Sharepoint 2010 not rendering in Safari

Today I had to troubleshoot an issue where a user was not able to use a website with Safari. When the user browsed the website the dropdown menus and buttons were not rendering.

This the look of the menu when the issue appears

error

While digging to find the root cause and a fix I realised that the problem wasn’t just with Safari 8. All these versions of Safari appeared to have the issue:

  • Safari 8.0
  • Safari 7.1
  • Safari 6.1
  • Safari on iOS 8

After some googling I found this thread in StackExchange were they clearly explain the reason and a fix.

Turns out Microsoft messed up a regular expression in their mozilla.browser definition file. The current Safaris are using the WebKit core version 600.xyz and Microsoft used “60” to match older versions of Safari. Therefore the server incorrectly identifies the browser as an old version and disables AJAX-Extensions.

You can verify that this is the cause by enabling the developer menu in Safari and changing the user agent to something other that …600…

For example this

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/610.1.25 (KHTML, like Gecko) Version/8.0 Safari/610.1.25

As for the server fix, the file that contains this error is located at

C:\Windows\Microsoft.NET\Framework\<version>\CONFIG\Browsers\mozilla.browser

and probably at here too

C:\Windows\Microsoft.NET\Framework64\<version>\CONFIG\Browsers\mozilla.browser

What you can do is add a dollar sign (end of line) just after the 60

<capability name="appleWebTechnologyVersion" match="60$" />

Once that is done on the server, the same website renders just fine in all the browsers mentioned above :)

working

Posted in IT and stuff Tagged with: , , , , , ,

Shellsock patching for Munki admins

On the night of September 29th Apple released three updates for the latest versions of OS X to fix the famous Shellshock vulnerability.

As soon as it was released all the Mac admins started to inform tell each other (as always thanks for the heads up!) and one of the most common responses I read in twitter and IRC was

“oh! but I don’t see it in my SUS. Is it not a security update?”

Short and straight answer is

“No. deal with it”

So as soon as I got on hold of the packages, I imported them into my Munki and started to apply the fix, which doesn’t even require a restart and you can install silently with no undesired effects (to my knowledge).

Here my three pkginfos

BashUpdateLion-1.0.1.1306847324.pkginfo

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>autoremove</key>
	<false/>
	<key>unattended_install</key>
	<true/>
	<key>catalogs</key>
	<array>
		<string>common</string>
	</array>
	<key>category</key>
	<string>Business</string>
	<key>description</key>
	<string>This update fixes a security flaw in the bash UNIX shell.

For more information on the security content of this update, see http://support.apple.com/kb/HT1222.</string>
	<key>developer</key>
	<string>Apple</string>
	<key>display_name</key>
	<string>OS X bash Update</string>
	<key>icon_name</key>
	<string>Generic.png</string>
	<key>installed_size</key>
	<integer>3906</integer>
	<key>installer_item_hash</key>
	<string>7d90d7a70fdfe7464207345848377b3a2f5df1067a89cac7ce0abc5ff0003c52</string>
	<key>installer_item_location</key>
	<string>Apple/BashUpdateLion-1.0.1.1306847324.pkg</string>
	<key>installer_item_size</key>
	<integer>3310</integer>
	<key>minimum_os_version</key>
	<string>10.7.5</string>
	<key>name</key>
	<string>BashUpdateLion</string>
	<key>receipts</key>
	<array>
		<dict>
			<key>installed_size</key>
			<integer>6010</integer>
			<key>packageid</key>
			<string>com.apple.pkg.update.os.bash.lion.1.0.163-3</string>
			<key>version</key>
			<string>1.0.1.1306847324</string>
		</dict>
	</array>
	<key>uninstall_method</key>
	<string>removepackages</string>
	<key>uninstallable</key>
	<false/>
	<key>version</key>
	<string>1.0.1.1306847324</string>
</dict>
</plist>

BashUpdateMountainLion-1.0.0.0.1.1306847324.pkginfo

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>autoremove</key>
	<false/>
	<key>unattended_install</key>
	<true/>
	<key>catalogs</key>
	<array>
		<string>common</string>
	</array>
	<key>category</key>
	<string>Business</string>
	<key>description</key>
	<string>This update fixes a security flaw in the bash UNIX shell.

