Lion Server licensing

Similar Messages

• How to reinstall OS X Lion Server

  I'm newbie os x admin . I bought new Mac Mini 2010 with Lion Server. I want to do RAID 0 with my HDD. 
  I make image for Recovery Partition. Then  format partition and do RAID 0.
  I setup with Mac OS X Lion 10.7 GM build 11A511
  I success to install but .... No Lion Server.
  I try to check Mac Store but I found  I need to buy  Lion Server License ?
  These is my Question
  1.  Lion Server that pre-install with Mac Mini is not license version or not?
  2.  Should  I  restore from  recovery partition  and get Lion Server from them ?
  3.  How I make recovery DVD or anything that easy to reinstall ?
  Thank You very much.

  The 2010 Mac mini Server did not come with Lion Server, it was shipped with Snow Leopard Server. To go from Snow Leopard to Lion is a paid upgrade, not a free update. Up until Snow Leopard there was a SL client OS and a SL Server OS. Now Lion Server is an add-on purchase to the Lion client. So you must buy and install the Lion client, then the second step is to buy and install the Lion Server add-on. You purchase both Lion and Lion Server through the Mac App Store.

• Lion Server for Home use reality check

  Hi All,
  as many others I had the best intentions buying Lion Server for my home network (5 Macs, 2 iPads, 2 iPhones) to manage everything.
  It was destined to be a central server for user management, configuration management, home directories, file server, software update server, web server and Time Machine server and possible VPN gateway to my home network.
  I did not intended to use  as Address Book, iCal, Mail server as I use iCloud. I just don't see the point of iChat, Podcast, Wiki server for my home use.
  Anyway the bits I had to abandon so far are:
  configuration management - Profile Manager works only sometimes and is sluggish to say the least
  home directories - the home sync just doesn't work for Mac libraries such as iPhoto and iTunes
  software update server - worked, broke, fixed, worked, broke, fixed, ... going away with Mountain Lion.
  What works for me is user management, file server, web server and Time Machine backup, haven't gotten around to test VPN yet.
  Given that Mountain Lion is coming next month and presumably I'll have to buy new license for the Server version I am not sure if it's worth it.
  As I see it using a plain vanilla Lion or Mountain Lion system I can still do file server, web server and Time Machine backup. What I'd lose is the user management and I am not sure about VPN on a non-Server system but not really important. User management is a one time task for 5 Macs that's it.
  Would be interested to hear opinions from you folks about pros / cons of using a plain Lion or Mountain Lion OS X for server tasks vs Server version?
  Anything I am missing here?
  Thanks
  Andy

  iToaster wrote:
  most osx server issues are usually DNS problems
  if that is not correct practically nothing else will work correctly
  That's probably true but also within that lies a major problem how this is positioned "The Server for Everyone". I am in IT and know what a DNS is. Most home users would NOT have a DNS running as it's not necessary not even talking about SSL certificates. I think this is a major problem here that it market incorrectly.
  iToaster wrote:
  if your trying to have portable home directories and having iphoto library sync'd
  I don't recomend on wireless , even on a wired 1gb network it's slow
  use WGM to skip iphoto or be prepaired for a long wait
  It's not so much a network bandwidth problem but the fact that home sync doesn't work for package files such as iPhoto, etc. Many people have confirmed that that home sync actually corrupts those files.
  iToaster wrote:
  for the cost of ML server it's probibly cheaper in the long run then the time you'd spend
  trying to get the same funtionallity via terminal.  plus the posiblity of a OS update
  that may blow all your finely crafted terminal work all away.
  Don't intend to do terminal but for example take "File Sharing". It's an Server option but every Mac also has file sharing under the "Sharing Settings". As far as I can tell the server actuallty is just an overlay over the Mac sharing option because if I define a file share it's also updated in the sharing option.
  Same thing goes for the Webserver. Hence I am thinking that Server really only is a central console for some basic services that can also be available by using standard OS X functionality.

• Migrate 10.4.11 Server to Lion Server

  Hi,
  We have an older G5 sever running 10.4.11. It was setup quite a while ago, and I don't do IT consistently, so it might take a while to 'refresh' the mind on what was initially done when it was first setup.
  But we just purchased a new Mac Mini server running 10.7.x. I found a PDF about Upgrading & Migrating to 10.7 and it specifically states 'The upgrade or migration to Lion Server from a v10.5 PowerPC is not supported.'
  So I'm just wondering if anyone could give any advice or tips on how to get the new server setup to match our existing server with the least amount of setup time involved (we're pretty busy at the moment). I guess eyeballing it by looking at each side-by-side would be a worst-case scenario, but I can't imagine that would go all too smoothly.
  Our usage was pretty limited, so I'm hoping this will ease the process. Here's the things I can think of off the top of my head that we will need to setup the same as current:
  - User accounts, passwords, groups, permissions (we have less than 10 users).
  - Firewall setup (we've made a lot of tweaks over the years to get everything to work with our network/router).
  - VPN
  - Share Points (we currently have an internal RAID 1 file-serving drive that will be migrating to an external Thunderbolt RAID 5 array. We just want to make sure all Share Points, ACLs & permissions don't get messed up in the transfer).
  Thanks for any help!

  To the extent that you have old PowerPC software that requires Rosetta, Rosetta is no longer included with Lion.  The reason these applications do not work in Lion Server is that they were written for the older PowerPC CPU that all Macs used up to 2006 (in your case the G5).  When Apple made its transition to the Intel CPU, they licensed software that they included in all versions of OS X (from Tiger to Leopard and optionally, Snow Leopard) called Rosetta.
  Rosetta miraculously allows PowerPC applications to work on the Intel processor transparently; you do not know it is even present.
  The problem is that after 6 years of the transition, Apple's license to use the underlying software expired for OS X Lion and all version thereafter (and it is doubtful that the current owner of the software, IBM, would relicense it, even if Apple were inclined to do so).
  So for those of use that need to run Lion, I have offered the option to install Snow Leopard (with Rosetta) into Parallels 7:
                           [click on images to enlarge]
  Full Snow Leopard installation instructions into Parallels 7 are here:
  http://forums.macrumors.com/showthread.php?t=1365439

• If I buy Lion Server for my iMac can I download Lion for free on my MacAir?

  If I buy Lion Server for my iMac can I download Lion for free on my MacAir?

  Well, it hasn't worked that way for me.
  I bought Lion for $29 from the App Store this morning, and DLed/installed it on my MacBook Pro with no problem.  This afternoon I went to upgrade my Snow Leopard Server Mac Mini.  Went to the App Store, clicked the Lion Server at $49.99, and was prompted that "because this is an OS X server, you must purchase a OS X Lion as well as OS X Lion Server, for $79.98"  [Cancel]  [Purchase Both]
  If I try to install just Lion from my "Purchased" list in App Store, I get exactly the same message.  If I try to install Lion from an install DVD, I get a "checking with App Store" and then the same message.
  Spent over an hour on the phone with Enterprise Sales, who agreed that's not what was supposed to happen, but had no resolution.  It isn't critical to me timewise so they are mulling the situation over.
  My recommendation if you have SLS and clients to upgrade is to do the Lion/Lion Server purchase *first* for the server.  Hopefully then the Lion license will be available for your other machines.  I can't guarantee it, but I can guarantee that the other way *doesn't* work.
  KeS

• Can't install lion server

  Hi Apple Support Folks,
  My MacPro will not allow me to upgrade to Mountain Lion.  OK.. So I am now running MacOSX Lion and wanted to add the MacOSX Lion Server software.
  I purchased Lion Server via telephone call to Apple, downloaded and otherwise received - license.pdf, etc - all of the goodies.
  then, when it came time to install the software, the installer reported:
  I have no clue as to why this is a problem.  Can anyone suggest how to move on from this point?
  Thank yo

  OK, NOW I get it... What I was trying to install was the MacOS Lion Server DMG from the Apple Developer site - of which I am a paying member. 
  As soon as I stopped trying that approach and opened the Appstore application on my machine, clicked on purchases, saw the LION SERVER entry (which is what I purchased) and clicked on INSTALL, everything went perfectly well and my problem is solved.
  YEAA!

• Lion Server upgrade question.

  I've been looking around for instructions on upgrading from Snow Leopard Server to Lion Server.  What I've found seems odd to me; so I must upgrade "Snow Leopard Server" -> "Lion" -> "Lion Server"?  I feel like I'm missing something here.  However, if indeed this is correct, what happens to all of your data for the services that are only available on the server editions?

