Tag Archives: OSX

Delete Keychain Folder

We run the Casper Suite to control our Macs at work, and we are using folder re-direction for our conference room machines (for the users’ home directories).  Since all of these machines are Active Directory members and users do change their passwords (quite frequently per policy), we have issues when folks attempt to log into a conference room machine after they have changed their passwords.

The real trouble seems to be that Apple hasn’t quite readied the Mac OS for full enterprise AD integration.  Though the Macs are members and though a user is able to log in using network credentials, once those credentials are cached the OS doesn’t like to check with AD when the credentials offered by the user are not matched with those cached in the keychain.

I created a Self Service script which simply removes the entire keychain folder for the then logged-in user.  If there is a less heavy-handed solution to this matter I have not yet found it.  Here is that script for entertainment.

##
## Conference Room Keychain Fix
#!/bin/bash


## Delete user's Keychains folder (located in redirected home directory's Library folder)

username=$(stat -f %Su /dev/console)
rm -R /home/"$username"/Library/Keychains/


exit
##

I hope you find this useful and expedient.

Share

Fix for Firefox’s Profile Manager Error

There is a bug in Firefox (as near as I can tell) and it has been present for many versions (more than a dozen at least). It only effects users in a particular configuration on Macs, so it is not very likely to get any love any time soon. (I filed a bug report here ages ago.)

In short, Firefox is able to create it’s Profiles folder under /path/to/home/[username]/Library/Application Support/Firefox/ and it is able to create the associated profiles.ini file next to it.  However, Firefox is not able to add the information pointing the profiles.ini folder at the newly created profile folder.

If you try to launch Firefox you will only get the Profile Manager and it will not be able to see any profiles, nor will it be able to create one.  Instead it throws an error:

Profile Manager Error
Profile Manager Error

Anyway, perhaps one day Mozilla will fix it.  In the meantime I need to be able to fix this for users.  I know I can add a known-good profile and profiles.ini pair, so I figured I could just build my own profiles.ini file based on what I saw in the Profiles folder.  That worked so I just needed to create a way to use that information.

We use the Casper Suite to manage the Macs in our environment, so I was bent on doing something through Casper.  Additionally I wanted to user Casper’s Self Service application so I could just point a user to a single button to fix the problem.

Here is the script I added for users to evoke through Self Service.

##
#! /bin/bash
## Fix Firefox profile manager error on machines with re-directed home directories.
## by JamesIsIn

#Get current logged-in username.

username=$(stat -f %Su /dev/console)

# Get first profile name in user's Library folder.

profile="$(basename /home/"$username"/Library/Application\ Support/Firefox/Profiles/* | head -1)"

# Empty and populate user's Firefox profiles file.

printf "[General]\nStartWithLastProfile=1\n\n[Profile0]\nName=Default User\nIsRelative=1\n" 1>/home/"$username"/Library/Application\ Support/Firefox/profiles.ini
printf "Path=Profiles/""$profile" 1>>/home/"$username"/Library/Application\ Support/Firefox/profiles.ini

exit
##

First I get the username of whomever happens to be logged in at the time Self Service is run on that machine and save that in a variable (called username).

Then I get the name of the first profile located in the user’s Firefox folder (under the user’s Library folder).  It doesn’t matter which one I use, I just arbitrarily chose the first one.  This way if there is only one I’ll be ok too.  I store that in a separate variable (called profile).

Finally I use those two variables to construct the appropriate profiles.ini file (using printf and standard output redirection).

Hope that helps you.

Share