I couldn't get certificates to work because of some unspecified error (specifically said, that User intervention was not possible!). All other input was greyed out. I finally managed to get something done via the certificate assistant - not sure it works though as access to the mail server was still not working (STARTTLS was the smtp message incoming mail received) and users couldn't connect.
In Server Admin check the settings under "Mail > Settings > Advanced > Security > Secure Sockets Layer (SSL)" and make sure the the "your.domain.com - domain.com OD Intermediate CA" certifcate is select for both "SMTP SSL" and "IMAP and POP SSL". Also make sure the drop down menu next to each of those settings is set on "Use" and not on "Require".
My server also acts as a router and does NAT b/w the outside world and the internal network. I work with static IPs and have about 60 or so addresses. Whereas in SLS you could define your internal network with whatever number combination you wanted (10.0.xxx or 192.168.xxx.xxx, etc.), I only found out after about three more hours, that LS only allows an internal network of the type 192.168.2.1 (see Gateway Assistant). Now, how stupid is this?
Another thing which I discovered: whereas in SLS, everything is neatly controlled in Server Admin, LS does away with this. NAT is set in Server Admin, but the detailed configuration is then to be found in System Preferences -> Sharing -> Internet Sharing. Somehow, Apple managed to tear the whole management process apart, with some things being specified in Server, some in System Preferences and some residual settings in Server Admin.
Your right here. LS dumbifies and breaks NAT in many ways. Good news is all the same stuff that was in SLS is still there, just not being used in the same way. Here's how you can accomplish the same thing from the command line. Create natd.sh:
#!/bin/sh
#
# Setup NAT
#
# Enable IP Forwarding
sysctl -w net.inet.ip.forwarding=1
# Enable NAT over WAN interface (add -dynamic flag if WAN is configured with DHCP)
natd -use_sockets -same_ports -interface $1
# Firewall rule to divert traffic to natd (port 8668) for further handling
ipfw add 00010 divert natd ip from any to any via $1
Then you can either call it from the command line "/path/to/natd.sh en0" - en0 being the WAN interface or enable it automatically at startup by creating the following launchd plist file. Create /Library/LaunchDaemons/com.example.natd.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.example.natd</string>
<key>KeepAlive</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/path/to/natd.sh</string>
<string>en0</string>
</array>
</dict>
</plist>
You can enable the launchd job by running "launchctl load -w /Library/LaunchDaemons/com.example.natd.plist".
Server Admin gave you a lot of granularity about specifics of file sharing and the permission levels, introducing Access Control Lists, etc. Again, splattered about a number of different locations, one can only guess how to get this working again. I have a number of 'custom' settings for access. But there is no way to view or edit them sufficiently.
This is stuff is all the same as SLS just found in two different loactions. Define you shares and the protocols to share them with in "Server > File Sharing" and then go to "Server > Hardware > your.machine.com > Storage", browse to the folder/share and set the ACLs in much the same way you did on SLS.
Hope some of that helps.