Apple Support Communities > Servers and Enterprise Software > Mac OS X Server v10.4 and earlier > Discussions
This discussion is archived
1827 Views 5 Replies Latest reply: Mar 13, 2006 11:04 AM by Hugo Krantz
Currently Being ModeratedFeb 14, 2006 7:48 PM (in response to eXtremeSG)Something you might try is to manually reconfigure your jabber.xml file (/etc/jabber/jabber.xml). There is a lot of descriptive commentary in it. At the very end of the file is a section where you can state which networks are allowed or denied. That should do it. I have done that on a Linux Jabber server, but it should work just fine on Mac OS X.PowerBook G4 / OS X Server 10.4, Mac OS X (10.4.4)
Currently Being ModeratedFeb 14, 2006 8:20 PM (in response to D Little)Hi,
Thanks for your reply.
Yup, am sure its possible to edit the file manually, however I'm thinking Apple just didn't "connect" something (simple), so that it works from the GUI.
I don't want to restrict by network etc., but by Groups of users... and according to the GUI, it 'should' work.....
SteveXServe, Mac OS X (10.4.4)
Currently Being ModeratedFeb 14, 2006 9:01 PM (in response to eXtremeSG)In ServerAdmin, under server settings, as you noted, you can set up access control by users or groups. That should work if set up correctly. If I understand the way they did this, "deny" access takes precedence over "allow" access. So, if you allow one group you are a member of, but deny another group you are a member of, you will not have access. i.e., individual users who should be provided access cannot be members of groups who are denied access. Have you checked this?PowerBook G4 / OS X Server 10.4, Mac OS X (10.4.4)
Currently Being ModeratedFeb 21, 2006 3:41 PM (in response to eXtremeSG)
Under Server Admin -> Settings (somewhere), I can
pick this iChat Service, and change from "All can
access" to a specific User/Group(s, but when I select
this, I am then unable to log-in. Checking the log on
the iChat Server shows that I have connected, but for
it doesn't "complete" the connection, and I am left
hanging waiting to connect.
Has anyone else in the group encountered errors with
locking this down to users / groups..?
No problems here. The xserve I manage is locked down that way. I added an Active Directory group to the access list and someone else is able to manage users via AD. Makes things very easy on my end.
Lastly, in the options for iChat Server, you can
select which domains it will serve. How does this
If I have a email@example.com, and that domain is not
in the list, would it stop them from connecting with
If so, presumably, they could still connect as
firstname.lastname@example.org, if "mydomain.com" was in the
domain list under iChat Server..?
As users in WGM are not mapped to a domain,
presumably they could log in if they 'spoofed' my
domain name, instead of theirs.
It depends on how you have your jabber.xml configured. If you are using the Access list as stated above, then user should be able to login to all the different host domains that you added to the iChat settings. Otherwise, you can edit the jabber.xml and configure the logins in many different ways.