How to setup iCal on a Lion server and its client machines?
I recently bought a new mini server (running Lion) in order to share our iCal calenders (like in the Apple presentations). I thought this would be an easy process but apparently it isn't. So what was I already able to achieve:
1) Set up 5 different clients (on the Lion server), with corresponding e-mailadresses and passwords.
2) Activated iCal on the server preference window (ical: on)
3) Tried to add the user a account on one of the five client machines => HERE it goes wrong.
My main issue is that I'm not able to add a user account on a client machine and have it connected to the server.
It would be really nice if someone could assist me with it.
Warm Regards
I posted additional information online using the newly created Launchpad login Service account.
I hope that explains my situation, if not I will add more detail here.
There is no problem, when ither of the two OS are used to enable printing with the HP Deskjet 2050 J510 series printer.
The problem begins when I try to print from the other OS , when connected to one of the Operating System.
I have tried without success to print from Windows 7 Ultimate 64-bit OS from an HP Deskjet 2050 J510 series connected to a Ubuntu 12.04 LTS server with Amahi (HDA), installed.
The same thing occurred when I tried to print from the Ubuntu server and the printer was connected to the Windows 7 Ultimate 64-bit running P.C.
Similar Messages
-
I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
DVD>Disk Utility>Erase Disk [or Recovery Partition>Disk Utility>Erase Partition]
DVD>Install Lion
Reboot, hopefully Lion install kicks in
Update, update, update Lion (NOT Lion Server yet) until no more updates
System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
Terminal>$ sudo scutil --set HostName server.domain.com
App Store>Install Lion Server and run through the Setup
Download install Server Admin Tools, then update, update, update until no more updates
Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
A few DNS set-up steps and these most important steps:
A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
I. Test from web browser server.domain.com/mydevices: Lock Device to test
J. ??? Profit
12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
Firewall
Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
SSH
Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
client$ ssh-keygen -t rsa -b 2048 -C client_name
[Securely copy ~/.ssh/id_rsa.pub from client to server.]
server$ cat id_rsa.pub > ~/.ssh/known_hosts
I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
$ diff denyhosts.cfg-dist denyhosts.cfg
12c12
< SECURE_LOG = /var/log/secure
> #SECURE_LOG = /var/log/secure
22a23
> SECURE_LOG = /var/log/secure.log
34c35
< HOSTS_DENY = /etc/hosts.deny
> #HOSTS_DENY = /etc/hosts.deny
40a42,44
> #
> # Mac OS X Lion Server
> HOSTS_DENY = /private/etc/hosts.deny
195c199
< LOCK_FILE = /var/lock/subsys/denyhosts
> #LOCK_FILE = /var/lock/subsys/denyhosts
202a207,208
> LOCK_FILE = /var/denyhosts/denyhosts.pid
> #
219c225
< ADMIN_EMAIL =
> ADMIN_EMAIL = [email protected]
286c292
< #SYSLOG_REPORT=YES
> SYSLOG_REPORT=YES
Network Accounts
User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
Oh well.
