Problems with Administrator login for 10.7 imaged macs

In the computer suites with 10.7 image machines I'm having a problem with the administrator account. When I login as the local administrator UID 501 I have no access to any of this users home folders, inluding the ~/Library folder. Having a look at the permissions shows that administrator is the owner with read-write permissions. Typing in the command:
sudo chown -R $USER ~$USER

Comes up with:
Folder does not exist

but typing in:
sudo chown -R $USER ~/Users/administrator


Administrators-iMac-49:~ administrator$ id -u $USER
501
Administrators-iMac-49:~ administrator$ ls -Al
total 64
-rw-------   1 administrator  staff      3  5 Jul  2012 .CFUserTextEncoding
-rw-r--r--@  1 administrator  staff  12292 10 Jul  2012 .DS_Store
drwxr-xr-x   4 administrator  staff    136  6 Jul  2012 .adobe
-rw-------   1 administrator  staff   3357 12 Jul  2012 .bash_history
-rwxrwxrwx@  1 administrator  staff     30  6 Jul  2012 .fgufohsrc
-rw-r--r--@  1 administrator  staff     17  6 Jul  2012 .sewtzsfn
drwxr-xr-x   2 administrator  staff     68  6 Jul  2012 Applications
drwx------+  5 administrator  staff    170 15 Oct 15:40 Desktop
drwx------+  7 administrator  staff    238  9 Jul  2012 Documents
drwx------+  6 administrator  staff    204 10 Jul  2012 Downloads
drwx------+ 39 administrator  staff   1326  9 Jul  2012 Library
drwx------+  3 administrator  staff    102  5 Jul  2012 Movies
drwx------+  4 administrator  staff    136  9 Jul  2012 Music
drwx------+  5 administrator  staff    170  6 Jul  2012 Pictures
drwxr-xr-x+  5 administrator  staff    170  5 Jul  2012 Public
lrwxr-xr-x   1 administrator  staff     63 12 Jul  2012 Send Registration -> /Users/administrator/Library/Assistants/Send Registration.setup
Administrators-iMac-49:~ administrator$ sudo chown -R $USER ~
Password:
Administrators-iMac-49:~ administrator$ ls -Al
total 64
-rw-------   1 administrator  staff      3  5 Jul  2012 .CFUserTextEncoding
-rw-r--r--@  1 administrator  staff  12292 10 Jul  2012 .DS_Store
drwxr-xr-x   4 administrator  staff    136  6 Jul  2012 .adobe
-rw-------   1 administrator  staff   3357 12 Jul  2012 .bash_history
-rwxrwxrwx@  1 administrator  staff     30  6 Jul  2012 .fgufohsrc
-rw-r--r--@  1 administrator  staff     17  6 Jul  2012 .sewtzsfn
drwxr-xr-x   2 administrator  staff     68  6 Jul  2012 Applications
drwx------+  5 administrator  staff    170 15 Oct 15:40 Desktop
drwx------+  7 administrator  staff    238  9 Jul  2012 Documents
drwx------+  6 administrator  staff    204 10 Jul  2012 Downloads
drwx------@ 39 administrator  staff   1326  9 Jul  2012 Library
drwx------+  3 administrator  staff    102  5 Jul  2012 Movies
drwx------+  4 administrator  staff    136  9 Jul  2012 Music
drwx------+  5 administrator  staff    170  6 Jul  2012 Pictures
drwxr-xr-x+  5 administrator  staff    170  5 Jul  2012 Public
lrwxr-xr-x   1 administrator  staff     63 12 Jul  2012 Send Registration -> /Users/administrator/Library/Assistants/Send Registration.setup


fixes the problem. Logging out and back in again randomly recreates the problem. It's as though there are two administrators with different UID's and it's random which one it logs in with. There is the possibility that there is a networked account. Next I shall switch off networked accounts and log in.

Just used the ls command which lists the UID instead of username:
ls -n
total 8
drwxr-xr-x   2 1414341556  20    68  6 Jul  2012 Applications
drwx------+  5 1414341556  20   170 15 Oct 15:40 Desktop
drwx------+  7 1414341556  20   238  9 Jul  2012 Documents
drwx------+  6 1414341556  20   204 10 Jul  2012 Downloads
drwx------+ 39 1414341556  20  1326  9 Jul  2012 Library
drwx------+  3 1414341556  20   102  5 Jul  2012 Movies
drwx------+  4 1414341556  20   136  9 Jul  2012 Music
drwx------+  5 1414341556  20   170  6 Jul  2012 Pictures
drwxr-xr-x+  5 1414341556  20   170  5 Jul  2012 Public
lrwxr-xr-x   1 1414341556  20    63 12 Jul  2012 Send Registration -> /Users/administrator/Library/Assistants/Send Registration.setup
Administrators-iMac-75:~ administrator$

Sorted, it simply thinks that there is an administrator account with UID 1414341556


Administrators-iMac-75:~ administrator$ id -u $USER
501
Administrators-iMac-75:~ administrator$

I have now run the command:
chown -R 501 /Users/administrator

I have yet to find a re-occurrence.

