Open Directory Usefulness for Home Server

Similar Messages

• Configure Open Directory using CLI

  We have a Leopard Server in Advanced Mode.
  If you have a fresh install of Leopard Server with nothing configured, is there a way to configure Open Directory to be an Open Directory Master completely using CLI utilities?
  Wasn't able to find anything in Apple's PDFs

  I agree with Dal78 Apple using a base DN of servername.example.com rather than just example.com is illogical. In fact originally they did seem to use just example.com as the format but in recent years now use server.example.com as the format. When I first encountered this change it was still possible to overridge the use of servername.example.com and force it to use just example.com as the format. In more recent times I have decided to leave things the way Apple do it.
  I don't know if there is an official answer as to why, but a possible guess is that you can now have multiple Open Directory servers for a single domain. This is the 'Locales' option in Server.app. It maybe that including the servername makes it possible/easier to implement this.
  I also agree Strontium90 do not use a .local root domain for Open Directory. In theory there are hacks to (sort of) get this to work, but Apple engineers will typically run screaming for the woods when they encounter this.
  PS. Briefly Apple also did the same illogical thing with DNS zones, whereby the zone name for a domain was servername.example.com instead of example.com this at least they have stopped doing.

• Is Open Directory required for Webmail??

  Anyone know if I need to enable Open Directory (Tiger Server) in order to use webmail successfully? Currently I am trying to get it going with all users on the local directory but it's not working. Thanks for any help. Rob

  Hi
  Is Open Directory required for WebMail?
  No.
  The Web Service needs to be enabled. For that to work effectively DNS needs to be configured and running. Its not absolutely necessary but its better if it is. Obviously the Mail Service needs to be running as well as users having Mail enabled for them in WorkGroup Manager. Obviously you need to enable IMAP for desired users. Either POP and IMAP or IMAP only.
  In the Web Service enable the WebMail option. Server Admin > Web > Settings > Sites. You need to enable the WebDAV Module as well. Its in the Modules section. That should be it.
  If you want external access open port 16080 and allow public/external requests to the private/internal IP address of your mail server. Create an appropriate firewall rule if your router requires it.
  Tony

• If the Microsoft Forefront Protection 2010 for Exchange Server can use for exchange server 2013?

  if the Microsoft Forefront Protection 2010 for Exchange Server can use for exchange server 2013?

  thanks for your reply!
    what's protection software can use for exchange server 2013?
  Hi,
  Most (if not all) of the bigger vendors has a product that supports Exchange 2013, so look them up.
  Exchange 2013 has some Anti-Spam and Anti-Malware Protection functionality that you can read about here:
  http://technet.microsoft.com/en-us/library/jj150481(v=exchg.150).aspx
  Martina Miskovic

• Netscape cert type does not permit use for SSL server on Weblogic

  We have WLS 11g (11.1.1.5 SOA) on UNIX and we are trying to connect secured service (Using client certificate along with UserName and Password for Authentication ). I was able to test it using SOAP UI.
  But when I am testing the webservice I am facing listed error
  java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): https://abcd:1111/JWSs/V1/TermsWS at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:575) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at
  and domain log shows that
  Caused By: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server
  Please help me to resolve listed issue.
  Can I use Netscape client certificate on WLS?
  Do I need to take any extra care while working with client cert?
  I appreciate your help.

  Netscape cert type does not permit use for SSL clientTry using another certificate. Your certificate can't be used as a web browser client certificate.

• Autherntication using Open Directory and NO home folder

  We are looking to set up an Open Directory on a Snow Leopard server in our medium sized company - we would like to use it for Single Sign On authentication but do not want to create home folders on the server. All we want OD to do is authenticate
  We have been able to authenticate using OD bound and unbound but both need home folders. Is there a way to have no home holder and still authenticate?
  thanks

  What I did was in WGM select a user account. Then select the Home tab. Click the + button to add a home folder. In the sheet that drops down, in the bottom box put /Users/username. Leave the other boxes blank. This will create a home folder locally on whatever machine the user logs into.

• Server 4: open directory entry for server reports wrong IP address

  I'm running Server 4 on a Mac Mini (late 2012) running OS X 10.10.
  The server is configured as a stand-alone machine providing services to users connecting over its fixed IP public address.  The server uses Open Directory to keep record of authorised users of the services provided (mail, calendar, wiki, contacts, some file sharing), and the machine is configured as an OD master.
  I've noticed that the entry relating to the server on the Server 4 panel for Open Directory (the only entry showing by the way) lists three IP addresses below the name of the machine.  My concern is that these IP addresses are not related to the IP address being used by the machine, and there does not appear to be any simple way to change them.  The IPs reported are 10.37.129.2, 10.0.1.2, 10.211.55.2.  The server's fixed IP is in the range 45.146.x.x and the local network running below our router that the server connects to has IPs in the range 192.168.1.x.  So It is not clear where these IPs might be coming from.
  What do these numbers relate to?  If they are important, should they point to the IP address occupied by the server?  If so, how do I make this change in settings?
  Thanks a lot in advance for any help that you can provide.

