PDA

View Full Version : What does this message mean?



GeoffP
26th June 2009, 06:22 PM
Hi,

Used Migration Assistant to transfer my MacPro details to my new 13" MBP.

My printers were blown away in the transfer, no biggie, ran the Lexmark.dmg and re-installed the drivers, etc.

I cannot finish the install as I have the following box popped up waiting for a user name and password.

Box message:
"Type the name and password of a user in the "_lpadmin" group to allow lpadmin to make changes."

I have tried my user as it is an administrator but no luck.

Kinda stuck right now - would luv some help.

Thanks,
Geoff.

lazydesi
26th June 2009, 08:05 PM
I am not sure about this error,

on other side, some times restarting mac will fix some errors, so try to restart the mac and install drivers

leon
26th June 2009, 08:09 PM
Is the username and password on your Mac Pro the same as the MBP?
If not try typing in the Mac Pro username and password. Seems to me like there is a permissions problem.
Maybe run disk utility and repair permissions then try installing the printer driver again.

davidcolville
26th June 2009, 08:58 PM
Hi,

Used Migration Assistant to transfer my MacPro details to my new 13" MBP.

My printers were blown away in the transfer, no biggie, ran the Lexmark.dmg and re-installed the drivers, etc.

I cannot finish the install as I have the following box popped up waiting for a user name and password.

Box message:
"Type the name and password of a user in the "_lpadmin" group to allow lpadmin to make changes."

I have tried my user as it is an administrator but no luck.

Kinda stuck right now - would luv some help.

Thanks,
Geoff.

Hi Geoff,

There were a few issues with the features that Apple put in place 10.5.7, including one that allows or restricts the addition of printers - it sounds a lot like your installer is trying to add a printer but it's failing.

Can go to the "Go" menu in the Finder. Next, choose "Go to Folder" and type

/etc

in the folder path.

and click "OK"

Open up the file called "authorization" and check if the section that says "system.print.admin" exactly matches the one below:

<key>system.print.admin</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>group</key>
<string>lpadmin</string>
<key>shared</key>
<true/>
</dict>

GeoffP
27th June 2009, 06:23 AM
Thanks keyoptions,

Tried opening the "authorization" file with default textedit but the file will not open.

Then tried opening the "auto_home" file below it with textedit - file opened fine.

Both files are plain text types, so I am thinking there may be a problem with the file itself.

Also, the "authorization" files modified date is this mornings boot time.

davidcolville
27th June 2009, 06:44 AM
If you do "Get Info" on the authorization file - can you check the "permissions" and snapshot them for me?

May be worth doing a Repair permissions as you should be able to at least view that file.

Also - do you have any additional "normal" users on that system? - try making a change in "Parental Controls" in System Preferences- including allowing them to "administer printers"

Thanks
David

davidcolville
27th June 2009, 06:52 AM
...and adding to my own notes:

If you go into a Terminal window (in Applications - Utilities - Terminal) and type:

"id username"

where username is your short name - you'll see that next to your "home" directory.

Can you send me the output?

Mine looks like this:

id dave

uid=501(dave) gid=20(staff) groups=20(staff),98(_lpadmin),81(_appserveradm),79 (_appserverusr),103(com.apple.sharepoint.group.3), 80(admin),102(com.apple.sharepoint.group.2),101(co m.apple.sharepoint.group.1)

Note the 98(_lpadmin)? Members of this group should be able to manage printers.

GeoffP
27th June 2009, 07:12 AM
File Information Screenshot (http://i116.photobucket.com/albums/o40/geoffp_bucket/for%20sale/abc.png) - included a file I can open as well.

Terminal Info:
uid=502(geoffpipprell) gid=20(staff) groups=20(staff),80(admin)

davidcolville
27th June 2009, 07:54 AM
OK I'm concerned you may have more an issue than just this group membership.

