-
All replies
-
Helpful answers
-
Oct 16, 2011 6:04 PM in response to Long Laneby DigiAngel,★HelpfulUbuntu Server on an iMac is what I run here...does all I need, is well documented, and runs rings around Lion Server. I was excited to see Lion Server at $50, but we all know it's a horrid OS now...clearly Steve Jobs didn't have much invovlement with Lion...sad really
-
Oct 17, 2011 1:35 AM in response to Long Laneby mmpestorich,Is there something specific I can help you figure out. I will admit that Lion Server is woefully underdocumented, but after a few weeks of figuring things out I have it running great. As a matter of fact its running faster and more stable than my previous Snow Leopard server. Kerberos (for Single Signon), SSH via Kerberos, Network and Mobile Accounts, Profile Manager, Mail, WebMail, Calendar, Wiki, File Sharing (AFP)... I even have an OpenVPN (via MacPorts) server running on it for my remote machines. All running really really well.
-
Oct 17, 2011 1:48 AM in response to mmpestorichby Long Lane,Thanks for the offer.
I am sure, that LS works for 75% of users and that if you start from scratch, you can turn LS into a nice piece of software. The foundations are certainly there. I think the trouble starts, when you have existing configurations and LS asks you to tweak your installations, rather than being flexible on its side (not really client centric) as previous versions have been.
This post describes some of my frustrations: https://discussions.apple.com/message/16408075#16408075 and the whole thread is a good summary of people's experiences.
Where do you want to start?
-
Oct 17, 2011 8:51 PM in response to Long Laneby mmpestorich,I couldn't get certificates to work because of some unspecified error (specifically said, that User intervention was not possible!). All other input was greyed out. I finally managed to get something done via the certificate assistant - not sure it works though as access to the mail server was still not working (STARTTLS was the smtp message incoming mail received) and users couldn't connect.
In Server Admin check the settings under "Mail > Settings > Advanced > Security > Secure Sockets Layer (SSL)" and make sure the the "your.domain.com - domain.com OD Intermediate CA" certifcate is select for both "SMTP SSL" and "IMAP and POP SSL". Also make sure the drop down menu next to each of those settings is set on "Use" and not on "Require".
My server also acts as a router and does NAT b/w the outside world and the internal network. I work with static IPs and have about 60 or so addresses. Whereas in SLS you could define your internal network with whatever number combination you wanted (10.0.xxx or 192.168.xxx.xxx, etc.), I only found out after about three more hours, that LS only allows an internal network of the type 192.168.2.1 (see Gateway Assistant). Now, how stupid is this?
Another thing which I discovered: whereas in SLS, everything is neatly controlled in Server Admin, LS does away with this. NAT is set in Server Admin, but the detailed configuration is then to be found in System Preferences -> Sharing -> Internet Sharing. Somehow, Apple managed to tear the whole management process apart, with some things being specified in Server, some in System Preferences and some residual settings in Server Admin.
Your right here. LS dumbifies and breaks NAT in many ways. Good news is all the same stuff that was in SLS is still there, just not being used in the same way. Here's how you can accomplish the same thing from the command line. Create natd.sh:
#!/bin/sh # # Setup NAT # # Enable IP Forwarding sysctl -w net.inet.ip.forwarding=1 # Enable NAT over WAN interface (add -dynamic flag if WAN is configured with DHCP) natd -use_sockets -same_ports -interface $1 # Firewall rule to divert traffic to natd (port 8668) for further handling ipfw add 00010 divert natd ip from any to any via $1
Then you can either call it from the command line "/path/to/natd.sh en0" - en0 being the WAN interface or enable it automatically at startup by creating the following launchd plist file. Create /Library/LaunchDaemons/com.example.natd.plist:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.example.natd</string> <key>KeepAlive</key> <false/> <key>RunAtLoad</key> <true/> <key>ProgramArguments</key> <array> <string>/path/to/natd.sh</string> <string>en0</string> </array> </dict> </plist>
You can enable the launchd job by running "launchctl load -w /Library/LaunchDaemons/com.example.natd.plist".
Server Admin gave you a lot of granularity about specifics of file sharing and the permission levels, introducing Access Control Lists, etc. Again, splattered about a number of different locations, one can only guess how to get this working again. I have a number of 'custom' settings for access. But there is no way to view or edit them sufficiently.
This is stuff is all the same as SLS just found in two different loactions. Define you shares and the protocols to share them with in "Server > File Sharing" and then go to "Server > Hardware > your.machine.com > Storage", browse to the folder/share and set the ACLs in much the same way you did on SLS.
Hope some of that helps.
-
Oct 18, 2011 1:57 AM in response to Long Laneby rickblackdog,I'd be interested in hearing from anyone who has been able to get past EFI difficulties and install ubuntu on an xServe.