Lion Server Can it manage file vaule

Similar Messages

• I can't manage file and storage services in server manager.

  I have a windows 2012 R2 server. I had turned on the file and storage services role and was able to configure a single share in server manager. A few days later I wanted to create another share but when I select file and storage services within server manager
  I get the message at the top that says The server has not been queried for data since it appeared offline. Also there are no shares listed. Even though the shared folder that I already created is available from other computers.
  If I try to create a file share anyway I am asked to choose a server to create the share on and the server appears in the list with a status of offline. 
  Now this may seem like an obvious connection issue however, I am trying to configure the server locally, not over the network. I can manage other services in server manager just fine. I have WDS and WSUS roles installed and can be configured with server
  manager just fine. I only have a problem with file and storage services. 
  There are no errors in the event log. 
  I tried to remove the file and storage services role from the server but as soon as I uncheck the box for file and storage services I get a pop up windows that says: 
  The validation process found problems on the server from which you want to remove features. The selected features cannot be removed from the selected server. click ok to select different featres.
  I lists validation results that simply state the name of the server and says "storage services cannot be removed."
  How can I get file and storage services working again?

  Hi,
  How many servers are there in the list? If the offline serve is a remote server, please reboot the remote server to see the result. In the meantime, please new a shared folded on the local server in Windows Explorer to see if the issue still exists.
  Please refer to the article below to share a folder with server manager.
  12 Steps to NTFS Shared Folders in Windows Server 2012
  https://blogs.technet.com/b/keithmayer/archive/2012/10/21/ntfs-shared-folders-a-whole-lot-easier-in-windows-server-2012.aspx#.Ux1ty_mSwXV
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• Lion Server 10.7.3 file sharing permissions

  I'm having really strange issues with Lion Server. Since upgrading to 10.7.3 I no longer have permissions to modify files on Share Points that I was once able to in 10.7.2. When I go to modify certain files or folders I get "The operation can’t be completed because you don’t have permission to modify some items."

  Background
  Access Control Lists (ACLs) are  applied to folders and files to define user (and group) access privileges.
  I have setup two Mac mini Servers at our company – one in our Melbourne office and one in our Sydney office. Each file server is made up of the following hardware:
  1x Mac mini Server (with Lion Server).
  2x Promise Pegasus 12TB (6x2TB) R6 RAID System (thunderbolt) in RAID5 configuration. The two Pegasus unit are mirrored (RAID1) using SoftRAID.
  Users and Groups are replicated between the two servers via Open Directory.
  The PeachPit book "OS X Lion Server Essentials" is the best book I've found that explains OS X Server services and configuration. It has a  good explanation of POSIX and ACLs.
  The Problem
  It seems there is a bug in Lion Server that causes ACLs be ignored. A couple of times I've managed to fix the problem using these steps:
     1. Remove the share-point.
     2. Setup up the share-point. /Volumes/promiseraid/work
     3. Apply an ACL to a folder.
     5. Propagate the ACL to sub-folders.
  When ACLs are not applied to a folder the older POSIX permission define access privileges. With POSIX mechanism the user, group and other access privileges applied to new files and folders is defined in the 'unmask' value. The default 'unmask' value sets file/folder group to read-only access. The upshot is when POSIX mechanism is used and a member of staff creates a file or folder it is read-only to colleagues. System Administrators shouldn't need to change the 'unmask' value – too technical. Apple documentation encourages System Administrators to use ACLs to define access privileges – use ACLs to overcome the limitations of POSIX.
  The workarounds I've been considering
  Stick with Lion Server, apply POSIX read&write (group and others) permissions to all folders at regular intervals (daily) and wait for Mac Apple to fix the problem.
  Abandon Lion Server (10.7) and revert to Snow Leopard Server (10.6).
  Abandon Lion Server (10.7) and setup a Microsoft Windows Server solution.
  A solution?
  Scanning the several threads here I think I discovered a "fix". Mac OS Lion doesn't seem to honour ACLs if
  it is a volume is being shared (AFP and/or SMB), or
  it a folder at the root level of the volume is being shared (AFP and/or SMB).
  However, if the folder being shared is at least one folder deep ACLs seem to be honoured!
      !!! This did not work – ACLs are not honoured !!!!!
      /Volumes/promiseraid
      /Volumes/promiseraid
      /Volumes/promiseraid
      !!! This did not work – ACLs are not honoured !!!!!
      /Volumes/promiseraid/share1
      /Volumes/promiseraid/share2
      /Volumes/promiseraid/share3
      !!! This works – ACLs are honoured !!!!!
      /Volumes/promiseraid/shareditems/share1
      /Volumes/promiseraid/shareditems/share2
      /Volumes/promiseraid/shareditems/share3
  Acknowledgement
  I should acknowledge gmbion for his time troubleshooting this and reporting his findings to this thread.
  A response from Apple
  It would be good if Apple could address this limitation with either:
  A note from Apple acknowledging this limitation ("undocumented feature") witch advice to not share a volume or a folder at the root level of a volulme. Instead, share a folder at least one level deep; or
  Fix Lion Server so that any volume or folder can be shared and ACLs will be honoured.