------------------- march 2014

well, I found a re-occurrence. I ended up renaming the administrator account to:

administratorb

Cheers

Deleting 'forced' local home folders created from OS X 10.7 Active Directory Logins

When users log in to the apple macs at the college it creates a local home on the machine to save preferences and files, and mounts their home drive too.

After a year these fill up. After a few searches and researches, looks like the easiest way is to write a script which deletes all folders except certain ones. Looks like you can use the 'find' command. Found a good example here:

find . -maxdepth 1 -not -name 'filename.gif' -iname '*.gif' -delete

Here's the man page for find

So, I don't want to delete the folders:
Guest
Shared
administrator
media

So:

find . -maxdepth 1 -not -name 'Guest' -not -name 'Shared' -not -name 'administrator' -not -name 'media' -name '*' -delete

I tried '*.*' but it only then deletes files with '.' in them, not folders. '*' selects everything including folders

Actually, I found here that the slightly better way to do it was to use the -exec rm instead of -delete. This then tells you which directories were actually deleted:

find /Users/Shared -maxdepth 1 -mindepth 1 -not -name 'administrator' -not -name 'Guest' -not -name 'Shared' -not -name 'media' -exec rm -Rvf {} \;

The -mindepth 1 option makes sure it doesn't delete the parent directory.

A longer term solution would be to delete these folders on logout, so the students and staff could get used to not relying on these folders.

Windows 7 connecting to Xserver OS X 10.4 probs

Whenever I try to connect to the smb share on the xserver from a windows 7 computer I am unable to authenticate. But I can from Windows XP and Windows 8!

After a quick look I found this helpful post page, specifically the 'Setspn' command. Digging more into it, there is a link which I think is to this page (outdated links). Do a search on this page for "Setspn" and you'll find it detailed there.

It looks like an authentication issue with Kerberos, where it then looks at using NTLMv2 to authenticate.

To solve the problem looks like you need to change the protocol Windows vista and 7 use back to either Kerberos or NTLMv1. To do this, type from the machine:

1. Click Start.
2. Type secpol.msc in the search box and press Enter.
3. Windows Vista will display a warning message; click Continue.
4. Windows Vista's Local Security Policy console will appear. Highlight Local Policies.
5. Double-click Security Options.
6. Scroll down to the Network Security: LAN Manager Authentication Level policy entry and double-click it.
7. Change the value from the default setting of Send NTLMv2 Response Only to Send LM & NTLM -- Use NTLMv2 Session Security If Negotiated, then click OK. (Figure J).
8. Close the Local Security Policy console.

I have yet to try this. But will do in the near future.

Or follow this:

C:\ setpn -L yourserver

This gets you a list of the service principals assigned to that computer record:

• xgrid/yourserver.example.com
• vpn/yourserver.example.com
• ipp/yourserver.example.com
• xmpp/yourserver.example.com
• cifs/yourserver.example.com
• host/yourserver.example.com
• smtp/yourserver.example.com
• HTTP/yourserver.example.com
• pop/yourserver.example.com
• imap/yourserver.example.com
• ftp/yourserver.example.com
• afpserver/yourserver.example.com

To add the appropriate record:

C:\setpn -A cifs/yourserver yourserver

This gets you:

• cifs/yourserver
• xgrid/yourserver.example.com
• vpn/yourserver.example.com
• ipp/yourserver.example.com
• xmpp/yourserver.example.com
• cifs/yourserver.example.com
• host/yourserver.example.com
• smtp/yourserver.example.com
• HTTP/yourserver.example.com
• pop/yourserver.example.com
• imap/yourserver.example.com
• ftp/yourserver.example.com
• afpserver/yourserver.example.com

No Windows installed in this Computer Suite sign

Thought I'd share this with everyone. Change as you see fit.

No Windows. Windows is not installed in this computer suite

Here's a link to the pdf of it.

Let me know if you use it. Cheers!