Lion Server blocks .doc on older PC's
After a lot of hassle my windows XP PC's can now connect to the shared directories on the Lion Server 10.7.2
However, a strange thing happens: the PC's have Microsoft Office 2003 installed. Word does not open any .doc files, but does open docx files. Also Word on the PC does not write .doc files to the shared directories.
Lion clients with Office for Mac 2011 do open both file types.
I have set all the permissions on the server in File Sharing to Read and Write for Everyone, and in the server section under storage (yes I found it!) to full controll.
What's up? My office is piled with .doc docs!
Hi Bob
SACLs stands for Service Access Control Lists. These are not the same as ACLs or Access Control Lists. With 10.7 all you get initially is the Server App with its 'dumbed down' and simplified Interface. Each user is either allowed or not allowed access to a service that is listed and/or enabled in the Server App. This is the only indication of SACLs you'll see in the new Server application. However there are more SACLs than the ones listed in the Server App. By default in 10.6 Server access was limited to pretty much all Services and there were many unwary and new users who did exactly what you did - reinstall after reinstall with the same repeatable results without realising they could have simply examined and enabled SACLs accordingly. I've seen similar in 10.7 Server. Perhaps your problem may disappear once you examine SACLs using Server Admin?
FWIW I've not seen anything getting hosed in any version of the Server going back to 10.4 by simply making a user an administrator or not.
HTH?
Tony
Similar Messages
-
Lion server configuration blocked...
Hello ! My lion server configuration is blocked...my computer seems not to work ....
I can not stop the configuration because the software tells me that he is still configuring....
I'm afraid that if i force closing the configuration application the installation would be corrupted....
any idea ?OK, I'm considering one other configuration for our workgroup server:
MacMini Server running Mountain Lion Server with two 750GB internal drives. These will both be data drives and set up as RAID mirror.
For the system drive I would boot from a small (64GB or 128GB) external Thunderbolt drive. It would act as a dedicated OS drive.
Other than a little bit more storage room, would that give me any advantage over having both my OS and Data on the internal RAID? I've heard that having your OS isolated can be beneficial for some reason.
(The RAID and the OS volume would be backed up nightly with weekly rotational offsite backup as well).
I think I've decided against SSD drives for the reason that woodmeister50 pointed out above (the network being more of a bottleneck than the drives). However, if there is some advantage to the external OS drive being SSD, Elgato has a nice thunderbolt solution for reasonable money.
Feedback appreciated! -
Cannot open Office 2004 documents with Office 2011 on Lion Server
I am in the process of moving our documents from a Tiger server to Lion server. My users who are using Office 2004 are having no issues, but the users with Office 2011 cannot open any documents with the .doc extension. I have tried logging on using afp and smb and I get different error messages but no access. When logging on as smb if I try to double-click I get the file type blocked message. If I go to File/Open I get the message Word cannot open this document. The file be in use, etc. There are no special characters in the file name. If I try to open a docx document then no problem. The same problem occurs with xls versus xlsx documents. Does anyone know if there is something different I should be doing. Permissions are set for full access. We have a mix of users with both versions of Office and over 90% of the file server are .doc or .xls documents. I cannot fully implement until I get this resolved.
I am having the same problem with UCM 10gr3. Our desktop engineers are doing an enterprise upgrade of MS Office to 2010 and this issue just surfaced. Trish, how do your users authenticate to Beehive? We are using a cusom connector using our AD.
-
Upgrade from Lion Server to ML 10.8.1 Broke Mail server!
....10.8.1 OD seems to work, files and AFP available, but Mail server not working correctly. Now users don't see mail, postfix issues numerous errors about missing system_user_maps and delivers no mail? Must recover mails! Help! Where should I look, and what to read for Diagnosis ?
After upgrade in place from SL to Lion to ML. most services did not work correctly; except for Mail and DNS and OD. Reinstalled. Now most everything seems to work including Card Services, Calendars, Wiki, Web, DNS, OD. But Mail is off and missing??? No delivery of INcoming mail, No Sending Mail, no IMAP Mail login for users.
On Mail configuration in Server.App: Turned off All Filtering. Have rebooted Server several times, Restarted Mailserver from Server,app and Terninal. Same Results. Somewhere along the line from Server 10.5 to SL to Lion to 10.8 incoming Maill started going to [email protected] rather than simply [email protected].
