Mac OS X Server 10.5.8 firewall question

Hello,
I'm a network administrator in a company, and we use Mac OS X server 10.5.8, with Mac clients.
I have a problem with the adaptative firewall : when someone wants to connect to the server (by using the finder, and "connect as"), if the password is not correct, the adaptative firewall just cut the access of the client for all (It's a DHCP and DNS server, so there is no access anymore to the LAN and the web).
I would like to know if there is a way to make the client blacklisted after 3 bad login attempts, not just only one. I used the afctl command, but it's apparently not possible to manage this problem with that (just the time of blacklisting).
Thanks a lot in advance.

I don't have a solution for you. But I do remember reading about this one. Apparently what happens is that beneath the surface, the connection attempt is repeated on failure, using differnet authentication protocols. And so one user login attempt with a bad password, leads to three attempts beneath the surface, and "the boot". But unfortunately I don't remember what the solution is, as I was researching for a completely different issue when I read this.

Similar Messages

  • Mac Os X server questions

    i am thinking of getting mac os x server, i have a few questions before purchasing.
    1, using this am i able to make a folder accessable anywhere outside my house (mac still at home running)
    2, will it mess with my airport doing anything with it?
    3, is it worth it for a small private cloud service that can be used anywhere?

    I'd suggest you look at how to setup a VPN with OS X server.
    You speak of port forwarding like you can just open the internet up to port 548 (Apple File Sharing) or whatever port the service requires. This can be a security risk, some services are vulnerable to simple attacks or worse (use plain text to send passwords) - revealing them on the public internet is a bad idea.
    Instead you need to connect into a VPN (or a SSH tunnel) which encrypts the traffic & helps to hide the services.
    You don't need OS X server to do it, but it makes life a lot easier. In effect the device is then attached to that network. So you can see all the services the server is running with fewer exposed external ports.
    This may be to much info but have a read there are probably simpler guides out there, but krypted.com covers things well IMO.
    http://krypted.com/mac-security/setup-the-vpn-server-and-client-on-yosemite-serv er/
    NOTE: Some thought is required to ensure that your inside VPN IP range does not conflict with the range used on many public wifi access points, it starts getting complex to explain, reading is the answer

  • Blocked Incoming FTP from Mac OS X Server Via The Mac Client Firewall

    This problem began with Mac OS X Tiger's firewall and lives on in 10.6.2.
    Situation:
    Anyone with Tiger through Snow Leopard connects to my Mac OS X Server, v10.3. They have 'Passive Mode' OFF in their FTP client. They are 100% successful logging in. Their FTP client sends the LIST command and the server successfully responds with the list data.
    But the data can't get into the client's Mac. Why? The Mac OS X firewall BLOCKS IT.
    The solution? Nothing sane! You have to turn the Mac OS X firewall OFF. There is NO OTHER SOLUTION.
    All the settings on the client machine are perfect. I've been over them a hundred times over the years, tried every single combination possible. So please don't ask or I may bite you.
    What's going on: Mac OS X Server 10.3, despite never accepting Passive Mode, sends the LIST data to all client computers in, you guessed it, Passive Mode. The Mac OS X firewall will NOT accept Passive Mode. Result: Catch 22. You can't do it. You are screwed.
    Oh, but you could open all the Passive Mode ports in the firewall, and that would work? Be my guest. No way am I going to suggest that horror of a workaround to the hundreds of Mac clients I have accessing my Mac OS X Server.
    So Apple, FIX THIS. Integrate FTP Passive Mode into the Mac OS X firewall already!!!

    Ok. I was doing something a bit silly. I had the network user and the local user with the same short name. So when they were looked up the local user got preference. So I've fixed all that and am moving huge amounts of data across my humble 802.11g network now. Will have to leave it for a few hours.

  • Can't send mail using webmail on Mac OS X Server 10.4

    Could someone help me figure out why I can't send email via webmail on Mac Mac OS X Server 10.4. I tried in and out of my LAN but it will not work. I am pretty sure that it's no firewall issue because it won't even work inside the LAN. Another thing I have considered is DNS issues. But my SMTP and POP3 works fine. Don't they use same DNS mail exchange record. Or should I ask my ISP to create a new record for webmail?