• How do I set up file sharing in Lion Server to work like file sharing in Lion Client?

  I've just installed Lion Server on my home iMac to enable remote access via VPN to my home network.
  When the iMac was running Lion Client (before the upgrade to server), and when File Sharing was enabled on the iMac; when other Macs on the LAN connected to the iMac via AFP, they were always able to connect to (share) any mounted external volumes (external USB or FireWire drives connected to the iMac). e.g.
  Now that I've upgraded to Lion Server, when other Macs on the LAN connected to the iMac via AFP they are only able to connect to (share) the sharepoints listed in the File Sharing pane of Server.app. e.g.
  Is there any way to set up File Sharing in Lion Server so that it works the same way as it does in Lion Client with respect to mounted external volumes? i.e. they are automatically shared? I know I can add each volume manually to File Sharing in Server.app but this gets tedious.
  Many thanks!

  I normally have a Firewall enabled. I recently had to do an erase and install of Lion, followed by a one-by-one re-install of all of my software. One of the first things I did was to set up all of my System Preferences the way I like them; Turning the Firewall on was one of them. Later I noticed it was off and turned it on again. I had already set up sharing and was surprised to see the problem when I turned it back on.
  As to why do I think it needs to be on. It is another part of my security layer.

• SMB-problem: can see/manage files, but cannot open from Windows 8.1

  I have some files shares on a  Mavericks server (clean install, including OSX Server). I can connect and see the shared files from my Windows clients (both 7 and 8.1). I can even create files, rename them, etc. From Windows 7 i can also open and edit them. So far, so good!
  From Windows 8.1 however, opening does not work: simple text-files and pdf's don't open at all (server cannot execute instruction/file already open), office documents can only be opened in read-only mode.
  In the System log (on OSX Server) are a lot of lines like: smbd[714]: File system does not support 0x0 time attributes (or does not support 0x400000, file attrs).
  Using Windows Power Shell, I figured out that there is a SMB2.1 connection between Windows and OS X, which seems
  to be correct. It appears that OS X judges that Windows is using one or more wrong parameters in an SMB-system call.
  I had lots of SMB-problems using Mountain Lion (Snow Leopard server was fine). I don't want to force my Windows machine to use SMB1 (for all shares) using the commands found in http://support.microsoft.com/kb/2696547 (I didn't try yet).
  Any help would be appreciated.

  So I have the exact same issues. I actually called Microsoft Support and they tried a bunch of different things. They even tried disabling SMB 2 and 3 on my Windows 8.1, but then I was unable to connect to my OS X 10.9.1 Server share point at all anymore!
  Here is what I found out. When I start up from my 10.6.8 Server backup on my Macmini Server, and then mapped the network drive on letter G on Windows 8.1 Pro client machine to that very same share point -  worked like a charm. I can read , write and such all fines on that share. All is well. Leaving the Windows 8.1 client alone, on the macmini server I selected the upgraded 10.9.1 Server volume and restarted the Macmini Server. After restart, guess what, I was able to perfectly access the files from Windows 8.1 on the OS X share point which of course was still mapped as drive G on 8.1 from earlier.
  Now here comes the kicker. I went ahead and restarted Windows 8.1 and then everything went haywire! I opened the Windows 8.1 desktop and brought up My Computer. I saw that the mapped drive G is no longer connected (red X). I went ahead and double clicked it and then Windows Explorer simply hug itself and wouldn't come back. I had to force quit explorer and ended up ultimately restarting Windows. After restart I went ahead and disconnected the mapped network drive (G), and then re-mapped it. I authenticated with the very same username and password as before. This time I am able to see all the files once again, but can't open or work with any of them. It is super jinxed. In my opinion there is a severe bug in Apples SMB 2 or smbx or whatever they call it. Why couldn't thy just leave it alone and pay a licensing fee and use Samba? It's just so stupid!!!!
  Apple, you must fix this problem. I will tell the server tech that I have been working with the very same thing. They should have never release 10.9. It was premature and not ready for prime time. It's good to know that there is a work around however. It is super teadious, and spastic, but hey, at least I get it to work. Either it has something to do with authentication, or the way OS X 10.9 responds when mapping a network drive on windows 8.1 pro? No clue.
  Apple does not pay me to Q&A their software. This stuff should simply work! I am ****** off and have wasted now over 3 weeks of my precious time banging my head against the wall with Apple stuff.
  Come one guys, get your stuff straightened out.  thanks.

