Firewall gui for Mountain Lion Server

Similar Messages

• Configuring postfix on Mountain Lion Server

  I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server.  The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
  I would like to configure Postfix to only accept email that is forwarded from a gmail business account.  The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to  [email protected]
  The server WAN domain is nonpublic.com  The ip address is 96.231.165.126
  The server LAN is nonpublic.local  The ip address is 10.6.18.201
  The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
  The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch.  The external traffic to the WAN flows through the switch as tagged packets.  The LAN traffic is not tagged.  The VLAN connection is running 802.1q
  When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
  I can send emails from a client on the LAN through this server with no problems.  The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info.  I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
  I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
  I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application.  I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
  What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
  I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
  Any help would be appreciated.

  MrHoffman, thank you for your response to my challenge to get the new test server working.  This is a migration from Snow Leopard Server to Mountain Lion Server.
  Here is the "checkhostname" test results:
  blue:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 96.231.165.211
  Current HostName    = blue.pderby.com
  DNS HostName        = blue.pderby.com
  The names match. There is nothing to change.
  dirserv:success = "success"
  blue:~ admin$
  Here is the response from postconf -n
  blue:~ admin$ postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  data_directory = /var/lib/postfix
  debug_peer_level = 2
  debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
  dovecot_destination_recipient_limit = 1
  html_directory = /usr/share/doc/postfix/html
  imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
  inet_interfaces = loopback-only
  inet_protocols = all
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  message_size_limit = 10485760
  mydomain_fallback = localhost
  newaliases_path = /usr/bin/newaliases
  queue_directory = /Library/Server/Mail/Data/spool
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpd_tls_ciphers = medium
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  use_sacl_cache = yes
  blue:~ admin$
  I agree that I should change the LAN domain from .local to something like .internal or whatever.   I've been running with .local for 5 years  on snow leopard server and never had any problems so that was a low priority.
  I hope I'm just not seeing some obvious setting in main.cf

• OS X Mountain Lion server spontaneous DHCP?

  I have DHCP service provided to a small school network by an Xserve running 10.6.8 server, not the new Mac mini server running 10.8.2, because the service is much more configurable in the old version (likely known to anyone perusing this forum). But we started having printing issues, and it turns out that the Mac mini started giving out IP addresses recently, despite the service being "off." Since it didn't have the reservations set, it gave some printers the wrong IP. I never turned the service on, but I wonder if the 10.8.2 update adding it to the Server app actually turns it on.
  The Console log shows lots of DHCP Offers and acks, it should show none. Under Server.app Services, "Your Mac now provides these services: File Sharing, Software Update, Netinstall (which services the iMac lab). Under DHCP, the service is off, but it shows clients to which it leased an address.
  I restricted the pool down to two addresses to reduce the possible problems, but I want to know a long-term fix. Something is horked.

  I should clarify my thoughts
  Have you noticed the progressive dumbing down and removal of services with osx server since snow leopard
  If you read the kb for mountain lion server you'll see that netinstall can use the dhcp service independently
  At one stage there was no GUI for dhcp at all and upgrading lion to mountain lion preserved dhcp setting
  http://support.apple.com/kb/HT5412
  Additional Information
  The bootpd process, which is used by the DHCP service, is also used by the NetInstall service, but you can use either service independently or both together.
  I have heard of cases of the bootpd.plist having no dhcp entries
  Try running
  sudo serveradmin fullstatus netboot
  And have a look at dhcp

• How do I share a folder over the internet with Mountain Lion server?

