Restrict directory to certain IPs - Server Admin problem

Similar Messages

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• How do I create a virtual directory in Snow Leopard Server Admin program?

  Hi, how do you use the server admin program in snow leopard server to create an apache virtual directory? I can't see it in the applet anywhere. Thank you.

  Well this is what I thought too but I don't think I'm doing something right. I have a default website on port 80 and I created a second site on the same port. They are two different websites. One is the initial one that comes stock with the osx. The second one I created.
  When I browse to my server I get the second site. How can I get the default to be the one that points to the mail, wiki, calendar stuff, while my second domain is something totally different.
  http://myserver (should be the default stuff like mail.)
  http://myserver/mysecondsite (should be my other stuff.)
  The problem is that when I go to http://myserver it is going to http://myserver/mysecondsite
  What am I doing wrong? Thank you.

• Server Admin Problem - File Sharing fails to load

  We recently switched over from a 10.4 server to an Intel Quad Core Xserve running 10.5.8. Things seemed to be working for about a week but now The File Sharing part of Server Admin fails to load. After spinning for a few minutes I get a kNetworkError on the File Sharing Service.
  I'm not totally through setting up all the share points so this is causing quite a problem. Otherwise the Sharepoints that are set up are working properly. The first time this happened a server restart cleared the problem. This time nothing seems to help.
  Anyone have a cure for this?

  The problem seems to be getting worse. Once the error occurs some of the other services are not available through SA either. Anybody have any suggestions, or is it a reformat and reinstall situation?

• Leopard Server Admin problem

  I'm a bit flustrated with Leopard Server Admin - It gives errors like "Navigation operation cannot proceed" when click from one tab to another in DHCP/Subnets area back to another tab. This is one of the many problems. When I try to add Group in the Firewall, it doen't work, and things dissappear.
  All in all, if this is what I have to look forward to in trying to build services using Apple's technology, no thanks.
  Comments!

  Leopard Server is only in beta so it's normal that there are some bugs...
  If are trying to use it in an productive environment you should move to tiger which works well.

• Server Admin Problem

  Hi All
  I am running an OSX 10.4.7 server, this server has been working perfect for nearly 2 weeks (since it was setup)
  Today I have tried to get into server admin (after my annual leave) and when I do, i get
  "There is no server available at the address you entered"
  the address i'm using is xserve.local
  I removed the server from the list and added it again, no luck
  I then tried to do it by its IP address - still no luck
  Strange thing is, I can sucessfully open workgroup manager on the same server and browse all of the users on the server.
  I have had a search on teh internet and checked my /etc/hostconfig which is...
  AFPSERVER=-YES-
  AUTHSERVER=-NO-
  AUTOMOUNT=-YES-
  CUPS=-AUTOMATIC-
  NFSLOCKS=-AUTOMATIC-
  NISDOMAIN=-NO-
  TIMESYNC=-NO-
  QTSSWEBADMIN=-NO-
  WEBSERVER=-NO-
  SMBSERVER=-NO-
  SNMPSERVER=-NO-
  SPOTLIGHT=-YES-
  QTSSRUNSERVER=-NO-
  TIMESERV=-NO-
  WEBPERFCACHESERVER=-NO-
  SERVERMANAGERSERVER=-YES-
  ARDAGENT=-YES-
  SOFTWAREUPDATESERVER=-NO-
  HOSTNAME=-AUTOMATIC-
  IPFILTER=-NO-
  file
  at first it didnt have
  SERVERMANAGERSERVER=-YES- so i added that line and restarted the server... no luck
  I have a Premium Support Apple Care on this xserve, and they are assisitng,,, but its very slow
  for info, the server is
  IP: 192.168.4.9
  DNS : xserve.compserv.bsfc.ac.uk
  Local name of : xserve.local

  Your question belongs in the OS X Server discussions:
  http://discussions.apple.com/category.jspa?categoryID=96

• Netboot/Server Admin problems

  Hi,
  I'm using 10.6.8 server and for a while now server admin has disallowed any user to log in to manage the server. I now want to deploy an old 10.6 image and need to re-enable netboot, does anyone have the terminal command as i have forgotten it and cant remember it at all
  Regards.
  Jim.