Is it possible that virtual domains are fuzzing up the works? The error logs use the longer virtual domain (with the sevrer name prefix) rather than the domain name?
Here are some sample Log messages:
From SYStem Log:
Sep 7 19:33:56 plg1.plg-law.com postfix/cleanup[1998]: warning: 8273B199E3F8: recipient_canonical_maps map lookup problem for [email protected]
Sep 7 19:33:56 plg1.plg-law.com postfix/pickup[1324]: warning: maildrop/ECF3A196A4FE: error writing 8273B199E3F8: queue file write error
Sep 7 19:33:58 plg1.plg-law.com postfix/pickup[1324]: warning: E5AC9199E3F9: message has been queued for 1 days
Sep 7 19:33:58 plg1.plg-law.com postfix/cleanup[1998]: warning: hash:/etc/postfix/system_user_maps is unavailable. open database /etc/postfix/system_user_maps.db: No such file or directory
Sep 7 19:33:58 plg1.plg-law.com postfix/cleanup[1998]: warning: hash:/etc/postfix/system_user_maps lookup error for "[email protected]"
Sep 7 19:33:58 plg1.plg-law.com postfix/cleanup[1998]: warning: E5AC9199E3F9: recipient_canonical_maps map lookup problem for [email protected]
Sep 7 19:33:58 plg1.plg-law.com postfix/pickup[1324]: warning: maildrop/ED4AB196A4FF: error writing E5AC9199E3F9: queue file write error
Sep 7 19:33:59 plg1.plg-law.com postfix/cleanup[1998]: warning: hash:/etc/postfix/system_user_maps is unavailable. open database /etc/postfix/system_user_maps.db: No such file or directory
Sep 7 19:33:59 plg1.plg-law.com postfix/cleanup[1998]: warning: hash:/etc/postfix/system_user_maps lookup error for "[email protected]"
Sep 7 19:33:59 plg1.plg-law.com postfix/cleanup[1998]: warning: 385DD199E3FB: recipient_canonical_maps map lookup problem for [email protected]
Sep 7 19:33:59 plg1.plg-law.com postfix/pickup[1324]: warning: maildrop/EE2A9199B211: error writing 385DD199E3FB: queue file write error
From SMTP Log:
Sep 7 19:35:24 plg1.plg-law.com postfix/pickup[1324]: 3652E199E487: uid=78 from=<_mailman>
Sep 7 19:35:24 plg1.plg-law.com postfix/cleanup[1998]: warning: hash:/etc/postfix/system_user_maps is unavailable. open database /etc/postfix/system_user_maps.db: No such file or directory
Sep 7 19:35:24 plg1.plg-law.com postfix/cleanup[1998]: warning: hash:/etc/postfix/system_user_maps lookup error for "[email protected]"
Sep 7 19:35:24 plg1.plg-law.com postfix/cleanup[1998]: warning: 3652E199E487: recipient_canonical_maps map lookup problem for [email protected]
Sep 7 19:35:24 plg1.plg-law.com postfix/pickup[1324]: warning: maildrop/8E82B199AD06: error writing 3652E199E487: queue file write errorhere's my configured postfix main.cf file from /etc/postfix/main.cf (mountain lion server 10.8.1)
Server.app should have somewhat configured it correctly for you in someways, but something got messed up in the import script I guess.
Hope this helps...
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
queue_directory = /Library/Server/Mail/Data/spool
# The command_directory parameter specifies the location of all
# postXXX commands.
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
data_directory = /Library/Server/Mail/Data/mta
# QUEUE AND PROCESS OWNERSHIP
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
mail_owner = _postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#mydomain = domain.tld
# SENDING MAIL
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# [email protected].
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
# Note: you need to stop/start Postfix when this parameter changes.
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
# - You redefine the local delivery agent in master.cf.
# - You redefine the "local_transport" setting in main.cf.
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
# Details are described in the LOCAL_RECIPIENT_README file.
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a [email protected] address.
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
# If you're connected via UUCP, see also the default_transport parameter.
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a [email protected] address.