  I am new to using formal servers.  In Snow Leopard I was able to use web sharing to serve a small website and if I wanted to share a folder with someone I would  just provide the person I wanted to share a file with the path to the file inside the sites directory.  With Mountain Lion this functionality was removed from the sharing section of system preferences.
  I purchased mountain lion server and was able to restore the website serving ability, but I haven't been able to figure out how to share a folder.  I am still looking over what documentation I can find, but for the most part it just tells me to set up the services without telling me how.  Any assistance would be helpful.  Networking is not my area of expertise.
  Best Regards,
  David Finell

  I purchased server to assist with this as I am unfamiliar with the command line protocols for using apache.  Because of the UNIX architechture of OSX and I presume apache, I am uncomfortable using the command line for fear of causing serious problems.
  Unfortunately, the documentation that I have seen for mountain lion server is wanting in either its completeness or layout/functionability.  To summarize the server instructions as I understand them.  It just says to configure it and my system to meet my requirements without telling me how.
  I am confident that both the apache command line and server are capable of accomplishing what I was able to do before under snow leopard.  I just haven't figured out how.
  I was able to provide a link to family and clients like http://ipaddress/~user/folder
  This no longer works.

• Where's the Mountain Lion Server Documentation?

  Been waiting all day for Mountain Lion Server Documentation the be posted to no avail. What gives? Especially need the Mountain Lion Server Upgrading & Migrating manual. I help run a small educational cmoputer center in Santa Cruz CA and we need to transition from 10.5 Leopard Server on an old G5 Power Mac to 10.8 Mountain Lion Server on a new 2012 Mac mini as soon as it goes on sale. We particularly need the Workgroup Manager migration app documentation ASAP. Can any Apple employees explain why the Mountain Lion server documentation is not posted even though you can download the Mountain Lion Server since this morning?

  Good Luck in Migrating from 10.5 Server to 10.8 Server... There's soo  many  changes..  Each time I've upgraded since 10.2.X server, I've always had to manual migrate things. Forget the automated upgraded process since it always hangs for me.
  As for 10.6.8 Server, Apple changed the imap/pop server software from cyrus to dovecot. There's a script if I recall somewhere in 10.6.8 Server convert the imap mail of all the users.  However before you run that script I recommend that you rebuild the imap structure in cyrus before you do...
  http://support.apple.com/kb/HT3120
  as for mirgrating OD user.... archive the users...
  and import it...

• Snow Leopard client for NetRestore image not being recognized in Mountain Lion Server

  I target firewired a MacBook Pro running Snow Leopard and ran System Imaging Utility and the machine does not show up as an option. Does Mountain Lion Server support Snow Leopard NetRestore images or am I doing something wrong?

  I'm actually trying to figure that out as well. We have 10.5, 10.6, 10.7, and 10.8 Images we wanted to put together for our netrestore images on our server, but can only do 10.8 images currently.
  We also have the AppleCare Helpdesk diagnostic kit which includes hardware tests, we were only able to get the newer mid-2012 and late-2012 Diagnostic utilities to netboot but none of the older ones.
  So do we need a server running the older OS to get these or is there a better alternative? i mean really shouldnt be a problem considering theyre running inside of an image and dont rely heavily on the server resources other than to say "Yep, goto this file/directory".
  I'd like to know more as well....

• Additional email address for user in mountain lion server

  I have a new installation of OS X Mountain Lion server (10.8.2) that I am wanting to deploy.  The problem that I am running into now is that there is no way that I have found to add a second email address. 
  I have multiple domains so, i need to have "[email protected]" and "[email protected]" for the same user.
  Has anyone seen a way around this?

  matneyc wrote:
  Wow - just after I answer back, I found a download for the Workgroup Manager at http://support.apple.com/kb/DL1567.  I probably need more sleep.
  Yes, it is just Server Admin that is no more, Workgroup Manager is still at the moment available.
  For your information another less pleasant means would be to directly modify the Open Directory record using either the command line or the Directory Editor launched from Open Directory Utility which in turn is launched from the Login Options "Join..." button.

• Mountain lion server won't take my password for install

  I have never run a server version of apple software.  I am wanting web sharing to host a small website.  This option was removed from sharing preferences in mountain lion. 
  I purchased server to avoid the need to use the command line interface.  It was requiring a password and I don't use a password on my system and it wouldn't take a null.  I am finding a similar problem with attempting to install server on mountain lion.
  When I run the mountain lion server installer it prompts for an administrator password.  I hit return as I set up the system without an administrator password.  This fails, but works with all other admin password requests for software installation.
  Any assistance would be appreciated.
  Best Regards,
  David Finell

  I just decided to setup passwords.  I just wanted to avoid the pain.  It worked.  Now to figure out how to share folders over the web in server.

• Out of office Relpy for apple Mail on Mountain Lion Server

  We just recently switched our server from Lion to Mountain Lion and now we can not figure out how to create and launch an Out of Office Reply for Apple Mail on the new Mountain Lion Server.  I have searched the internet for an aswer and/or instructions on how to do this and haven't found any. 
  As anyone figured out how to create and launch an Out of Office Reply for Apple Mail on the new Mountain Lion Server?

  Eustace - Thanks for taking a crack at it!  I saw this same post as well but it doesn't answer my question about how to create and launch an Out of Office Reply for Apple Mail on the new Mountain Lion Server?
  I'm not looking to create an out of office rule on my computer but on our Mountain Lion Server like we used to be able to do on Lion Server.

• I recently (4 days ago) bought a Mac mini server with 10.7 lion; will I qualify for a free upgrade to Mountain Lion Server?

  How has Apple honoured buyers of other releases of OS X immediately before a new version was announced?

  omnomnomz wrote:
  How has Apple honoured buyers of other releases of OS X immediately before a new version was announced?
  I recently (4 days ago) bought a Mac mini server with 10.7 lion; will I qualify for a free upgrade to Mountain Lion Server?
  Mtn Lion not due out until the Summer, so no, you will not get a free upgrade.

• How to Create lion os x Image for netrestore in mountain lion server

  i have a problem with the create a lion os x image for netrestore in mountain lion server, i have a macbook pro with all software that i like for the customize deployment but when i connect the macbook pro to macmini server in target mode,but  the system image utility don't added to sources for create a netrestore image, this only pass with lion os x because with mountain lion os x works correctly, please help me

  System Image Utility only makes images of the system it ships with.
  In order to make Lion images, you'll need to install the Server Admin Tools for Lion onto a Lion system. You will then find the appropriate System Image Utility in /Applications/Server/.

• Mountain Lion Server cannot create NetBoot images for earlier systems

  I'm trying to create a NetBoot image for OS X Lion on my Mountain Lion Server using System Image Utility, but SIU shows the 10.8 installer as the only available disk for creating an image.
  The same 10.7 boot disk is shown as source correctly in Lion Serevr SIU.
  Does SIU limits the creation of NetBoot image only for the same OS X version or am I missing something?
  Ideas?
  Thank you!

  Yes. SIU for Mountain Lion only makes images of Mountain Lion.
  To make images for Lion, you'll need to download the Server Essentials package for 10.7.5 and install it onto a Lion system.

• I am running Mountain Lion Server, and the App Store indicates an upgrade to Server.App version 2.2.5. When I try to upgrade it will not install. Is that because OSX8 is no longer supported; and if so, is there an alternate source for this upgrade if

  Mountain Lion Server.app no longer supported?

  Probably  a long shot, but try resetting the App Store and Clearing Cookies.
  Reset       Learned from Old Toad
  Resume Interrupted Downloads
  Sign in Doesn’t Appear/Accept Text
  Software Update - Adjust
  Software Update – Stop it From bugging you
  App Store support. There is troubleshooting and a contact link.
  Support

• Mountain Lion Server 10.8 DNS ERROR READING SETTINGS

  Hi! Well I changed from windows 2008 server to Mountain Lion Server. So far, I have been able to set up website hosting for one website, and I must say works better than windows server 2008, maybe thats because the mac keeps the drive spun up, while in windows server it was an external drive, whatever the issue mac serves up the site much faster that it comes exploding onto the screen of the searcher.. Then I went to try to set up email, I was totally excited, but I think I did a no no in the dns settings, and now, I cant even see them, I just get "Error Reading Settings" Of course I see things in the log that I should undo, but I cant access the DNS settings at all. Any ideas how I can get to the dns settings so I can undo my booboo? Now it has streched its error self into the file sharing, and I cant access those settings anymore either, so that means I cant set up other websites because I cant give permission to view those folders. I also just got another err saying "Multiple errors occured on this server while processing commands. Just exactly what the heck did I do? I must have REALLY SCREWED THIS THING UP! Also strangely Safari browser no longer acceses the web from the server computer. I THINK I KILLED IT.
  Any Ideas?
  Thanks I really appreciate any tips, I havent got to calendar or vpn, or any fun stuff yet.. Or maybe it might not be fun at all? hahahahahaa!
  Thanks

  I've gotten into this mess as well and Apple solved it for me.
  The Server should be able too lookup itself so running DNS is a good thing, actually the server sets up DNS at install time if it can't find a server to serve it's DNS so it can lookup itself.
  The main error in my case was that there wasn't a NS record pointing the machine itself and that there were some firewall rules preventing DNS lookups. Since there is no way to edit the firewall rules via GUI the engineer manually changed some stuff, but wasn't sure where the problem lies exactly, so he passed it on to another engineer.
  At this point I was already forced to switch to Google Apps for Business and my website was already running at GoDaddy, at much lesser costs and to much lesser frustration I might add.
  Let's face it, Apple has to deliver a better product with the old Server Admin back into place for those who want it for the extra control.
  My servers were running great with Lion (eventually), but Apple just had to remove Server Admin from OS X Server... #their_loss

• VPN to Mountain Lion Server issues

  Hi,
  I checked a lot of VPN threads here today, but I wasn't able to find a solution for my problem just now. I try to connect by VPN to my Mountain Lion Server, but I get an error message that the VPN server is not responding. I get this message from iPhone and Mac. The Mountain Lion Server is a new installation, no upgrade from an older server.
  Some informations on my setup:
  I installed the server with a hostname like myserver.mycompany.com and option 3 (internet access), as I want to use it for email at a later stage. All services are working fine (except VPN). DNS is active, but basically it only contains the adress myserver.mycompany.com and forwards everything else to our router.
  I changed the DNS settings of our domain ( hosted by an ISP - so not in the local DNS ! ). I created a subdomain vpn.mycompany.com which points to the static IP of our router.
  In the router I opened the UDP ports 500, 1701 and 4500, and for 1701 i made the same thing for TCP (I found this in a forum, but I think this is not necessary?), the ports are pointing to the ip of the os x server.
  In OS X Server I started VPN for L2TP using the vpn.mycompany.com hostname, and a shared secret.
  When I try to connect with I client from outside I try to connect using L2TP via vpn.mycompany.com using the shared secred and user-id and password. The user-id is created in OS X Mountain Lion server and is configured to use VPN service. When trying to connect I get the error message "L2TP-VPN server is not repsonding...".
  In the log file of the server I see some entries for each connect:
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: Connecting.
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IPSec Phase1 started (Initiated by peer).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 1).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 3).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
  Oct 10 20:21:48 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
  Oct 10 20:22:06 --- last message repeated 2 times ---
  Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (2,0)
  Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [1716] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (100000,0)
  Oct 10 20:22:06 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
  No more entries in log file now. Anyone any ideas what's going wrong. Might there be a problem as I use another servername outside as inside (vpn... instead of myserver...)?
  Thanks!

  Solved, first of all we tested to establish the VPN connection locally by adding the ip address of the server to /etc/hosts for vpn.mycompany.com. The VPN connected without problems then, so it was clear that it is a firewall/router problem, and not a server problem.
  After that we studied some more documentations and found that we don't have to open port 50, but ip protocoll 50 (ESP) on the firewall. After that was done, the connection was working from the internet as well.