  sudo serveradmin start netboot

• Safari and Server Admin slow to launch on a Network Home Directory

  I have an issue with Safari and Server Admin that started two days ago. When you attempt to launch Safari or Server Admin while logged into a Network Home Directory on an Intel Mac it will bounce about 10 times, stop bouncing, and then about a minute later launch and act normal. If you quit and reopen Safari you have to wait again. Server Admin exhibits similar behavior, although the delay is longer and there are long pauses while using the program. The network home folder is on an afp share on an Intel XServe w/ 10.5.5 and 4gb of ram.
  Troubleshooting steps already done:
  1. Same intel mac with a local user, Safari and Server Admin launches normally.
  2. Same intel mac with a portable home directory user, Safari and Server Admin launches normally.
  3. Same intel mac with a different network home directory user, Safari and Server Admin have the long delay.
  4. Different intel mac with a network home directory user, Safari and Server Admin have the long delay.
  5. Different intel mac with a local user, Safari and Server Admin launches normally.
  6. Different intel mac with a portable home directory user, Safari and Server Admin launches normally.
  7. PPC mac with same network home directory user, Safari and Server Admin launches normally.
  8. Checked forward and reverse DNS lookups for the home directory servers.
  9. Checked entire DNS zone for forward and reverse lookups.
  10. These exact same symptoms began occurring the same day at another site I manage with a separate DNS and Open Directory structure in another city.
  11. All other programs appear to behave normally as far as I've been able to tell.
  I have the feeling that something strange is going on with DNS and Server Admin and Safari are trying to resolve something, time out, then try to act normally. I don't know why it would just affect intel macs. In addition, there were no setting changes or DNS alterations that happened that I am aware of. These symptoms are also happening at another site that I manage with a completely separate DNS and Open Directory structure. I'm puzzled, any help would be appreciated.

  Upgraded to 10.5.6 and the issue disappeared. I don't know what what wrong, but I think it was DNS related...

• ColdFusion Builder Admin Server Components Problem

  After downloading the admin server components, extracting them into their appropriate directories, and executing the adminstart.bat file, I'm receiving the following error:
  This application has failed to start because MSVCR71.dll was not found.  Re-installing the application may fix this problem.
  I did a search for that file and found several instances throughout the coldfusion8 directory.
  I am running Coldfusion Standard                  8,0,1,195765 on Windows 2003.
  Thoughts?

  I have started it using the adminstart.bat file.
  Starting Macromedia JRun 4.0 (Build 108673), admin server
  07/14 08:52:39 warning Unable to open C:\ColdFusion8\runtime/lib/license.properties
  07/14 08:52:40 info JRun Naming Service listening on *:2910
  07/14 08:52:40 info No JDBC data sources have been configured for this server (see jrun-resources.xml)
  07/14 08:52:40 info JRun Web Server listening on *:8000
  07/14 08:52:40 info Deploying enterprise application "JRun 4.0 Internal J2EE Components" from: file:/C:/ColdFusion8/runtime/lib/jrun-comp.ear
  07/14 08:52:40 info Deploying EJB "JRunSQLInvoker" from: file:/C:/ColdFusion8/runtime/lib/jrun-comp.ear
  Server admin ready (startup time: 3 seconds)
  Think the problem has to do with the second line...shouldn't that be "security.properties"?

• How to enable directory binding in Server Admin?

  Running Server 10.4.9
  I cannot enable directory binding in Server Admin.
  The checkbox becomes un-ticked upon save.

  Hi marc
  There must be something in the way you have configured your Server that is preventing this from happening. I maintain two OD Master servers at a remote site and both of them do not have your problem. I don’t know of any Terminal commands that control directory binding and there seems to be no reference to it in the Terminal Manual 2nd Edition. However, that does not mean there won’t be one. Both servers I administer do not have ‘require clients to bind to directory’ ticked, but do have Enable directory binding ticked. These settings seem to have been set this way when promoting from Standalone to Open Directory Master once DNS and DHCP were configured and running as Services. By the way all settings in this part of Open Directiry I can access and modify with no problems on both servers.
  Is DNS being supplied by another server as well as authentication eg: from an AD KDC? Also how do you connect to your Server using Server Admin? Do you use the .local name or its IP address? Have you tried using the FQDN?
  HTH

• Open directory Server admin APP, crashes

  HI all.
  ON my 10.7.2 lion server for some reason my server admin app keeps crashing under the Open
  directory Section...
  Here are the screen shots..

  Also I cant make any changes under the Open Directory in server Admin...
  Everything is greyed OUT...

• Problem in Server Admin: cpu and network graphs not updated or empty after lion server update