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
# Specify 0 to disable the feature. Valid delays are 0..10.
#in_flow_delay = 1s
# ADDRESS REWRITING
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#recipient_delimiter = +
# DELIVERY TO MAILBOX
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
# luser_relay works only for the default Postfix local delivery agent.
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#luser_relay = [email protected]
#luser_relay = [email protected]
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
# For details, see "man header_checks".
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
# The following parameters are used when installing a new Postfix version.
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
sendmail_path = /usr/sbin/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
newaliases_path = /usr/bin/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
mailq_path = /usr/bin/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
setgid_group = _postdrop
# html_directory: The location of the Postfix HTML documentation.
html_directory = /usr/share/doc/postfix/html
# manpage_directory: The location of the Postfix on-line manual pages.
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
sample_directory = /usr/share/doc/postfix/examples
# readme_directory: The location of the Postfix README files.
readme_directory = /usr/share/doc/postfix
#======================================================================
# dovecot
dovecot_destination_recipient_limit = 1
# default mailbox size limit set to no limit
mailbox_size_limit = 0
# List of ciphers or cipher types to exclude from the SMTP server cipher
# list at all TLS security levels.
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
# Protect SSL/TLS encryption keys
tls_random_source = dev:/dev/urandom
# (APPLE) Credentials for using URLAUTH with IMAP servers.
imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
# (APPLE) The SACL cache caches the results of Mail Service ACL lookups.
# Tune these to make the cache more responsive to changes in the SACL.
# The cache is only in memory, so bouncing the sacl-cache service clears it.
use_sacl_cache = yes
# sacl_cache_positive_expire_time = 7d
# sacl_cache_negative_expire_time = 1d
# sacl_cache_disabled_expire_time = 1m
#======================================================================
mydomain_fallback = localhost
message_size_limit = 104857600
biff = no
mynetworks = 127.0.0.0/8,www.yourvirtaldomain.com
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
recipient_delimiter = +
smtpd_tls_ciphers = medium
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
recipient_canonical_maps = hash:/etc/postfix/system_user_maps
smtpd_use_pw_server = yes
smtpd_sasl_auth_enable = yes
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = loopback-only
smtpd_helo_required = yes
smtpd_pw_server_security_options = cram-md5,gssapi
header_checks = pcre:/etc/postfix/custom_header_checks
smtpd_tls_CAfile = /etc/certificates/computer.yourdomain.com.D800DD955D66179EEA4321DAA0617A19FFCD1 5C1.chain.pem
smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
relayhost =
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit
smtpd_enforce_tls = no
smtpd_use_tls = yes
enable_server_options = yes
smtpd_tls_key_file = /etc/certificates/computer.yourdomain.com.D800DD955D66179EEA4321DAA0617A19FFCD1 5C1.key.pem
smtpd_tls_cert_file = /etc/certificates/computer.yourdomain.com.D800DD955D66179EEA4321DAA0617A19FFCD1 5C1.cert.pem
mydomain = yourdomain.com
virtual_alias_maps = $virtual_maps hash:/etc/postfix/virtual_users
virus_db_update_enabled = 1
mailbox_transport = dovecot
postscreen_dnsbl_sites = zen.spamhaus.org*2
maps_rbl_domains =
virtual_alias_domains = $virtual_alias_maps hash:/etc/postfix/virtual_domains
config_directory = /Library/Server/Mail/Config/postfix -
I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
DVD>Disk Utility>Erase Disk [or Recovery Partition>Disk Utility>Erase Partition]
DVD>Install Lion
Reboot, hopefully Lion install kicks in
Update, update, update Lion (NOT Lion Server yet) until no more updates
System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
Terminal>$ sudo scutil --set HostName server.domain.com
App Store>Install Lion Server and run through the Setup
Download install Server Admin Tools, then update, update, update until no more updates
Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
A few DNS set-up steps and these most important steps:
A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
I. Test from web browser server.domain.com/mydevices: Lock Device to test
J. ??? Profit
12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
Firewall
Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
SSH
Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
client$ ssh-keygen -t rsa -b 2048 -C client_name
[Securely copy ~/.ssh/id_rsa.pub from client to server.]
server$ cat id_rsa.pub > ~/.ssh/known_hosts
I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
$ diff denyhosts.cfg-dist denyhosts.cfg
12c12
< SECURE_LOG = /var/log/secure
> #SECURE_LOG = /var/log/secure
22a23
> SECURE_LOG = /var/log/secure.log
34c35
< HOSTS_DENY = /etc/hosts.deny
> #HOSTS_DENY = /etc/hosts.deny
40a42,44
> #
> # Mac OS X Lion Server
> HOSTS_DENY = /private/etc/hosts.deny
195c199
< LOCK_FILE = /var/lock/subsys/denyhosts
> #LOCK_FILE = /var/lock/subsys/denyhosts
202a207,208
> LOCK_FILE = /var/denyhosts/denyhosts.pid
> #
219c225
< ADMIN_EMAIL =
> ADMIN_EMAIL = [email protected]
286c292
< #SYSLOG_REPORT=YES
> SYSLOG_REPORT=YES
Network Accounts
User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
Oh well.
