Skip to content

Binding Lion To Active Directory

Active Directory binding can be a black art. Nuances abound, and they can be pitfalls for getting that first bind to actually take place. Take the following command for example:

dsconfigad -force -add "ad.mycompany.com" -c MyMac -u myusername -p mypassword -ou "OU=macs,OU=computers"

No DC’s are specified, but you’d think that’s OK. After all, you told the AD plugin what the DC’s were with the -add flag. It should be able to figure them out from the “ad.mycompany.com”, right?

Wrong. While third-party solutions like ADmitMac and Centrify can figure out DC’s from the supplied domain, Apple’s AD plugin cannot.

Worse, if you omit the explicit DC specification, the AD plugin won’t tell you. It will try for a while to bind, and eventually you’ll get an error, but it will be a “(10001) failure”, not something useful like “DC not specified”. And it will be at the end of a very long log of bind attempts (assuming you turned on debug logging).

So basically you must specify the domain twice, thusly:

dsconfigad -force -add "ad.mycompany.com" -c MyMac -u myusername -p my password -ou "OU=macs,OU=computers" -domain "DC=ad,DC=mycompany,DC=com"

or (shorter):

dsconfigad -force -add "ad.mycompany.com" -c MyMac -u myusername -p my password -ou "OU=macs,OU=computers,DC=ad,DC=mycompany,DC=com"

Specify your DC’s. Everyone will be happier.

Programatically Getting IP Address on the MacBook Air

(It’s tougher than you think.)

Obtaining the IP address on a desktop Mac with built-in ethernet ports is relatively straightforward. You can rely on en0 existing and the connection being stable. On desktops, TCP connections are maintained, even in a “CLOSE_WAIT” state:

(IP addresses changed to protect the guilty)
# netstat -p tcp
 Active Internet connections
 Proto Recv-Q Send-Q Local Address Foreign Address (state)
 tcp4 0 0 192.118.156.212.62146 a192-17-157-46.zz.https SYN_SENT
 tcp4 0 0 192.118.156.212.62145 192.69.245.140.https ESTABLISHED
 tcp4 0 0 192.118.156.212.62106 my.server..micro ESTABLISHED
 tcp4 0 0 192.118.156.212.60876 192.70.186.139.sip-tls ESTABLISHED
 tcp4 0 0 192.118.156.212.net-as 192.29.231.207.61415 ESTABLISHED
 tcp4 0 0 192.118.156.212.net-as 192.29.231.207.61414 ESTABLISHED
 tcp4 0 0 192.118.156.212.49273 proxy.net.pcsyn CLOSE_WAIT
 tcp4 0 0 192.118.156.212.49272 proxy.net.pcsyn CLOSE_WAIT

However, the MacBook Air has no built-in ethernet. To hardwire one to a network, a USB<->Ethernet transceiver must be added on. And in an effort to save power, the Air drops any unused connections after 5 seconds. Witness:

# netstat -p tcp
 Active Internet connections
 Proto Recv-Q Send-Q Local Address Foreign Address (state)
 tcp4 0 0 192.118.156.212.62145 192.69.245.140.https ESTABLISHED
 tcp4 0 0 192.118.156.212.net-as 192.29.231.207.61415 ESTABLISHED
 tcp4 0 0 192.118.156.212.net-as 192.29.231.207.61414 ESTABLISHED

After a few seconds the very same command yields zilch:

# netstat -p tcp
#

So any scripts you write to grab the IP address that use netstat (the preferred method you’ll find recommended by almost all sites if you Google the topic) will yield a blank result.

You could activate the TCP connection by launching Safari or issuing a curl command and quickly reading netstat’s output within 5 seconds, but that’s a kludge.

The better answer? Good old ifconfig, which will yield the persistent IP state of the Mac no matter how long the network connections have been idle. On the same Air as above where netstat was reporting no info, you get this:

# ifconfig | grep "broadcast"
 inet 192.118.156.212 netmask 0xffffff00 broadcast 192.118.156.255

Ding! (note that we limited the search to lines containing “broadcast” to prevent finding the loopback and other ports irrelevant to our current need.)

To complete the search for a usable IP, we just:

#ip=`ifconfig | grep "broadcast" | cut -d " " -f2`
#echo $ip
192.118.156.212

Now you have $ip waiting for you to act on. Examples:

if [ "$ip" = "" ]; then
   echo "No ethernet cable appears to be plugged in."
fi

Or

if [ "${ip:0:7}" = "169.254" ]; then
   echo "No DHCP server was found."
fi

Have fun!

Get Control of Your Macintosh HD Back

(This is my first post, so we’re going to keep things simple. Later posts will get into more gory under-the-hood Mac hacks & scripts.)

Once you upgrade to Lion, you’ll find you can no longer save files to the root of your “Macintosh HD.” This is an attempt by Apple to keep your filesystem clean and force you to save your files in your Documents, Pictures, Music, Movies, or other appropriate locations.

But if you’re a control freak as I am, you want to save files where you like; it’s your computer, darn it! Besides, many of us upgraders will have legacy files saved at the root of our HD’s that we suddenly won’t be able to save changes to after installing Apple’s latest cat.

So here’s the easy trick to regain control of your Macintosh HD. In Terminal, enter:

 sudo chmod 777 "/Volumes/Macintosh HD"

If you ever want to put it back the way Apple had it, enter:

 sudo chmod 755 "/Volumes/Macintosh HD"

There you have it. Save away!