  Hi!
  Just for archive purpouses because i've already solved that!
  After upgrading from OSX Server 10.7 to 10.7.1 my CPU and Network graphs in Server Admin stop being updated.
  In 24h the graphs where blank (disk usage graph seem to keep working).
  First i read about "what is the application responsible for this"; it's called ServerPerfLog, and you can see if it's running that way:
       # ps ax | grep ServerPerf
  If you don't see anything else than your own "grep", that means that no application is running, no data is being collected.
       41324 s000  R+     0:00.00 grep ServerPerf
  A positive response for this (meaning that the service is running) should be something like that (2 lines: your grep and the service app itself):
       94   ??  Ss     0:04.71 /usr/libexec/ServerPerfLog
       41344 s000  R+     0:00.00 grep ServerPerf
  Later i read about "where is the config file for this service app", and you can find it here:
       /System/Library/LaunchDaemons/com.apple.ServerPerfLog.plist
  If you edit this config file, check that the "Key > Disabled" is set to "False"
       # vi /System/Library/LaunchDaemons/com.apple.ServerPerfLog.plist
          <key>Disabled</key>
          <false/>
  After that, i try to launch the service that updates this graphs again, by hand, performing the following command:
       # sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.ServerPerfLog.plist
  And the service got launch!!! yeeeepa!! i see a first update in graph data.
  Also the "ps" query reply that the service was running!!
  The bad things came a day after, when i saw that the graphs stop again....
  I check if the service was running executing again the "ps" command, and that show me that the service was stopped again; no ServerPerfLog process was running.
  But r e l a x, because the process hang because of a permissions problem.
  You should know, I run "Repair permissions" within "Disk Utilities" over the running system disk, eeee... voila!
  I hope that helps someone to get his fancy graphs back!
  Regards,
  t

  You are God like!!! Wooo hooo! Thanks bud!

• Problem with server admin connectio

  Hi,
  Im using Snow leopard server.
  I have a problem with connection to server via server admin app. It just says could not connect to server.
  At server console there is:
  2/27/10 2:58:30 AM com.apple.launchd[1] (com.apple.servermgrd[414]) Job appears to have crashed: Trace/BPT trap
  2/27/10 2:58:30 AM com.apple.launchd[1] (com.apple.servermgrd) Throttling respawn: Will start in 10 seconds
  2/27/10 2:58:30 AM com.apple.ReportCrash.Root[410] 2010-02-27 02:58:30.829 ReportCrash[410:390b] Saved crash report for servermgrd[414] version ??? (???) to /Library/Logs/DiagnosticReports/servermgrd2010-02-27-025830localhost.crash
  And that repeats.
  Any ideas how to fix this ?

  Yes it did work before. Made some changes to DNS and then server admin lost connection. Server works correctly (dns,mail,ssh access) only server admin connection is lost.
  servermgrd is running:
  bash-3.2# ps aux | grep servermgrd
  root 298 0.0 0.7 2494120 28748 ?? Ss 1:49PM 0:22.16 servermgrd -x
  root 1588 0.0 0.0 2425708 276 s001 R+ 2:29PM 0:00.00 grep servermgrd
  Is there any way to reset/reinstall servermgrd and its settings to default

• Server admin not seeing directory users from workgroup manager

  I am setting up a new Xserve with Snow Leopard (get 'em while we can). We have eight other XServes running Leopard or Snow Leopard server. On those machines we have set up file sharing over AFP. The machines are connected to our Active Directory server and our users authenticate using their domain passwords. All of our other servers were setup in Leopard and were upgraded to Snow Leopard. We have not had any issues authenticating to those boxes.
  This is the first one that we have actually setup new-out-of-the-box in Snow Leopard. I can set Workgroup Manager up to connect to our AD, and can see and search my domain users and groups in Workgroup Manager. When I try to set up my File Shares in Server Admin, none of my domain users show up-only local accounts.
  What have I missed? In Leopard, when I connected to the domain, the users immediately became available in Server Admin. Not so in SL, at least on this box.
  Help?

  Hi
  The first thing to check is if you've bound the Server to the AD Domain. The second thing is if the /Active Directory/All Domains is in the Search Policy. If you don't do either of these WorkGroup Manager won't display anything coming from the AD Schema.
  In 10.6 Apple moved the Directory Utility from where it used to be in /Applications/Utilities and made it part of the Accounts Preferences Pane. Perhaps it's this change that's confusing you? I would not advise doing this but it's also possible you used the Server Setup Assistant to do most of the configuration? If you did maybe something went wrong at that stage (won't be the first time) and you need to manually bind the Server instead?
  As ever make sure this server is using the same NTP Server as the others.
  Tony

• Portal Server Admin Console login problem....

  When I installed Sun Java Studio Enterprise 7 (trial edition) I also installed the server package (The second zip file). During the install I was only prompted to enter ID and password my Application server. But I do not know or have an ID and password for the portal server. When I launch the Portal Server Admin Console which is really the Access Manager's Admin console, it prompts me to enter my ID and password. The ID and password I have setup for the Application server does not work. Now my problem is, I cannot access the portal server on my machine. Does any one know how I can find out what my ID and password is? or how I can access the portal server?

  hi,
  I'm a newbie , who has just installed the java enterprise server. i installed it on windows platform and installation was successful. I don't know how to login to the portal server.
  please provide the address of the portal webpage if the one given below is incorrect:
  http://localhost:8080/portal/dt
  which username and password can i use for loggin in ? .....
  what is the default username and password ?
  is the username amadmin ?? if so what is the password ? ...
  kindly help me .....thanks in advance.... :)