For more information on the security content of this update, see http://support.apple.com/kb/HT1222.</string>
	<key>developer</key>
	<string>Apple</string>
	<key>display_name</key>
	<string>OS X bash Update</string>
	<key>icon_name</key>
	<string>Generic.png</string>
	<key>installed_size</key>
	<integer>3859</integer>
	<key>installer_item_hash</key>
	<string>d5d12742d1e1ca6e46842467fcf503a824f8abcb4e460a1f33fbfd8a5c7ece52</string>
	<key>installer_item_location</key>
	<string>Apple/BashUpdateMountainLion-1.0.0.0.1.1306847324.pkg</string>
	<key>installer_item_size</key>
	<integer>3182</integer>
	<key>minimum_os_version</key>
	<string>10.8.5</string>
	<key>name</key>
	<string>BashUpdateMountainLion</string>
	<key>receipts</key>
	<array>
		<dict>
			<key>installed_size</key>
			<integer>5938</integer>
			<key>packageid</key>
			<string>com.apple.pkg.update.os.bash.mountainlion.1.0.58.0.30-3</string>
			<key>version</key>
			<string>1.0.0.0.1.1306847324</string>
		</dict>
	</array>
	<key>uninstall_method</key>
	<string>removepackages</string>
	<key>uninstallable</key>
	<false/>
	<key>version</key>
	<string>1.0.0.0.1.1306847324</string>
</dict>
</plist>

BashUpdateMavericks-1.0.0.0.1.1306847324.pkginfo

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>autoremove</key>
	<false/>
	<key>unattended_install</key>
	<true/>
	<key>catalogs</key>
	<array>
		<string>common</string>
	</array>
	<key>category</key>
	<string>Business</string>
	<key>description</key>
	<string>This update fixes a security flaw in the bash UNIX shell.

For more information on the security content of this update, see http://support.apple.com/kb/HT1222.</string>
	<key>developer</key>
	<string>Apple</string>
	<key>display_name</key>
	<string>OS X bash Update</string>
	<key>icon_name</key>
	<string>Generic.png</string>
	<key>installed_size</key>
	<integer>3724</integer>
	<key>installer_item_hash</key>
	<string>1ec1d1644e1e023cd75d43cfc872f83b2e7ec0b042a05e2c109305252864da42</string>
	<key>installer_item_location</key>
	<string>Apple/BashUpdateMavericks-1.0.0.0.1.1306847324.pkg</string>
	<key>installer_item_size</key>
	<integer>3231</integer>
	<key>minimum_os_version</key>
	<string>10.9.5</string>
	<key>name</key>
	<string>BashUpdateMavericks</string>
	<key>receipts</key>
	<array>
		<dict>
			<key>installed_size</key>
			<integer>5730</integer>
			<key>packageid</key>
			<string>com.apple.pkg.update.os.bash.mavericks.1.0.2.1.15.24-3</string>
			<key>version</key>
			<string>1.0.0.0.1.1306847324</string>
		</dict>
	</array>
	<key>uninstall_method</key>
	<string>removepackages</string>
	<key>uninstallable</key>
	<false/>
	<key>version</key>
	<string>1.0.0.0.1.1306847324</string>
</dict>
</plist>

Then this would go in the specific(s) manifest

	<key>conditional_items</key>
	<array>
		<dict>
			<key>condition</key>
			<string>os_vers == "10.7.5"</string>
			<key>managed_installs</key>
			<array>
				<string>BashUpdateLion</string>
			</array>
		</dict>
		<dict>
			<key>condition</key>
			<string>os_vers == "10.8.5"</string>
			<key>managed_installs</key>
			<array>
				<string>BashUpdateMountainLion</string>
			</array>
		</dict>
		<dict>
			<key>condition</key>
			<string>os_vers == "10.9.5"</string>
			<key>managed_installs</key>
			<array>
				<string>BashUpdateMavericks</string>
			</array>
		</dict>
	</array>

With these, so far after more than a thousand systems have been patched I have not heard any complain, even if they had the terminal open :)

PS: There is one thing that can potentially go wrong with these. If Apple decides to release a cumulative security patch, if that patch does not increase the system version, if your systems get that cumulative patch _before_ this bash update, and if this bash updates fail to install due to the system being already up-to-date and the pkg receipt does not stick in the clients… that would make your Munki clients report install failures and loop trying to install them again and again.

It is unlikely, but can happen. So make sure you review this if the day comes

 

Posted in IT and stuff Tagged with: , , , , ,

Get prompted when connecting to a shared folder

I am posting this because it doesn’t look like it is widely, or widely enough, known.

When you are bound to directory service like Active Directory, and you try to connect to a shared folder on a kerberized server/computer, in the background you computer gets a ticket and tries to authenticate to gain access. In OS X if this fails you don’t get prompted to enter a valid set of credentials and an error message is presented.

The error reads something like:

There was a problem connecting to the server “server1.nbalonso.com”

You do not have permission to access this server.

error

The Windows folks are used to this. They usually go to PC, map network drive, use different credentials.

But when they have to do it on a Mac… they have no clue!

Well here is how to do it.

Go to Finder–> Go –> Connect to Server (or (⌘) + K)

And enter the server details with this format:

smb://username:*@server1.nbalonso.com

This way you will force the connection to use a different set of credentials and prompt you for the password.

You could replace the asterisk with the actual password to avoid even get asked for it, but is not a good practice to type your password in places other than password boxes.

At the same time you could  replace the username with an asterisk to force it to prompt you also for that. So this is also valid and will prompt you for both in an AFP connection:

afp://*:*@server1.nbalonso.com

Posted in IT and stuff Tagged with: , , , , , ,