• My macbook pro (using lion os) can't search files and folders on external hard drive! How can i solve it?

  When i used Snow leopard, i can search every files and folders on my external hard drive (NTFS). But when i upgraded to lion OS, sportlight didn't index files on exteranal hard drive and i can't search everything on external hard drive whatever i type in the search box! I also check the Finder preference and select when performing a search to "Search the current folder" ! How can i solve this problem! Please help me if you know!

  iTunes>Preferences (Cmd+,)>Advanced
  Choose the Ext HD (and the appropriate folder) as the location for your library.

• Upgraded to Lion. Can't see files on my backup drive?

  The title pretty much explains my issue, but here is my situation. I use Boot Camp and have a 2TB backup drive with 2 partitions. One partition is 1TB Mac OS Extended (Journaled) to backup OS X with Time Machine and the other is 1TB Windows NTFS to back up Windows 7 with Windows Backup.
  So on the OS X side of things I upgraded from Snow Leopard to Lion. Now I can still backup to the Mac OS Extended (Journaled) partition with Time Machine but I can't see any backups or any files at all that I put on the backup drive while i'm in OS X Lion. I know they are there because When I'm in Windows 7 I can still see all Time Machine backups and all files on both partitions of the backup drive.
  Any Idea why I can't view files on my backup drive anymore since upgrading to Lion or how to fix this issue?

  SOLVED:
  I was reading a post about a similar problem and discovered a free program called TinkerTool. I downloaded it and under the Finder tab was able to check a feature called show all hidden files or something. Once I did this all files on my backup drive were visible but some were greyed out.
  I unchecked this feature and closed TinkerTools then restarted OS X Lion. Everything is back to normal and I can again see and manipulate the files on my backup drive. I'm all set, maybe reading this will help someone else.

• With Mountain Lion Server, can users access the Messages Server from outside your network?

  I would like to setup a new messaging service between my employees because we have issues with most online services. I'm thinking of getting a Mac Mini Server, so I can run Messages Server, but I have an employee outside my network. Can they login to the server remotely to use the Messages Server?
  Thanks

  If you're talking about setting up and using the Jabber messaging service provided by OS X server then yes, it's really easy to set up and use in and out of the office. The only trick it is, and also most other services, is a correct DNS setup so you're able to connect and use the server from the "outside".
  I use this myself (via Lion server rather than Moutain Lion server) from behind a dynamic IP addressed ADSL line and have no problems whatsoever.

• Lion Server: Can user preferences - created with workgroup manager - beupdated with Profile Manager?

  I've created some users and their preferences using the old workgroup manager. All work. I haven't used the profile manager (lion star functionality) so far. If  I do so, can I use it to update the user preferences already created? Is there any incompatibility between workgroup manager and profile manager?

  Dang, no help with this. Oh well. Guess I just mark it as "answered" and toss it in the "Cold Case" files.

• Lion Server and 3DS Max files

  Hi,
  We have just gone from using an Xserve running 10.4.11 with an attached Xraid, to a Mac Mini Server running 10.7.3 and an attached Promise Pegasus R6 12TB Thunderbolt raid.
  Everything is fine except one thing. The PC users running a mixture of Windows XP and Windows 7 can no longer open their 3DS Max (.max) files. I have had a search around and it seems that other people have encountered the same problem, but as far as I can make no one has found a solution. They just get a File Open Failed message.
  If anybody has come across and resolved this problem or could offer any suggestions it would be much appreciated.
  Thanks in advance.

