Lion Server HELP

I am using Lion Server to share videos that my students are making.  Once we upload a video (created on a Mac or iPad) we cannot watch it on a computer using safari!!!!  It only works on Chrome! Is there a plugin missing on safari???  We can view the videos on an iPad and iPhone.
We are using Lion Server - The browser is Safari 6.0 and the latest iVersion - The video has been been updated to an iPod/iPhone & iPad/Apple TV version along with a .mov.  All version play using Chrome.  No versions play using safari (tried multiple computers with Lion and Mountain Lion OSX).
Any ideas????

Another piece of information....  The videos will play on the last version of Safari with Lion OSX. 

Similar Messages

  • How can I reset my password via Lion Server web front-end?

    I'm trying to enable my users to be able to change their passwords from the default value I've given them. This can be done from the user's profile page but when with the new Lion Server web interface, I select the "Change Password" at the bottom of the page and I get the following result:
    Changing passwords is turned off.
    You can turn it on by using the Server app on the server.
    I'm assuming I cannot use the Server app on my client computer (a MacBook Pro) so I use the Server app on the server.  I cannot find out how to enable this feature.  I've been all over the Lion Server help documentation but can't find out how.
    I've selected my server in the Hardware section on the left-hand side of the Server app and gone to the Settings tab and checked the "Enable screen sharing and remote management" box but I still get the message above.
    Thanks in advance...

    You will have to enabled "Profile Manager" tab.
    Inside this tab, enable also the "Device Management", which will start a network directory.
    This make sense for a centralized user mgmt.
    But a bit not user-friendly enough.
    After setting above two,
    go back to the "Web" tab, and click the pencil to see the grayed-out activated.

  • Need help setting up Lion Server

    Here's my story... I got a 2006 Xserve for free. It has 2 dual core 2.66 Xeons, 4 GB of RAM, and 2 300 GB SAS drives that I have turned into a RAID 1 array. I've installed OS X Lion Server on it and all is running okay. My OS X Server knowledge is slim to none. I do a little work with it at my job, but our main servers are Windows. I'd like to set it up as a DHCP and Open Directory server at home, just for fun. My home network consists of this Xserve, my 27" iMac, a MacBook Pro, an Xbox, a Samsung TV, a couple of iPads and our iPhones.
    I go from my Charter modem, to my AirPort Extreme, and then broadcast wirelessly to my other devices, and have my Xserve plugged into port 1.
    To get DHCP working, do I need to go from my modem to my Xserve, and then from my Xserve to the WAN port on my AirPort Extreme? Or do I just need to configure something?
    Thanks in advance for any help you can offer!

    If you have just Lion Server installed, go here for the rest of the tools:
    http://support.apple.com/kb/DL1528
    This will include Server Admin.  It will allow you to define DHCP, DNS, and other services not available in Lion's Server.app. 
    You networking knowledge will apply here.  It sounds like you want to use the Xserve as the NAT gateway.  This is possible, but you will need Server Admin to make it easier.