Email
Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
root: myname
admin: myname
sysadmin: myname
certadmin: myname
webmaster: myname
my_alternate: myname
Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
cd /etc/postfix
sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
sudo serveradmin stop mail
sudo serveradmin start mail
Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
iCal Server
Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
Web
The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
$ diff httpd.conf.default httpd.conf
95c95
< #LoadModule ssl_module libexec/apache2/mod_ssl.so
> LoadModule ssl_module libexec/apache2/mod_ssl.so
111c111
< #LoadModule php5_module libexec/apache2/libphp5.so
> LoadModule php5_module libexec/apache2/libphp5.so
139,140c139,140
< #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
< #LoadModule encoding_module libexec/apache2/mod_encoding.so
> LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
> LoadModule encoding_module libexec/apache2/mod_encoding.so
146c146
< #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
> LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
177c177
< ServerAdmin [email protected]
> ServerAdmin [email protected]
186c186
< #ServerName www.example.com:80
> ServerName domain.com:443
677a678,680
> # Server-specific configuration
> # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
> Include /etc/apache2/mydomain/*.conf
I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
Alias /eyetv /Users/uname/Sites/EyeTV
<Directory "/Users/uname/Sites/EyeTV">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
<Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
User-agent: *
Disallow: /
Misc
VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.Privacy Enhancing Filtering Proxy and SSH Tunnel
Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
$ ./ssht 8080:[email protected]:3128
$ ./ssht 8080:alice@:
$ ./ssht 8080:
$ ./ssht 8018::8123
$ ./ssht 5901::5900 [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
$ vi ./ssht
#!/bin/sh
# SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
USERNAME_DEFAULT=username
HOSTNAME_DEFAULT=domain.com
SSHPORT_DEFAULT=22
# SSH port forwarding specs, e.g. 8080:localhost:3128
LOCALHOSTPORT_DEFAULT=8080 # Default is http proxy 8080
REMOTEHOST_DEFAULT=localhost # Default is localhost
REMOTEPORT_DEFAULT=3128 # Default is Squid port
# Parse ssh port and tunnel details if specified
SSHPORT=$SSHPORT_DEFAULT
TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
while [ "$1" != "" ]
do
case $1
in
-p) shift; # -p option
SSHPORT=$1;
shift;;
*) TUNNEL_DETAILS=$1; # 1st argument option
shift;;
esac
done
# Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
shopt -s extglob # needed for +(pattern) syntax; man sh
LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
USERNAME=$USERNAME_DEFAULT
HOSTNAME=$HOSTNAME_DEFAULT
REMOTEHOST=$REMOTEHOST_DEFAULT
REMOTEPORT=$REMOTEPORT_DEFAULT
# LOCALHOSTPORT
CDR=${TUNNEL_DETAILS#+([0-9]):} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
LOCALHOSTPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEPORT
CDR=${TUNNEL_DETAILS%:+([0-9])} # delete shortest trailing :+([0-9])
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEHOST
CDR=${TUNNEL_DETAILS%:*} # delete shortest trailing :*
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEHOST=$CAR
fi
TUNNEL_DETAILS=$CDR
# USERNAME
CDR=${TUNNEL_DETAILS#*@} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%@} # delete @
if [ "$CAR" != "" ] # leading or trailing port specified
then
USERNAME=$CAR
fi
TUNNEL_DETAILS=$CDR
# HOSTNAME
HOSTNAME=$TUNNEL_DETAILS
if [ "$HOSTNAME" == "" ] # no hostname given
then
HOSTNAME=$HOSTNAME_DEFAULT
fi
ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
&& echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
|| echo "SSH tunnel FAIL." -
Trying to access Lion server remote using multi-user access, but from a legacy Leopard system
Just purchased a mini server running Lion, and got screen sharing working fine from my legacy system (32-bit so Leopard only). However, I would like to run in multi-user mode, so someone can use the Lion system and another person can access their own account, from the older Leopard system, at the same time. Using multi-user rather than screen sharing. But Leopard does not have the option on the Finder/Share Screen command, the pop-up window to select screen sharing or new virtual session. So, is there a way still to run a new virtual session from a remote client running Leopard? Since the multi-user capability resides on the Lion server, it should be possible, but how, without the pop-up menu?
