine DNS servers. My writing about about double checking this file will have no impact on this particular problem. The rest of the article will still help you work around the problem though, so good luck!