  • Help setting up Lion Server for remote access

    I have been going in cricles for weeks trying to set this up correctly.  Can anyone tell me what I'm doing wrong?
    I got Lion Server and Server Admin Tools all updated and have been trying to follow Terry Walsh from We Got Served's guide but I missing something.
    I purchased a domain from GoDaddy. Let's call it bradnet.com
    My domain and dyn domain are not really what I have typed here but close enought that they should work for my example and trouble shooting.
    Because my ISP (Comcast) doesn't provide a static IP I registerd for an account with dyn.com.  This is where I get really confused.  With dyn.com i created a host name: bradnet.dyndns-rocks.com and downloaded there updater software.  It found my public IP address and said everything is ok.
    I went back to GoDaddy and in my DNS manger page added the host: bradnet.dyndns-rocks.com and entered my public IP.
    I then went to the server pane to edit the host name.  I followed your instructions to edit the name and selected Host Name for Internet.  I left the computer name as mini (what I had previously named it for file sharing before the server upgrade) and entered  mini.bradnet.dyndns-rocks.com as the host name.  When it takes me back to the server pane, in the bottom window it states:
    Your Server's host name is mini.bradnet.dyndns-rocks.com, and its IP address is 192.168.1.10. You can change network settings in the Server pane.
    I never get the your network is configured properly message.
    I went and set my computer's IP to DHCP with manual address (although all of my machines are set up with DHCP reservations so I guess that is a little redundant) to 192.168.1.10.
    I skipped the port forwarding step because I am using the latest AirPort Extreme as my router.
    I then opened a browser and tried:
    http://bradnet.com
    http://mini.bradnet.dyndns-rocks.com
    http://mini.bradnet.com
    http://bradnet.dyndns-rocks.com
    All of these got me the can't find the server response from Safari.
    Also, I have not yet set up Directory Services.  Terry's guide seems to suggest to do this step first.
    I'm sure I have messed up some step somewhere can you see what I have done wrong?
    Also, is it a problem to set up open directory services using a .local host and then go back and change it for internet access later or do you need to set that up from the start?  My family is getting impatient with me trying to get this to work.
    Thanks for any help anyone can offer!
    Brad

    That manual page is not fully correct. There is written:
    Public UDP Port(s): <enter the appropriate UDP port value(s)>
    Public TCP Port(s): <enter the appropriate TCP port value(s)>
    Private IP Address: <enter the reserved IP address of the host device (from step 1)>
    Private UDP Port(s): <enter the same Public UDP Ports or your choice>
    Private TCP Port(s): <enter the same Public TCP Ports or your choice>
    But it should be:
    Public UDP Port(s): <enter unique UDP Ports of your choice>
    Public TCP Port(s): <enter unique TCP Ports of your choice>
    Private IP Address: <enter the reserved IP address of the host device (from step 1)>
    Private UDP Port(s): <enter the UDP Ports used by your device>
    Private TCP Port(s): <enter the TCP Ports used by your device>
    Make sure you use the same ports in the private settings as you have defined in your IP camera. Normally a camera will use port 80 by default, so use 80 here.
    The Public ports must all be unique. If you have not defined a port 80 here, you can also use 80. This will fail however when using multiple cameras. I for instance have 5 IP cameras and use the public ports 8451, 8452, 8453 etc.

  • Lion Server - Home Folder Sync Not Working - HELP

    I have a lion server set up on a mac mini.
    I have set up an OD to manage network accounts through the server app.  My workflow for setting up users is:
    1.     using the server app add a new user
    2.     I have a home folders users directory set up under file sharing and set to be available for home directories - so I select this share as the home folder for the user
    3.     I user the WGM app to then set up mobiility through the preferences tab to create always and to sync the home and preferences
    4.     I check that the home folder is set correctly under the user account in WGM
    When I log in to the client machine (regardless of whether or not I have first logged in on the server or not) the client presents an error saying that it can not log in and can not access the server at that time.  The client stays on the user login screen.
    If I then change the users home folder on the server to local I can then log in on the client machine and create the account.  If I elect not to create the home folder on the client machine the rainbow ball of death occurs and the machine hangs.  So I instead log in and select to create the local home folder.
    I then log out of the user and change the user setting on the server to point the home folder to the correct share instead of on the local setting.
    I then log back on to the client machine and can log in without any problems.  HOwever, I get an error message if I try to sync saying that the home folder is not accessible.  This is despite the fact that the home folder, and the server et al, can be mounted in finder and I can copy and paste documents etc to and from the server.  I have full and expected access to the server and the associated storage.
    For some reason home sync continues to say that the home folder can not be found (in fact that the server can not be found) whenever I try to sync.
    This is driving me bananas.  I have tried so many permutations that I have lost count of the things that I have tried.
    Is this a permission issue?
    I have the OD bound to the client machine and have no problems seeing the users and being able to access the OD from the client machine.
    Does any one have any thoughts at the issues I should be looking at or which logs may be helpful in trying to understand what is going on?