Email
Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
root: myname
admin: myname
sysadmin: myname
certadmin: myname
webmaster: myname
my_alternate: myname
Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
cd /etc/postfix
sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
sudo serveradmin stop mail
sudo serveradmin start mail
Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
iCal Server
Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
Web
The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
$ diff httpd.conf.default httpd.conf
95c95
< #LoadModule ssl_module libexec/apache2/mod_ssl.so
> LoadModule ssl_module libexec/apache2/mod_ssl.so
111c111
< #LoadModule php5_module libexec/apache2/libphp5.so
> LoadModule php5_module libexec/apache2/libphp5.so
139,140c139,140
< #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
< #LoadModule encoding_module libexec/apache2/mod_encoding.so
> LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
> LoadModule encoding_module libexec/apache2/mod_encoding.so
146c146
< #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
> LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
177c177
< ServerAdmin [email protected]
> ServerAdmin [email protected]
186c186
< #ServerName www.example.com:80
> ServerName domain.com:443
677a678,680
> # Server-specific configuration
> # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
> Include /etc/apache2/mydomain/*.conf
I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
Alias /eyetv /Users/uname/Sites/EyeTV
<Directory "/Users/uname/Sites/EyeTV">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
<Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
User-agent: *
Disallow: /
Misc
VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.Privacy Enhancing Filtering Proxy and SSH Tunnel
Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
$ ./ssht 8080:[email protected]:3128
$ ./ssht 8080:alice@:
$ ./ssht 8080:
$ ./ssht 8018::8123
$ ./ssht 5901::5900 [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
$ vi ./ssht
#!/bin/sh
# SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
USERNAME_DEFAULT=username
HOSTNAME_DEFAULT=domain.com
SSHPORT_DEFAULT=22
# SSH port forwarding specs, e.g. 8080:localhost:3128
LOCALHOSTPORT_DEFAULT=8080 # Default is http proxy 8080
REMOTEHOST_DEFAULT=localhost # Default is localhost
REMOTEPORT_DEFAULT=3128 # Default is Squid port
# Parse ssh port and tunnel details if specified
SSHPORT=$SSHPORT_DEFAULT
TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
while [ "$1" != "" ]
do
case $1
in
-p) shift; # -p option
SSHPORT=$1;
shift;;
*) TUNNEL_DETAILS=$1; # 1st argument option
shift;;
esac
done
# Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
shopt -s extglob # needed for +(pattern) syntax; man sh
LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
USERNAME=$USERNAME_DEFAULT
HOSTNAME=$HOSTNAME_DEFAULT
REMOTEHOST=$REMOTEHOST_DEFAULT
REMOTEPORT=$REMOTEPORT_DEFAULT
# LOCALHOSTPORT
CDR=${TUNNEL_DETAILS#+([0-9]):} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
LOCALHOSTPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEPORT
CDR=${TUNNEL_DETAILS%:+([0-9])} # delete shortest trailing :+([0-9])
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEHOST
CDR=${TUNNEL_DETAILS%:*} # delete shortest trailing :*
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEHOST=$CAR
fi
TUNNEL_DETAILS=$CDR
# USERNAME
CDR=${TUNNEL_DETAILS#*@} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%@} # delete @
if [ "$CAR" != "" ] # leading or trailing port specified
then
USERNAME=$CAR
fi
TUNNEL_DETAILS=$CDR
# HOSTNAME
HOSTNAME=$TUNNEL_DETAILS
if [ "$HOSTNAME" == "" ] # no hostname given
then
HOSTNAME=$HOSTNAME_DEFAULT
fi
ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
&& echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
|| echo "SSH tunnel FAIL." -
How to setup not start cf9 local server on PC startup of VISTA OS
how to setup not start cf9 local server on PC startup of VISTA OS...? How to startup it manualy later if I wanted to?
The same way you would for any other Windows service: use the Services app in your Control Panel.
Adam -
Fresh Install of Mountain Lion how do I export users from Lion Server
I've been having some issues with Lion Server, mainly Kerberos related and Profile Manager. So I want to start fresh with Mountain Lion.
I've installed ML and Server, and profile manager is working now for the first time (yay!)
Now I want to Import all my existing Open Directory users from Lion, I don't want to Import the entire OD though because I think some of my kerberos issues will just get carried over to ML.
I would like to just export the Users to a file then use ML server to import users from file, but I can't see an option to export in Lion Server, I have tried doing it from WGM on Lion but the 'users' file is not recognised by ML serverGreat thanks for the reply, I'll try it tonight when everyone has logged off.
Yeah I was very pleased initially with kerberos on Lion, it worked great to start with, now I'm just getting expired tickets for a default realm when some users log in, yet other users continue to work fine.
I was planning to slowly install Mountain Lion Server and test is thouroghly but I've had a bit of a disaster that if forcing me to go live with ML server quicker than I wanted to!
