Comments (33)
Hmm. Odd.
Does the standard users password expire? Anything in the logs? (System.log look for ADPassMon).
On 8 Apr 2016, at 10:59, MaxFrames [email protected] wrote:
I'm trying to use the application on a domain-joined iMac running OSX 10.9.5.
Logged on as a domain user (which is also an admin on the iMac) I've downloaded the latest version, put it in the Applications directory and launched it from there. It went through a first run configuration, and it installed itself in the menu bar as supposed to.
At this point I've logged off and logged on as a different user, also a domain user but without administration rights on the machine. The application did not show in the menu bar. The task monitor showed that the process was running. I tried to kill the process and start the app, but again there was no sign of it being active at all besides it being listed in the active tasks. I've tried to promote the user to admin, uninstall the app and install it again; I've tried to delete the plist preferences and reboot, the problem was not solved.
What is the correct procedure to install the app and configure it to run automatically for all the users?—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
from adpassmon.
I've repeated the test again: logged on as a domain user (whose password does not expire), installed ADPassMon from scratch, verified it was working (shown in the menu bar), logged off, logged on as a domain user account (whose password does expire - 180 days) and verified ADPassMon was running (resource monitor) but now showing in the menu bar.
After doing this, I logged on again as the domain admin and retrieved this from System.log:
Apr 13 08:45:47 sp-pescara.local ADPassMon[373]: Running on OS 10.9.x
Apr 13 08:45:47 sp-pescara.local ADPassMon[373]: Running under a network account.
Apr 13 08:45:47 sp-pescara.local ADPassMon[373]: Native password method selected
Apr 13 08:45:47 sp-pescara.local ADPassMon[373]: Testing Universal Access settings…
Apr 13 08:45:58 sp-pescara.local ADPassMon[373]: Prompting for password
Apr 13 08:46:09 sp-pescara.local ADPassMon[373]: Enabled
Apr 13 08:46:09 sp-pescara.local ADPassMon[373]: Domain reachable.
Apr 13 08:46:09 sp-pescara.local ADPassMon[373]: Testing if password can expire…
Apr 13 08:46:09 sp-pescara.local ADPassMon[373]: Password does not expire.
Apr 13 08:46:09 sp-pescara.local ADPassMon[373]: Stopping.
Apr 13 08:47:02 sp-pescara.local ADPassMon[488]: Running on OS 10.9.x
Apr 13 08:47:02 sp-pescara.local ADPassMon[488]: *** -[ADPassMonAppDelegate applicationWillFinishLaunching:]: Can’t make «class ocid» id «data optr00000000E0B0020000600000» into type integer. (error -1700)
Apr 13 08:50:23 sp-pescara.local ADPassMon[650]: Running on OS 10.9.x
Apr 13 08:50:23 sp-pescara.local ADPassMon[650]: Running under a network account.
Apr 13 08:50:23 sp-pescara.local ADPassMon[650]: Native password method selected
Apr 13 08:50:23 sp-pescara.local ADPassMon[650]: Testing Universal Access settings…
Apr 13 08:50:23 sp-pescara.local ADPassMon[650]: Enabled
Apr 13 08:50:24 sp-pescara.local ADPassMon[650]: Domain reachable.
Apr 13 08:50:24 sp-pescara.local ADPassMon[650]: Testing if password can expire…
Apr 13 08:50:24 sp-pescara.local ADPassMon[650]: Password does not expire.
Apr 13 08:50:24 sp-pescara.local ADPassMon[650]: Stopping.
As you can see, there is an error, which I cannot make heads or tails about, and it seemed to have occurred upon the second logon, i.e. when I logged on as the standard user.
I've found this: #59
If it helps, the system on this machine is localized in Italian.
from adpassmon.
By applying the suggestion in thread #59 (removing the dot from the expire date field) I've been able to make AdPassMon appear on the menu bar of the users.
I can confirm the problem lies there because the app worked out of the box for all the users whose passwords did not expire (no problems with the expire date format).
from adpassmon.
Can you folks run the below & advise what is returned?
echo '(131258737778620155/10000000)-11644473600' | /usr/bin/bc
from adpassmon.
Can you test the below?
from adpassmon.
@macmule
It's been so long that I'd forgotten all about this issue :-P
Well, since then I've upgraded to OSX 10.12. The OS language is still Italian.
