"Error opening terminal: xterm-256color"
Here is the fix (must be run from Terminal on the machine itself):
- Open Terminal
- Type "pico ~/.profile" (if it doesn't exist go ahead and create it)
- Enter the lines:
- TERM="xterm"
- export TERM
- Exit and save
Showing posts with label Lion. Show all posts
Showing posts with label Lion. Show all posts
Thursday, September 26, 2013
Error opening terminal: xterm-256color
After opening a remote ssh session to Lion and Mountain Lion clients and attempting to launch pico (I know, I know, "real men use vi") I get the following error:
"Error opening terminal: xterm-256color"
Here is the fix (must be run from Terminal on the machine itself):
"Error opening terminal: xterm-256color"
Here is the fix (must be run from Terminal on the machine itself):
Friday, October 19, 2012
10.7 and 10.8 Clients do not generate Kerberos tickets at login: FIX
(For information about forcing 10.6.x clients to get a Kerberos ticket at login see this Apple KB)
We have encountered a problem where Lion and Mountain Lion clients are not generating Kerberos tickets at login. This causes problems with single-sign-on (SSO) to network shares as well as with Kerberos enabled applications like SAP.
Apparently Apple's latest version of Kerberos will not automatically request a ticket when a Kerberos enabled application launches. Instead you must either go to Terminal and type "kinit" and enter your password or force a ticket to be generated at login using the following instructions.
Note: in order to correctly authenticate using Kerberos enabled applications like SAP your user name in AD and in the application itself must match. This means that both your SAMAccount name and UPN in must be identical- including the case. Many non-Microsoft instances of Kerberos are case-sensitive.
To generate a Kerberos ticket at login (10.7 and 10.8 clients):
We have encountered a problem where Lion and Mountain Lion clients are not generating Kerberos tickets at login. This causes problems with single-sign-on (SSO) to network shares as well as with Kerberos enabled applications like SAP.
Apparently Apple's latest version of Kerberos will not automatically request a ticket when a Kerberos enabled application launches. Instead you must either go to Terminal and type "kinit" and enter your password or force a ticket to be generated at login using the following instructions.
Note: in order to correctly authenticate using Kerberos enabled applications like SAP your user name in AD and in the application itself must match. This means that both your SAMAccount name and UPN in must be identical- including the case. Many non-Microsoft instances of Kerberos are case-sensitive.
To generate a Kerberos ticket at login (10.7 and 10.8 clients):
- Open Terminal
- Type "sudo -s" and authenticate as super user
- Navigate to /etc/pam.d
- Type "cp authorization authorization.bak" to make a backup of the authorization file
- Type "pico authorization" to edit the file (you could also use vi or your favourite editor)
auth optional pam_krb5.so use_first_pass use_kcminitAdd the key "default_principal" to the end of the line. For example:
auth optional pam_krb5.so use_first_pass use_kcminit default_principal
- Save the file
- Restart and log back into the computer
- Check that a Kerberos ticket has been generated by opening Terminal and typing "klist"
Hosting Mountain Lion Software Updates on 10.6 or 10.7 Servers
This information came directly from Apple's KB:
- Update your server to Mac OS X Server v10.6.8 (or 10.7)
- Stop the Software Update service if it is running.
- Quit Server Admin if it is active.
- Update /etc/swupd/swupd.plist to begin hosting OS X Lion software updates. (See details below.)
- Update /etc/swupd/swupd.conf to allow OS X Lion computers to receive updates. (See details below.)
- Open Server Admin and start the Software Update service.
- Use the instructions in Mac OS X Server v10.6: Using the Software Update service with multiple Mac OS X client versions to point your OS X Lion clients to this server.
For Mountain Lion change the string to:
In step 5, you will need root access to update the file /etc/swupd/swupd.conf. To be safe, make a backup copy of the file before editing it. Locate the following line near the end of the file:
Edit the following line to read:
Wednesday, August 15, 2012
OS 10.7 Lion and Citrix: 100% CPU use after upgrade
After upgrading from 10.6.8 to 10.7.4 I noticed that my battery life plummeted. Prior to the upgrade I would be getting a solid 5 hours; after installing Lion my battery life dropped to 1:15. Applications were also performing very poorly and the entire system seemed sluggish.
After some investigation and speaking with Apple I discovered that the problem was with the Citrix Access Gateway plug-in. I removed it and my system instantly returned to normal. In fact I started getting six hours of battery life so it could have been causing problems when I was on 10.6.8 too.
Citrix has acknowledged that several of their Receiver components are having problems with Lion. HERE is a link to the Citrix page that explains the problems and offers work-arounds.
After some investigation and speaking with Apple I discovered that the problem was with the Citrix Access Gateway plug-in. I removed it and my system instantly returned to normal. In fact I started getting six hours of battery life so it could have been causing problems when I was on 10.6.8 too.
Citrix has acknowledged that several of their Receiver components are having problems with Lion. HERE is a link to the Citrix page that explains the problems and offers work-arounds.
Wednesday, June 6, 2012
SAP launch error in Lion
On AD bound Lion (10.7.3) Macs were were receiving the following error on launch:
Unable to load GSS-API dyld Shared Library
named "sncgss.dyld"
We have seen similar errors with Snow Leopard (10.6.x) machines and it normally indicated that 32bit mode was not enabled; this was not the case in London.
