No external access. Lion Server 10.7

Similar Messages

• Trying to access Lion server remote using multi-user access, but from a legacy Leopard system

  Just purchased a mini server running Lion, and got screen sharing working fine from my legacy system (32-bit so Leopard only). However, I would like to run in multi-user mode, so someone can use the Lion system and another person can access their own account, from the older Leopard system, at the same time. Using multi-user rather than screen sharing. But Leopard does not have the option on the Finder/Share Screen command, the pop-up window to select screen sharing or new virtual session. So, is there a way still to run a new virtual session from a remote client running Leopard?  Since the multi-user capability resides on the Lion server, it should be possible, but how, without the pop-up menu?
  Message was edited by: Kurt-Syracuse

  Hey. I suggest you check out http://discussions.apple.com/message.jspa?messageID=9839785#9839785, where there are a couple solutions posted in regard to the error code -36 when connecting to a samba share. Good luck!
  Jeremy A.
  Tekserve Intern

• Lion Server App Port?

  Hello,
  I am having a problem using the Lion Server App to access our company Lion Server from outside the intranet.
  Is port 311 the correct port to open on the firewall to access Lion Server from the outside with Server App?
  Thank you!

  Hi Warashina,
  Yes it is the correct port #.  Specifically it is 311/tcp.  For reference you can look at this document:
  http://support.apple.com/kb/ts1629
  In addition you can use the terminal's basic tcpdump command to check.  If using your wifi adapter the command would be:
  sudo tcpdump -i en1 -q -n
  Then fire up server.app and attempt to connect you can see the basic conversation go over the wire.
  In my case it looked like this:
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
  12:40:52.891558 IP 10.254.30.253.52992 > 170.34.55.122.311: tcp 0
  12:40:53.039459 IP 170.34.55.122.311 > 10.254.30.253.52992: tcp 0
  12:40:53.039530 IP 10.254.30.253.52992 > 170.34.55.122.311: tcp 0
  12:40:53.039872 IP 10.254.30.253.52992 > 170.34.55.122.311: tcp 184
  12:40:53.184879 IP 170.34.55.122.311 > 10.254.30.253.52992: tcp 0
  12:40:53.185072 IP 170.34.55.122.311 > 10.254.30.253.52992: tcp 0
  12:40:53.185497 IP 170.34.55.122.311 > 10.254.30.253.52992: tcp 79
  12:40:53.185548 IP 10.254.30.253.52992 > 170.34.55.122.311: tcp 0
  311 tcp was used to connect to and 52992 was used as the origin port from my machine.

• Can't acces lion server with Mountain Lion

  I upgraded to to Mountain Lion and now its telling me I cannot access Lion Server on this Mac? I was able to access it before the upgrade.

  Did you upgrade to the Server version of Mountain Lion? If  you did not that explains why you cannot access it. However if you did please repost in the correct forum which is:
  https://discussions.apple.com/community/mac_os/os_x_mountain_lion

• Lion Server: VPN external ports to open on firewall

  With Leopard/SnowLeopard Server, opening ports back to my server @ 500, 1701 and 4500 were sufficient for L2TP VPN.  I had no issues trying to connect to my VPN until I upgraded to Lion (which I'm quickly learning was a big mistake).
  Now it appears that there might be undocumented, additional ports in the new (dumbed down) VPN on Lion Server
  I've got 500, 1701 and 4500 open now... and added 1723 (PPTP) as some people suggested (found via google search).  I still cannot connect from outside my nework - the client acts like the server does not exist.
  Please note that I can connect without an issue from within the network.  When I simply change the hostname to my external host, it no longer is able to connect.  (My firewall supports external reflection when trying to access my external IP - so don't worry about my firewall config, other than port redirection).
  Is there another port besides the four I've listed about that I need to open?

  Yup... all UDP.  I'll mess with getting it outside the firewall. 
  I'm thinking now that it might be a domain/certificate name issue - seeing that all the new certificate trust requirements have already broken other things for me (like web-based stuff, calendars and profile management)
  Is it required by the VPN server that the certificate hostname matches the external hostname?

• Mountain Lion Server Profile Manager not accessible externally

  What do I need to be checking if I can't access our Mountain Lion server's Profile Manager externally.  From a test iPad on a carrier's 3G network, I get a "server not found" error when using http://fqdn/.  I can bring up the server page if I use https://publicipaddress. but not https://publicipaddress/profilemanager.  Apple tried accessing the server with the same findings.  We're a state agency behind tight firewall and security and we're told that all Profile manager needed ports are open...  Thanks.