    Jonathon.
    The dscl command just leads to a "Data source (LAPDv3.server.tnichapman.private) is not valid" statement.
    I logged on using my local client admin account.
    I had a search through console.
    The only error associated with slapconfig was:
    2012-04-17 03:40:18 +0000   popen: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig_backup_stage71031lThmRX/, "r"
    2012-04-17 03:40:18 +0000 Error: Command failed with exit code 256: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig_backup_stage71031lThmRX/
    The rest were statements like this:
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:19 +0000   popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage71031lThmRX/shadowbackup.tar.gz /var/db/shadow, "r"
    I couldn't find any references to ApplePasswordServer and there didn't look to be anything unusualy about the opendirectoryd entries below
    4/17/12 6:40:16.106 AM com.apple.opendirectorybackup: Enter archive password:
    4/17/12 6:40:17.244 AM com.apple.opendirectorybackup: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    4/17/12 6:40:17.285 AM com.apple.opendirectorybackup: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    4/17/12 6:40:18.368 AM com.apple.opendirectorybackup: cp: /Library/Preferences/com.apple.passwordserver.plist: No such file or directory
    4/17/12 6:40:18.577 AM com.apple.opendirectorybackup: tar: Removing leading '/' from member names
    4/17/12 6:40:19.173 AM com.apple.opendirectorybackup: tar: Removing leading '/' from member names
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:16 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:16 +0000 1 Backing up LDAP database
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:16 +0000 Stopping LDAP server (slapd)
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:17 +0000   popen: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage71031lThmRX/backup.ldif, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:17 +0000   popen: /usr/sbin/slapcat -b cn=authdata -l /tmp/slapconfig_backup_stage71031lThmRX/authdata.ldif, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:17 +0000 Starting LDAP server (slapd)
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:17 +0000 Waiting for slapd to start
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:17 +0000 ...
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp /var/db/openldap/openldap-data/DB_CONFIG /tmp/slapconfig_backup_stage71031lThmRX/DB_CONFIG, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp /var/db/openldap/authdata//DB_CONFIG /tmp/slapconfig_backup_stage71031lThmRX/authdata_DB_CONFIG, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp -r /etc/openldap /tmp/slapconfig_backup_stage71031lThmRX/, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig_backup_stage71031lThmRX/, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000 Error: Command failed with exit code 256: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig_backup_stage71031lThmRX/
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /usr/sbin/mkpassdb -list > /tmp/slapconfig_backup_stage71031lThmRX/sasl-plugin-list, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/hostname > /tmp/slapconfig_backup_stage71031lThmRX/hostname, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig_backup_stage71031lThmRX/local_odkrb5realm, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000 2 Backing up Kerberos database
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage71031lThmRX/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/acl_file.* /var/db/krb5kdc/m_key.* /etc/krb5.keytab , "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000 3 Backing up configuration files
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp /var/db/dslocal/nodes/Default/config/KerberosKDC.plist /tmp/slapconfig_backup_stage71031lThmRX/KerberosKDC.plist, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp /System/Library/LaunchDaemons/com.apple.PasswordService.plist /tmp/slapconfig_backup_stage71031lThmRX/LaunchDaemons/, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp /System/Library/LaunchDaemons/org.openldap.slapd.plist /tmp/slapconfig_backup_stage71031lThmRX/LaunchDaemons/, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp /Library/Preferences/com.apple.openldap.plist /tmp/slapconfig_backup_stage71031lThmRX/, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /usr/bin/sw_vers > /tmp/slapconfig_backup_stage71031lThmRX/version.txt, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:18 +0000   popen: /bin/cp -r /var/db/dslocal /tmp/slapconfig_backup_stage71031lThmRX/, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:19 +0000   popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage71031lThmRX/shadowbackup.tar.gz /var/db/shadow, "r"
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:19 +0000 Backed Up Keychain
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:19 +0000 4 Backing up CA certificates
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:19 +0000 5 Creating archive
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:19 +0000 command: /usr/bin/hdiutil create -ov -plist -puppetstrings -layout UNIVERSAL CD -fs HFS+ -volname ldap_bk -srcfolder /tmp/slapconfig_backup_stage71031lThmRX -format SPARSE /var/backups/ServerBackup_OpenDirectoryMaster
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:26 +0000 Removed directory at path /tmp/slapconfig_backup_stage71031lThmRX.
    4/17/12 6:40:26.410 AM com.apple.opendirectorybackup: 2012-04-17 03:40:26 +0000 Removed file at path /var/run/slapconfig.lock.