Basically because on Lion Server I have all the Service Data on a separate drive, and I upgraded to ML server on a backup copy of Lion Server just to see what it was like, though now I've rebooted the original Lion drive but half of the services are now screwwed up because the ML Server must have changed them, so things like Wiki Server and Profile Manager are now broken from the Lion Server boot, they just show "Error Reading Settings"
I realise now I should have moved the Service data back to the local drive before doing a test upgrade so I wouldn't have messed it up! but now it seems like my best way forward is a fresh install of ML Server -
How to stream live media in Lion server
Even though Apple's website recommends QuickTime Broadcaster and Darwin server
see http://www.apple.com/quicktime/extending/resources.html
QuickTime Broadcaster is not compatible with Lion server and Darwin server webpage appears fixed to 2008...4 years ago!
So what is the solution now that I have Lion server?
I want to stream a live video feed from my education lab so that students overseas can view. No audio is OK.
QuickTime Broadcaster used to do the job fine...since 1998! Maybe I should reinstall 10.6 server?
Thanks.
Michael
=Check out Wowza.
Or look at Apple's replacement https://developer.apple.com/resources/http-streaming/
You will need a dev account to get the tools and when this first came out it was the equivalent of rocket science. I see that Apple has done some work to improve but we've never given it a second chance. -
Does anyone know how to publish a site using Lion server.
I have made a web site using I web and was trying to publish it using FTP and lion server but was quite sure were to find the server address and other required info.
If anyone can help it'd be greatly appreciated.
ThanksYou shouldn't need to use ftp to publish a site when using a server, this is the whole point, that you are not uploading anywhere external, but are hosting yourself on a dedicated computer running a server.
This is not really the place to ask. There should be more forums here that are specially dedicated to Lion server issues.
Try looking at the pages on the Apple site under info on Lion server and there should be a user manual for you to look at for Lion sever. Try looking at this.
This is an iWeb forum so not really the right place to ask questions regarding server issues. -
Lion Server: iOS 5 clients can't connect to Address Card Server
I have set up shared accounts on the server for Calendar and Address Book (family) sharing. Although I can add and use the Address Book shared account on OS X Lion clients, I can't get this to work on iOS 5 clients (iPhone nor iPad). I keep on getting "CardDAV account verification failed".
Calendar sharing works just fine on both OS X and iOS5 clients
Let me briefly describe my setup and observations:
Server:
Running Lion Server 10.7.2 on Mac Mini (server)
Using SSL connections with keys generated during set-up of the server
Portforwarding in router (ao) for 8008 and 8843 (iCal and Address Book)
Created shared accounts on server for Calendar ("sharedcalendar") and Address Book ("sharedcontacts")
In the DNS server I created services in my primary zone for "_caldavs._tcp." and "_carddavs._tcp." both on port 8443
OS X Client (Calendar)
Created additional CalDAV account in preferences (user "sharedcalendar")
Left the server settings untouched (server path, port "auto" and using SSL but not Kerberos)
Created in "sharedcalendar" different calendars and reminder lists for the family members which each can access from their OS X client
This account is now set-up through Profile Manager (tried this with Address Book as well but didn't make any difference)
iOS 5 Client (Calendar)
Once tested on standalone and got this working I'm now using the Profile Manager to push the definition of the shared account to all clients
Hostname with port 8443 (default)
Left Principal URL blank since it was optional
User "shared calendar" with the appropriate password
Ticked "Use SSL"
OS X client (Address Book)
Created additional CardDAV account in preferences (user "sharedcontacts").
Left the server settings untouched (port 443 using SSL)
iOS 5 client (Address Book)
In the settings add a CardDAV account (server, user "sharedcontacts", password, description).
First error message "Cannot connect Using SSL. Do you want to try setting up the account without SSL?". When I press continue I get the error "CardDAV account verification failed"
If I then save the account details still and edit the account I can access the "advanced settings". When I change to SSL I have tried port 0 (default value), 8443 (the one that's listed in the documentation) and 8843 (which is used by default if you try to set up the
account in Profile Manager). All to no avail, including Profile Manager
Observations:
Lion Server app nicely lists both Calendar and Address Book Server as active (plus Profile Manager, File Server, Web server and Wiki server)
When I access my server home page, Calendar is listed in addition to other services (Mail | Calendar | Change Password | Profile Manager) but not Address Book. Is this normal behaviour? i.e. can't Address Book entries be changed through a web interface?