Message was edited by: Kurt-SyracuseHey. I suggest you check out http://discussions.apple.com/message.jspa?messageID=9839785#9839785, where there are a couple solutions posted in regard to the error code -36 when connecting to a samba share. Good luck!
Jeremy A.
Tekserve Intern -
Configuring postfix on Mountain Lion Server
I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server. The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
I would like to configure Postfix to only accept email that is forwarded from a gmail business account. The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to [email protected]
The server WAN domain is nonpublic.com The ip address is 96.231.165.126
The server LAN is nonpublic.local The ip address is 10.6.18.201
The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch. The external traffic to the WAN flows through the switch as tagged packets. The LAN traffic is not tagged. The VLAN connection is running 802.1q
When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
Jun 7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
Jun 7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
I can send emails from a client on the LAN through this server with no problems. The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info. I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application. I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
Any help would be appreciated.MrHoffman, thank you for your response to my challenge to get the new test server working. This is a migration from Snow Leopard Server to Mountain Lion Server.
Here is the "checkhostname" test results:
blue:~ admin$ sudo changeip -checkhostname
Password:
Primary address = 96.231.165.211
Current HostName = blue.pderby.com
DNS HostName = blue.pderby.com
The names match. There is nothing to change.
dirserv:success = "success"
blue:~ admin$
Here is the response from postconf -n
blue:~ admin$ postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = /usr/share/doc/postfix/html
imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
inet_interfaces = loopback-only
inet_protocols = all
mail_owner = _postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydomain_fallback = localhost
newaliases_path = /usr/bin/newaliases
queue_directory = /Library/Server/Mail/Data/spool
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
use_sacl_cache = yes
blue:~ admin$
I agree that I should change the LAN domain from .local to something like .internal or whatever. I've been running with .local for 5 years on snow leopard server and never had any problems so that was a low priority.
I hope I'm just not seeing some obvious setting in main.cf -
Lion server as advanced gateway
Hello, first of all, I want apologize for mistakes in language.
Today I've installed Lion server at work. This is our first time of using Mac as network server.
We need this server for several tasks:
- file sharing
- web server with different hosts (we are web developers)
- gateway (2 internet connections: 1 - fast and expensive (eth0), 2 - slow and cheap (USB 3G))
- collaboration assist.
Here I need to say, that prevoriously we hadn't server with those roles. We had:
- My office iMac as storage
- there was a separate web server on each developer's computer
- Windows Server 2003 and Kerio Contnrol as gateway
- as collaboration assist we use white office desk =)
Now about problems. First and last server roles are not so difficult, and mostly so I want to ask about third role: "Advanced gateway".
We have LAN for a 10 computers (some of them PC, some - macs), also we have two internet connections (as I said before) and the mission =):
- ALL traffic from 7 computers must go thru USB 3G modem
- common traffic from 3 others computers must go thru eth0
- all traffic to google, facebook etc from those 3 comps must go thru USB 3G modem (drivers was installed, modem works fine)
Is it real to get it works?I'm not entirely sure I understand what you're asking.
From your post it sounds like you just need to setup file sharing and some simple access controls, right? What's the block here? Have you tried it and it didn't work? What's preventing you from just doing this? (it's not all that hard). -
VPN to Mountain Lion Server issues
Hi,
I checked a lot of VPN threads here today, but I wasn't able to find a solution for my problem just now. I try to connect by VPN to my Mountain Lion Server, but I get an error message that the VPN server is not responding. I get this message from iPhone and Mac. The Mountain Lion Server is a new installation, no upgrade from an older server.
Some informations on my setup:
I installed the server with a hostname like myserver.mycompany.com and option 3 (internet access), as I want to use it for email at a later stage. All services are working fine (except VPN). DNS is active, but basically it only contains the adress myserver.mycompany.com and forwards everything else to our router.
I changed the DNS settings of our domain ( hosted by an ISP - so not in the local DNS ! ). I created a subdomain vpn.mycompany.com which points to the static IP of our router.
In the router I opened the UDP ports 500, 1701 and 4500, and for 1701 i made the same thing for TCP (I found this in a forum, but I think this is not necessary?), the ports are pointing to the ip of the os x server.
In OS X Server I started VPN for L2TP using the vpn.mycompany.com hostname, and a shared secret.