I have tried the app I extracted from the ZIP file you posted above. No difference in my case. I still have the same problem (apparently, my plist workaround has been reverted by upgrading the OS). The app starts automatically, and is visible in the menu bar, if the user password does not expire. If the user password does expire, the app is not visible in the menu bar though the process is running.
The output of the echo command you posted is "1481400177".
I hope it helps, and a solution is near.
from adpassmon.
& the output is from the expiring account right?
Sat, 10 Dec 2016 20:02:57 GMT is the epoch time converted to human readable.
Can you post the ~/lLogs/ADPassMon.log from the account with the minus days?
from adpassmon.
The output is from the account with an expiring password, yes.
I am not sure what log you want me to post. I assume you mean the ADPassMon.log file found in the Console app, under ~/Library/Logs. Here is how it looks this morning (viewed from the same account):
Thu Nov 3 13:40:11 CET 2016 Launching.....
Thu Nov 3 13:40:11 CET 2016 ADPassMon 2.21.0
Thu Nov 3 13:40:11 CET 2016 Running on OS 10.12.x
Thu Nov 3 13:40:11 CET 2016 Username: maxframes
Thu Nov 3 13:49:55 CET 2016 Launching.....
Thu Nov 3 13:49:55 CET 2016 ADPassMon 2.21.0
Thu Nov 3 13:49:56 CET 2016 Running on OS 10.12.x
Thu Nov 3 13:49:57 CET 2016 Username: maxframes
Fri Nov 4 08:45:34 CET 2016 Launching.....
Fri Nov 4 08:45:34 CET 2016 ADPassMon 2.21.0
Fri Nov 4 08:45:35 CET 2016 Running on OS 10.12.x
Fri Nov 4 08:45:35 CET 2016 Username: maxframes
Not much there, it seems.
Thanks
from adpassmon.
Thanks.
I'm just trying to figure out how to recreate the issue to fix it.
Can you also post the org.pmbuko.adpassmon.plist? Should be in the users library.
Regards,
Ben.
On 4 Nov 2016, at 07:54, MaxFrames [email protected] wrote:
The output is from the account with an expiring password, yes.
I am not sure what log you want me to post. I assume you mean the ADPassMon.log file found in the Console app, under ~/Library/Logs. Here is how it looks this morning (viewed from the same account):Thu Nov 3 13:40:11 CET 2016 Launching.....
Thu Nov 3 13:40:11 CET 2016 ADPassMon 2.21.0
Thu Nov 3 13:40:11 CET 2016 Running on OS 10.12.x
Thu Nov 3 13:40:11 CET 2016 Username: maxframes
Thu Nov 3 13:49:55 CET 2016 Launching.....
Thu Nov 3 13:49:55 CET 2016 ADPassMon 2.21.0
Thu Nov 3 13:49:56 CET 2016 Running on OS 10.12.x
Thu Nov 3 13:49:57 CET 2016 Username: maxframes
Fri Nov 4 08:45:34 CET 2016 Launching.....
Fri Nov 4 08:45:34 CET 2016 ADPassMon 2.21.0
Fri Nov 4 08:45:35 CET 2016 Running on OS 10.12.x
Fri Nov 4 08:45:35 CET 2016 Username: maxframesNot much there, it seems.
Thanks
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
from adpassmon.
from adpassmon.
As text?
Regards,
Ben.
On 4 Nov 2016, at 08:23, MaxFrames [email protected] wrote:
I've found it under Library/Preferences, but how do I open it as text?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
from adpassmon.
thanks @MaxFrames.. sorry hadn't had AM coffee.
1,4724892
is odd, i'm trying to replicate that comma but cannot :(
That also gives a date of "GMT: Sat, 20 Jun 1970 10:14:52 GMT"
However, that last date seems to sat 29th of August?
from adpassmon.
It is 29th of August. That was the date when this user's password last expired. Indeed I can confirm that I last changed it on August 30th. Passwords in our domain expire every 6 months, so the current expiration date is february 26, 2017 for this account. As for the comma, I understand it shouldn't be there? Maybe it's because of regional settings? I am using the Italian version of OSX with Italian regional settings. In Italian, the comma is used as a decimal separator (so for example 1.47 becomes 1,47).
from adpassmon.