  • Looking for an off line version of the help file for lion server that I can print

    I would like to find an offline version of the help file for lion server
    Im a newbie trying to set up a home server for our macs and Iphones

    Go to this URL using Safari on your mac:
    https://help.apple.com/advancedserveradmin/mac/10.7/print.html?lang=en#printBook
    Then press cmd+p and from the print menue choose PDF and then Save as PDF and there you have it.

  • I want to erase my hard drive and reinstall  lion server. Can someone help me out?

    i have a mac mini running lion server. I want to erase all the date and start fresh. When i try to reinstall Lion it does not show anything about lion server but jut Lion. I want to make sure I do it properly. It is also asking me in which hard drive to install Lion but im unsure.
    can someone help me out?

    Check in the app store under purchases both lion and server should show up there to download again.
    No need to erase both drives for a clean install just the drive you are using for the OSX. Though if you are truly starting a fresh then erase and reformat both.
    As for Upgrades. Yosemite is the only upgrade now available through the app store as is Server 4.0 for Yosemite. I have not tested the latest server yet and can not comment on it's reliability.
    Any server you set up should be thoroughly tested on a closed network before going live.
    Hope this helps.
    PJRS

  • Mac Mini Server running os X lion general help

    hi
    just wondered if anyone else was struggling to work out how to set up an os x mac mini server with lion server on it - with no obvious help system, manual etc. Can someone point me at any resources that might help as to be honest I am struggling with this. Many features on how you administer this have changed from the previous version (snow leopard) - and all the books are no use as they all refer to this.

    well to be honest I wanted a server to run more aspects of what I do privately (rather tahn at work) rather than use hosted accounts from disparate hosted providers on line. In partcular wanted a mail server to handle multiple mail domains, wiki server, web sever as per mail server and I was interested in what they would provide for iphone ipad etc as I have a few that I wanted to link to a server rather than individual macs and pcs 
    I also thought that Apple might bring their abilities to creating a great UI for essentially linux operating systems to  a server os.
    from initial views though it might have been easier (cheaper) to go to ubuntu and just their server version of linux. Anyway I will persist - I will read through the stuff you guys have linked me to - colinsolutions appears to have aimed me at some useful stuff. Looks like a bigger "project" than i imagined - but I havent looked at UNIX since 1986 so if I have to get into the command line it wont kill me I am sure.
    thanks for the input - if anyone else can suggets good resources that would be appreciated.
    ps simon - i found that the name for the server with the .local extension is visibile from the mac via finder and allows me to connect to the shared folder. so my server is sdhome - the shared resource is sdhome.local ... not sure if this helps but...

  • Lion Server upgrade disaster, help restoring Dovecot.

    Hi,
    I tried to upgrade the Snow Leopard Server running in my Mac Mini to Lion Server, it was a complete disaster.
    I made a Carbon Copy Clone of the hard drive as my backup before performing the upgrade, bottom line is that I went back and re-installed Snow Leopard Server and glad that it's all back up and running as before. The only thing left for me to do is to restore all the emails that was on the backup drive to the main drive.
    I tried googling this and didn't get any straight forward answer, how do I restore all the emails from the backup drive to the main drive?
    Any help would be highly appreciated.
    Cheers!

    bump

  • N00b needs help setting up MAC OSX Lion Server for email.