  <bump>

• Open Directory conection for Client inconsistant

  Hi,
  Been working setting up several labs during the summer and have come across a new problem.  When joining the computers to Open Directory the comptuers connect to the Replica and are added to the Open Directory list.  However, at the login screen the signal for the status of the directory connection keeps changing from Green to Yellow and never activates my preferences for the computer. 
  Anybody run into this before or have seen a solution to this?  Have tried to connect to other replicas as well as the master and have run into the same issue.
  Thanks!

  Ok, I got it.
  But what if I want the OD user to have some configuration data on the local client?
  Let me explain that a bit better. The configuration I would like for my network and users is as follows: the server works only as an authentication server, I do not want roaming profiles or homes directory on the server; I just want the server to authenticate users when they log in to several client machines amongst the lan.
  For documents sharing, in fact, I much rather prefer using Dropbox, which allows my users to share on a WAN-instead-of-LAN basis.
  But a home local directory is needed for OD users to keep libraries, preferences files and so on.
  Back to the old Windows server (PDC) time, I used the server as a name server authentication only, still the client created a local profile for the user of the server.
  Does OD works this way too or am I missing something?
  Thank you.

• Open Directory and Mobile Home Folders

  Hi All,
  I am a bit confused about Open Directory and Mobile Accounts! here is our scenario. We have an Open Directory setup and all Accounts are set to mobile, accounts are almost 250+, my main problem is the Synchronization Conflicts, the accounts are automated to sync every 30 mins, the problem is every now and then schronization conflict windows popups, our users are complaining almost everytime, another problem is all of the users home folder has a qouta of 5GB, problem is there are users who excedd on the qouta some goes up to 60GB and 100GB, how do i solve this two problems. i am about to loose my mind. We setup like this in order for us to have a backup of all files of the users in case problem arises in the workstation. i have notice that synching file error comes up if you have temporary files used by any applications. the home folder of each user will exclude library, trash, music and entourage databse. Please Do help me.!!! Anyone who knows..?
  Environment
  OD Server - MacOS X Server Tiger 10.4.4
  Workstations - mix MacOS X Tiger 10.4.4 - 10.4.7
  AFP Home Folder - MacOS X Server Tiger 10.4.6 mounted Xsan Volume for home folders
  johnaris
  PLEASE HELP!

  Thanks for the info, by now i will look into that little utility that is very helpful (console!)
  Yes, I was thinking of synching our users at login and logout, the problem here is that, users here has bigger home folders.. mostly about 3GB, and it will took time to login a user, about 6-10 mins, depends on the network, we have networks users that that has slow networks and fast network on video editing users. What I did is that i excluded the Library in the synch options on each unit here, since we are not using Apple's Mail and iCal, it did minimize the synching error but the temp files and date discripancies are mostly that will generate an error, I am having really problems with this.
  thanks for the info i really appreciate it.

• For home server...

  I have a PowerMac G4 MDD that I'm using for my home file server. I have a copy of OS X 10.4 server and would like to setup a complete environment for my home, Mail, Web, iChat, DNS, Time, File servers...
  I'm not an IT person by trade, just hobby. So my knowledge is limited. I currently have a FreeBSD server doing most of this work already but would like to move it to OS X. Because of my FreeBSD home server I'm pretty familire with what the services do, just not what is needed to set it up to begin with in OS X.
  My problem is that although I know quite a bit about UNIX and such, I don't know anything about what needs to be setup in addition to the services I want, and in what order they need to be set up? For instance, the term directory has a completely seperate meaning then what I'm use to and this is exaserbating my confusion...
  Is there a howto or guide somewhere that is written for some one of my limited knowledge of formal IT abilities to help setting up a home based server (for idiots).
  Thanks for any help.
  RPR

  if you have experience with configuring and using freebsd, you're already ahead of most people who are likely to setup os x server.
  start with the server documentation here: http://www.apple.com/server/macosx/resources/
  check john de troye's tips doc: http://tinyurl.com/8qb77l
  there are also some quick setup guides like this one around the web: http://wiki.bssd.org/images_up/6/65/LeopardServer.pdf
  check http://afp548.com and its forums for details on troubleshooting and extending os x server.