  Thanks for the response.  We have a handful of licenses for Lion (volume licensing), which I was previously unaware that we would need to use one for a server upgrade; so I don't want to do a "download both" action.  In my case would you suspect that the proper steps would be to 1. Upgrade to "Lion" (then update), 2. Upgrade to "Lion Server" (then update)?
  Did you have any issues with Open Directory when you upgraded?

• Can a Snow Leopard client connect to a Lion Server?

  I have an XSAN setup with two Mac Mini servers.
  I have a few Xserve lying around and I want to make use of them.
  One Duo Core which is not working at the moment. I think I can install Lion on that one? Right?
  Then I have two G5 - none intel, which I'm thinking I'll reinstall Snow Leopard on and use them as clients.
  Can they connect to a Lion Server? I have a few XSAN licenses left which I think I need for OS's older than Lion?
  I short, can a Snow Leopard client connect to a Lion Server?

  One Duo Core which is not working at the moment. I think I can install Lion on that one? Right?
  You can't install Lion on a Core Duo-based system It requries Core2 Duo as a baseline. The Core Duo is a 32-bit chip whereas the Core2 Duo is 64-bit.
  Then I have two G5 - none intel, which I'm thinking I'll reinstall Snow Leopard on and use them as clients.
  Nope, again. Snow Leopard requires an Intel-based system. The highest you can go with the PowerPC machines is Leopard (10.5.x)
  Can they connect to a Lion Server? I have a few XSAN licenses left which I think I need for OS's older than Lion?
  This may be irrelevant given the above, but define 'connect' please. There are a myriad of ways of 'connecting' a client to a server. In many cases they don't have to be the same OS, platform, processor or anything else (how many web servers do you think are running Mac OS X to match your client?

• Does Lion Server have bootcamp?

  Does Lion Server have bootcamp? I'd like to ugrade my Mac Mini Server with Snow Leopard Server and my MacBook Pro with Snow Leopard to Lion but the install for the mac mini will be a pain to do Lion so I was thinking of doing Lion Server for both, so I don't have to pay for both Lion and Lion Server, but I'm wondering if I can do bootcamp since I couldnt' do bootcamp for Snow Leopard Server?

  Hi
  Have a look for yourself and compare the two:
  http://www.apple.com/macosx/specs.html
  Which is Lion and BootCamp is clearly listed:
  http://www.apple.com/macosx/server/specs.html
  Which is Lion Server. I don't see it so I doubt (just as in 10.5 and 10.6 Server) if Apple are going to make it part of OSX Server anytime soon? Still, you never know?
  Prior to 10.7 you could download VirtualBox (it's free to download) and install 10.6 Server (and pretty much anything else but not OS X Client) quite happily:
  http://www.virtualbox.org/wiki/Downloads
  http://www.virtualbox.org/attachment/wiki/Screenshots/mac_os_x.png
  This may still be the case with 10.7 Server? What you could try is install 10.7 Server, install VirtualBox and install 10.7 Server (again) as a virtualised server. Apart from licensing I can't see why this would not be possible? Why don't you give it a try and let us know how you get on?
  HTH?
  Tony

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• How do I best share an iPhoto library to several users on a Lion Server?

  I am considering setting up a Lion Server to use for our family of five. The one thing I struggle to understand from searching for information here, and throughout the Internet is: Can I set up a Lion server to have shared libraries for iTunes and iPhoto, and what is the best way to set it up? I would also like to understand if such a shared setup would create any issues with reduced functionality and/or performance?
  Today we share libraries across several accounts on one computer, and that works mostly fine, although with some restrictions (only one account can have iPhoto open at a time, which is not much of an issue if on same computer; iTunes can share music but not Apps, ...)

  I followed Apple's support team's instruction to create iPhoto on the new external hard drive (My Passport) - and then drag and drop the existing iPhoto library onto it from the Master file.
  Don't know who told you that but it would be difficult to be more wrong.
  Make sure the drive is formatted Mac OS Extended (Journaled)
  1. Quit iPhoto
  2. Copy the iPhoto Library from your Pictures Folder to the External Disk.
  3. Hold down the option (or alt) key while launching iPhoto. From the resulting menu select 'Choose Library' and navigate to the new location. From that point on this will be the default location of your library.
  4. Test the library and when you're sure all is well, trash the one on your internal HD to free up space.
  Regards
  TD

• I'm trying to use Mountain Lion Server so my family can have separate logins via Screen Share to their iTunes.

