Profile Manager & Add software

Hello!
Anywhere in Profile Manager where you need to add Apps from lists for example: Profile Manager -> OS X -> Login Items -> Apps -> [+]
you'll get crash!

Mines doing the same thing, where all the macs think they dont need updating but I know there are at least four updates to go out out. The main Sofware Update Server is still downloading all the Client updates so do I have to wait for it to finish the downloads for the server to give out the updates?

Similar Messages

  • Can I use OS X Server 4.0 Profile Manager to distribute iOS apps with iOS Developer Enterprise Program (iDEP)?

    We are developing an iOS and complementary Mac OS X app for in house use by about 1500 users. I need to manage the devices and distribute the in-house app to these users.
    We have an iOS Developer Enterprise Program (iDEP) licence.
    Can I combine OSX Server and iDEP to distribute and manage the app? Or do I nee dot move to something like Air Watch?

    You should not have to do anything the user/group import should be automatic and you should not have to manually create any accounts and it does onging syncs automatically but I do not know how often.
    Once you are install and connect to profile manager all the accounts should show up just by clinking on users or the groups icons and they will work with that. You should not need to mess with them in the actual server application Although I would assume the other services all ink into the OD directory I don't know exactly how services like email, file sharing or VPN work as we have other more full featured better scaling services for that like MS Exchange for email/calendar and Cisco VPN.
    We are only using OD, Profile Manager and Software Update.
    Just a note I am using Server 3.2 on OS 10.9.5 if you are using Server 4.X your mileage will probably vary slightly as I am not sure what the areas of major change are.

  • How do i add more than one pdf at a time to profile manager books

    How do I add more than one pdf at a time to profile manager books? When I browse to my pdf folder I can only select one pdf at a time. I have 500+ pdf files I need to add. Any help would be greatly appreciated.

    Bucknut wrote:
    I want to add more than one email address to my address book from an email I received. They were in the CC of the email I received. is there anyway to drag them all into an address book group all at once. I hate having to add and address and then having to find the address and then add it to a group. thanks
    no, there is no way to do that, sorry. you need to control-click on every email address one at a time and select "add to address book". if an email is in the address book already that option will not be there.

  • Cant add Apps to login items with profile manager

    I can set up profile manager successfully, and set certain settings like the Dock, the login window, etc. But when I click on Login Items, and try to add an Application, the list of applications is blank. Tried it from my server, tried it logged in remotely, tried rebooting, tried it on several accounts and several groups, and its always empty.

    found it:
    /usr/bin/osascript -e 'tell application "System Events" to make new login item with properties { path: "/Applications/iChat.app", hidden:false } at end'

  • Profile manager software update section missing

    Hi,
    Im trying to set up my own software update server. When i try to set up the payload there is no option for software updates anywhere in the list in profile manager.
    Im currently running Lion server 10.7.5.
    Is the option not there and im going to have to set this up by other means or have i somehow screwed up?
    Any pointers very much apretiated.
    Thanks
    Mark

    Not that it's much help but we are having the exact same problem. When accessing profilemanager we are redirected to the wiki page whether wikis are turned on or not.

  • How to add network volume to dock using profile manager

    I'm trying to set up my network machines so that when users log into their network account, their Dock is pre-populated with one of the shared network volumes.
    I've set up the network volume (called /Archive) in the Server app. Users can successfully mount it when logged in. Also I succeeded in using the Profile Manager to automatically mount it upon network user login.
    However when I try entering the volume name into the "Dock Items" list in Profile Manager, it does not work. I've tried "Archive", "/Archive", "/Volumes/Archive", etc.
    Anyone know how to do this? I know I can simply ask all users to manually drag the folder to their Dock the first time they log in ... but I want Profile Manager to automagically do it for all users.