    Hi,
    Thanks once again for your help. The log details is shown below;
    Nov 6 14:27:07 mail postfix/smtpd[336]: connect from localhost[127.0.0.1]
    Nov 6 14:27:07 mail postfix/smtpd[336]: warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: [email protected]
    Nov 6 14:27:07 mail postfix/smtpd[336]: lost connection after MAIL from localhost[127.0.0.1]
    Nov 6 14:27:07 mail postfix/smtpd[336]: disconnect from localhost[127.0.0.1]

  • Mac OS X Server 1-to-1 Routing: Multiple DSL Static IPs

    Hi all -
    Question here regarding Mac OS X Server 10.4's ability to handle multiple static IP's coming from my DSL ISP. Can this be handled through the Server Admin GUI or does it need to be done in Terminal with iptables or something similar?
    My ultimate goal is to send 1 of the static IPs to a Mac Pro, another to a Mini, another to a DVR, etc.
    As a piggyback question - what is the general consensus here on using a Mac Pro or Xserve with Gateway Setup Assistant as a VPN router in place of a traditional SonicWALL / Linksys / Netgear, etc?
    Thanks in advance.
    Eric

    >As a piggyback question - what is the general consensus here on using a Mac Pro or Xserve with Gateway Setup Assistant as a VPN router in place of a traditional SonicWALL / Linksys / Netgear, etc?
    Go with the traditional box.
    For a few bucks you get a box that's designed for that kind of thing, has a far better interface for managing it, and far more fine-grained control over what traffic can come through.
    In addition to that, by having a dedicated hardware router/firewall/NAT device you avoid the chance to leak any services to the public - if you're like most people, your gateway machine isn't just running as a gateway - it's also got sshd running, maybe a web server, file server, DNS server, possible even running as a directory server.
    Since this gateway machine, by definition, has its proverbial *** hanging out in the wind there's a possibility that these services could be compromised by remote hackers.
    By using a dedicated hardware box you can be very specific about what incoming traffic you want to allow, completely insulating your server from the outside world except for the services you know you really want to be public.

  • How to change from Mac OS X to Mac OS X Server

    Hello everyone? I have a Mac Pro Late 2013 with Mac OS X v10.9.4. I want to change from Mac OS X to Mac OS X Server v10.9.4. Is it possible?

    If an enterprise mail server is a requirement, then I'd generally recommend installing Windows Server, with Active Directory and Exchange Server, Sharepoint server and related features.  Not OS X Server.
    OS X Server includes the Postfix and Dovecot packages and related tools, and which are common Unix servers used for mail.
    If you want to run the integrated mail server within OS X Server, you'll need both private (assuming a NAT'd network) and public DNS services must be entirely correctly configured — other mail servers will use any of your DNS configuration errors as a reason not to accept mail from your server, and potentially as a reason not to send mail to your server — and you'll need static IP from your ISP, and a decent-grade firewall, and preferably a firewall with an embedded VPN server and with DMZ capabilities configured to keep any server breaches contained and separate from your inner network.  Your firewall will usually need to have TCP port 25, TCP 587, and either TCP/UDP 995 or preferably TCP 993 open, and forwarded through; the appropriate ports for whatever services you're using. 
    You'll generally not want to have your internal, private, NAT'd network DNS servers accessible to and serving translation publicly.
    Or yes, Kerio does quite well, and is definitely a step or two up from the standard mail software in OS X Server — though nowhere near what Exchange Server and Active Directory and the rest can provide for a typical enterprise.
    As for many of the questions that can arise when configuring OS X Server via Server.app for DNS and mail, please see the help within Server.app.

  • Access to mac os x server 10.4

    Hello, is it possible to access mac os x server 10.4.10 from a MacPro with 10.6.8 installed or do i have to update the server?

