My pain, your gain.

Troubleshooting myself in the foot.

Category: os x

javaws on os x mountain lion

We run some dell servers that have idrac cards in them. Some of the older ones have older v6 cards in them. Connecting to these via a mac has been a bit of a bear lately with all the java changes. Doing a bit of research and using the terminal, I found a way to connect to these.

The way that I found was to manually call javaws from the command line specifying which version I wanted to run. Since it seems that the only issue is with java > 1.6, you can just call the java 1.6 javaws. I got the idea from reading this post.

In terminal I found the javaws in my path. It was located in /usr/bin. I checked to see what that was symlinked to. It ended up in a ‘versions’ directory that had many different versions. I created my own symlink in /usr/bin pointing to the v1.6.0 path vs the current path. Once I did this, I had a 1.6.0 version of javaws in my path, aptly named javaws-1.6.0.

When you are logged into the drac, using safari, you can click on the launch virtual console button. This will download a .jnlp file. I didnt write a script or anything, but just found the .jnlp file in the finder via the download window in safari, moved it to the desktop and then in terminal ran javaws-1.6.0 filename.jnlp. This fired it up correctly.

For reference, these are the two versions of javaws I have linked:

/usr/bin/javaws -> /System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/javaws

/usr/bin/javaws-1.6.0 -> /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Commands/javaws

My pain in the bean, your glean.

os x lion (10.7.4) filevault

Filevault and you

So we probably wanted to use filevault (FV) a little differently than most users would. Most users would have one account on their mac and login once at the FV login screen – then they would be done with the login process. This is not what we wanted. We wanted the device to have a global unlock password which would then dump you into the OS login screen. After all, not all passwords are created equal.

We started off simply, create the accounts, start FV full disk encryption (FDE) and then only authorize the account that was being used as the global unlock for the FDE. Then we started getting tricky, to make sure that the global account would not log in, we deleted the account once it was in the FV bios screen. This allows an account to unlock the FDE then drop you into the OS login screen. The issue here is, you cant add any more accounts to the machine because the FV login credentials are automatically updated when you create a new account (not the ideal, but an understandable workflow).

The solution we ended up using is a hybrid of TJ Luoma’s and ours.

If you dont have FV FDE already enabled

  1. Add all the accounts that you think you will need, plus a global admin account that you will use as the FV login account.
  2. Log into the global admin account and enable FV. Do not enable any of the other users to unlock the disk. You will be prompted to restart.
  3. Once restarted and on the FV login window, log in with the global admin account.
  4. Once logged in, log out of the global admin account and into your normal admin account.
  5. Delete your global admin account, let the FDE process complete and you should be all set.

Your mac should now boot and prompt you at the FV login for the global admin account password and then dump you into the standard OS login screen.  Here you can log in with any of the accounts you created in step 1.

If you have FV FDE already enabled

If you have FV FDE already enabled and you want to use the login method that this post is describing, the next steps are for you.  If you have FV FDE already enabled, are already using the login method that this post is describing and want to add more user accounts, the next steps are for you too.  Again, much of these steps are similar to similar to TJ Luoma’s, so if my instructions are confusing, consider checking out his.

The first step is some account administration.

  1. Add all the accounts that you think you will need, plus a global admin account that you will use as the FV login account.
  2. Log into the global admin account and open the terminal app (type terminal into the spotlight window).
  3. This is where it gets a bit technical.  For all user accounts on your mac there exists a short name, you will need to find out the short names for all the accounts you want to remove from the FV login screen.  If the account name is John Smith, there is probably a short name of johnsmith or jsmith.  A quick cheat to find out all the usernames on your system is to type ls -1 /Users (that is a numeral one) followed by enter.  This will list all of the home directories (you can ignore the one name Shared) on your mac which normally correspond to the usernames.
  4. For every account that you want to remove from the FV login screen you will have to reset the password.  Take all the short names you gathered in step 3 and repeat steps 5-7 with each.
  5. Type sudo -u shortname -s subbing shortname for the actual username
  6. Type passwd and where prompted, enter in the current ‘old’ password and then just enter for the new password (ie leave them blank).
  7. Type exit
  8. When you are done resetting all of the passwords to blank, type exit and quit terminal.

The second step is some FV administration.

  1. Go to System Preferences > Security & Privacy > FileVault and click on the Enable Users button on the bottom right.
  2. Set the password of each user to something other than blank, but do not click on Enable User
  3. When all the users’ passwords are set, hit Cancel (counter-intuitive, yes.  Done is also greyed out)

The third and last step is a bit-o-cleanup.

  1. Log out of the global admin account and into your normal admin account.
  2. Delete your global admin account

Your mac should now boot and prompt you at the FV login for the global admin account password and then dump you into the standard OS login screen.  Here you can log in with any of the accounts you created in step 1.

Hope this is helpful to someone.

© 2020 My pain, your gain.

Theme by Anders NorenUp ↑