Address Book on OS X client uses 443 for SSL but does not require me to define port 8443 for secure iCal or Address Book server communications
Lion Server Profile Manager specifies port 8843 as port for SSL communication. I only saw 8443 listed in documentation
The response "can't connect .." or "account verification failed" happens very quick which make me think either the verification doesn't even leave the iPad or there is something wrong in the SSL connection
Since iCal set-up works nicely using the same ports I am puzzled why it doesn't work for Address Book
Your solutions or suggestions how to investigate are most welcome,
ErikThanks for joining the discussion.
Although port 8443 is mosten quoted as correct port for CalDAV and CardDAV, port 8843 can be found both on Apple's website and other places:
see Technical Note 1649 to find port 8443 listed for iCal and port 8843 for Address Book
Mac OS X Lion Server for Dummies (sic) lists port 8843 on pages 236 and 238 but port 8443 in many other places
when you want to push iCal and Address Book information with Profile Manager, Profile Manager lists port 8443 for iCal but port 8843 for Address Book as default:
So I hope you understand I'm somewhat puzzled.
I did get the Address Book working for my Lion desktops with the all the necessary certificates as far as I know, just not for the iOS devices (iPhone and IpPad). iCal sharing from Lion Server works fine on both Lion and iOS devices. -
Creating a simpel network with Lion Server, and add Windows XP computers to it
We have a Mac Lion Server and 3 computers with Windows XP. Previously we had a Windows 2003 server with a domain name: "MYDOMAIN". When logging into Windows it logs into this domain.
I would like to replace this Windows 2003 server with my new Mac Lion server so, I build up a test setup. I connected the Mac Lion server (iMac) with my Windows XP pc with an ethernet cable. Then, I setup a DHCP, DNS and Open directory in the Server Admin. Added users. I configured the IP adres of the server to a static one by setting the IPv4 to "using DHCP with manual address".
Then I wanted to let my Windows XP server join the domain of the Lion Server, however I cannot let my Windows XP client connect to the domain of the Lion Server.
I read in the advanced administration that you can set up Windows XP for domain login. Where do I find the name of this domain? It should be stated in the server admin, open directory, settings, general tab, but the only thing I find here is: Role: Open Directory Master.
In Windows XP, when I explore in explorer the Microsoft-Windows Network I can see in "MYDOMAIN" the MacLion Server and my Windows XP pc. So sharing files is no problem.
However, I really want to create a new domain with my Lion Server and let the Windows XP pc's login to the new domain.
I hope anyone can help me.Thanks for the info.
I read some stuff about this indeed, so I was thinking, because we have a small network, could it be possible to share files on the server via a workgroup?
If we add the 3 Windows XP pc's to the same workgroup as the Lion Server, would there be a problem?
Then at startup of Windows XP, should we login to the pc instead of the domain? And where would I find the Lion server in Windows XP? -
I have a new lion server and 4 lion laptops. The laptops loose connection to the shared documents and printers from the server after roughly 1 hour. By disconnecting and re-connecting wireless the connection is regained to shares and printers. We can still surf the web when it goes down.
Ok 1st one. The warning restriction message relates to this line in main.cf:
smtpd_helo_restrictions = permit_sasl_authenticated permit_mynetworks check_helo_access hash:/etc/postfix/helo_access reject_non_fqdn_hostname reject_invalid_hostname permit reject_invalid_helo_hostname
The last reject occurs after the single word "permit" and is ignored.
However, that's not the problem.
I'm not exactly sure what's happening, but this might be a clue.
It would appear that either postfix is not being able to create the socket for private/policy or it's somehow created with the wrong permissions. You might need to ramp up the debug level to get a better idea.
You could check if it's being created by "netstat -a | grep private/policy" in terminal.
My guess is that it's not being created because there is no setup statement in your master.cf file, but I don't understand why postfix would be looking for it if it isn't set up. Private/policy I think relates to grey listing. Maybe gives you a hint. -
How do I set up a mail server and SMTP server to send messages to other mail servers at mavericks
How do I set up a mail server and SMTP server to send messages to other mail servers at mavericks
You need to get the settings for your email from your email provider and enter them in Internet Accounts (System Preferences). Many of the common systems are already available, all you need is a password and an email address to set them up.