The fix we found involves setting the SNC_LIB varriable using the following commands in Terminal:
echo Setting the SNC environment for current user.
mkdir ~/.MacOSX >/dev/null 2>&1
defaults write ~/.MacOSX/environment.plist SNC_LIB "/usr/lib/libgssapi_krb5.dylib"
Strangely, this did not fix the problem right away- we had to wait for upwards of an hour for the fix to "take"; once it did the users could launch the SAP client normally.
Unable to load GSS-API dyld Shared Library
named "sncgss.dyld"
We have seen similar errors with Snow Leopard (10.6.x) machines and it normally indicated that 32bit mode was not enabled; this was not the case in London.
The fix we found involves setting the SNC_LIB varriable using the following commands in Terminal:
echo Setting the SNC environment for current user.
mkdir ~/.MacOSX >/dev/null 2>&1
defaults write ~/.MacOSX/environment.plist SNC_LIB "/usr/lib/libgssapi_krb5.dylib"
Strangely, this did not fix the problem right away- we had to wait for upwards of an hour for the fix to "take"; once it did the users could launch the SAP client normally.
Tuesday, December 27, 2011
10.7 clients unable to connect to legacy NAS and AFP devices
In Lion Apple disabled older, less secure protocols like DHCAST128. This has caused problems with older NAS devices running AFP and some Novell servers.
Most manufactures have released updates to resolve this problem but there is also a way to re-enable the protocol from the command line.
Here are the instructions from Apple's KB:
Lion maintains a list of authentication methods that are not allowed. These are the older, less secure authentication methods. You may need to enable one or more of these methods to support legacy devices or protocols.
Open Terminal.
Execute the following commands:
sudo chmod o+w /Library/Preferences
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
Make an AFP connection to another system so that the AFP Client preference file will be filled in with the default set of values. Note: You must connect as a registered user, not as a guest.
Execute the following command to see a list of the disabled User Authentication Methods (UAMs)
defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams
By default the disabled UAMs are "Cleartxt Passwrd", "MS2.0", "2-Way Randnum exchange", and "DHCAST128". Note: if you don't see a list, restart your computer and repeat step 3.
To enable one of these UAMs, remove it from the list of disabled UAMs. For example, this command enables DHCAST128 by removing it from the list of disabled authentication methods:
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"
After the desired changes have been made, restore the permissions on the Preferences folder with this command:
sudo chmod o-w /Library/Preferences
Additional Information
If you want to undo the changes described above, you can either delete the /Library/Preferences/com.apple.AppleShareClient file or use the following command to re-disable the default set of older UAMs:
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange" "DHCAST128"
The full article can be found here: http://support.apple.com/kb/HT4700
Most manufactures have released updates to resolve this problem but there is also a way to re-enable the protocol from the command line.
Here are the instructions from Apple's KB:
Lion maintains a list of authentication methods that are not allowed. These are the older, less secure authentication methods. You may need to enable one or more of these methods to support legacy devices or protocols.
Open Terminal.
Execute the following commands:
sudo chmod o+w /Library/Preferences
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
Make an AFP connection to another system so that the AFP Client preference file will be filled in with the default set of values. Note: You must connect as a registered user, not as a guest.
Execute the following command to see a list of the disabled User Authentication Methods (UAMs)
defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams
By default the disabled UAMs are "Cleartxt Passwrd", "MS2.0", "2-Way Randnum exchange", and "DHCAST128". Note: if you don't see a list, restart your computer and repeat step 3.
To enable one of these UAMs, remove it from the list of disabled UAMs. For example, this command enables DHCAST128 by removing it from the list of disabled authentication methods:
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"
After the desired changes have been made, restore the permissions on the Preferences folder with this command:
sudo chmod o-w /Library/Preferences
Additional Information
If you want to undo the changes described above, you can either delete the /Library/Preferences/com.apple.AppleShareClient file or use the following command to re-disable the default set of older UAMs:
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange" "DHCAST128"
The full article can be found here: http://support.apple.com/kb/HT4700
Friday, December 23, 2011
Lion clients unable to connect to Snow Leopard server
If you are attempting to connect from a bound Lion client to a bound Snow Leopard server you must use the FQDN for the server.
For example: myserver.test.network.com
If you do not you may receive an error that says "The version of the server you are trying to connect to is not supproted. Please contact your system administrator to resolve the problem."
Also check what authentication method you are using.
Note: changing the authentication to Any Method can possibly break single-sign-on for Snow Leopard client. If this happens change the authentication to "Kerberos". Lion clients should still be able to access the server.
For example: myserver.test.network.com
If you do not you may receive an error that says "The version of the server you are trying to connect to is not supproted. Please contact your system administrator to resolve the problem."
Also check what authentication method you are using.
- Open Server Manager
- Highlight "AFP"
- Click on the "Access" tab
- Change "Authentication" to "Any Method"
Note: changing the authentication to Any Method can possibly break single-sign-on for Snow Leopard client. If this happens change the authentication to "Kerberos". Lion clients should still be able to access the server.
Subscribe to:
Posts (Atom)