    Hi
    If by access you mean via a VNC session, yes. Simply enable Remote Management in the Sharing Preferences Pane and make sure you enable all the options. This will work fine if both devices are on the same local network. Across the internet you're going to have to deal with the firewall at the server's location.
    HTH?
    Tony

  • Mac os x server and dhcp

    Hi all,
    Just a quick question. Does the DHCP service in Mac OS X Server override the DHCP in a Time Capsule?
    Thanks,
    Andy

    Certainly try dedicating a DHCP pool of one IP address to a MAC address, as was described in that video.  I might go as far as dedicating that IP address to a MAC address that doesn't exist on the network, as the local servers and static-addressed devices are intentionally not dependent on any DHCP requests; they're entirely static-addressed.   I haven't tried this, as I don't use the particular configuration described in the video, as I prefer to avoid using the Airport or a Time Capsule as a firewall gateway router; I have and use and recommend a dedicated gateway firewall router.  I also prefer to configure the Apple wireless devices as access points (what Apple refers to as bridge mode), and not as WiFi routers.
    It is possible to run multiple DHCP servers for some cases — for reasons not germane to this discussion, I have three DHCP servers running on one network I deal with — so long as the DHCP server address pools don't overlap with each other or with the static addresses.  Ugly, but possible.
    If you can't run as an access point (bridged), then having DHCP relay in the device would be preferable.  But AFAIK Apple's wireless devices don't support that operation.
    My preference is a gateway-firewall device and preferably with VPN server capabilities, running Airport or Time Capsule devices as access points, and having the server or some other device running DHCP. 
    FWIW, that video somewhat conflates port forwarding and NAT.   NAT is the address translation.  Port forwarding is how you configure remote requests through that address translation.  Also adding the IP address of the DNS server into the box itself as is offered in that video will likely also trigger DNS timeouts when the non-local address is selected.   It did, last time I tested that.  His description of setting up multiple local and remote DNS servers in the same list is also something I wouldn't recommend, as you don't want your DNS queries potentially going to the remote DNS servers as you won't get the local translations.
    pfSense and various other open-source gateway-router software packages are available if you have some spare ARM or x86-class hardware with two network interface controllers, and there are also a number of commercial gateway-firewall product offerings with various features.   Since I'm potentially running remote access, having the VPN server in the gateway avoids most of the various "fun" that arises with NAT traversal in a VPN; VPNs and NAT run at cross-purposes.

  • IP Forwarding on a Mac OS X Server

    Hi!
    I'm really a newbie with Mac OS X Server...
    I got this new X Server with the Mac OS X server O.S.
    I have the DNS, NAT and firewall running.
    My LAN have a private IP like the 192.168.1.x
    Now, i'd like to setup a web server in my LAN, but i want it accessible from outside.
    I tried NATural, but it's seems nothing happens...
    Please, can you tell me (in detail) what I've to do for having it working?
    Thanks to u all!
    Marco

    well... i did some tests...
    Now, from outside is possible to reach my internal webserver.
    If i put my public ip in my browser (inside the LAN) i cannot reach the webserver...
    Do you think it's something to set in my firewall or is it okay?
    Also... for doing that, i used the unique public ip on my xserve.
    There's a way to assign a secondary public IP to redirect to my local webserver?
    I cannot do this on my router, so i hope it could be possible with the xserve.
    Thanks again!

  • Mac OS X Server - Airport or other wireless hub

    I want to set up this network topology,
    Cable Modem->Mac OS X Server->Switch->Airport Extreme (or other wireless hub like a d-link or linksys)
    so that the server is acting as DHCP server, firewall etc. and the wireless hub is just allowing for wireless service (i.e. I don't need any of the routing or firewall services from the wireless hub). Can I do this? How do I set it up? Is the Airport Extreme capable of doing this? Thank you for any help you can provide.

    Ok, so I have the Airport set up, connected via ethernet and pulling it's IP via DHCP. It's pulling that IP address fine from the OS X server. It's also broadcasting it's wireless signal just fine which my laptops can see. NAT is enabled on the server as well. But, the laptops can't seem to pull an IP address through the bridge (the airport) from the server's DHCP server.
    Please help.

  • Mac OS X server together with VPN provider?