-
How to setup oracle database to archivelog mode and auto delete ?
Oracle 11g R2
- How to setup database to archive log mode and have oracle only save 24 hours of archive logs
and delete the rest. So at any given time I will have only 24 hours of archive log and not more.
So only 1 day of archive logs.
- Let me know the database parameters I need to setup to accomplish this.
- I don't want to use the RMAN
- I am not setting up the database to archive log mode for recovery purpose. I am setting up archive log mode
so we can use the log miner tool to dig up achives to see log activity for any performance & tuning.
Edited by: johnpau2013 on May 9, 2012 6:09 PMjohnpau2013 wrote:
Thanks everyone for there responses.
I need to rephrase and explain everyone as what I wanted to do exactly. This might help everyone understand and suggest me.
We have oracle database 11g r2. Its a test database. Nothing is critical. We use EXPDP utility to backup the entire database every night. Which is enough for us to recover incase something happens. Even if we loose some data. That's fine.
We are testing our web application on this oracle test database for performance & tuning.
One thing we have noticed is that the redo logs are switching very frequently. 50MB each log file and there are 5 logs. each log switches every 40 seconds. So we wanted to see what is getting written in this redo logs. We wanted to use the LOG MINER tool in OEM to read the logs. It needed our database to be setup in archive log mode. So the log miner can read the archive logs and show us the sql's within the archive logs.
Now when we setup the archive log mode on our database. By default the archive logs destination was set to flash recovery area ( may be oracle default archive log location is flash recovery area folder).
We have setup the db_recovery_file_dest_size to 100GB. Now within 2 days we have filled up the flash recovery area folder. Database was frozen. Then we realized that its because oracle couldn't write archive logs. Because it reached the 100GB. Then we physically deleted files in the flash recovery area folder. Thinking it would help us start the frozen oracle database. But it didn't . The we realized that we are doing something wrong. As Oracle does not know that at OS level we deleted the files. Then temporarily we changed the db_recovery_file_dest_size to 130GB and were able to start the oracle database. Later we turned OFF the archive log mode.
Being a rookie DBA we would have not read something properly.
Finally:
We wanted to know how to always keep only 1 day of archive logs (only for our performance tuning ) and not more than that. All we need this 1 day of archive logs is to use the log miner to read them. Backup is NOT our priority here. Only be able to read the archive logs from LOG MINER is PRIORITY.
Correct me if I am wrong.Okay, so its making much more sense now, thanks for explaining your requirement.
Database won't honor anything that you would do over the o/s without telling it. Your deletion of the archive log from the o/s location is NOT updated in the control file of the database and that's why, even when you had deleted the entire 100GB , from the db perspective, the space was still marked as used. This is the same which would happen even if you would increase the space from 100gb to whatever size as well. To delete the space, you would need to update the database's control file and that you can do from RMAN using its two commands , crosscheck backup following with deleted expired backup . The first command would find that which database backup files are NOT on the o/s which are shown in the control file and would mark all of them as expired. The second command would simply delete those expired files. This would update the control file and you would have your 100gb or whatever space, given back to you.
To keep the archive logs of just one day, set up that Retention Policy for RMAN to either number of copies using the Redundancy option(default and set to 1) or Recovery Window. I believe for you Redundancy would be a suitable choice but you can have a read and play around with it. Setting it up would mark the files as Obsoleted and finally, you can write a small RMAN script to delete those obsoleted files.
Now, what I don't understand is that why you want to keep on generating the archive logs just for the log miner? If you would have generated them once and figure out the reason for extensive redo generation(did you try increasing the redo log file size, 50mb seems to be smallish) , I don't think that there is any reason to keep on generating the archive logs still .
And last part, for your question asked about that whether we can use RMAN to put the db in the archive log and is it a backup tool, yes and yes.
HTH
Aman.... -
Lion Server and TimeMachine Error 13
Hello,
I have a problem with a Lion Server and TimeMachine service. I have enabled the service and selected a volume for it. The server creates the share and does not report aby errors. If I go to a client machine and open TM I can see the "Backups" share and select it. The users credentials are validated witout a problem but when the backup is started it will end with the error "Cannot create sparseimage error 13"
I have checked that the share is visible to the client machine and the client has write permissions for the share.
Any ideas why this is happening?
MMHello,
I have a problem with a Lion Server and TimeMachine service. I have enabled the service and selected a volume for it. The server creates the share and does not report aby errors. If I go to a client machine and open TM I can see the "Backups" share and select it. The users credentials are validated witout a problem but when the backup is started it will end with the error "Cannot create sparseimage error 13"
I have checked that the share is visible to the client machine and the client has write permissions for the share.
Any ideas why this is happening?
MM -
Several years ago I upgraded my Mac Server from Snow Leopard the to Lion and then to Mountain Lion, where it is now. I believe I can fix a problem if I can rebuild my Mountain Lion Server from my Time Machine backup, however I just discoved that there is no Recovery HD on the drive. Is there still a way to use my Time Machine Backup to rebuild the server drive?
Any help will be appreciated.Recovery Drive – Restore Missing
-
My fonts are changing in iWed after I publish. I need step by step instructions on how to go to my third party server and clear out all of my files and reload my whole website, the solution I saw posted by another. Please someone help me on this. Urgent
If your fonts are changing when viewed on other computers - epecially those running windows - you need to look at using web-safe fonts...
http://www.iwebformusicians.com/iWeb/Fonts-Colors.html
Also make sure you clear your browser cache before viewing you published files. -
Bluetooth communication between J2SE server and J2ME client
Hi everyone!
I'm new here in this forum...
I try to make a small project to my studies,
My project will include J2SE server and J2ME client.
I'm stuck in the step of finding the server with the wireless toolkit emulator.
I found this issue in old subject: here
I try the solution in reply 6 but I don't understand exactly who to define kvem.home, and I got this error:
" You must define the system property "kvem.home" "
maybe someone can help me and explain how to do that?
thanks!Hello,
I want to find out how this can be done, too. I tried with
System.setProperty("kvem.home", "C:\\WTK2.5.2");but I get an error:
java.lang.UnsatisfiedLinkError: com.sun.kvem.jsr082.impl.bluetooth.BluetoothController.setSystemProperty(Ljava/lang/String;Ljava/lang/String;)I included these files in the build path:
c:\WTK2.5.2\wtklib\gcf-op.jar
c:\WTK2.5.2\wtklib\kenv.zip
c:\WTK2.5.2\wtklib\kvem.jar
and I import com.sun.kvem.bluetooth.*;
I'd appreciate any help.
Maybe you are looking for
-
Accounting entry not posted but MBEW table shows total stock and value
Hi My R/3 version 4.7 I have a material which is stockable and valuated of material type ERSA(Spare parts) This material was created in may 2007 and material ledger activated,i dont see master records in accounting view in material price analysis ta
-
How can i use "icloud backup" with ios 4.2.1?
How can i use "icloud backup" with ios 4.2.1? I tried to update my ihpone 3G wih the newest IOs. Seems not to be possible.
-
Error in Jboss after upgrading to AutoVue server 20.2.2 from 20.1.0
We've developed an integration to view the files using AutoVue server. At the first stage the integration we used AutoVue server 20.10 and the functionality works fine. After upgrading to AutoVue server 20.2.2 following error comes when accessing the
-
JavaScript displays oversize fonts in multiple browsers (OS 10.4.10)
My web site uses JavaScript for tabbed dropdown menus and scrolling type. Some users with OS 10.4.10 report that the type displayed by the JavaScript is oversize. For tabbed menus this causes the row of tabs to become too long so that the last tab(s)
-
Audio not working when connected to HDTV
I connected my MacBook Pro to my Samsung HDTV LN40D503F6F and also connected an HDMI cable to the TV using Apple mini DVI cable. I tried connecting to both HDMI/DVI 1 and HDMI 2. Video works fine when connected to both the HDMI ports, but the audio d