When I try to connect with I client from outside I try to connect using L2TP via vpn.mycompany.com using the shared secred and user-id and password. The user-id is created in OS X Mountain Lion server and is configured to use VPN service. When trying to connect I get the error message "L2TP-VPN server is not repsonding...".
In the log file of the server I see some entries for each connect:
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: Connecting.
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IPSec Phase1 started (Initiated by peer).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Oct 10 20:21:48 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
Oct 10 20:22:06 --- last message repeated 2 times ---
Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (2,0)
Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [1716] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (100000,0)
Oct 10 20:22:06 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
No more entries in log file now. Anyone any ideas what's going wrong. Might there be a problem as I use another servername outside as inside (vpn... instead of myserver...)?
Thanks!Solved, first of all we tested to establish the VPN connection locally by adding the ip address of the server to /etc/hosts for vpn.mycompany.com. The VPN connected without problems then, so it was clear that it is a firewall/router problem, and not a server problem.
After that we studied some more documentations and found that we don't have to open port 50, but ip protocoll 50 (ESP) on the firewall. After that was done, the connection was working from the internet as well. -
How to install OSX 10.6 client in Mac Mini Server 10.7 Lion Server
I am ordering a Mac Mini Server with Lion Server 10.7, with 256GB SSD and 750GB HD. I want to use Snow Leopard (client/workstation) instead. Previously I have already purchased retailed version of 10.5 clients and 10.6 client upgrade. Please advise the best approach from the followings (or more suggestions from you guys...).
(A) The boot disk (likely to be the SSD) will be re-formatted and re-installed by "clean" installation of 10.6 client. But I am not sure whether all hardware drivers for the new Mac Mini (2011) are available in the 10.6 client disk. Also, it seems to me that installation disk of 10.7 server will not be provided. So I shall not be able to re-install server version again if I want to change this Mac to a server sometimes afterwards. Of course I would like to keep this server software for investment protection, no matter I use it or not. If 10.6 client can be installed, I shall use bootcamp to install Windows 7 also. So there will be 2 partitions to be usable aparently.
(B) The factory-installed OSX 10.7 server is kept, and one more partition is created (with Disk Utilties). Snow Leopard workstation 10.6 will be installed at this new partition. If 10.6 client can be installed, I shall use bootcamp to install Windows 7 also. So there will be 4 partitions, including 10.7 server, 10.6 client, 10.7 recovery drive and bootcamp for Windows 7. Since I want to put all OS software at the SSD (faster boot-up and better performance), the drawback is that each partition is with less space.
Do you guys have other ideas or suggestions?
[Background]
In fact I want to make use of its strongest computing power (amongst available Mac Mini computers in store), quad-core CPU & dual disks, to run music applications (DAWs). Operating systems are put at SSD, and data is put at traditional harddisk. As some music applications (e.g. Calkwalk Dimension) only support 10.6 currently, I need to down-grade from Lion server to Snow Leopard workstation. Also I think applications can run faster in a hardware with workstation OS (rather than server version). Please correct me if this belief is wrong.
Thanks / Howard.If you completely wipe the original Mac mini boot drive you will wipe the Server.app software an dlose it. You should make a backup first, perhaps by saving the entire boot drive as a Disk Image file on to another drive.
In terms of install 10.6, the 10.6 DVD will not boot on the new Mac mini even if you connect a DVD drive. You need to put the Mac mini in to FireWire Target Disk Mode and connect it to an older Mac that will allow booting from that DVD, then install on to the Mac mini (over FireWire), you then need to upgrade it using the 10.6.8 Combo Updater this will add the drivers needed for the new Mac mini. -
Migrate 10.4.11 Server to Lion Server
Hi,
We have an older G5 sever running 10.4.11. It was setup quite a while ago, and I don't do IT consistently, so it might take a while to 'refresh' the mind on what was initially done when it was first setup.
But we just purchased a new Mac Mini server running 10.7.x. I found a PDF about Upgrading & Migrating to 10.7 and it specifically states 'The upgrade or migration to Lion Server from a v10.5 PowerPC is not supported.'
So I'm just wondering if anyone could give any advice or tips on how to get the new server setup to match our existing server with the least amount of setup time involved (we're pretty busy at the moment). I guess eyeballing it by looking at each side-by-side would be a worst-case scenario, but I can't imagine that would go all too smoothly.
