Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Tenn_Surety
Tenn_Surety Author
User level: Level 1
0 points

Several Lion/AD questions

10.7.3, bound to AD


Several questions that I can't seem to find the answer to on apple's KB.


1. When setting up an iphone to synch with the lion server, why does it only present mail and notes for synch? Is this just how it works, you have to setup the different services seperately for mail, contacts, and calendar? I can't believe that when an iphone has builtin support for exchange.


2. I followed http://support.apple.com/kb/HT3660 to get ical working for AD users. I also followed http://support.apple.com/kb/HT5276 to get push notifications in ical and addressbook working for AD users. It was initially working after following this doc, however now it's not. Even after restarting just get invalid username or password.The log file shows something about an OD crash which seems to coincide with an attempt to login to iCal using AD credentials.


3. I cannot edit user's shortnames via WGM. Even so, it wouldn't accomplish what i need. So i'm fine with just manually creating aliases. I tried to edit the postfix aliases file for a test alias

group: user1, user2


Doesn't work even after restarting mail it says it's unknown user. Mailman doesn't work the way i expected. I need to create distrobution groups, not a maillist.


Anyone know how i can fix these issues?

Mac mini, Mac OS X (10.7.3), Lion Server

Posted on Jun 18, 2012 7:28 PM

Reply
8 replies
User profile for user: Tenn_Surety
Tenn_Surety Author
User level: Level 1
0 points

Jun 19, 2012 6:57 PM in response to Tenn_Surety

Fixed #2, iCal authentication.


Anyone know why #1 and #3 don't happen?


For WGM to edit AD accounts, I'm assuming the best thing is to Setup a OD replication instead of just binding to AD.


Should I switch to OD Replica or Master?


Will this break anything? I believe I tried it once before and it broke authentication completely to AD... but i can't say I was already bound to AD.

Reply
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,278 points

Jun 20, 2012 2:23 PM in response to Tenn_Surety

Hi


For the two sub-questions in 1 - yes and yes. Just an opinion but Apple have no interest in 'aping' something that Microsoft have been doing very well for many years. As long as IOS Devices (iPhones, iPads) can 'work' in a Windows Environment (mainly because EAS support is built-in) is all that matters.


As for 3 - unless you're preapred to 'hack' the AD Schema in a major way you only have read only access to its LDAP Database from another platform. You could make changes to user accounts in a 'stub' database (Augmented Records) if you wanted to but that's another story and for what you want, probably not necessary?


For your other post and if I've understood you correctly, you have to have two OS X Servers if you want OD Replication. One as the Master and the other as the Replica. As far as I know you can't make OS X Server a Replica of your DC. Neither can you make OS X Server a BDC of your DC.


HTH?


Tony

Reply
User profile for user: Tenn_Surety
Tenn_Surety Author
User level: Level 1
0 points

Jun 20, 2012 3:44 PM in response to Antonio Rocco

Thanks for the reply! I've really got two huge issues.


I didn't fix iCal authentication for AD users. I found it had several system certs, one for each time i tried to set it up via the server app. So i deleted those and set it up again and applied our certificate to the iCal service, bingo. That seemed to fix it, temporarily. I can get logged in once with an AD account, however, i log out and then it doesn't log back in. It's almost as if it's bouncing. The log file confuses me because i can see where it will says dovecot: auth od(username,ip) and that the account was found. Then it seems to connect again.


The other huge issue is that spamfiltering doesn't let anything through, set as low as the slider will allow. I can't find documentation about how it really works.


I know it's spamassisin but that's it. I also see that when i turn it off, message i saw get greylisted come through. I'm just worried about leaving it on, going to bed and getting a call that no one has gotten emails. Is it normal to learn in the beginning and then to start working correctly? I subscribed to zen from spamhouse but it blocks quite a bit of legit email, even though the senders domain and ip aren't blocked according to the check utility they have. which i found odd, so i took it off.

Reply
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,278 points

Jun 21, 2012 5:12 AM in response to Tenn_Surety

Hi


"Is it normal to learn in the beginning and then to start working correctly?"


In essence, yes.


Graylisting is on by default when you configure and enable the Mail Service and it's actually a good thing if you're prepared to be patient. However you may decide you don't actually need it and resort to other methods of filtering mail to your domain. There are many tools available for any enterprise wishing to run it's own private mail server and graylisting is just one option. There are lots of resources explaining graylisting which you can google for yourself.


However these might help?


http://www.lakecomm.com/readarticle.php?article_id=5

http://osx.topicdesk.com/content/view/144/84/

http://www.timabbott.com/computers/mac-os-x-server-greylisting/


A good resource for all things OS X Mail Server is here:


http://osx.topicdesk.com/


Your iCal Service issue for Active Directory Users may be answered here:


http://support.apple.com/kb/HT3660?viewlocale=en_US&locale=en_US


However the problem you're describing with certificates is not good and you should really clear this up as soon as you can. There are some 'golden rules' regarding servers in general and OS X Server in particular. In no particular order these are:


1 - Start at the end to begin at the beginning (a bit odd but it does make sense if you think about it)

2 - DNS. Get this bit right and everything else will follow

3 - If you mess up the initial configuraton right at the beginning it's best to start again

4 - DNS. Get this bit right and everything else will follow

5 - A lot of features you'd expect from a Mail Server for Enterprise use is not in the GUI. You will have to use Terminal sooner rather than later. This is also true to a lesser degree with other services.

6 - DNS. Get this bit right and everything else will follow


The above is only my opinion.


If you've not already done so you may want to start again (wipe and reinstall) otherwise you may find as time goes on that the instability the server is suffering from at the moment will only get worse and usually when you least want it.


HTH?


Tony

Reply

Several Lion/AD questions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up