However, in the meantime, can you type the following:

sudo dseditgroup -o edit -n . -u geoffpipprell -p -a geoffpipprell -t user _lpadmin


What this is doing is:

(as root) dseditgroup -o edit (edits a group)

-n . (changing the local computer's group list)

-u geoffpipprell (logs in as you)

-p (asks you for your password when it tries)

-a geoffpipprell -t user _lpadmin (adds the item called geoffpipprell, of TYPE user, to the group called _lpadmin)

After this, try to run the Lexmark installer.

and can you also type:

sudo cat /etc/authorization > ~geoffpiprell/Desktop/authorization

sudo cat /etc/sudoers > ~geoffpiprell/Desktop/sudoers

(which will write a copy of these files out to your desktop) - then paste or upload them to the forum?

GeoffP
27th June 2009, 09:20 AM
OK did the first - terminal id shortusername now gives me this:

uid=502(geoffpipprell) gid=20(staff) groups=20(staff),98(_lpadmin),80(admin)

Tried changing share option for printer (which did install even thought I had the lpadmin writes issue)-

BEFORE doing the sudo command, I could not alter the printer sharing option (the lpadmin error box would pop asking for user name and password).

AFTER doing the sudo command, I can now alter the printer sharing option

Command Results:
sudo cat /etc/authorization > ~geoffpiprell/Desktop/authorization
RESULT (NOTE: I had to right click and tell the file to open with TextEdit. Double clicking the authorization file would not open it).
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>comment</key>
<string>The name of the requested right is matched against the keys. An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

allow rule: this is always allowed
&lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;
&lt;string&gt;allow&lt;/string&gt;

deny rule: this is always denied
&lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;
&lt;string&gt;deny&lt;/string&gt;

user rule: successful authentication as a user in the specified group(5) allows the associated right.

The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0. This defaults to false if not specified.