  Nelson -
  Pretty much everything boiled down to DNS, firewalls and ports.  Unfortunately, I was never able to acertain which of the three items were causing this problem because we have a separate group who manages the network and firewall (plus a separate security team).  If I recall, once they focused on what it was I was trying to accomplish, most of the problems "magically" went away. 
  Is your reverse DNS working the way it's supposed to?  Ex:
  yourserver:~ login$ hostname
  yourserver.yourdomainname
  yourserver:~ login$ host yourserver.yourdomainname
  yourserver.yourdomainname has address 10.x.x.x
  yourserver:~ login$ host 10.x.x.x
  3.34.2.10.in-addr.arpa domain name pointer yourserver.yourdomainname
  yourserver:~ login$
  Also be sure to follow "burton11234's" posts.  https://discussions.apple.com/people/burton11234?view=overview

• Setting up new Lion Server - Accessing documents

  We are in the process of upgrading from a 10.4.11 server.
  We are not migrating anything over, and are starting from scratch. I've configured users and groups but had a question regarding documents.
  On our old server, we used share points to store all our working files. In Lion, I see a "Give this group a shared folder" button. Inside that are "All My Files" and "Documents".
  Is there any right or wrong way to store all our working files (small ad agency with art files that are accessed internally and externally). Would I be ok to use that for our working documents? Or should it be a folder somewhere else that is accessed through a share point?
  Once I configure the folder on the Lion server I will be copying the files over from the old server
  Thanks in advance.

  Well, you are again asking questions that don't have a clear answer.  Let's first look at the physical drive. 
  So, yes, the mini comes with two drives.  But if you are placing the OS on one drive and data on the other, you have no redundancy.  The mini is lacking enough redundant features, don't trust your data to a single drive.  I would recommend mirroring the two drives and storing OS and Data on the same volume or storing just OS on the internal drives and getting a raid capable device for your data.  Since the mini is a closed box, having your data outside at least allows you the portability in the event the mini fails.  Otherwise, when AppleCare tells you to ship them your mini that will not power on, away goes your data. 
  As for structure, I tend to work in this fashion.  Lets assume you are sharing from the boot volume.  It will look something like this:
  /Applications
  /Library
  /System
  /Shared Items
  /Users
  I suggest doing something like this to avoid Apple's structure:
  /Applications
  /Library
  /System
  /Shared Items
  /SharedFolders
       /Share 1
       /Share 2
       /Share 3
       /Work in Progress
  /Users
  But doing this, you are sharing the folders called Share 1, Share 2, Share 3, Work in Progress.  The parent folder, SharedFolders, is simply a container and requires no special permissions since users don't interact with it.  However, it makes a convienient container to targer for backup purposes.  So instead of defining a backup source for multiple folders, you simply do the one that contains all your shares.
  Now the other big change that you will need to wrap you head around is that in 10.4.x you were likely using POSIX inheritance.  That no longer exists.  You can only set your shares to use ACLs.  Now this is generally a good thing.  However, if your crew is using CS4 and older, you are going to have an issue with saving to the share.  Especially with Photoshop.  If you are CS 5 and above you "should" be ok. 
  Protect your data.  Mirror the drives.  It is the only redundancy you have on a mini.  But remember... redundancy is not backup.

• I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.

  I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.

  Ditto. Guest accounts shouldn't have a password. No way to enter one in System Prefs...

• How do I access files with an iPad on a Lion Server?

  One of the reasons I upgraded fron Snow Leopard server to Lion server is to access files from an iPad and iPhone.  I see in the File Sharing sharepoint configuration box the iOS checkbox, but how do I get to the files from the iPad?

  Thank you for shaking my brain!  I kept looking for a file structure to show up, such as Fidner.  Your answer got me thinking correctly. Instead of looking for a "Finder", I opened Pages on my iPad and touched "+" then "copy from webdav".  From there I got a login screen and typed https://servername.com/webdav plus my credentials and it got me right to the files on the server!  I can now access files on my server from my iPad and can save the changes back!  It works both on the local network and remotely!  Thanks again!
  Message was edited by: FTZMan

• Help setting up Lion Server for remote access

  I have been going in cricles for weeks trying to set this up correctly.  Can anyone tell me what I'm doing wrong?
  I got Lion Server and Server Admin Tools all updated and have been trying to follow Terry Walsh from We Got Served's guide but I missing something.
  I purchased a domain from GoDaddy. Let's call it bradnet.com
  My domain and dyn domain are not really what I have typed here but close enought that they should work for my example and trouble shooting.
  Because my ISP (Comcast) doesn't provide a static IP I registerd for an account with dyn.com.  This is where I get really confused.  With dyn.com i created a host name: bradnet.dyndns-rocks.com and downloaded there updater software.  It found my public IP address and said everything is ok.
  I went back to GoDaddy and in my DNS manger page added the host: bradnet.dyndns-rocks.com and entered my public IP.
  I then went to the server pane to edit the host name.  I followed your instructions to edit the name and selected Host Name for Internet.  I left the computer name as mini (what I had previously named it for file sharing before the server upgrade) and entered  mini.bradnet.dyndns-rocks.com as the host name.  When it takes me back to the server pane, in the bottom window it states:
  Your Server's host name is mini.bradnet.dyndns-rocks.com, and its IP address is 192.168.1.10. You can change network settings in the Server pane.
  I never get the your network is configured properly message.
  I went and set my computer's IP to DHCP with manual address (although all of my machines are set up with DHCP reservations so I guess that is a little redundant) to 192.168.1.10.
  I skipped the port forwarding step because I am using the latest AirPort Extreme as my router.
  I then opened a browser and tried:
  http://bradnet.com
  http://mini.bradnet.dyndns-rocks.com
  http://mini.bradnet.com
  http://bradnet.dyndns-rocks.com
  All of these got me the can't find the server response from Safari.
  Also, I have not yet set up Directory Services.  Terry's guide seems to suggest to do this step first.
  I'm sure I have messed up some step somewhere can you see what I have done wrong?
  Also, is it a problem to set up open directory services using a .local host and then go back and change it for internet access later or do you need to set that up from the start?  My family is getting impatient with me trying to get this to work.
  Thanks for any help anyone can offer!
  Brad

  That manual page is not fully correct. There is written:
  Public UDP Port(s): <enter the appropriate UDP port value(s)>
  Public TCP Port(s): <enter the appropriate TCP port value(s)>
  Private IP Address: <enter the reserved IP address of the host device (from step 1)>
  Private UDP Port(s): <enter the same Public UDP Ports or your choice>
  Private TCP Port(s): <enter the same Public TCP Ports or your choice>
  But it should be:
  Public UDP Port(s): <enter unique UDP Ports of your choice>
  Public TCP Port(s): <enter unique TCP Ports of your choice>
  Private IP Address: <enter the reserved IP address of the host device (from step 1)>
  Private UDP Port(s): <enter the UDP Ports used by your device>
  Private TCP Port(s): <enter the TCP Ports used by your device>
  Make sure you use the same ports in the private settings as you have defined in your IP camera. Normally a camera will use port 80 by default, so use 80 here.
  The Public ports must all be unique. If you have not defined a port 80 here, you can also use 80. This will fail however when using multiple cameras. I for instance have 5 IP cameras and use the public ports 8451, 8452, 8453 etc.

• How to get AppleTalk on OS X Lion. I need it to access the server.

  I was using G5 and had Leaord on it. I was not able to update any new softwares on it as it was not intel based. I bought a new machine Mac Pro and now there is no appletalk on it.
  Does anyone know how I can access appletalk from lion or is there any other alternative i can access the server.
  Please let me know. I have been looking about but i am not able to find any solution.
  Thanks.

  Alikazani,
  AppleTalk is gone since Snow Leopard. There's no way to use it on Lion. But isn't clear what you need. Do you still want to use your G5? Or you need only to transfer files onto your new Mac Pro?

• Sending external emails thru Mail relay in Lion Server

  Hi,
  I've setup Lion Server with a Mail Relay for outgoing emails and currently paying for x amount of emails per day.
  Does Lion Server send all outgoing emails through the relay, or is it smart enough to know that internal emails (on the same subdomain) or emails generated by web apps on the server itself do not go through the relay because it can deliever it directly into the mailbox that resides on itself?
  We generate a lot of emails internally, but only a handful to external addresses.
  I'm looking for information about this but I havne't found anything yet.
  Please let me know.
  Thanks!

  The mail server first checks the domain of any recipient. If it's a local domain (i.e. one that the server handles) then it just passes that message to the user's mailbox.
  It's only non-local domains that need passing upstream through your relay, so you can send as many internal emails as you like - they won't touch your relay server.

• Cannot access in a shared folder on Mac OsX Lion Server

  Hello, i've a strange issue with Mac Os X Server 10.7 :
  i created an shared folder, grant r/w permission to everyone group, but when i try to access to him from Pc with windows7 ask me te credential, however if i logon with a registered Mac OSx account it refuse the connection, obviously when connect to this shared folder from Mac i've no problem, of course...
  Someone can help me?
  Thanks Riccardo.

  Maybe someone in the Lion Server Forum would know the answer?
  Regards,
  Colin R.

• Have to restart Lion server every time I want to access it remotely

  L.S.,
  My Mac Mini Server (10.7.3) is colocated at a data center.
  At this point I have to restart Lion server every time I want to access it remotely for screen sharing over the internet.
  I can make the connection, so all the right ports are open, as the port scan also shows, but it just times out when I wish to connect again within the same server without rebooting.
  I bought Apple Remote Desktop but that doesn't help either. I can still connect through AFP, web and VPN.
  I do hope that someone can give me some more insight in this problem.
  Rebooting isn't a problem by the way...
  UPDATE:
  If I keep the session active overnight, there is no problem whatsoever, but when I log off as a "good practice", which I've learned using Windows, screen sharing will not work any longer. Forgetting about logging off seems to be a viable workaround at this point .
  regards,
  Mark

  Double post... https://discussions.apple.com/message/17729558#17729558

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry