ADPassMon updated to v1.9.8

Major changes:

  • ADPassMon now requires OS X 10.8. (ADPassMon v1.9 is still available for 10.6 and 10.7)
  • It now detects if a password is set to never expire and halts further checking. The menu will display ‘[–]‘ in this case. (Thanks to Luis Giraldo for pointing out this oversight on GitHub.)

Minor changes:

  • Some log entries were removed and others were slightly modified
  • Replaced “Quit ADPassMon” in menu with “Exit”

Download version 1.9.8 here.

ADPassMon updated to v1.9.7

This version fixes a bug that caused ADPassMon to fail when a Mac’s language settings use a decimal separator other than a period. Thank you to Adrian Milz of Germany for pointing it out to me.

I have also decided to distribute the application with a simple zip archive rather than a dmg from now on.

Download version 1.9.7 here.

PSU MacAdmins 2014 talk (updated)

I attended the 2014 Penn State University Mac Admins Conference this year as a speaker and gave a talk today titled Shell Building Blocks. Here’s a link to my talk’s companion github repo, as well as the slides in PDF and original Keynote format.


Slides: PDF | Keynote

Video: YouTube


ADPassMon updated to v1.9.6

This version fixes an issue where the “Change Password” and “Refresh Kerberos Ticket” menu items would be grayed out incorrectly. ADPassMon is supposed to only disable these options if the AD domain cannot be reached. I was doing a simple number comparison between two values, but had far too much precision and clock drift would throw it off. I now use fewer significant digits in the comparison.

Download ADPassMon v1.9.6 here.

(You may have notices I’ve seemingly skipped 1.9.5. It was a quiet release of 1.9.5 that introduced a bug, so I pulled it.)

ADPassMon has been forked!

A little over a month ago, a fellow from the UK contacted me about adding a few features to ADPassMon. We sent a some emails back and forth and he decided to fork my ADPassMon github repo and take a stab at modifying my code himself. He has just released his project as ADPassMon v2. I gave him a few pointers along the way, but all new features that differentiate it from my project are entirely his own work. I’m frankly impressed with how quickly he was able to wrap his head around AppleScript ObjC and achieve his feature goals.

If you are a current ADPassMon user, I encourage you to take a look at his detailed write-up and see if his fork will fit your environment better.

Monitor Isilon NFS thread counts

Here at [my workplace] we recently noticed that some of the nodes in our Isilon storage cluster were reaching their NFS thread limit. I won’t go into why that’s a bad thing or the reasons it was occurring, but we quickly realized it was something we should be monitoring closely. To see the current NFS thread counts on all nodes in your Isilon cluster, you use the following command:

isi_for_array -s sysctl vfs.nfsrv.rpc.threads_alloc_current

This returns something like the following:

dm11-1: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-2: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-3: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-4: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-5: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-6: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-7: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-8: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-9: vfs.nfsrv.rpc.threads_alloc_current: 16

The first column gives you the node name and the last column gives you the current thread count. With few connections, the numbers on the left will be low. Our nodes are set with a 16 thread minimum. As more clients connect to a given node, more threads are spawned as needed to service them.

Running this command manually every once in a while is obviously less than ideal. Since Isilon nodes run an OS based on FreeBSD and python is available on them, I wrote a python script called ‘‘ to monitor the thread counts for me. The script lives in /root on one of the nodes in the cluster and runs every 5 minutes via a cron entry in /etc/local/crontab.local on the same node.

When the script runs, it checks to see if any of the nodes is at or exceeding our warning threshold (70% of the max thread count of 256). The script sends an alert email (via smtp/sendmail) if at least one node has hit the warning threshold. Nodes beyond the threshold are identified at the top of the message in a line that starts “WARN” or “CRIT” followed my the node’s name and thread count. The email alert also includes a complete copy of the thread count data at the bottom so you can check to see if is an isolated spike or if the entire cluster is undergoing a heavy load.

You can find on my github page.

ADPassMon updated to v1.9.4

This is a  minor update that clarifies the wording in ADPassMon’s Kerberos ticket dialogs. Richard Bezanson (thanks!) suggested the following changes to the dialogs so they would be less confusing to end users.

  • “No Kerberos ticket was found.  Do you want to renew it?” becomes “No Kerberos ticket for Active Directory was found.  Do you want to renew it?”
  • “Enter your password:” becomes “Enter your Active Directory password:”

Download this version here.


Get every new post delivered to your Inbox.

Join 517 other followers