Our usage was pretty limited, so I'm hoping this will ease the process. Here's the things I can think of off the top of my head that we will need to setup the same as current:
- User accounts, passwords, groups, permissions (we have less than 10 users).
- Firewall setup (we've made a lot of tweaks over the years to get everything to work with our network/router).
- VPN
- Share Points (we currently have an internal RAID 1 file-serving drive that will be migrating to an external Thunderbolt RAID 5 array. We just want to make sure all Share Points, ACLs & permissions don't get messed up in the transfer).
Thanks for any help!To the extent that you have old PowerPC software that requires Rosetta, Rosetta is no longer included with Lion. The reason these applications do not work in Lion Server is that they were written for the older PowerPC CPU that all Macs used up to 2006 (in your case the G5). When Apple made its transition to the Intel CPU, they licensed software that they included in all versions of OS X (from Tiger to Leopard and optionally, Snow Leopard) called Rosetta.
Rosetta miraculously allows PowerPC applications to work on the Intel processor transparently; you do not know it is even present.
The problem is that after 6 years of the transition, Apple's license to use the underlying software expired for OS X Lion and all version thereafter (and it is doubtful that the current owner of the software, IBM, would relicense it, even if Apple were inclined to do so).
So for those of use that need to run Lion, I have offered the option to install Snow Leopard (with Rosetta) into Parallels 7:
[click on images to enlarge]
Full Snow Leopard installation instructions into Parallels 7 are here:
http://forums.macrumors.com/showthread.php?t=1365439 -
Adding redirect path and pattern in Lion server for configuring software update server
Adding redirect path and pattern in Lion server for configuring software update server.Any changes
Ok, after days of browsing on the forum I found the following hint on another discussion related to AFP access:
"This may be a service ACL issue.
It turns out one of the latest Apple updates turned on Service ACL's which caused AFP connections to be blocked. Once I fixed the Service ACL in Server Admin... all connections and Single Sign On worked."
Well, after allowing access to all services to all users with Server Admin, we were finally able to log in the server with our admin account...
So, there must have been an update that turned on ACL's which caused even our local access, probably for OD/Kerberos, on the server to be restricted. -
Help! Can't reinstall Lion Server on Mac Mini Server
To me, the perfect computer is a Mac Mini server (the current model) with one of the HDDs replaced with an SSD. I did this with two Mac Minis three months ago and it went perfectly.
Well. I bought a third Mac Mini and have attempted to do the following:
Carefully opened the case, removed the top parts and memory.
Removed the top 500 GB HDD
Replaced it with a OCZ Vertex 3 SATA III 2.5" SSD
Booted from a SD Card with the recovery system on it
Formatted both SSD and the other HDD, ensured they have the GUID boot block needed for Apple booting
What happened was...a total let down. It would start to download Mac OS Lion Server then tell me, "Could not find instalation information for this machine. Contact Applecare." If I went and re-formatted the SSD and tried it again, often it would go past this section, actually starting the download, but then I'd get "Can't download the additional components needed to install OS X."
I verified all connections were solid. Putting the original HDD back caused the machine to boot fine and let me set up Lion Server for use (oddly, even though I'd formatted one of the two RAID drives, but whatever). I am doing the exact same thing I did before successfully, only with an OCZ drive this time instead of Other World Computing. Either Mac Minis hate working with OCZ SSDs, or I made some mistake somehow (I'm pretty sure I didn't), or else Apple has flipped a switch forbidding software restoring of Mac Minis that have been "altered" from factory state. If so this will be a huge problem for Apple. I will make sure the major Apple blogs hear of this, if this is the case.
Can anyone suggest what else I can try to get this to install? If I can get a spare OCZ SSD so it's exactly the same as my previous successes. Otherwise I don't know what else to try.
(I guess cloning the system from one of the Mac Minis that works would be a possibility, though I want to solve this.)Found that the second hard drive is broken. I have to go to the apple store to have it replaced.
I had to press the power button to turn the server off for several times, then the broken hard drive went disappeared. After that, I had to disable the Spotlight. Then the server went back to work normally.
Now I made a CCC copy of the primary hard drive, and would like to have the server run on the external raid disk (connected through thunderbolt). Does anyone have previous experience with it? Any expectable drawback or issue with this setup? -
Untrusted VPN Server Blocked after a reload
Hi
I have an ASA5510 in failover, after a reload, a message "Untrusted VPN Server Blocked" appears after the first attempt to connect to the VPN, if we uncheck the "Block connections to untrusted servers" in preference settings the profile is updated and the connection is successful.