    I recently purchased a Mac Mini running OSX Lion Server and I really don't understand how to set it up as an email server (which was my main goal). Eventually I'd like to set it up to host just about everything else, but I can't seem to figure out how to set up my router and MX records to point to my server in order to host imap mail. I do have a static IP by the way but this N00b is confused... Please help!

    Funny you should ask, because I have been spending the day trying todo the same. I just need to know what to enter into my mx record in network solutions. I can send mail, but I can't receive it just yet. Any help would be great.

  • Help! Can't reinstall Lion Server on Mac Mini Server

    To me, the perfect computer is a Mac Mini server (the current model) with one of the HDDs replaced with an SSD. I did this with two Mac Minis three months ago and it went perfectly.
    Well. I bought a third Mac Mini and have attempted to do the following:
    Carefully opened the case, removed the top parts and memory.
    Removed the top 500 GB HDD
    Replaced it with a OCZ Vertex 3 SATA III 2.5" SSD
    Booted from a SD Card with the recovery system on it
    Formatted both SSD and the other HDD, ensured they have the GUID boot block needed for Apple booting
    What happened was...a total let down. It would start to download Mac OS Lion Server then tell me, "Could not find instalation information for this machine. Contact Applecare." If I went and re-formatted the SSD and tried it again, often it would go past this section, actually starting the download, but then I'd get "Can't download the additional components needed to install OS X."
    I verified all connections were solid. Putting the original HDD back caused the machine to boot fine and let me set up Lion Server for use (oddly, even though I'd formatted one of the two RAID drives, but whatever). I am doing the exact same thing I did before successfully, only with an OCZ drive this time instead of Other World Computing. Either Mac Minis hate working with OCZ SSDs, or I made some mistake somehow (I'm pretty sure I didn't), or else Apple has flipped a switch forbidding software restoring of Mac Minis that have been "altered" from factory state. If so this will be a huge problem for Apple. I will make sure the major Apple blogs hear of this, if this is the case.
    Can anyone suggest what else I can try to get this to install? If I can get a spare OCZ SSD so it's exactly the same as my previous successes. Otherwise I don't know what else to try.
    (I guess cloning the system from one of the Mac Minis that works would be a possibility, though I want to solve this.)

    Found that the second hard drive is broken. I have to go to the apple store to have it replaced.
    I had to press the power button to turn the server off for several times, then the broken hard drive went disappeared. After that, I had to disable the Spotlight. Then the server went back to work normally.
    Now I made a CCC copy of the primary hard drive, and would like to have the server run on the external raid disk (connected through thunderbolt). Does anyone have previous experience with it? Any expectable drawback or issue with this setup?

  • Help: Software Update for OS X Lion Server

    After having a problem with my software update service for some time now, I thought I would implement the fix at
    http://support.apple.com/kb/TS3867
    entitled " Lion Server: Software Update Server may not provide Mac OS X v10.7 software updates after upgrade"
    Unfortunately it seems to have broken the service!
    I now get the error
    <Error>: Unable to retrieve catalog(s) from the Apple server
    and
    Syntax error on line 288 of /etc/swupd/swupd.conf:
    DocumentRoot must be a directory
    The offending script is in the apple support document which I copy and pasted.

    Just fixed this myself.
    SWUPD is expecting a directory within the one you chose, called "html".
    Example: /Volumes/XSAN/SWUPD/html
    It will not create "html" if the directory doesn't exist.
    Create the folder "html" then in terminal do this:
    sudo chown -R _softwareupdate:_softwareupdate /path/to/the/folder
    Example: sudo chown -R _softwareupdate:_softwareupate /Volumes/XSAN/SWUPD
    ##do not include/html. the -R means recursive and forces the same ownership on all contained directories.