  Apple should be brought up on UI crimes for the mess that is permissions in Lion.  It is easy once you understand what they are doing and where the tools are hidden.
  So first, ignore the File Sharing tab as it is useless and feature poor.  Instead, do this:
  1:  Launch Server.app
  2:  Select your server under the Hardware section in the left column.
  3:  Click on the Storage tab
  4:  Drill down to find the parent folder of your share point
  5:  Use the Gear popup menu to access the Edit and propagate features
  This shows an example.  When you choose the Edit Permissions... option, you will see a window like the following:
  The three entries are the POSIX permissions.  They represent UNIX Owner (root), Group (Wheel), and Everyone (Other).  This is an EXAMPLE Folder.  Yours will be different.  These permissions do not inherit!  If you change the group from Wheel to staff, it will mean nothing in relation to the permissions.  You must ADD another entry to the table.  The new entry is an Access Control Entry and establishes an ACL (access control list).  The ACL will inherit if defined as such. 
  So in this example, say you have a folder owned by the local admin and by the admin group.  Press the + button and then set that group to your departmental group.  Then set permissions to Read/Write.  Press OK.  This will return you to the main window.  Click on the Gear button again and choose propagate permissions to cascade the new permission set through all existing files.
  You should disconnect clients and then reestablish a new sharing session to ensure you are seeing the proper permissions model.
  Apple should be ashamed at the poor job of showing the difference between POSIX and ACLs.  This is really a step backward as compared to older versions of server.

• Can I manage file types?

  I have a flash site with links to m4v files that I want visitors to be able to open in itunes. Safari won't open the file in itunes or allow me to save it to my desktop, it just opens in a new window using quicktime and won't save unless I purchase quicktime pro. Firefox lets me manage my file types so I can set it to open in itunes OR save to my desktop. Any way to get Safari to do the same?

  You need to properly code your Web page to include a download option for your files.
  Text based links will only open in a new page when clicked. A right click on the same URL could be used to download the file.
  Tell your users to "right click" to save it.

• Marketing Workflow (running on Windows Server) can not read files on Linux

  We are currently facing an issue in fetching the WSD responses stored in XML format and importing it into Siebel DB. These XML files are created in Siebel Linux servers(Temp folder) where EAI Object manager is running. But Marketing workflows (Mktg Master import workflow) is running on Windows server ( where marketing file system installed). Mktg Master import workflows are not able to read XMLs stored in Linux servers.
  When we monitor the workflow we see an error:
  “Error invoking service 'Mktg File Manager', method 'ProcessFile' at step 'File Processing'.(SBL-BPR-00162) --Error getting XML from file '/siebel/gtwysrvr/fs/temp/1-158U3XB121038.xml'.” (SBL-EAI-04261)
  How do I overcome this? What is best practice?

  Moderator Action:
  Same post is multi-posted to the Siebel sub-forum:
  Error in fetching WSD responses stored in XML format and importing it
  This off-topic post is now locked and likely will be removed.

• Switch Server - Can it manage more than 2 domains?

  I currently have a 6509 with a number of other switches attached to it, including a 5 switch 3750 stack. The 6509 acts as server for the current VTP domain. Is it possible to set the switch up with an additionally domain so that it manages 2 VTP domains?

  Hi Patroche1,
  You cannot configure same switch as VTP server for 2 VTP domain.
  Yes what you can do it have 2 VTP servers in your network and configure one for 1st VTP domain and second for 2nd VTP domain.
  But configuring same switch for VTp server for 2 VTP domain is not possible.
  Regards,
  Ankur

• Lion Server - Can access web server, not VPN.

  Hello!
  I have a 10.7 Server serving both VPN and a website. It has an external IP via NAT in the firewall, and I can access the website perfectly fine via the external IP, however I cannot connect to VPN externally. I have been able to connect within the LAN utilizing the local IP, but whenever I to utilize the external IP both within my network, and elsewhere (via iPhone on cell network) I get the message:
  "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."
  I'm not really sure what to do at this point. Help!
  Thanks in advance!

  Did you make sure all of your ports for vpn are open? Make sure these ports are open UDP Port Number=4500 & UDP Port Number=500 test them with http://www.yougetsignal.com/tools/open-ports/