See remaining rules for examples.
</string>
<key>rights</key>
<dict>
<key></key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>Matches otherwise unmatched rights (i.e., is a default).</string>
<key>rule</key>
<string>default</string>
</dict>
<key>com.alf</key>
<dict>
<key>class</key>
<string>rule</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-admin</string>
<string>default</string>
</array>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>com.apple.</key>
<dict>
<key>rule</key>
<string>default</string>
</dict>
<key>com.apple.CoreRAID.admin</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by CoreRAID to allow access to administration functions of RAID devices</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>
<key>com.apple.Safari.parental-controls</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when changing parental controls for Safari.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.apple.activitymonitor.kill</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by Activity Monitor to authorize killing processes not owned by the user.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.apple.appserver.privilege.admin</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For administrative access to the Application Server management tool.</string>
<key>rule</key>
<string>appserver-admin</string>
</dict>
<key>com.apple.appserver.privilege.user</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For user access to the Application Server management tool.</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>appserver-admin</string>
<string>appserver-user</string>
</array>
</dict>
<key>com.apple.builtin.confirm-access</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
<string>builtin:confirm-access</string>
</array>
<key>tries</key>
<integer>1</integer>
</dict>
<key>com.apple.builtin.confirm-access-password</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
<string>builtin:confirm-access-password</string>
</array>
</dict>
<key>com.apple.builtin.generic-new-passphrase</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
<string>builtin:generic-new-passphrase</string>
</array>
</dict>
<key>com.apple.builtin.generic-unlock</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
<string>builtin:generic-unlock</string>
</array>
</dict>
<key>com.apple.dashboard.advisory.allow</key>
<dict>
<key>class</key>
<string>user</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>com.apple.desktopservices</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>For privileged file operations from within the Finder.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.apple.docset.install</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by Xcode to restrict access to a daemon it uses to install and update documentation sets.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>
<key>com.apple.server.admin.streaming</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>For making administrative requests to the QuickTime Streaming Server.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.apple.trust-settings.admin</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>For modifying Trust Settings in the Local Admin domain.</string>
<key>group</key>
<string>admin</string>
</dict>
<key>com.apple.trust-settings.user</key>
<dict>
<key>comment</key>
<string>For modifying per-user Trust Settings.</string>
<key>rule</key>
<string>authenticate-session-owner</string>
</dict>
<key>com.cocoatech.cocoatechSecurity.copyMoveFiles</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Copy/Move</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.createFiles</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Create</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>60</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.customIcon</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Custom Icon</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.default</key>
<dict>
<key>default-prompt</key>
<dict>
<key></key>
<string>Default Right</string>
</dict>
<key>rule</key>
<string>allow</string>
<key>shared</key>
<false/>
</dict>
<key>com.cocoatech.cocoatechSecurity.deleteFiles</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Delete</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.launchAsRoot</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Launch</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>60</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.makeAlias</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Make Alias</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>60</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.networkSniffer</key>
<dict>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Packet Sniffer</string>
</dict>
<key>rule</key>
<string>allow</string>
<key>shared</key>
<false/>
</dict>
<key>com.cocoatech.cocoatechSecurity.rename</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Rename</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.setFileAttributes</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Set Attributes</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>60</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.trashFiles</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated Trash</string>
</dict>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>com.cocoatech.cocoatechSecurity.vsdbutil</key>
<dict>
<key>default-prompt</key>
<dict>
<key></key>
<string>Authenticated vsdbutil</string>
</dict>
<key>rule</key>
<string>allow</string>
<key>shared</key>
<false/>
</dict>
<key>config.add.</key>
<dict>
<key>class</key>
<string>allow</string>
<key>comment</key>
<string>Wildcard right for adding rights. Anyone is allowed to add any (non-wildcard) rights.</string>
</dict>
<key>config.config.</key>
<dict>
<key>class</key>
<string>deny</string>
<key>comment</key>
<string>Wildcard right for any change to meta-rights for db modification. Not allowed programmatically (just edit this file).</string>
</dict>
<key>config.modify.</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>Wildcard right for modifying rights. Admins are allowed to modify any (non-wildcard) rights. Root does not require authentication.</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-root</string>
<string>authenticate-admin</string>
</array>
</dict>
<key>config.remove.</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>Wildcard right for deleting rights. Admins are allowed to delete any (non-wildcard) rights. Root does not require authentication.</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-root</string>
<string>authenticate-admin</string>
</array>
</dict>
<key>config.remove.system.</key>
<dict>
<key>class</key>
<string>deny</string>
<key>comment</key>
<string>Wildcard right for deleting system rights.</string>
</dict>
<key>sys.openfile.</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>See authopen(1) for information on the use of this right.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.</key>
<dict>
<key>rule</key>
<string>default</string>
</dict>
<key>system.burn</key>
<dict>
<key>class</key>
<string>allow</string>
<key>comment</key>
<string>For burning media.</string>
</dict>
<key>system.device.dvd.setregion.initial</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by the DVD player to set the region code the first time. Note that changing the region code after it has been set requires a different right (system.device.dvd.setregion.change).</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
</dict>
<key>system.global-login-items.</key>
<dict>
<key>class</key>
<string>rule</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-admin</string>
<string>default</string>
</array>
</dict>
<key>system.identity.write.</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For creating, changing or deleting local user accounts and groups.</string>
<key>k-of-n</key>
<integer>1</integer>
<key>rule</key>
<array>
<string>is-admin</string>
<string>authenticate-admin</string>
</array>
</dict>
<key>system.identity.write.credential</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>Checked when changing authentication credentials (password or certificate) for a local user account.</string>
<key>rule</key>
<string>default</string>
</dict>
<key>system.identity.write.self</key>
<dict>
<key>authenticate-user</key>
<false/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when changing authentication credentials (password or certificate) for the current user's account.</string>
<key>session-owner</key>
<true/>
</dict>
<key>system.install.admin.user</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when user is installing in admin domain (/Applications).</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.install.root.admin</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when admin is installing in root domain (/System).</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.install.root.user</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when user is installing in root domain (/System).</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.keychain.create.loginkc</key>
<dict>
<key>allow-root</key>
<false/>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>comment</key>
<string>Used by the Security framework when you add an item to an unconfigured default keychain.</string>
<key>mechanisms</key>
<array>
<string>loginKC:queryCreate</string>
<string>loginKC:showPasswordUI</string>
<string>authinternal</string>
</array>
<key>session-owner</key>
<true/>
<key>shared</key>
<false/>
</dict>
<key>system.keychain.modify</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by Keychain Access when editing a system keychain.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.login.console</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>comment</key>
<string>Login mechanism based rule. Not for general use, yet.</string>
<key>mechanisms</key>
<array>
<string>builtin:smartcard-sniffer,privileged</string>
<string>loginwindow:login</string>
<string>builtin:reset-password,privileged</string>
<string>builtin:auto-login,privileged</string>
<string>builtin:authenticate,privileged</string>
<string>HomeDirMechanism:login,privileged</string>
<string>HomeDirMechanism:status</string>
<string>MCXMechanism:login</string>
<string>loginwindow:success</string>
<string>loginwindow:done</string>
</array>
</dict>
<key>system.login.done</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array/>
</dict>
<key>system.login.screensaver</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>The owner or any administrator can unlock the screensaver.</string>
<key>rule</key>
<string>authenticate-session-owner-or-admin</string>
</dict>
<key>system.login.tty</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
<string>push_hints_to_context</string>
<string>authinternal</string>
</array>
<key>tries</key>
<integer>1</integer>
</dict>
<key>system.preferences</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked by the Admin framework when making changes to certain System Preferences.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
</dict>
<key>system.preferences.accessibility</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked by the Admin framework when enabling or disabling the Accessibility APIs.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>system.preferences.accounts</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked by the Admin framework when making changes to the Accounts preference pane.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>
<key>system.preferences.parental-controls</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when making changes to the Parental Controls preference pane.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
</dict>
<key>system.print.admin</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>group</key>
<string>_lpadmin</string>
<key>shared</key>
<true/>
</dict>
<key>system.printingmanager</key>
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For printing to locked printers.</string>
<key>rule</key>
<string>authenticate-admin</string>
</dict>
<key>system.privilege.admin</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by AuthorizationExecuteWithPrivileges(...).
AuthorizationExecuteWithPrivileges() is used by programs requesting
to run a tool as root (e.g., some installers).</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<false/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.privilege.taskport</key>
<dict>
<key>allow-root</key>
<false/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Used by task_for_pid(...).
Task_for_pid is called by programs requesting full control over another program
for things like debugging or performance analysis. This authorization only applies
if the requesting and target programs are run by the same user; it will never
authorize access to the program of another user.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
</dict>
<key>system.restart</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>comment</key>
<string>Checked if the foreground console user tries to restart the system while other users are logged in via fast-user switching.</string>
<key>mechanisms</key>
<array>
<string>RestartAuthorization:restart</string>
<string>RestartAuthorization:authenticate</string>
<string>RestartAuthorization:success</string>
</array>
</dict>
<key>system.services.directory.configure</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>For making Directory Services changes.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>system.sharepoints.</key>
<dict>
<key>allow-root</key>
<true/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Checked when making changes to the Sharepoints.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
</dict>
<key>system.shutdown</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>comment</key>
<string>Checked if the foreground console user tries to shut down the system while other users are logged in via fast-user switching.</string>
<key>mechanisms</key>
<array>
<string>RestartAuthorization:shutdown</string>
<string>RestartAuthorization:authenticate</string>
<string>RestartAuthorization:success</string>
</array>
</dict>
</dict>
<key>rules</key>
<dict>
<key>allow</key>
<dict>
<key>class</key>
<string>allow</string>
<key>comment</key>
<string>Allow anyone.</string>
</dict>
<key>appserver-admin</key>
<dict>
<key>class</key>
<string>user</string>
<key>group</key>
<string>appserveradm</string>
</dict>
<key>appserver-user</key>
<dict>
<key>class</key>
<string>user</string>
<key>group</key>
<string>appserverusr</string>
</dict>
<key>authenticate</key>
<dict>
<key>class</key>
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
<string>builtin:smartcard-sniffer,privileged</string>
<string>builtin:authenticate</string>
<string>builtin:authenticate,privileged</string>
</array>
</dict>
<key>authenticate-admin</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Authenticate as an administrator.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
<key>timeout</key>
<integer>0</integer>
</dict>
<key>authenticate-session-owner</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Authenticate as the session owner.</string>
<key>session-owner</key>
<true/>
</dict>
<key>authenticate-session-owner-or-admin</key>
<dict>
<key>allow-root</key>
<false/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Authenticate either as the owner or as an administrator.</string>
<key>group</key>
<string>admin</string>
<key>session-owner</key>
<true/>
<key>shared</key>
<false/>
</dict>
<key>default</key>
<dict>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Default rule.
Credentials remain valid for 5 minutes after they've been obtained.
An acquired credential is shared by all clients.
</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<true/>
<key>timeout</key>
<integer>300</integer>
</dict>
<key>is-admin</key>
<dict>
<key>authenticate-user</key>
<false/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Verify that the user asking for authorization is an administrator.</string>
<key>group</key>
<string>admin</string>
<key>shared</key>
<string>true</string>
</dict>
<key>is-root</key>
<dict>
<key>allow-root</key>
<true/>
<key>authenticate-user</key>
<false/>
<key>class</key>
<string>user</string>
<key>comment</key>
<string>Verify that the process that created this AuthorizationRef is running as root.</string>
</dict>
</dict>
</dict>
</plist>


sudo cat /etc/sudoers > ~geoffpiprell/Desktop/sudoers
RESULT (NOTE: This file opened in TextEdit when double clicked).
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now

ClockWork
27th June 2009, 10:18 AM
I love it! Leopard 10.5.7 is so User friendly!

Open Terminal. Copy / paste:

dseditgroup -o edit -p -a admin -t group _lpadmin

and hit your return key on your keyboard.

Failing this and not wanting anymore complexities, it may be time to try switching User Accounts, by creating a new one in System Preferences... click on Accounts icon, unlock Padlock icon, type in Password, click the [+] button above the Padlock, and creating an entirely New Account, with Administration rights.

Switch over to that new User Account, and start again, beginning with your former iTunes problem, and then installing Lexmark Printer Driver.

cw

Make it simple.

GeoffP
27th June 2009, 10:51 AM
OK, doing this command "
sudo dseditgroup -o edit -n . -u geoffpipprell -p -a geoffpipprell -t user _lpadmin" has solved my printer problems.

Not going to create a new user as I then have to reconfigure it again - I thought Migration Assistant would have worked properly.

So, I can print, that'll do OS X, that'll do.

ClockWork
27th June 2009, 10:53 AM
Don't trust the Migration Assistant.

Best to pull across everything yourself.

More is less.

davidcolville
27th June 2009, 02:17 PM
Hi Geoff,
This now looks fine -the authorizations looks to have been setup correctly.

Hope this is working OK for you, and don't hesitate to iChat/DM me if I can help further.

As a matter of interest - was your old Mac 10.5.6 or 10.5.7?

------

David Colville

GeoffP
27th June 2009, 06:28 PM
Don't trust the Migration Assistant.
Best to pull across everything yourself.[/I]

Well that sucks - I thought Migration Assistant would have been a bit more bullet proof - Oh well, you live and learn...


Hi Geoff,
This now looks fine -the authorizations looks to have been setup correctly.

Hope this is working OK for you, and don't hesitate to iChat/DM me if I can help further.

As a matter of interest - was your old Mac 10.5.6 or 10.5.7?

MacPro was 10.5.7

Anyway, many thanks for all your help - seems to have settled the beast down a little.

Now all I need to do is sell by INCREDIBLY fast MacPro.....