Yep.. i've been looking at decimal marks & making it non-regionalised as AppleScript is faux-americas english, so expects no comma.. but cannot replicate yet.. i'll keep trying though!
@MaxFrames can you run:
/usr/bin/dscl localhost read /Search/Users/$USER msDS-UserPasswordExpiryTimeComputed
and:
/usr/bin/dscl localhost read /Search/Users/$USER SMBPasswordLastSet | /usr/bin/awk '/LastSet:/{print $2}'
Then post the results from both?
from adpassmon.
The first command gives "No such key: msDS-UserPasswordExpiryTimeComputed"
The second command gives "131170124806387645"
from adpassmon.
ok.. cool.. to the last commands result gives an Epoch of: 1472538880, which gives a date of: GMT: Tue, 30 Aug 2016 06:34:40 GMT.
That's only 66 days ago, not the 137 you're seeing.. but still negative days.
For the last command, you should get the result twice. Are you only getting it once?
bens-Mac:~ adtest$ /usr/bin/dscl localhost read /Search/Users/$USER SMBPasswordLastSet | /usr/bin/awk '/LastSet:/{print $2}'
131227334336522647
131227334336522647
from adpassmon.
@MaxFrames can you also post the output of dsconfigad -show
?
Removing the domain info at the top
bens-Mac:~ adtest$ dsconfigad -show
Active Directory Forest = pretendco.com
Active Directory Domain = pretendco.com
Computer Account = bens-mac$
Advanced Options - User Experience
Create mobile account at login = Enabled
Require confirmation = Disabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Disabled
Network protocol to be used = smb
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = not set
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain
from adpassmon.
Yes I am only getting the output once, not twice.
Active Directory Forest = mydomain.local
Active Directory Domain = mydomain.local
Computer Account = sp-mymachine$
Advanced Options - User Experience
Create mobile account at login = Disabled
Require confirmation = Enabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = amministratori dominio,amministratori enterprise
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain
from adpassmon.
Ah!
Network account. (Create mobile account at login = Disabled).
Ok, gives me something else to test.
from adpassmon.
Yep, we are not using roaming profiles.
from adpassmon.
Cool.
Something more to test, it changes the dscl calls a wee bit.
I'll get back to you.
On Fri, Nov 4, 2016 at 12:01 PM, MaxFrames [email protected] wrote:
Yep, we are not using roaming profiles.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#61 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACWczvYk6iWwFimIilRcefTgBX9V5Dprks5q6x6egaJpZM4IC3Aw
.
Regards,
Ben
from adpassmon.
Can you download & run the attached, then paste the output?
bens-Mac:~ adtest$ /Volumes/VMware\ Shared\ Folders/DerivedData/cfprefs-adpassmon.py
Key Value = 1481888633
Key Forced = False
The above output is from a Mac which is bound, network & non-roaming account, & os etc is in italian.
from adpassmon.
oh.. you're on 10.12?
from adpassmon.
The output of the py file run in a terminal:
Key Value = 1,4724892
Key Forced = False
from adpassmon.
Please test: https://github.com/macmule/ADPassMon/releases/tag/154
from adpassmon.
It sort of works! A big step forward and a small step back.
The application now launches both on the account with the non expiring password and on the account with the expiring password. On the latter, it displays the correct number of days left before expiration. But on the former, it now displays a bogus negative value (-2541 days), and it displays a warning that I will have to change the password... in 2009!
from adpassmon.
@MaxFrames Cool. I spent ages on the expiration calls.. not the non-expiring!
Can you post the log ~/Library/Logs/ADPassMon.log from the account that doesn't expire?
Also, the output of /usr/bin/dscl localhost read /Search/Users/$USER userAccountControl | /usr/bin/awk '/:userAccountControl:/{print $2}'
under the same account.
from adpassmon.
Log:
Wed Nov 9 10:30:41 CET 2016 Launching.....
Wed Nov 9 10:30:41 CET 2016 ADPassMon Version: 2.21.0 (154)
Wed Nov 9 10:30:41 CET 2016 Running on OS 10.12.x
Wed Nov 9 10:30:41 CET 2016 Username: sysadmin
Wed Nov 9 10:30:41 CET 2016 Set number formatter
Wed Nov 9 10:30:41 CET 2016 Registering defaults..
Wed Nov 9 10:30:41 CET 2016 Retrieving defaults..
Wed Nov 9 10:30:42 CET 2016 Running under a network account.
