This is a minor update. The optional password policy reminder dialog box’s button is now configurable. It defaults to “OK”. Set the text with the following command:
defaults write org.pmbuko.ADPassMon pwPolicyButton "I understand"
Grab the new version here.
- Added “Use KerbMinder” menu item so user can control whether it runs. The menu item is only visible if KerbMinder is installed.
- Fixed a first run bug that prevented ADPassMon from saving the password set date to its plist
Download ADPassMon v1.10.0 here.
KerbMinder is a tool for Mac OS X that keeps a logged-in user’s Kerberos ticket current by attempting to renew or refresh it automatically any time the network state changes. It only presents a UI if it needs the user to supply a password.
Please visit my KerbMinder info page or my KerbMinder github repo to learn more about it and how it works.
- ADPassMon now requires OS X 10.8. (ADPassMon v1.9 is still available for 10.6 and 10.7)
- It now detects if a password is set to never expire and halts further checking. The menu will display ‘[–]‘ in this case. (Thanks to Luis Giraldo for pointing out this oversight on GitHub.)
- Some log entries were removed and others were slightly modified
- Replaced “Quit ADPassMon” in menu with “Exit”
Download version 1.9.8 here.
This version fixes a bug that caused ADPassMon to fail when a Mac’s language settings use a decimal separator other than a period. Thank you to Adrian Milz of Germany for pointing it out to me.
I have also decided to distribute the application with a simple zip archive rather than a dmg from now on.
Download version 1.9.7 here.
I attended the 2014 Penn State University Mac Admins Conference this year as a speaker and gave a talk today titled Shell Building Blocks. Here’s a link to my talk’s companion github repo, as well as the slides in PDF and original Keynote format.
Slides: PDF | Keynote
This version fixes an issue where the “Change Password” and “Refresh Kerberos Ticket” menu items would be grayed out incorrectly. ADPassMon is supposed to only disable these options if the AD domain cannot be reached. I was doing a simple number comparison between two values, but had far too much precision and clock drift would throw it off. I now use fewer significant digits in the comparison.
Download ADPassMon v1.9.6 here.
(You may have notices I’ve seemingly skipped 1.9.5. It was a quiet release of 1.9.5 that introduced a bug, so I pulled it.)
A little over a month ago, a fellow from the UK contacted me about adding a few features to ADPassMon. We sent a some emails back and forth and he decided to fork my ADPassMon github repo and take a stab at modifying my code himself. He has just released his project as ADPassMon v2. I gave him a few pointers along the way, but all new features that differentiate it from my project are entirely his own work. I’m frankly impressed with how quickly he was able to wrap his head around AppleScript ObjC and achieve his feature goals.
If you are a current ADPassMon user, I encourage you to take a look at his detailed write-up and see if his fork will fit your environment better.
Here at [my workplace] we recently noticed that some of the nodes in our Isilon storage cluster were reaching their NFS thread limit. I won’t go into why that’s a bad thing or the reasons it was occurring, but we quickly realized it was something we should be monitoring closely. To see the current NFS thread counts on all nodes in your Isilon cluster, you use the following command:
isi_for_array -s sysctl vfs.nfsrv.rpc.threads_alloc_current
This returns something like the following:
dm11-1: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-2: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-3: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-4: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-5: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-6: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-7: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-8: vfs.nfsrv.rpc.threads_alloc_current: 16
dm11-9: vfs.nfsrv.rpc.threads_alloc_current: 16
The first column gives you the node name and the last column gives you the current thread count. With few connections, the numbers on the left will be low. Our nodes are set with a 16 thread minimum. As more clients connect to a given node, more threads are spawned as needed to service them.
Running this command manually every once in a while is obviously less than ideal. Since Isilon nodes run an OS based on FreeBSD and python is available on them, I wrote a python script called ‘nfs_watcher.py‘ to monitor the thread counts for me. The script lives in /root on one of the nodes in the cluster and runs every 5 minutes via a cron entry in /etc/local/crontab.local on the same node.
When the script runs, it checks to see if any of the nodes is at or exceeding our warning threshold (70% of the max thread count of 256). The script sends an alert email (via smtp/sendmail) if at least one node has hit the warning threshold. Nodes beyond the threshold are identified at the top of the message in a line that starts “WARN” or “CRIT” followed my the node’s name and thread count. The email alert also includes a complete copy of the thread count data at the bottom so you can check to see if is an isolated spike or if the entire cluster is undergoing a heavy load.
You can find nfs_watcher.py on my github page.
This is a minor update that clarifies the wording in ADPassMon’s Kerberos ticket dialogs. Richard Bezanson (thanks!) suggested the following changes to the dialogs so they would be less confusing to end users.
- “No Kerberos ticket was found. Do you want to renew it?” becomes “No Kerberos ticket for Active Directory was found. Do you want to renew it?”
- “Enter your password:” becomes “Enter your Active Directory password:”
Download this version here.