If I disconnect the VPN and try again it appears another profile.
I try this step for another link, but the result is the same for me
Try the following steps,
1. Click on Anyconnect Client profile
2. Edit Anyconnect_Group profile
3. Edit Server list
4. Add or Edit the hostname (You will see IP address, however, your cert is URL address ) So you have to add it or delete the IP address and keep URL )
5. Host display: Remote.exmaple.com and FQDN: Remote.example.com
** Your cert that you applied for the interface must match the URL otherwise it won't work. So you can make your Cert
(( *.example.com )) and it should match any URL you give
Does anyone knows what could be the cause of this problem?
RegardsRicardo,
it sounds like you don't have a certificate installed on the ASA, so the ASA uses a non-persistent self-signed certificate.
This doc explains how to create a persistent self-signed certificate:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
Better still would be to purchase a 'real' certificate from a 3rd party CA, the doc below has more details on how to do this:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809fcf91.shtml
hth
Herbert -
Trying to connect IMac to Lion server (network account)
Hello,
I have been trying to get this to work for a few weeks now. I have 2 Imacs and a Macbook, i am trying to login to a network account. I did the step by step to set up my server. I can screen share and see all the shared folders. I have a network user in the work group, and when i go to users on my macbook, and say join the server, i get host not found, but the server is active.
My network is a DSL modem ( in bridge mode), then to a time capsule, that is hard wired to my server and one Imac, everthing else is wireless. My time capsule hands out the Ip's, and a DNS server is running on my lion server.
Am I having a DNS problem, I am not sure what DNS has to go where starting with the time capsule. Should i have my time capsule just server one IP to my lion server and have the server hand out the other IP's over DHCP?
My goal is to have network user account on my server, and no matter what computer you use, you can get the same information. Then set up mobile account for when my macbook is not on the network.
I setup profile manager, and tried to push my settings to my account, but it also fails every time.
I tried to follow apple's doc's on this but I have luck with some things, and now with others.
I am running lion server on a mac mini server.
Thank you,
JustinHI,
my experience is as follows:
1. You have to setup a home folder for network/mobile users with Server.app
2. Create a group for network users with the workgroupmanagement.app from serveradmin tools
3. Create users with correct settings under "preferences" in workgroupmanagement.app, especially "rules"
4. Put the users in the group
4. Set the appropriate permissions to the home folder and share it over the network with server.app
After playing around I could login from a MacBook Pro and synchronize the users library and complete home folder. After testing and restarting the machines (Lion Server is on a Mac Mini) I could relogin with the network/mobile user.
My problem actually is, that I could not login from any other Mac. Everytime the system told me, that there is a fault with login.
Before I want to login with the network/moblle user on another MacBook i logout the user form the MacBook Pro.
No luck :-(
I test it with other users with same settings.
No luck :-(
I integrate the MacBooks in the Computer settings in the workgroupmanagement.app.
No luck :-(
I hope this thread give answers the next days, because I need a working synchronize and account management solution for different users and machines :-)
Cheers
Ishan
Maybe you are looking for
-
Does anyone know what is the major differences between the windows 8.1 option listed
Hello, I have two questions. I downloaded Windows 8.1 Enterprise, Enterprise N, Pro VL, and Pro N VL ISO from msdn.microsoft.com. Then upgraded my computer with that ISO. That was a mistake. Now I want to download another version, but not sure what t
-
Create Custom ADF Task Flow for BPM
Hi, I'm working an project on BPM and I'm required to create a custom ADF task flow with multiple views based on the human tasks in BPM. Since I'm new to ADF, could some one please give me some pointers? Thanks, Debojit
-
URGENT : Please HELP : Loading a first image too slow
Hello, I want to load an image to save it just before in a JPG format so as to obtain finally a byte[] array of this JPG image result. So, to do it, I tried to load my Image from different ways but I have always a strange comportement... My problem c
-
Attachment to mail and Weekly events in cakendar
Please Apple stop making IOS look beautiful and start giving us functional and practical apps. Why can we still not add attachments from within an email? And please please if I add a new event and select repeat Weekly why does it STIL NOT GIVE ME DAY
-
Epson 9800 edge to edge printing on Mac
I'm not able to print edge to edge from Illustrator CS5 on a Mac but I'm I was told by a friend that I would be able to from PS. Any reason why?