  • Lion Server odbc mysql install training/help

    Is there any video training available from apple. They don't to document anymore. I am looking to install mysql and odbc on my Lion Server, but would like to see what Apple supports versus all of the incomplete product websites trying to sell me something without documentation.
    I have look at Lynda.com and it's ok. But know seems to approach training from what you might really use a server for. I need my Lion Server for my Web server development, not a Work Group Server. I am developing with PHP, HTML5, MySQL, and Flex ? maybe. Not sure of the future but moving away from Java because of to many frameworks and it has become to fragment as a development environment.

    Same issue here. re-patitioned HD, install Lion 10.7, downloaded server app, progress bar sticks, get "network error" message. Create new network location, delete previous lovations, same result. Refresh DCHP lease, same result. Set static IP, same result. Use wireless, same result.
    Where to next??

  • How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

    I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
    Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
    Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
    Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
    DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
    DVD>Install Lion
    Reboot, hopefully Lion install kicks in
    Update, update, update Lion (NOT Lion Server yet) until no more updates
    System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
    Terminal>$ sudo scutil --set HostName server.domain.com
    App Store>Install Lion Server and run through the Setup
    Download install Server Admin Tools, then update, update, update until no more updates
    Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
    System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
    A few DNS set-up steps and these most important steps:
    A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
    B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
    C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
    D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
    E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
    F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
    G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
    H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
    I. Test from web browser server.domain.com/mydevices: Lock Device to test
    J. ??? Profit
    12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
    You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
    Firewall
    Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
    SSH
    Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
    PermitRootLogin no
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
    Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
    client$ ssh-keygen -t rsa -b 2048 -C client_name
    [Securely copy ~/.ssh/id_rsa.pub from client to server.]
    server$ cat id_rsa.pub > ~/.ssh/known_hosts
    I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
    $ diff denyhosts.cfg-dist denyhosts.cfg
    12c12
    < SECURE_LOG = /var/log/secure
    > #SECURE_LOG = /var/log/secure
    22a23
    > SECURE_LOG = /var/log/secure.log
    34c35
    < HOSTS_DENY = /etc/hosts.deny
    > #HOSTS_DENY = /etc/hosts.deny
    40a42,44
    > #
    > # Mac OS X Lion Server
    > HOSTS_DENY = /private/etc/hosts.deny
    195c199
    < LOCK_FILE = /var/lock/subsys/denyhosts
    > #LOCK_FILE = /var/lock/subsys/denyhosts
    202a207,208
    > LOCK_FILE = /var/denyhosts/denyhosts.pid
    > #
    219c225
    < ADMIN_EMAIL =
    > ADMIN_EMAIL = [email protected]
    286c292
    < #SYSLOG_REPORT=YES
    > SYSLOG_REPORT=YES
    Network Accounts
    User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
    2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
         User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
    Oh well.
    Email
    Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
    root:           myname
    admin:          myname
    sysadmin:       myname
    certadmin:      myname
    webmaster:      myname
    my_alternate:   myname
    Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
    cd /etc/postfix
    sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
    sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
    sudo serveradmin stop mail
    sudo serveradmin start mail
    Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
    If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
    iCal Server
    Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
    Web
    The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
    $ diff httpd.conf.default httpd.conf
    95c95
    < #LoadModule ssl_module libexec/apache2/mod_ssl.so
    > LoadModule ssl_module libexec/apache2/mod_ssl.so
    111c111
    < #LoadModule php5_module libexec/apache2/libphp5.so
    > LoadModule php5_module libexec/apache2/libphp5.so
    139,140c139,140
    < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
    < #LoadModule encoding_module libexec/apache2/mod_encoding.so
    > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
    > LoadModule encoding_module libexec/apache2/mod_encoding.so
    146c146
    < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
    > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
    177c177
    < ServerAdmin [email protected]
    > ServerAdmin [email protected]
    186c186
    < #ServerName www.example.com:80
    > ServerName domain.com:443
    677a678,680
    > # Server-specific configuration
    > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
    > Include /etc/apache2/mydomain/*.conf
    I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
    Alias /eyetv /Users/uname/Sites/EyeTV
    <Directory "/Users/uname/Sites/EyeTV">
        AuthType Digest
        AuthName "EyeTV"
        AuthUserFile /Users/uname/.htdigest
        AuthGroupFile /dev/null
        Require user uname
        Options Indexes MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
    <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
        AuthType Digest
        AuthName "EyeTV"
        AuthUserFile /Users/uname/.htdigest
        AuthGroupFile /dev/null
        Require user uname
        Options Indexes MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
    Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
    One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
    Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
    User-agent: *
    Disallow: /
    Misc
    VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

    Privacy Enhancing Filtering Proxy and SSH Tunnel
    Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
    If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
    $ ./ssht 8080:[email protected]:3128
    $ ./ssht 8080:alice@:
    $ ./ssht 8080:
    $ ./ssht 8018::8123
    $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
    $ vi ./ssht
    #!/bin/sh
    # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
    USERNAME_DEFAULT=username
    HOSTNAME_DEFAULT=domain.com
    SSHPORT_DEFAULT=22
    # SSH port forwarding specs, e.g. 8080:localhost:3128
    LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
    REMOTEHOST_DEFAULT=localhost    # Default is localhost
    REMOTEPORT_DEFAULT=3128         # Default is Squid port
    # Parse ssh port and tunnel details if specified
    SSHPORT=$SSHPORT_DEFAULT
    TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
    while [ "$1" != "" ]
    do
      case $1
      in
        -p) shift;                  # -p option
            SSHPORT=$1;
            shift;;
         *) TUNNEL_DETAILS=$1;      # 1st argument option
            shift;;
      esac
    done
    # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
    shopt -s extglob                        # needed for +(pattern) syntax; man sh
    LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
    USERNAME=$USERNAME_DEFAULT
    HOSTNAME=$HOSTNAME_DEFAULT
    REMOTEHOST=$REMOTEHOST_DEFAULT
    REMOTEPORT=$REMOTEPORT_DEFAULT
    # LOCALHOSTPORT
    CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
    CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR%:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        LOCALHOSTPORT=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # REMOTEPORT
    CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
    CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR#:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        REMOTEPORT=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # REMOTEHOST
    CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
    CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR#:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        REMOTEHOST=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # USERNAME
    CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
    CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR%@}                            # delete @
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        USERNAME=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # HOSTNAME
    HOSTNAME=$TUNNEL_DETAILS
    if [ "$HOSTNAME" == "" ]                # no hostname given
    then
        HOSTNAME=$HOSTNAME_DEFAULT
    fi
    ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
        && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
        || echo "SSH tunnel FAIL."

  • Photoshop CS6 can't save to server after upgrading to Mac OS Yosemite Server from Mac Lion Server

    We recently upgraded our server from a Mac Pro 2008 with OS X Lion Server to a Mac Mini 2014 with LaCie 20TB 5Big Thunderbolt 2 RAID drive. Everything is working fine with the exception of Photoshop. It does it intermittently but once it happens it will continue to do so. We get message like "Can't save to disk because of disk error" and "Can't save file because of program error" . Sometime we are able to do a "save as" and save over it. Most of the time we have to "save as" with a different file name and then rename and recopy the file. We have check permission on all the file as well as the server HD has ignore ownership checked. Again only three things changed. 1) Sever hardware change from Mac Pro to Mac Mini. 2) Server software upgraded from 10.7 Lion to 10.10 Yosemite(both have the latest update). 3) Drive when from internal on Mac Pro to External Thunderbolt 2 LaCie drive. We have no problem with Illustrator or Indesign. Only Photoshop. Anyone with any suggestion is greatly appreciated.

    Unfortunately you seem to be using Photoshop in a way that Adobe discourages, so you may not be getting a lot of helpful advice.
    Networks, removable media | Photoshop | CS4 and later

Maybe you are looking for