    Hi,
    I have question that I'm hoping you can help me answer. I don't have a router that is DD-WRT compatible. But I need something similar - since PPTP VPN on iOS disconnect when it's put into sleep.
    Do you know, or think that it is possible to setup Mac OS X Server with something Privat VPN? Or is it only for setting up and new personal VPN and use an existing server from a VPN provider like you.
    I hope you understand what I'm asking :)

    I would not recommend using the built-in firewall on an OS X Server box that is also running other services. You could put a server at the perimeter of your network and make it a firewall, an probably a pretty good one, but as soon as you start services, you open ports on the server itself. I also can't imagine that the firewall capabilities of a DSL modem would be that dependable or configurable. If you're looking for an inexpensive way, what you're thinking may work, but it would not be as secure as a good standalone firewall.
    I vote for upgrading the firewall.

  • Mac O X Server v10.39 troubleshooting start up.  'console mode' screen

    I have recently made use of my old *G4 400 mhz* desktop mac, by installing an old version *Mac O X Server v10.39*, to use as home server. The installation has gone well and the server has been working well for over a week, the users and shared points have all been set and there hasn't been any problems. It is now running headless and I am controlling it via Apple Remote Desktop, I have also set the energy setting preferences to put the server to sleep at 10 pm each night. I also have three other family macs which are connected and configured to use the server.
    But today I have tried to wake the server via ARD, but it wouldn't wake up and also when I have tried to getting it to manually awake up it doesn't work either, even though the front light is on.
    I then have then pressed the small reset button on the front of the G4 and now when it boots up, after seeing it go through the start up screens and once the progress bar has reached the end, the screen then goes to a black screen with the words:
    Darwin/BSD (Server name) (console)
    login:
    This is were I'm stuck, I have no knowledge of the Terminal scripts etc.
    But I have tried the put in the servers name, then pressed return, at this point the next line came up as
    password:
    After entering the administrators password, the screen then goes to a plain blue screen.
    Can anyone tell me what I need to do to get passed this stage in booting up, or what I am doing wrong and how I can correct this situation.
    Many Thanks

    Hello !
    Remade an new install with a FQDN* (yourhost.yourdomain.com) hosted by your provider with a A and MX (if you plan to use mail setvices) records pointing on your host
    Too : it's imperative to enter a valid ip on your eth. link (no public adresse : like as 10.x.x. or 192.168.X.X on your en0
    Even it's possible to setup like this, you must configure your router or firewall ... but much complex ! (Port mapping ... virtual server ... etc.. DMZ if you have ... ???)
    Install a second eth card is good think :
    1 for the wan link on the EN0
    the other for the lan EN1
    with a "real" domain name and the ip supplied by your provider : you can setup your server with this public ip on your wan and a 10-net on your lan.
    (Your dns request will be forwarding to the DNS IP servers of your ISP : one line in option of the named.conf file)
    Before you can install the software with your ISP setup (DNS and domain name) : But don't launch any services !!! nothing ! all off !
    upgrade your os x software before setup via pref panel ..
    at tis time, you got an local acces who is accessible via yourhostname.local and once you have the necessary described (domainname.xx hosted and public ip adress you can setup the services by runnig "Gateway Tool" to start DNS, NAT, DHCP and VPN services.
    The Firts step is OK !
    After you can finish the setup with in first : The DNS forwarding
    Once you hosname and reverse resolving : you will be able to jump to the next !
    But before you must get a perfectly lookup of your hostame and ip addr
    (You can setup your DNS as a primary server ! Bind 9.2.2 run well ! but ... not really easy without a goot practice of bind and a good overview of Domain Name basics ... and insecure for your data ; DNS crashed = O.D. dead and access data under LDAP denied and lost !)
    good luck !
    G4(s)  Mac OS X (10.3.9) - X4 

  • New to Mac OS X Server!

    I bought my first Mac just 5 months back, & so far have no clue of Mac OS X Server capabilities.
    We area planning to buy a Mac OS X server for our organization, our organization currently consists of both Mac's & PC's
    Keeping this in mind, can Mac OS X Server perform below tasks.
    - File & printer sharing
    - Internet monitoring, Internet filtering, internet rules ... etc
    - Schedule backup of all clients
    - VPN connection for remote workers
    - Antivirus / Firewall solution for securing our entire LAN network
    - Mass mail / bulk mail soluyion
    - Connect it to dumb terminals
    Which of the above can be done right out of the box w/o installing any additional s/w & how?
    Which of the above can be done using the standard Mac OS X?