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• How to turn off Open Directory in OS X Server 10.8.2

  I am configuring a MacPro with ML Server 10.8.2 for internal-only use.  I have DNS working on it (with the annoyance that it goes out of its way to break wildcard host names, and it doesn't know how to properly create the zone files to allow a secondary DNS server to do reverse-name-lookups properly).  I have only 2 users (admin and Time Machine), Time Machine is working for client Macs using the Time Machine user account, and File Sharing is working (using either account), sharing a RAID of internal drives an a pair of USB-attached external drives.
  I briefly turned on Open Directory, just to see if I wanted or needed to go that route.  I entered an Open Directory admin (diradmin) with a password.  Looked around the options and decided I did NOT need to use Open Directory just to get the Time Machine stuff working, and I was right.
  However, now the Server App shows Open Directory is "On."  When I go to that tab, I get a message stating that there was an error reading the settings file for Open Directory services.  I click it "Off" but it refuses to turn off.  When I come back to the tab, I get a pop-up window with a message about an error reading the settings and the Off/On switch moves back to "On" and the green light never goes off next to Open Directory in the list of services.
  I've rebooted the machine and after the reboot, sometimes, it appears as if I can add/delete/modify Users and Groups.  Other times, after the reboot, the +/- buttons are greyed out and I cannot add/edit/modify Users and Groups.  I have not yet tried to add/delete/modify users yet because I'm leery of trusting the server with this error message.
  Can anyone help me to remove anything and everything related to Open Directory so that it is "off" as if I never ever turned it on?  Or any suggestions on how to fix this short of a reinstall?
  Can I download and install the Server app on a differnt machine and then just copy the Server app over to this machine?  Will that zero out the Open Directory stuf that I'm trying to get rid of?
  Thanks in advance.

  I think I solved my problem by running the following command:
  sudo slapconfig -destroyldapserver diradmin
  diradmin is the name of the Open Directory admin account I created.
  The Open Directory Service now appears "off" and no longer had the green dot next to it in the list of services.
  Obviously, NOT a good solution to someone who was actively using Open Directory as this appears to have deleted all the data associated with Open Directory.
  Users and Groups now allow me to add/delete/modify.
  Sad to see an Apple product have such issues.

• How to do an Open Directory Restore in Lion Server?

  Lion Server on a Mac Mini was having issues when being rebooted. We've pulled the plug a few times in the past to bring it back up, An update was done last night to 10.7.5, then it hung on restart. Once it was hard reset, it hung on start, went into Safe Mode and everything came up, rebooted normally and Open Direcorty services won't start and all users are missing.
  Never did a manual archive of OD with Server Admin, but have Time Machine backups going back a few weeks.
  Is there anyway to just restore Open Directory? Can I use Server Admin to point to a TM backup and pull a file there? If so, what type of file am I looking for?

  Hi,
  actually this functionality does not work. The reason for this is that Forms9i is Web only and there is no functionality downloaded with the generic Java Applet. For the moment I filed an enhancement request to have this on our radar. Meanwhile, if you need thi sfunctionality you can help yourself by writing a PJC that opens a dialog and performs the action that you want to.
  Frank
  Forms Product Management

• How to set permissions IN Open Directory USING Open Directory groups?

  Hi all,
  Apologies if I've missed this but have been searching for two days trying to figure out how to delegate permissions within the OD to a number of different OD groups and i can't seem to find any way to do this either at the command line or with WGM.
  Examples: an OD group containing those who will manage the full directory need to have permissions on all containers, child objects, and their attributes in the directory. For this one in particular I seem to be able to nest a group in the default Admin group, but this isn't really what i'm after. I need to create OD groups with the ability only to manipulate objects of class apple-computer and similarly, apple-user (really all inetOrgPerson objects). In a nutshell: how do i set permissions on specific attributes or object classes using OD groups?
  thanks for any pointers...
  -andrew

  I think i just answered my own question: Open Directory is OpenLDAP. slapd is all i need.

• Minimum requirements for home server

  I am looking to get a cheap iMac, Mini or iBook to use as a home server to run iTunes 24/7. I will be attaching an external HD for storage space for my media and will stream wirelessly to Apple TV over 802.11g using an Airport Express. What would be the minimum requirement for such a setup? Would the minimum requirement be what the latest version of iTunes require?
  Message was edited by: Mac4lfe

  Hi Mac4lfe: If you want to SYNCH between the Mac and the ATV, then any G3 will do, just expect the synching to be slow. If you want to STREAM from the Mac to ATV, then a G3 will do for music but not for video. If you want to stream video, a G4 will do, but you will get a lot of beachballs when you do anything on iTunes and sometimes the streaming will fail. I suggest you get the cheapest Intel Mac, you will have a much better experience when streaming. Lastly, remember you will need a screen for the Mini, there will always be warnings, error messages, updates, etc in iTunes that you need a screen, mouse and keyboard for. Very lastly, you can just get the ATV and buy music, TV shows, Movies and rent movies without a Mac. 160GP shall be enough. I have 40 movies, 20 full TV seasons and 6000 songs and am just over 400GB.