I tried to add the machine to the OpenDirectory before. The Filer messages shows that the connection gets terminated during the join process.

CIFS - Starting SMB protocol...
Tue Sep  8 07:00:42 GMT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CENIX-TEST.
Tue Sep  8 07:00:42 GMT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting NetBIOS DC broadcasts.
Tue Sep  8 07:00:43 GMT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 BDC addresses through NetBIOS broadcast.
Tue Sep  8 07:00:44 GMT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 PDC addresses through NetBIOS broadcast.
Tue Sep  8 07:00:44 GMT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CENIX-TEST complete. 1 unique addresses found.
Tue Sep  8 07:01:14 GMT [cifs.server.infoMsg:info]: CIFS: Warning for server \\SNAIL: Connection terminated.
Tue Sep  8 07:01:14 GMT [cifs.server.infoMsg:info]: CIFS: Warning for server \\SNAIL: Unable to create NETLOGON pipe.
Tue Sep  8 07:01:32 GMT [nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.
Tue Sep  8 07:01:44 GMT [cifs.server.infoMsg:info]: CIFS: Warning for server \\SNAIL: Connection terminated.
***     CIFS Setup could not establish a connection with the Primary Domain
***     Controller (PDC). Usually this happens when the 'GUINEA' account does
***     not exist in the domain or must have it's password reset.

Once you have created and/or reset the 'GUINEA' machine account, press ENTER. [continue]:Tue Sep  8 07:01:44 GMT [cifs.server.infoMsg:info]: CIFS: Warning for server \\SNAIL: Unable to create NETLOGON pipe.

Samba on Mac OS X does  ot show anything helpful:

Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2009/09/08 10:07:06, 2, pid=81922] /SourceCache/samba/samba-235/samba/source/smbd/reply.c:reply_special(332)
 netbios connect: name1=SNAIL           name2=GUINEA         
[2009/09/08 10:07:06, 2, pid=81922] /SourceCache/samba/samba-235/samba/source/smbd/reply.c:reply_special(339)
 netbios connect: local=snail remote=guinea, name type = 0
[2009/09/08 10:07:06, 2, pid=81922] /SourceCache/samba/samba-235/samba/source/lib/module.c:do_smb_load_module(64)

Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2009/09/08 10:07:06, 2, pid=81922] /SourceCache/samba/samba-235/samba/source/smbd/reply.c:reply_special(332)
 netbios connect: name1=SNAIL           name2=GUINEA         
[2009/09/08 10:07:06, 2, pid=81922] /SourceCache/samba/samba-235/samba/source/smbd/reply.c:reply_special(339)
 netbios connect: local=snail remote=guinea, name type = 0
[2009/09/08 10:07:06, 2, pid=81922] /SourceCache/samba/samba-235/samba/source/lib/module.c:do_smb_load_module(64)

The Finder can’t complete the operation because some data in “<filename>” can’t be read or written.
(Error code -36)

The files on destination do exists afterwards. They also seem to be correct. Just the Error message shows up in general.

I also realized that this happens only on certain users. So I will investigate more about the differences.

It seems only member of the Domain Admins mounts the samba share with the acl’s. And that leads to this issue. I found a concerning discusion on Apple’s developer forum.

As a workaround, you could try these option on a samba server:

global
 unix extensions = no

And on a NetApp Filer, I tried and succeed turning this option off:

options cifs.preserve_unix_security off

It requires some knowledge using the shell, so a basic understanding of Linux commands would be good.

To get around the Leopard Check

1. edit two  Files inside the package (Right-Click on the Package / Show Package Contents. This opens finder within the package.
2. go to Contents/Resources
3. open TextEdit, use vi in a shell or whatever you prefer to edit a simple file
4. on file “InstallationCheck” change the number 9 in line 8 to number 10: if  [ "$MAJOR" != "10" ]; then
5. same on file “postinstall “ change the number 9 in line 84 to number 10

Creating a new content (pax archive)

I suspect the original unchanged package is on your Desktop and its name is “SecureClient_B634000031_1″.

Open a Terminal window from the Utilities folder.

cd Desktop
mkdir temp
cd temp
mv $HOME/Desktop/SecureClient_B634000031_1.pkg/Contents/Archive.pax.gz .
gunzip Archive.pax.gz
pax -r -f Archive.pax
mkdir SC
cd SC
tar -xzvf ../desktop_B634000031_1.tgz

Now just go ahead and do the changes inside Desktop/temp/SC

so please edit “scuninstall” in the bin folder and it will uninstall cleanly:

# Delete install entry so the next time we run the installer it would suggest
# installing and not upgrading
$RM -r -f /Library/Receipts/SecureClient*.pkg
# the following lines should be added here
$RM -r -f /private/var/db/receipts/com.checkpoint.secureclient.R56.bom
$RM -r -f /private/var/db/receipts/com.checkpoint.secureclient.R56.plist

Open a hex editor and change anything with “kextload -s” to “kextload -r”. on the following files:

temp/SC/bin/StartupItemsMgr
temp/SC/boot/SecureClient/SecureClientStarter

Please have alook at my previous post.

mkdir ../newSC
tar -czvf ../newSC/desktop_B634000031_1.tgz *
sudo chown -R root:wheel ../newSC
cd ../newSC/
mkbom -s ./ ../Archive.bom
rm ../Archive.pax
pax -U root -x cpio -w . > ../Archive.pax
cd ..
gzip Archive.pax
mv Archive.bom $HOME/Desktop/SecureClient_B634000031_1.pkg/Contents/Archive.bom
mv Archive.pax.gz $HOME/Desktop/SecureClient_B634000031_1.pkg/Contents/Archive.pax.gz
exit

After testing the package, you can delete the temp folder on your desktop.

Feedback welcome.

After you uninstalled SecureClient with Checkpoints uninstaller (Application/Checkpoint/uninstall) you have to remove 2 or 3 files in a receipts folder. Afterwards a new installation of SecureClient should be really succeed in showing up the Application.

Open the Terminal Application from the utilities folder and type:

sudo rm -rf /private/var/db/receipts/com.checkpoint.secureclient.R56.bom
sudo rm -rf /private/var/db/receipts/com.checkpoint.secureclient.R56.plist
sudo rm -rf /Library/Receipts/SecureClient_B634000031_1.pkg/

The last line might be different depending on the Name of the package you installed with.

After installing Snow Leopard, Checkpoints SecureClient refuses to install and if already installed (through an upgrade) it won’t start at all.

I did some investigation and I finaly made it working since Apple hasn’t changed too much.

1. The Checkpoint installer refuses to install

The installer checks up for the Darwin Kernel version 9. In Snow Leopard we have version 10. So two files need to be edit within the installer package.

1. just right click on the installer and select Show Package Contents. This opens finder within the package.
2. go to Contents/Resources.
3. open TextEdit, use vi in a shell or whatever you prefer to edit a simple file
4. on file “InstallationCheck” change the number 9 in line 8 to number 10: if  [ "$MAJOR" != "10" ]; then
5. same on file “postinstall “ change the number 9 in line 84 to number 10

That’s it. Just install it and reboot. Changes need to make afterwards in order to have it starting.

2. SecureClient fails to start

Now this gets just a bit more tricky. Apple has moved some options of kextload to kextutil in 10.6. Checkpoint hardcoded such an option -s in two binary files. This option is to create the symbol files in the Checkpoint directory. It  does not exist anymore in kextload, and is now provided in kextutil. But creating the symbol files is only needed for debug reasons, so not really necessary. Therefore I only replaced the option -s with option -r to fill up the space, because the binary file should not change in size. Two binary files have to be changed with an hexeditor.

Preparation:

• Download and install a hexeditor. 0xED is one of it.
• After inserting the first command, it will ask you for your local user password (User needs Administrator permission)

1. Open the terminal application from Utilities folder and type:.
   sudo cp /opt/CPsrsc-50/bin/StartupItemsMgr $HOME/Desktop
   sudo cp /opt/CPsrsc-50/boot/SecureClient/SecureClientStarter /$HOME/Desktop
   sudo chown $USER /$HOME/Desktop/StartupItemsMgr
   sudo chown $USER /$HOME/Desktop/SecureClientStarter

2. Now run 0xED and choose File/Open Files from the Menu to load the StartupItemsMgr and SecureClientStarter from your Desktop in it.
3. From Menu Edit choose Find/Find or just press Apple-F and type in to find: “kextload -s” and type in replace “kextload -v”
   Click on Replace All
   
   Save and close …
4. Now once you succeeded editing copy those back by typing in the terminal window:
   sudo cp $HOME/Desktop/StartupItemsMgr /opt/CPsrsc-50/bin/
   sudo cp $HOME/Desktop/SecureClientStarter /opt/CPsrsc-50/boot/SecureClient/
   rm $HOME/Desktop/StartupItemsMgr
   rm $HOME/Desktop/SecureClientStarter
5. Reboot and you should have SecureClient starting …

Its also possible to change the installer package itself. This makes it easier if you have a lot of Macs.

Please let me know if this did help.

Update1: There is an EarlyAvailable Version for Snow Leopard (32bit) by now. It won’t need all these steps and even more some small issues are solved in there. You can apply to the EA Program and could get the download almost immediately with a vaild support contract.

Update2: Finally, Checkpoint released its VPN client to the public. You can download it here: SecureClient NG-AI R56 HFA 2 for Mac OS X 10.6 (Snow Leopard) It works fine, so just (clean) uninstall your old VPN Client and install the new one.