Tuesday, May 13, 2008

Mac OS X, parental controls and disabled network

This is kind of an off-topic posting as this doesn't have anything to do with the "standard" mobile issues. Nevertheless, I still feel this must be documented somewhere because I guess my kids are not the only ones who can't go online because of this bug/feature.

If you don't use Macs and/or you don't use parental controls you can ignore these notes.

Setup
Mac computer running Mac OS 10.5.2 with user accounts that have parental controls enabled.

Problem
Suddenly network connection ceased to work with accounts that have parental controls enabled. Network works OK for other user accounts.

What changed when problem occurred 
I got a new xDSL modem box from by network operator.

What has happened? 
Warning, nerdy stuff will follow!

When I investigated this issue I understood that web content filtering is done by Apache proxy server that gets started if user account has parental controls enabled, regardless of the web content filtering setting. In this case Apache proxy failed to start, effectively disabling all network connections for users under parental control. From console listing I found entries like "com.apple.familycontrols: httpd not running". From apache2 log I found etnries like "nodename nor servname provided, or not known: mod_unique_id: unable to find IPv4 address of "Macintosh", which indicates a problem that prevents Apache from starting. My guess is that mod_unique_id tries to do reverse DNS request to my new xDSL modem and that fails to give valid response; hence Apache doesn't get unique identity and quits. Discussion about the same issue can be found from Apple's support site. More info about mod_unique_id is here.

How to fix this?

Warning: messing around with root identity is potentially dangerous and you can do bad things if you are not careful!

Open terminal window and gain root identity by giving command
sudo su -
and give your password when prompted to do so.

Then change to another directory by giving command 
cd /Library/Application Support/Apple/ParentalControls/ContentFiltering/

From that directory edit file httpd.conf with vi editor
If you are not familiar with vi, you perhaps should Google for vi tutorial first.
Locate this line: 
LoadModule unique_id_module libexec/apache2/mod_unique_id.so
and comment it out by adding # at the beginning.

At vi that goes like this:
  • position cursor at the beginning of the line
  • press i
  • type #
  • press esc
  • type :wq
Now try to login to the system as user that has parental control enabled. Network should work now - at least this helped for our two MacBooks.

Final words
I have very mixed feelings about this workaround/fix. I'm happy that I can open terminal and play around with configuration files. However, I have bought these Macs because I don't want to do that!

//Harri

5 comments:

Anonymous said...

good post

Ivan Pereira said...

Oh, thank you very much. You save my day :)

Anonymous said...

Apple has commented out the offending line as a bug fix as of OS X Version 10.5.6 but I still have the problem as originally described. Any other ideas?

Harri Salminen said...

Hi,

Unfortunately I don't have any information on that. I've upgraded my OSX recently to 10.5.6. and the old fix still seems valid.

Is there anything interesting in the log that might indicate what the problem is?

//Harri

Anonymous said...

I have upgraded my Mac OS to Snow Leopard, and the conflict between parental controls and disabled network is still there ... :(