Profile Manager, Push, Kerberos and other oddities

Question

Level 1

0 points

Profile Manager, Push, Kerberos and other oddities

Hey all,

First time setting up a Mac Server on our network, thought we'd give Lion a try since we're seeing more and more Macs make their way into our ranks. I'm having issues with the following areas, hopefully someone could shed some light.

Push

I can't for the life of me get push to work behind our Firewall. I opened up TCP Port 5223 as outlined in the Apple Docs but that doesn't get me anywhere. Do I need to NAT that port to the lion server? I thought that push sent notifications down to individual machines and then they went and grabbed the new config from the server? How does a firewall with NAT know what machine to send the notification to? Any help would be appreciated.

Also, what are you supposed to manage users with, the Work Group Manager or the Profile Manager. It seems like apple is moving away from the WGM style of management, although you can't do everything in PM, like setting up home folders etc. Very confusing to a novice.

Email Addresses in Profile Manager configurations and Webmail.

I might be missing something really simple here, but no matter what I do the Profile Manager spits out a default payload for email with our FQDN as the email address for the user (user@mail.example.com). I have set the local alias and checked the checkbox to allow our example.com domain to work. Manually setting the email address to user@example.com works just find. I'm a bit bothered that everytime I push a configuration out to a device I'll have to go back in and manually change the email address. Has anyone figured out how to change that?

In webmail it always lists the email address as user@mail.example.com instead of user@example.com. You can go in and edit the identity and all is right with the world, but that's sort of a pain? Seems like common sense that you could set that as the default.

Kerberos

I was excited to get a Single Sign On solution going for our users since it would come in handy, however, straight out of the box it just doesn't work.I'm also not sure what to look for in the logs to make sure that things are working smoothly. I'm joinging the client machines to the server by going into users and clicking join. Selecting the server from the drop down and hitting submit. Do I have to set up a search order and all that jazz or is that set up automatically then. I can see that I'm getting tickets with the Ticket Viewer but I'm still getting prompted for passwords in mail, ichat, AFP etc. Close to giving up on that front.

Any help or general words of encouragement appreciated.

Lion Server-OTHER, Mac OS X (10.7)

Posted on Aug 11, 2011 10:44 AM

Reply

Answer 1

Mark23

Level 4

994 points

Feb 6, 2012 10:26 AM in response to dhdchicago

Push

You've opened the secure iChat port to have push notifications working? Take a look here for the right ports:

http://help.apple.com/advancedserveradmin/mac/10.7/#apdCA9A73CE-5F0C-4BDC-93E8-2 952C362FA3E.

On that page are all port numbers you need to forward to your server.

Email

The addresses being displayed as user@server.example.com is a bug in Lion Server in my opinion, you can file a bug report at apple.com/feedback.

Kerberos

Is as poorly documented as invisible in OS X Lion Server. Single Sign-On is a great tool for making services more user-friendly, it should be top of mind at Apple. You can file an enhancement request at apple.com/feedback.

Regards,

Mark

Reply

Answer 2

Mark23

Level 4

994 points

Mar 2, 2012 1:03 PM in response to Mark23

Solved! At least for me...

I have described all solutions to the major problems I've been having from a crippled 10.7.3 install to a flourishing one here:https://discussions.apple.com/thread/3774675?answerId=17740033022#17740033022

Hope this helps!

Reply