Freezing Accounts in System Preferences

Dec 5 11 under OS X | 1 Comment

I’ve seen this a lot at our service desk, A student will bring in their laptop because they can’t open the Accounts prefpane.

After investigation I found there to be multiple guest accounts on the computer, one named Guest and the rest Guest1, Guest2 etc.  These can be removed using dscl within terminal with the following commands.

sudo dscl

cd /Local/Default/Users

ls

This will show all the accounts that are on the system, you will need to find how many guest accounts have been created and remove them with the line command below…

rm Guest1

That command will need to be repeated for each additional guest account.

Once that is complete you can open System Preferences and the Accounts prefpane should load correctly.

In Lion you can open Directory utility, located in /System/Library/CoreServices/ and use the directory editor within to remove the accounts if you aren’t comfortable with Terminal.

Read More

pfSense Traffic Logging (updated!)

Aug 17 11 under iOS, Networking, pfSense | Leave a comment

As promised in my previous post, I have now completed the PHP script for making the connection between the pfSense Captive Portal authentication log and the Squid authentication log.

trafficlog trafficlog 1.1 - Needs to be placed in /usr/local/www/ and renamed to trafficlog.php

captiveportal captiveportal 1.1 - Needs to be placed in /usr/local/www/ and renamed to captiveportal.php

download - Needs to be placed in /usr/local/www/captivetraffic/ (The captivetraffic folder will need to be created.)

indexTo replace the original in /usr/local/captiveportal/

A cron job to create the completeportalauth.log file will need to be setup, easiest way to do this is a install the Cron package and then add the following settings – Minute – 1,  Hour – *, Mday – *,  Month – *, Wday – *, Who – root, command - clog /var/log/portalauth.log >> /var/log/completeportalauth.log  No longer required.

Unfortunately due to security built into WordPress, I cannot upload PHP files, so once you’ve download the downloaded the txt files you will need to change the extension to .php.

Please note, I’m no programmer, and I only did this so that my colleagues need not ssh into pfSense to run the commands. Depending on how large your logs are, the page may take a while to load.

I chose the load the log in an iFrame due to PHP running out of memory, outputting to a file and making it available for download was simplest way I could think of to get around this. The /usr/local/www/captivetraffic/ folder might begin to get quite full, but a nightly cron job that clears the log will fix this.

Read More

iOS devices on the CEO network

Aug 14 11 under iOS, Networking | Leave a comment

With the recent deployment of 190 iPads at the school I work at, we needed to create a network that would seamlessly support iOS devices. Being a Catholic school all our internet traffic goes though the Catholic Education Network’s proxies, making it almost impossible to download and use iOS apps due to the lack of complete proxy support in the operating system.

While most apps probably would work through the proxy, most of them wont work well, Our solution for this was to setup another VLAN and an open SSID, the best wanky name we could think of for the new network was “iConnect”.

When connecting to the “iConnect” network, and thanks to a neat feature in iOS, the user is prompted for their credentials, after they are successfully authenticated, the user can begin to access the Internet.

The iConnect network does not require the user to setup any proxies, thanks to pfSense. I configured pfSense with the Squid proxy and captive portal modules. Squid runs in transparent mode with the Catholic Education Network’s proxies specified in the upstream settings, the captive portal module uses RADIUS to authenticate against our existing AD infrastructure.

When building the network, the first issue we ran into was not being able to access HTTPS sites, this is because it is impossible to use a transparent proxy to route HTTPS traffic, we had to get port 443 open for the WAN IP address of our pfSense box, once it was open, HTTPS sites worked as expected.

I’m currently in the process of writing a PHP page that makes it simple to do a quick lookup of a users browsing history, once complete I’ll post it here.
See this post

Read More

Welcome

Aug 14 11 under Uncategorized | Leave a comment

Decided I’d change my website from just a static page with links to my online presences to something a little more interesting. Here you will find my nerdy posts that I think others will find useful.

Read More