    Are you trying to add a network volume or folder? I believe you can only add folders. Have you tried: Volumes/Archive, losing the first slash.  I was successful in adding a group folder to the dock by using: Volumes/Groups/Example

  • Add computer to profile manager

    I have set up MAC Min Server and enable profile manager.
    I am having the following issues:
    1. How do i add windows PC & laptop on the mac workgroup?
    2. How do i enable users to log in on the Mac server workgroup and enable a roaming profile
    Thanks
    Kind regards
    Modely
    [email protected]

    I'm not sure why files aren't syncing though. The process looks like it works, but the last sync date still says 12/31/01 7:03PM.
    I have my suspicions.
    9/17/12 9:07:35.439 AM com.apple.SystemUIServer.agent: Mon Sep 17 09:07:35 2012 HomeSync[315] (FileSync.framework) _SFSendMessage: gServerMessagePortName = 'com.apple.FileSyncAgent.iDisk'
    9/17/12 9:07:35.441 AM com.apple.SystemUIServer.agent: Mon Sep 17 09:07:35 2012 HomeSync[315] (FileSync.framework) -[SFSyncSet registerForCallbacks]: 0x10c54e810
    9/17/12 9:07:35.564 AM mount_url: mount_url: Mount of afp://;AUTH=NO%20USER%20AUTHENT@[SERVERNAME]/staff_data on /Network/Servers/co-osxs1.rockingham.k12.va.us/Volumes/User_Data/Homes/staff_da ta gives status -5997
    9/17/12 9:07:35.686 AM mount_url: mount_url: Mount of afp://;AUTH=NO%20USER%20AUTHENT@[SERVERNAME]/staff_data on /Network/Servers/co-osxs1.rockingham.k12.va.us/Volumes/User_Data/Homes/staff_da ta gives status -5997
    9/17/12 9:07:35.812 AM mount_url: mount_url: Mount of afp://;AUTH=NO%20USER%20AUTHENT@[SERVERNAME]/staff_data on /Network/Servers/[SERVERNAME]/Volumes/User_Data/Homes/staff_data gives status -5997
    9/17/12 9:07:36.004 AM com.apple.launchd.peruser.50990025: (com.apple.TMLaunchAgent) Throttling respawn: Will start in 2 seconds
    9/17/12 9:07:36.000 AM kernel: AFP_VFS afpfs_mount: /Volumes/staff_data, pid 250
    9/17/12 9:07:36.600 AM com.apple.SystemUIServer.agent: Mon Sep 17 09:07:36 2012 HomeSync[315] (FileSync.framework) -[SFSyncSet registerForCallbacks]: 0x7fe82212fdc0
    9/17/12 9:07:38.065 AM Finder: ISGetIconFamilyFromStorage: seed mismatch for 28540011, actual seed is 1befd79f
    9/17/12 9:07:38.065 AM Finder: ISGetIconFamilyFromStorage: seed mismatch for 27f80012, actual seed is 41a7c4c9
    9/17/12 9:07:38.000 AM kernel: AFP_VFS afpfs_unmount: /Volumes/staff_data, flags 524288, pid 322

  • HT1822 [Add Certificate...] hangs in Profile Manager 2 (Mountain Lion)

    I just installed Mac OS X Server on Mountain Lion for the sole purpose of configuring a new network profile for my workplace. After configuring my system to enable Profile Manager, I launched the Profile Manager web interface, logged in, went to Device Groups, and created a new profile.
    Settings are to include:
      General (required): includes general info about the profile itself
       Network: configure profile for both wired and wireless 802.1x authentication
       Certificates: include two certificates to trust for authentication to the network.
    I was able to easily configure General and Network. However, whenever/however I attempt to upload the required certificates, the browser window displays "Uploading <name of certificate file.cer>...", with the spinning indicator and does nothing else, regardless of how long I leave it alone.
    Thoughts appreciated. Considered firewall, DNS, etc issues but haven't found anything that may be getting in the way.
    Thanks.

    I'm having this same issue.
    I can install the Trust Profile
    but when I go to Enroll Device, I get:
    profile installation failed
    could not download the identity profile from the encrypted profile service. The credentials within the device enrollment profile may have expired.
    what I've done:
    backed up my Device Manager database
    wiped the database
    re-setup Device Manager
    replaced the database
    tried to Enroll Device and failed (same error)
    wiped the database
    re-setup the Device Manager
    tried to Enroll Device and failed (same error)
    I've tried recreating my ssl certs
    Ive tried running it without code signing certs
    I refuse to wipe my entire Open Directory
    is there any to get this working or am I going to need to go third party to manage my Mac-only shop?

  • How can users add their devices to Profile Manager without a user account?

    We would like to allow company devices to be tracked, inventoried and managed in Profile Manager without creating a user account for each person so they can log into /MyDevices to download the mobile profiles. We aren't staffed to have someone manage user accounts as quickly as iPads are being purchased.
    If we can't do some kind of guest access, can one user, maybe called Enroll, have literally one thousand devices attached to them?
    The other alternative is to have the profiles on a small webpage with a password to download.

    the easiest way is to use apple configurator
    using apple configurator
    enable enrollment in PM
    un tick restrict to users in device library
    apple configurator should pick up your server certs
    and the PM auto enrollment profile
    setup a enrolment wifi lan
    configure your IOS devices with apple configurator adding the
    server cert and your enrolment wifi lan
    you'll still have to handle each device tapping yes to install each profile
    but you should end up with the ipads in PM with no users
    from there you can set which wifi you wish them to connect to
    eg  staff wifi, email setings, VPN etc.
    open the correct ports on firewalls to allow PM to work internaly and externaily
    and pr any port forwading as nessessary and you'll be able to wipe lock change settings outside on your network, providing the device is online.

  • How to add keynote, numbers and pages to profile manager

    Hi
    I'm using the app Profile Manager on a Mac Mini with OS X Server Mavericks.
    I don't want to install Pages, Numbers and Keynote on this server but I would want to install those apps om my iMacs.
    Can someone tell me how I can achieve this?
    I'm from Belgium and at the moment of speaking the VPP isn't avaible to me.

    Best practice without VPP is to deploy a copy of every app via Apple Remote Desktop, assuming that you have the correct number of licenses.
    You can still buy them at the Apple BE Business Store ...
    For example, Pages :
    1-19 seats : http://store.apple.com/be-nl-business/product/D6101ZM/A/pages?fnode=000104090a
    20+ seats : http://store.apple.com/be-nl-business/product/D6012ZM/A/volumelicenties-voor-pag es-vanaf-20-seats?fnode=000104090a

  • Managing Dock Apps via Profile Manager

    I'm trying to create a payload with specific apps in the dock. It seems the only apps I have available to choose from are the ones installed on the server running the profile manager service. For example, in order to put Firefox in the dock I had to install it on the server. Once I did that it showed up as an option to add to the dock. I hope there is another way that I am missing. Seems a bit silly to have to install software on the server for the sole purpose of being able to add it to the dock. Anyone know of another way to do it?
    I realize I can still use WGM to set the dock and select apps from the machine I'm running WGM on, just trying to figure out the Profile Manager aspect.

    Excellent guide. See announcment post -- https://discussions.apple.com/thread/4256735?tstart=0
    https://docs.google.com/document/d/1SMBgyzONxcx6_FswgkW9XYLpA4oCt_2y1uw9ceMZ9F4/ edit?pli=1
    IT Resources -- ios & OS X -- This is a fantastic web page.  I like the education site over the business site.
    View documentation, video tutorials, and web pages to help IT professionals develop and deploy education solutions.
    http://www.apple.com/education/resources/information-technology.html
       business site is:
       http://www.apple.com/lae/ipad/business/resources/
    good tips for initial deployment:
    https://discussions.apple.com/message/18942350#18942350
    https://discussions.apple.com/thread/3804209?tstart=0

  • Firefox won't launch and I can't get into Profile manager to make a new profile.

    Whenever I try to launch Firefox it doesn't open. i've had this problem before and I fixed it using the profile manager, I'm trying to do the same thing this time. However the Profile Manager won't open at all.

    It is possible that your security software (firewall, anti-virus) blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
    Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
    See:
    *https://support.mozilla.org/kb/Server+not+found
    *https://support.mozilla.org/kb/Firewalls
    *https://support.mozilla.org/kb/fix-problems-connecting-websites-after-updating
    See also:
    *http://kb.mozillazine.org/Browser_will_not_start_up
    You can use one of these to start Firefox in <u>Safe Mode</u>:
    *On Windows, hold down the Shift key while starting Firefox with a double-click on the Firefox desktop shortcut
    *On Mac, hold down the Options key while starting Firefox
    *Help > Restart with Add-ons Disabled
    *https://support.mozilla.org/kb/Safe+Mode

  • How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

    I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
    Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
    Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
    Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
    DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
    DVD>Install Lion
    Reboot, hopefully Lion install kicks in
    Update, update, update Lion (NOT Lion Server yet) until no more updates
    System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
    Terminal>$ sudo scutil --set HostName server.domain.com
    App Store>Install Lion Server and run through the Setup
    Download install Server Admin Tools, then update, update, update until no more updates
    Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
    System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
    A few DNS set-up steps and these most important steps:
    A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
    B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
    C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
    D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
    E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
    F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
    G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
    H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
    I. Test from web browser server.domain.com/mydevices: Lock Device to test
    J. ??? Profit
    12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
    You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
    Firewall
    Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
    SSH
    Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
    PermitRootLogin no
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
    Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
    client$ ssh-keygen -t rsa -b 2048 -C client_name
    [Securely copy ~/.ssh/id_rsa.pub from client to server.]
    server$ cat id_rsa.pub > ~/.ssh/known_hosts
    I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
    $ diff denyhosts.cfg-dist denyhosts.cfg
    12c12
    < SECURE_LOG = /var/log/secure
    > #SECURE_LOG = /var/log/secure
    22a23
    > SECURE_LOG = /var/log/secure.log
    34c35
    < HOSTS_DENY = /etc/hosts.deny
    > #HOSTS_DENY = /etc/hosts.deny
    40a42,44
    > #
    > # Mac OS X Lion Server
    > HOSTS_DENY = /private/etc/hosts.deny
    195c199
    < LOCK_FILE = /var/lock/subsys/denyhosts
    > #LOCK_FILE = /var/lock/subsys/denyhosts
    202a207,208
    > LOCK_FILE = /var/denyhosts/denyhosts.pid
    > #
    219c225
    < ADMIN_EMAIL =
    > ADMIN_EMAIL = [email protected]
    286c292
    < #SYSLOG_REPORT=YES
    > SYSLOG_REPORT=YES
    Network Accounts
    User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
    2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
         User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
    Oh well.
    Email
    Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
    root:           myname
    admin:          myname
    sysadmin:       myname
    certadmin:      myname
    webmaster:      myname
    my_alternate:   myname
    Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
    cd /etc/postfix
    sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
    sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
    sudo serveradmin stop mail
    sudo serveradmin start mail
    Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
    If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
    iCal Server
    Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
    Web
    The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
    $ diff httpd.conf.default httpd.conf
    95c95
    < #LoadModule ssl_module libexec/apache2/mod_ssl.so
    > LoadModule ssl_module libexec/apache2/mod_ssl.so
    111c111
    < #LoadModule php5_module libexec/apache2/libphp5.so
    > LoadModule php5_module libexec/apache2/libphp5.so
    139,140c139,140
    < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
    < #LoadModule encoding_module libexec/apache2/mod_encoding.so
    > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
    > LoadModule encoding_module libexec/apache2/mod_encoding.so
    146c146
    < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
    > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
    177c177
    < ServerAdmin [email protected]
    > ServerAdmin [email protected]
    186c186
    < #ServerName www.example.com:80
    > ServerName domain.com:443
    677a678,680
    > # Server-specific configuration
    > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
    > Include /etc/apache2/mydomain/*.conf
    I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
    Alias /eyetv /Users/uname/Sites/EyeTV
    <Directory "/Users/uname/Sites/EyeTV">
        AuthType Digest
        AuthName "EyeTV"
        AuthUserFile /Users/uname/.htdigest
        AuthGroupFile /dev/null
        Require user uname
        Options Indexes MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
    <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
        AuthType Digest
        AuthName "EyeTV"
        AuthUserFile /Users/uname/.htdigest
        AuthGroupFile /dev/null
        Require user uname
        Options Indexes MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
    Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
    One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
    Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
    User-agent: *
    Disallow: /
    Misc
    VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

    Privacy Enhancing Filtering Proxy and SSH Tunnel
    Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
    If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
    $ ./ssht 8080:[email protected]:3128
    $ ./ssht 8080:alice@:
    $ ./ssht 8080:
    $ ./ssht 8018::8123
    $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
    $ vi ./ssht
    #!/bin/sh
    # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
    USERNAME_DEFAULT=username
    HOSTNAME_DEFAULT=domain.com
    SSHPORT_DEFAULT=22
    # SSH port forwarding specs, e.g. 8080:localhost:3128
    LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
    REMOTEHOST_DEFAULT=localhost    # Default is localhost
    REMOTEPORT_DEFAULT=3128         # Default is Squid port
    # Parse ssh port and tunnel details if specified
    SSHPORT=$SSHPORT_DEFAULT
    TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
    while [ "$1" != "" ]
    do
      case $1
      in
        -p) shift;                  # -p option
            SSHPORT=$1;
            shift;;
         *) TUNNEL_DETAILS=$1;      # 1st argument option
            shift;;
      esac
    done
    # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
    shopt -s extglob                        # needed for +(pattern) syntax; man sh
    LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
    USERNAME=$USERNAME_DEFAULT
    HOSTNAME=$HOSTNAME_DEFAULT
    REMOTEHOST=$REMOTEHOST_DEFAULT
    REMOTEPORT=$REMOTEPORT_DEFAULT
    # LOCALHOSTPORT
    CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
    CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR%:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        LOCALHOSTPORT=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # REMOTEPORT
    CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
    CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR#:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        REMOTEPORT=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # REMOTEHOST
    CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
    CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR#:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        REMOTEHOST=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # USERNAME
    CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
    CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR%@}                            # delete @
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        USERNAME=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # HOSTNAME
    HOSTNAME=$TUNNEL_DETAILS
    if [ "$HOSTNAME" == "" ]                # no hostname given
    then
        HOSTNAME=$HOSTNAME_DEFAULT
    fi
    ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
        && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
        || echo "SSH tunnel FAIL."

  • VPP Distribution issues with OSX Server Profile Manager

    Hi, I have a new issue with my OSX 10.9.5 Server. I use VPP to distribute apps to users devices, when I would add a new user I would send them an invitation message through /profilemanager . All was working well until recenetly , the message still arrives in the users mailbox however when you click the "sign in" link on the "receive apps and books from xxxxx" email instead of opening through the Mac App store app it now opens Safari and connects to the profile manager server , any ideas ? it never has done this before and although I thought it was a new feature or method I can not seem to resolve the issue.

    Hi if when you are redirected back to your Mac Server you enter the user name and password of the user you are trying to receive VPP apps for i.e the Open Directory credentials it will then open the App Store providing the credentials are correctly entered so it looks like an additional layer of security. The process is click on the link in the VPP invite email, this takes you to your Mac Server profile manager, log on with your OD account, App store then opens on your Mac like it used to.

  • How do I use multiple VPP accounts in a school system with 1 Profile manager server?

    I have 40 schools with their own money they want to spend on apps. I need these accounts to be seperate. We are registered in the Device enrollment program and are using Apple's profile manager to distribute VPP apps. In the DEP website you can add existing vpp admins. I had hoped when these accounts purchased apps, the apps would show up in Profile Manager which uses the master Apple ID, but this didn't happen. Anyone know what the correct process is for doing this?

    If you haven't found the answer: You have to install the correct token for each account.  Apple Servers, as far as I know, do not support using multiple tokens at once.  As a result, you will have to swap out each of the 40 tokens anytime anyone wants to buy something then assign it to a user then push the app.
    Or just buy it with a redemption code and give that code to your users.

Maybe you are looking for