  Using Mountain Lion Server so my family can have separate logins and connect via Screen Share.
  Works great, each has their own home directory and permissions are perfect.
  Now setting up iTunes for each with their own Library (not shared), thus keeping multiple Libraries.
  I get this;
  This Computer is already associated with an Apple ID.
  If you download past purchases with your Apple ID, you
  cannot auto-download past purchases with a different
  Apple ID for 90 days.
  What!
  So what it is on the same computer, they are completely separate Libraries never to be mixed.
  If this works, I only need to keep one computer up and running, instead of three.
  Each can do their syncing/backup and connect to the various Airplay/AppleTVs I have around the house.
  How do I fix this.
  Thanks

  Bottom line is you can't - easily.
  You need to make sure that you log out of the server each time otherwise the ID is running. To explain, if you had a laptop with different people using it, your solution works fine. Each time someone logs in, the iTunes ID is different so it works as you can only have one person using the laptop at any one time.
  Now, turning your problem inside-out, you want people to be able to log into iTunes concurrently to use their own version of the program with their own library. This does not seem to work and you get the conflicted ID error message. Even though iTunes is running under their own login ident, I have never been able to get this working reliably and was told that iTunes is NOT a network-aware application as it is designed to be single user.
  The way I got around this was to login as XYZ and to make sure that the ID was changed in iTunes accordingly. However, it did not always work so I gave up with the whole thing.

• Reporting Services Add-in for Sharepoint- does it need an SQL Server license?

  In a new project we will be creating an SSRS in Sharepoint integrated mode. For this we'll need SQL Server and Sharepoint on that box.
  We'll also have one or more SharePoint Web Front End (WFE) servers. To allow them to connect to the SSRS-in-sharepoint-mode box, and to present the user with the right user interface for doing so, I believe we can install the Reporting Services Add-In for
  Sharepoint on the WFE servers.
  The question is, do we need to have  SQL Server license for each WFE server where we use the Reporting Services Add-In, or is it free to use?
  We've had advice that we need to buy a SQL Server license everywhere we use the add-in, but I am not sure this is correct.
  Thanks in advance,
  Rich

  Hello there,
  The Reporting service Add-in for SharePoint can be downloaded free on Microsoft Download site. That means it does not need any license on the add-in.
  Regards,
  Edward
  Edward Zhu
  TechNet Community Support

• Photoshop CS6 can't save to server after upgrading to Mac OS Yosemite Server from Mac Lion Server

  We recently upgraded our server from a Mac Pro 2008 with OS X Lion Server to a Mac Mini 2014 with LaCie 20TB 5Big Thunderbolt 2 RAID drive. Everything is working fine with the exception of Photoshop. It does it intermittently but once it happens it will continue to do so. We get message like "Can't save to disk because of disk error" and "Can't save file because of program error" . Sometime we are able to do a "save as" and save over it. Most of the time we have to "save as" with a different file name and then rename and recopy the file. We have check permission on all the file as well as the server HD has ignore ownership checked. Again only three things changed. 1) Sever hardware change from Mac Pro to Mac Mini. 2) Server software upgraded from 10.7 Lion to 10.10 Yosemite(both have the latest update). 3) Drive when from internal on Mac Pro to External Thunderbolt 2 LaCie drive. We have no problem with Illustrator or Indesign. Only Photoshop. Anyone with any suggestion is greatly appreciated.

  Unfortunately you seem to be using Photoshop in a way that Adobe discourages, so you may not be getting a lot of helpful advice.
  Networks, removable media | Photoshop | CS4 and later

• How do I add a wildcard domain to Additional Domains in Websites on Mac OS Mountain Lion Server?

  I could do this in Lion Server, but I can't in Mountain Lion (when I try to type * it doesn't type anything). Is there a file I can change with emacs to get this working? I've added the wildcard domain to /var/named/db.mydomain.TLD (see the wildcard domain section) but I need it in the web server as well for this to work.

  I found the answer here:
  /Library/Server/Web/Config/apache2/sites/0000_any_<port>_example.com.conf
  And just before </VirtualHost> put the line:
  ServerAlias *.example.com