SWY's technical notes

Relevant mostly to OS X admins

Repackaging SonicWall NetExtender.

One of the projects I’m starting in early 2013 is to get all of the OS X machines I manage at work on Mountain Lion. In my upgrade testing, I found that a machine upgraded from 10.6 would not properly run the NetExtender VPN client from SonicWall- on first use, a user would get interrupted with this alert in a log window:

01/28/2013 12:55:00.545 [general fatal     508] FATAL: You don't have permission to read/execute '/etc/ppp/peers'
01/28/2013 12:55:00.546 [general error     508] pppd permissions are invalid
01/28/2013 12:55:00.554 [gui     info      508] Failed to connect - check log for details

I can’t expect my users to tweak permissions on /etc/ppp/peers, and through previous upgrades, I’d also become aware that the NetExtender releases through 6.0.726 have DNS issues under Mountain Lion, so I also I needed to both upgrade, and tweak ppp permissions.

At first, the upgrade side would look simple, NetExtender installer provides an app to drop into /Applications.  But if one only does that, they get this dialog on first launch:

Screen Shot 2013-01-28 at 1.01.02 PM

That’s not going to fly for my non-admin users (nor should I expect my admins to do this), so I turned to JAMF’s Composer to repackage. The process was pretty simple- I copied the latest NetExtender .dmg and Composer to a basic OS X build, which had never had NetExtender installed. I copied NetExtender to the Applications folder, then started Composer, selecting a new Snapshot, by monitoring file system changes.

Screen Shot 2013-01-27 at 8.22.23 PM

After starting up the monitoring, I started up NetExtender, provided the expected authentication, let it connect, and then ended the Composer capture. The capture then only needed a little tweaking to omit the changes to my home directory that had been noted, and created via Build as PKG.

With a package built, I could then turn my attention to avoiding the pppd permissions error. Since I install most of my software via munki, it was easy to add that as a postflight script.

chmod u+s /usr/sbin/pppd
exit 0

My 10.6 to 10.8 upgrades are running a number of steps via a second DeployStudio workflow, done after the install, as we’re changing machine naming and AD bind conventions, doing a Profile Manager enrollment, and many other steps. To force a reinstall of NetExtender, I added a DS “generic” workflow step that includes rm -r /Applications/NetExtender.app, and touch /Users/Shared/ .com.googlecode.munki.checkandinstallatstartup file, forcing Munki to see that NetExtender is absent, and run the installer again to adjust the permissions.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: