How to enable disk quotas in Lion Server (OS X 10.7.5)?

Similar Messages

• WGM Sharing "Enable disk quotas on this volume" greyed out

  I plan on enabling disk quotas on my server and noticed that the checkbox for enabling quotas is greyed out. How do I enable it?
  It's a basic server that does my mail, afp, and website.

  I am not terribly familiar with WGM and Server, but I noticed that we could not "enable disk quotas" on a share-point, but could on an actual drive, the volume (click the ALL tab up top). We have 3 Drives, System, Data, an backup, with multiple share-points on the drives..
  We have 10.4.2 Server
  Since there is no need for me to enable it, I did not follow through with it to see where it led me...
  Just my $.02, and it could be worthless, anyway.
  Kevin
  15" Powerbook 800 Mhz DVI   Mac OS X (10.4.7)   Wishing to upgrade...

• Unable to enable disk quotas in workgroup manager, X.4.8 server

  I am trying to enable disk quotas in workgroup manager for our open directory users with mobile accounts.
  I select "sharing" ---> all ---> drive that home directories are stored on ---> select "Enable disk quotas on this volume."
  I am able to click the tab but when I attempt to save it gives me "unable to save changes." How can I save the changes? Do I have to use the CLI for this?
  This is similar to this previous unsolved question on the boards: http://discussions.apple.com/thread.jspa?messageID=2495400
  I'm not trying to make any other changes when I'm saving this, and am authenticated as the directory admin. Any help is a big help!

  Nevermind, I found the answer in the archives after much searching. Went in via CLI and deleted the files below...voila! Disk quota goodness ensues and all is well.
  full thread here:
  http://discussions.apple.com/thread.jspa?messageID=2859843
  "I answer my own question. I deleted the two files ".quota.ops.user" and ".quota.user" at the root level of each disks and now I can activate disk quota."

• Setting disk quota on Mac server for Active Directory users

  I'm having trouble setting disk quotas for Active Directory users with home folders on our Mac server.
  I've enabled disk quotas on the disk I'm putting home folders on, and I can set disk quotas for local users on the server just fine. But it doesn't seem to work for Active Directory users. I've tried setting disk quotas via Workgroup Manager and via the command line using edquota. But when I use the repquota command there is no quota entry for the AD user. I've run quotacheck and that didn't help either.
  I also understand there's a setquota command but there's no man page on how that works.
  Has anyone got disk quota for AD users working.
  Better still has someone got a shell or perl script for setting quotas they could post.
  Thanks
  - Cameron

  sorry.. I am soooooo stupid... I have to activate "File Sharing" as well.. for the user everything was already pre-activated, not for the AD users, I just saw the Time Machine checkbox grayed out ...

• Where can I configure mail quotas in Lion Server?

  One (minor) problem for me, after upgrading from SnowLeopard Server to Lion Server is the fact, that I can't figure out where to administer the mail quotas. So far I have just managed to find the "Server Admin". Here, under Mail -> Maintenance I can see the quotas and under Mail->Settings->Quotas I can enable quota warnings and edit them. But I can't find a place to configure individual quotas. The quota settings from SnowLeopard server have been migrated and are still in place. But how should I change them. It used to be in WorkgroupManager. But in WorkgroupManager this item is gone.
  Many thanks for your replies.

  Followng up a bit,
  In looking into OD records on my Snow Leopard Server via the Inspector in WGM, I see the following attribute for one of my users for whom I've set a 1024mb mail quota.
  Name:
  MailAttriute
  Value:
  <?xml version="1.0" encoding="UTF-8"?>
  <dict>
            <key>kAPOPRequired</key>
            <string>APOPNotRequired</string>
            <key>kAltMailStoreLoc</key>
            <string></string>
            <key>kAttributeVersion</key>
            <string>Apple Mail 1.0</string>
            <key>kAutoForwardValue</key>
            <string></string>
            <key>kIMAPLoginState</key>
            <string>IMAPAllowed</string>
            <key>kMailAccountLocation</key>
            <string>[redacted].[redacted].org</string>
            <key>kMailAccountState</key>
            <string>Enabled</string>
            <key>kPOP3LoginState</key>
            <string>POP3Allowed</string>
            <key>kUserDiskQuota</key>
            <string>1024</string>
  </dict>
  I'm wondering if manually entering this attribute, and an XML value with at least the kUserDiskQuota key included will be all I need to do to implement per-user quotas in Lion Server.
  If I get time, I will test and report back.

• How to "Enable Disk Use"

  Does anyone know how to "Enable Disk Use" on the iTouch?
  Thanks

  As Jolly said, you can't.
  But free apps like Discover give you similar functionality.

• How to enable remote connections in SQL Server 2008

  I'm trying to enable remote connections in SQL Server 2008 R2 as described in the following article.  I see the error message at the top of the article. 
  http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
  One step in the article describes how to enable TCP/IP in Configuration Manager.  Specifically it says that
  'SQL Server NETWORK Configuration' should have TCP/IP enabled.
  The issue I've encountered is that my Configuration Manager
  is different than what appears in the article. My Configuration Manager shows the following:
  SQL Server 2005 Services
  SQL Server 2005 Network Configuration (32 bit)
         - Protocols for SQLExpress
  SQL Native Client Configuration (32 bit)
         - Client protocols
         - Aliases
  Note that I see 'SQL Server 2005 Network Configuration'
  rather than that for 2008.  When 'Protocols for SQLExpress'
  is expanded, there is a TCP/IP setting, but it's disabled and I see an
  Access Denied message if I try to enable this. 
  I also see a TCP/IP setting under Client protocols and successfully enabled this.  This uses port 1433 and I configured my firewall to accomodate this port as suggested in the article. 
  I also followed the other steps in the article, but still don't have remote access to SQL Server 2008 R2.  (I can access it from the office.)  I'm wondering if this remote access issue is because SQL Server
  2008 Network Configuration does not appear in Configuration Manager
  and if so, I'm interested in how this might be resolved.  (I'm running Windows 7 - 64 bit.)
  I'd appreciate any ideas on this.  Thanks. 

  Hello,
  Please refer to the following resource.
  http://support.microsoft.com/kb/KbView/914277
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• HT1296 how to enable disk usage

  how to enable disk usage

  This has never been a feature of any iphone/ipod touch/ipad.
  It is not a storage device, it simply mirrors the selected content of your computer.

• 0x8056530b error enabling disk deduplication on Windows Server 2012 R2 Volume - any ideas why or how to fix?

  I'm getting the following error when trying to enable disk de-duplication on a volume on my Windows 2012 R2 file server.  The error is:
  "There was an error updating Data Deduplication on volume: MSFT_DedupVolume.Volume='\\?\Volume{8dfc4322-9997-11e3-93f5-005056a84b9b}\' - HRESULT 0x8056530b, The specified volume type is not supported. Deduplication is supported on fixed, write-enabled
  NTFS data volumes and CSV backed by NTFS data volumes."
  The volume in question is a 1TB VMFS volume mounted to the virtual machine that is the Windows file server.  I could find no info anywhere that references this error as it relates to a standard mounted volume or VMware or VMFS. 
  Any ideas on what could be the problem or how to fix it?  I could find nothing in the log files other than an entry which is basically a repeat of the error above.
  Any help would be greatly appreciated.
  - ADEHART
  P.S. This is a volume that was previously mounted on an older Windows 2003 server.  Not sure if that may make a difference.

  have you compared this issue to the ones that are successful and compared what is different?
  Have you made sure of the following:
  Servers
  See the following list for server requirements for deduplication:
  • Server hardware should meet the minimum requirements for running Windows Server 2012. The deduplication feature was designed to support minimal configurations such as a single processor system with 4 GB of RAM and one SATA hard disk drive.
  • If you plan to support deduplication on multiple volumes on the same server, you need to plan an appropriately size for the system to ensure that it can process the data. The general rule is that the server needs 1 CPU-core and 350 MB of free memory to run a deduplication job on a single volume, and that job can process about 100 GB per hour or around 2 TB per day. Deduplication scales with additional CPU core processors and available memory to enable parallel processing of multiple volumes.
  For example: If you have a server with 16 CPU core processors and 16 GB of memory, deduplication uses 25% of the system memory in the default Background Processing mode, and in this case, that would be 4 GB. If you divide by 350 MB, you can calculate that the server could process about 11 volumes at a time. If you add 8 GB of memory, the system could process 17 volumes at a time. If you set an optimization job to run in Throughput mode, the system will use up to 50% of the system’s memory for the optimization job.
  • Data Deduplication supports up to 90 volumes at a time; however, deduplication can simultaneously process one volume per physical CPU core processor plus one. Hyper-threading does not impact this because only physical core processors can be used to process a volume. A system with 16 CPU core processors and 90 volumes will process 17 volumes at a time until all 90 volumes are done, if there is sufficient memory.
  • Virtual server instances should follow the same guidance as physical hardware regarding server resources.
  Volumes
  Volumes that are candidates for deduplication must conform to the following requirements:
  • Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
  • Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system.
  • Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported.
  • Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplication-enabled volume is converted to a CSV, but you cannot continue to process files for deduplication.
  • Do not rely on the Microsoft Resilient File System (ReFS).
  • Can’t be larger than 64 TB in size.
  • Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported.
  Note
  Files with extended attributes, encrypted files, files smaller than 32 KB, and reparse point files are not processed by deduplication.

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• How To Add Second Website In Lion Server 10.7.3

  I currently have Lion Server Running on a Mac Mini, communicating on a  LAN (Intranet) with no Internet access intended at this time. I'd like to host a second website.
  Can that be done? And how?
  Lion Server 10.7.3
  Enabled - File Sharing, Wiki, Website
  Computer Name - apollo
  Host Network - lunar.local
  Server Website - lunar.local
  Thank you

  I'm in the same boat.  No clue why this error keeps popping up but its driving me nuts and appears to be killing my ability to get the OD setup.

• How to turn off IPV6 on Lion Server

  I did a clean install of Lion Server on my Mac Mini. I need to enable the firewall on that machine.
  My Mini is only connected via WiFi to the network.
  Due to firewall / Networksoftware issues i would like to disable IPV6 on the Lion Server completely.
  The menu however only shows entries for "Automatic, Manual or Link-Local". On a Lion install (no Server) there is also the "Off".
  Is there any reason i cannot switch off IPV6? If i cannot switch it off how do i configure my firewall so my software no longer
  tries to connect using IPv6. I assume IPV6 is chosen in the first place due to a mDNS running with IPV6 enabled as i only configure ipv4 stuff and have eliminated all ipv6 completely from all other os's.
  thanks & regards
  udo

  I found a fix for this issue and applied it to several different MacBooks, iMac's, PowerMac's in the last couple of weeks. It works quite well and will now show or unlock the option of "Off" in the IPv6 section of GUI once these process is completed.
  Click some place on the desktop
  Click on the Go menu at the top of your screen
  Click on Utilities
  Inside the Utilities menu you will find the utility called Terminal
  Open up Terminal
  Depending if your account has admin privileges or the following will be different.
  In the terminal window type in the following:
  networksetup –listallnetworkservices  (precede this command with su or sudo if you are not logged in as an admin of the MAC)
  You will see a list of network services such as Wi-Fi, Ethernet, Bluetooth, Firewire etc etc.
  The next couple of commands will enable a new option in the GUI that will say Off under your Wi-Fi and Ethernet etc.
  networksetup -setv6off Ethernet
  networksetup –setv6off Wi-Fi
  networksetup –setv6off FireWire
  networksetup –setv6off 'Bluetooth PAN'  (if you have this)
  networksetup –setv6off 'VPN (PPTP)'   (if you have this)
  Close the terminal window and reboot your MAC
  You will be all set and all IPV6 stuff will be disabled for your networking and you will also have the new option in the GUI to change it if you so choose to in the future.

• How to setup iCal on a Lion server and its client machines?

  I recently bought a new mini server (running Lion) in order to share our iCal calenders (like in the Apple presentations). I thought this would be an easy process but apparently it isn't. So what was I already able to achieve:
  1) Set up 5 different clients (on the Lion server), with corresponding e-mailadresses and passwords.
  2) Activated iCal on the server preference window (ical: on)
  3) Tried to add the user a account on one of the five client machines => HERE it goes wrong.
  My main issue is that I'm not able to add a user account on a client machine and have it connected to the server.
  It would be really nice if someone could assist me with it.
  Warm Regards

  I posted additional information  online using the newly created Launchpad login Service account.
  I hope that explains my situation, if not I will add more detail here.
  There is no problem, when ither of the two OS are used to enable printing with the HP Deskjet 2050 J510 series printer.
  The problem begins when I try to print from the other OS , when connected to one of the Operating System.
  I have tried without success to print from Windows 7 Ultimate 64-bit OS from an HP Deskjet 2050 J510 series connected to a Ubuntu 12.04 LTS server with Amahi (HDA), installed.
  The same thing occurred when I tried to print from the Ubuntu server and the printer was connected to the Windows 7 Ultimate 64-bit running P.C.

• Enabling Google Analytics Mountain Lion Server

  Hi everyone,
  I just recently configured my first Mac server for a public school I'm working in. After setting up the Wiki server I was shocked there wasn't a way to enable Google Analytics, or any javascript for that matter. After a little poking around, I found a way to enable Google Analytics across all pages, Wiki, Home, My Page, etc.
  Terminal command in BLUE
  HTML comments in GREEN
  1. Log into your Google Analytics account and copy your embed code.
  2. Open the terminal and type: (I use nano, but you should be able to use your favorite text editor)
  sudo nano /Applications/Server.app/Contents/ServerRoot/usr/share/collabd/coreclient/app/v iews/layouts/application.html.erb
  3. You can add the script anywhere between the <head></head> tags. I chose to add it right below this section:
  <!-- [START] Script plugins -->
  <!-- [END] -->
  4. Create comments to start and end the Google Analytic section (optional) and paste your embed code. It should look something like this:
  <!-- [START] Script plugins -->
  <!-- [END] -->
  <!-- [START] Google Analytics Plugin -->
  <script type="text/javascript">
    var _gaq = _gaq || [];
    _gaq.push(['_setAccount', 'UA-XXXXXXXX-X']);
    _gaq.push(['_trackPageview']);
    (function() {
      var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
      ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
      var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  </script>
  <!-- [END] -->
  <!-- [START] View additions -->
  <!-- [END] -->
  5. Save and close the file
  6. I restarted the Wiki server, but I'm pretty sure it's not necessary.
  7. Now all your pages should have Google Analytics embedded. Load one of your pages and check the source to make sure.
  Enjoy!
  P.S. While I was in the application.html.erb file I added my own custom .js to the <!-- [START] Script plugins --> section to look like this:
  <!-- [START] Script plugins -->
  <script src="/wiki/javascripts/custom.js" type="text/javascript"></script>
  <!-- [END] -->
  I then included my custom.js file in /Applications/Server.app/Contents/ServerRoot/usr/share/collabd/coreclient/publi c/javascripts
  The js is loaded fine, but right now you can't embed any js events into the wiki. If I add 'onlick' or 'onload' to an HTML element in the Wiki editor, it gets removed when you click "Save". Trying to find a workaround now.

  Well no, Google doesn't solve all problems, but its a great place to start.
  As far as your issue goes, you need to provide more details before anyone could begin to guess, as we're not mind readers here.
  What do you mean by "Windows only sees the router, not the server"?  What does "sees" mean in this context?
  Who / what is Windows proofs?
  How are you trying to access the server?  SMB file sharing?  If so, how are you trying to connect?  What happens when you try?  Do the users trying to authenticate to the server have an account on it and access to the necessary services?

• How do I start NetBoot in Lion Server?

  I have the NetBoot service checked in server admin under 'services,' but it still has a grey circle next to it under the 'overview' tab (as well as DHCP and DNS).  Furthermore, it doesn't appear under the "services" list in the server application (where you see time machine, VPN, etc on the left side).  How can I start/configure the NetBoot service in Lion Server?

  Ah the trick is you need the old server admin app not the thing that gets installed...:
  http://support.apple.com/kb/DL1419