Wed Nov 9 10:30:46 CET 2016 Native password method selected
Wed Nov 9 10:30:46 CET 2016 Testing Universal Access settings…
Wed Nov 9 10:30:46 CET 2016 Skipping Accessibility check...
Wed Nov 9 10:30:46 CET 2016 Starting auto process…
Wed Nov 9 10:30:46 CET 2016 Domain test succeeded.
Wed Nov 9 10:30:46 CET 2016 Domain test succeeded.
Wed Nov 9 10:30:46 CET 2016 myDomain: mydomain.local
Wed Nov 9 10:30:46 CET 2016 myLDAP: mydc.mydomain.local.
Wed Nov 9 10:30:46 CET 2016 Using alt method
Wed Nov 9 10:30:47 CET 2016 mySearchBase: DC=mydomain,DC=local
Wed Nov 9 10:30:47 CET 2016 Got expireAge: 180
Wed Nov 9 10:30:47 CET 2016 pwdSetDateUnix via DSCL: 128879838540468750
Wed Nov 9 10:30:47 CET 2016 pwdSetDate epoch: 1243510000
Wed Nov 9 10:30:47 CET 2016 Today epoch: 1478683847
Wed Nov 9 10:30:47 CET 2016 Days Since Set: 2721,91952546296
Wed Nov 9 10:30:47 CET 2016 alt daysUntilExp: -2541,91952546296
Wed Nov 9 10:30:47 CET 2016 alt daysUntilExpNice: -2542
Wed Nov 9 10:30:47 CET 2016 alt secondsTilExpiry: -219621800
Wed Nov 9 10:30:47 CET 2016 Got expireDateUnix from alt: 1259062000
Wed Nov 9 10:30:47 CET 2016 expirationDate: Tue Nov 24 12:26:40 CET 2009
Wed Nov 9 10:30:47 CET 2016 Triggering notification…
Wed Nov 9 10:30:47 CET 2016 Native password method selected
Wed Nov 9 10:30:47 CET 2016 Testing Universal Access settings…
Wed Nov 9 10:30:47 CET 2016 Skipping Accessibility check...
Wed Nov 9 10:30:47 CET 2016 Testing Keychain Lock state...
Wed Nov 9 10:30:55 CET 2016 Keychain unlocked...
Output of command:
66048
from adpassmon.
Perfect! (well not, but from an issue tracking pov it is).
I'll have a look at this & hopefully will have a new build out over the weekend.
from adpassmon.
@MaxFrames please test: https://github.com/macmule/ADPassMon/releases/tag/155
from adpassmon.
It seems to work; I see correct indications for the account with the non expiring password ("--") and for the account with the expiring password (103d).
Thanks for the good work.
from adpassmon.
I wonder if I can make here a feature request. I would like to be able to change preferences globally (for all users). Specifically, I would like the password change method to default to "use adpassmon" for all users, because I want to make sure the keychain password is automatically kept in sync (a major cause of headaches); if I'm not mistaken, the only way to apply this setting to the main user of this machine is to log on with his account (I don't have the password, and I wouldn't anyway w/o permission).
thanks again
from adpassmon.
Thanks for the update @MaxFrames. :)
For the settings, i'd deploy a profile to all the Macs running ADPassMon.
ADPassMon would pick them up on it'a 1st launch after the profile has been installed.
from adpassmon.
Related Issues (20)
- Correct offline update function HOT 1
- Quit if not bound & alert
- Quit if fails & advise
- Silently quit if running as a non-AD account & runIfLocal not set
- Moar logging HOT 1
- New Version does not start HOT 14
- Remove KerbMinder support HOT 4
- Correct usage of canPassExpire function
- Doesn't start HOT 11
- Message cut off & duplicated in new builds HOT 1
- Send all errors to ~/L/P/ADPassMon.log & not system.log
- Change changePassword for behaviour 1 on 10.9+ HOT 1
- Update Wiki pre-2.21.0 release HOT 1
- Login with no password expiration time HOT 3
- plist Preferences Settings For All Users HOT 7
- Change Password - Not Working? HOT 13
- Help with installation - Please forgive me HOT 1
- Notification every 10 minutes after the 14 days expiration date HOT 1
- Feature Request - Check alternate account HOT 1
- Updating all Keychains using the same password HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adpassmon.