    Hi
    Most of your questions can be answered by simply browsing Apple's website.
    http://www.apple.com/support/snowleopardserver/
    You could then make a start on the Server Administration Manuals:
    http://support.apple.com/manuals/#macosxserver
    One you've armed yourself with enough information you should be able to answer the rest of your questions yourself?
    Tony

  • Using my home Mac as a server

    I would like to put my pictures on the web so that certain clients can view their photos with password. I photograph weddings and would prefer to make html slide shows of their wedding pictures so that they can view them anywhere with any computer. I would like the setup to be as simple and reliable as possible. I have an additional 250GB drive in the Mac that I wish to use as the storage of individual folders that contain the slide shows. If it would help I can get a dedicated 2nd Mac as the server if necessary. I was told that I would need a static IP address and some kind of software. I thought I could use file sharing on my computer but after reading numerous articles over the net, I am quite confused as to what I need. All I want to post is photo galleries that have about 600 to 700 pictures each that a client can view and that I can delete some or all of them after 30 days to be replaced by new ones. What software, hardware, etc. would be necessary to do this. Any suggestions welcome.

    OSX server or client are both capable of handling this, as long as you have enough disk space. A site like this would probably only require a simple script on the server, server side includes (.shtml) and some javascript in the page itself. Frequently changing directories with basic authentication would probably best be done with .htaccess files. It isn't brain surgery, but there are reasons that people can make a living doing this kind of work.
    A static IP would be needed so that when the users aim their browser at your site, they're not aiming at a moving target. Be aware that many/most/all ISPs that have home broadband networks block web servers.
    Try turning on the web sharing, and try making one of these sites and see what comes of it. One cavaet that I see coming, is that the names of the images will probably vary from one shoot to the next, so that's why I was thinking that a server script to list the the image names and put them into a javascript array for the page to use to call for the different images.
    Roger

  • 2 internal hard drives Mac Pro Tiger Server

    I have a mac pro 10.4.11 server that has 2 internal hard drives. 1 is 232.89 GB which is the main startup drive and the second is 465.76 Gb which I had pre installed for extra storage. My question is when I look in Server Admin under sharing and I click the "all" tab. It displays 2 hard drive icons and when you select either one, they consist of the exact same things. Do I need to format the second drive in a way so it will be recognized in the Server Admin Sharing?? I can install applications to the drive as it is recognized in the normal finder but I can't seem to get Server Admin to know it is there. I was going to use the second drive for mostly applications and storage. The other hard drive I was going to try and keep just for home directories.

    This is the wrong forum for your topic. You should post it in the Mac OS X Server forum.

Maybe you are looking for

  • How can i get the document full path in S_TieDocument?

    I create a new S_TieDocument and override 2 methods: extendedPreInsert and extendedPostInsert how can i get the document full path in these 2 methods? (e.g. if i use the system user to upload a new file named 'test.file' in system root path /home/sys

  • Adobe microsoft surface

    I try to pen a pdf doc on microsoft surface, and this message appears :To view the full contents of this document, you need a later version of  the PDF viewer. You can upgrade to the latest version of Adobe Reader from www.adobe.com/products/acrobat/

  • Random tracks disappearing from iTunes on purchase or sync

    Since iCloud has been introduced, I've had nothing but headaches keeping the songs I want on my iPhone. Until the cloud, it was simple enough. I had all my songs on my Mac. The ones I wanted on my iPhone, I checked, did a USB sync, and I was golden.

  • Maps app:  find me locator inconsistent

    I have an iphone 3gs -- fairly new -- Just recently, the GPS on the maps app has been working inconsistently. Some times it shows my current location is in the middle of the US (I'm in LA) and yet other times it is accurate. It's not a big deal, but

  • Hello can you please let us make an apple account without asking for our visas

    hello this thing is very cool i just want to say hi i am  big fan of apple