Simple guide to Migrate SL Server Wiki 10.6.8 to Lion Server 10.7.2

Similar Messages

• I just purchased the Mac Mini Server with the intention of replacing Lion Server with Lion for the first hard drive while installing Windows 7 thru Bootcamp on the second hard drive. Is it possible for me to do this? Thanks.

  I just purchased the Mac Mini Server with the intention of replacing Lion Server with Lion for the first hard drive while installing Windows 7 thru Bootcamp on the second hard drive. Is it possible for me to do this? Thanks.

  I would use Parallels or VMWare and use the second drive to hold the virtual machine. That way the VM only uses the space that it needs and you can still use the remainder of the drive for other things, not to mention that you would not need to reboot to run windows.
  Also Time Machine does not back up a boot camp partition.

• HT5697 How do i configure os x server wiki to use the external web server?

  I have a Mac mini Server with OS X 10.10 and Server 4.0 running in a DMZ behind a firewall. The firewall passes a select few ports through to this server, exposing services to the Internet.
  I use two domains, one dummy domain only available on my local networks, and one proper domain available globally. Lets call them «example.lan» and «example.com». These domains are not hosted on the Mac mini, btw.
  In the external domain, I have «server.example.com» registered on my firewalls official IP address.
  In my internal domain, I have «server.example.lan» registered to my Mac mini internal (rfc1918) IP address.
  Server 4.0 -> Websites seem to work as expected. I have three servers configured: «Server Website - All IP addresses», port 80 + 443. These serve the local networks. Then there is «server.example.com», port 443, serving the internet.
  Now to my question: How to I control which of these websites we Wiki uses?
  When I activate the Wiki, it is published on «server.example.lan/wiki», which seems rather pointless. In order for the wiki to be available to the internet, it needs to be published on «server.example.com/wiki», but I see no way of doing this. What am I missing here?
  Regards,
  Gakke

  it does look like you can add virtual domains in the GUI of Server.app on at least some versions, but I don't have an OS X Server 10.8 version handy to check.
  I'd encourage spending some time to learn the command line.  In general, the payoff for learning the command line will be worth the effort expended.  You're running a mail server here and sooner or later the capabilities of the GUI will fail you.  This whether due to a configuration omission in the GUI itself, or due to the need to troubleshoot a malfunctioning mail server, a need to automate one or more of the Postfix-related sequences, or some other IT-related task.  Entirely FWIW, of course.
  Here's a cut-and-paste of the sequence just used to test the command line access to the Postfix configuration, first fetching the current value, appending example.com as the second domain, then displaying the new value, then restarting the Postfix server.  Don't enter the dollar signs; just the postconf command and following.  Adjust example.com to match your domain...
  $ postconf mydestination
  mydestination = $myhostname, localhost.$mydomain, localhost
  $ sudo postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost, example.com'
  Password: {your admin password here}
  $ postconf mydestination
  mydestination = $myhostname, localhost.$mydomain, localhost, example.com
  $ sudo postfix reload
  The Postfix and Postconf commands work irrespective of the OS X Server version; the tools reference the data files as needed.

• Move WIKI data from one Mountain Lion Server to another

  Hi.
  I followed the instruction here:
  http://support.apple.com/kb/HT5585
  Under Copying all wikis from one OS X server to another OS X server, I am not even able to execute:
  sudo pg_dump --format=c --compress=9 --blobs --username=collab --file=/tmp/collab.pgdump collab
  It gives this error:
  pg_dump: [archiver (db)] connection to database "collab" failed: FATAL:  role "collab" does not exist
  Any idea?
  I just tested it on the productive server as well as a brand new install. Same outcome.
  which then I moved the: /Library/Server/Wiki/FileData over but even stop/start, restart, wiki server is running but not able to load content, it's like it's been wiped clean.
  matthew

  try it and RATE correct answers
  Hello Matthew
  You're looking in the wrong spot
  First things first - make yourself default sudo with sudo -s then you can forget prefixing it all the time.
  If you just use pg_dump then it'll take the command from the /var-Directory - that's the wrong version
  You have to specify the path for the Socket where the PSQL-Database for the wiki really is located by using the -h-option - it's not the default
  that's why you get the error that role collab does not exist since you're connecting to a database in place where the role collab truy isn't part of it.
  So - if you'd like to export the wiki-DB us the following and adapt the filename to what you like it to be.
  bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/bin/pg_dump -h "/Library/Server/PostgreSQL For Server Services/Socket/" -p 5432 -f /Volumes/USBSTICK/wikidatabase.pgdump -U collab collab
  The first block specifies the "not default" pg_dump you'd like to use
  The second block (-h "/Library/.....) tells pg_dump where to find the DB
  The third block tells pg_dump to use port 5432
  The fourth block (-f /Volumes/......) tells pg_dump to place its output into this file
  The fifth block (-U collab) tells pg_dump to do this is role collab
  The sixth block tells pg_dump from with DB to dump from
  In your case extend my provided command with your options --format=c --compress=9 --blobs like this:
  bash-3.2# /Applications/Server.app/Contents/ServerRoot/usr/bin/pg_dump -h "/Library/Server/PostgreSQL For Server Services/Socket/" -p 5432 -F c --compress=9 -b -f /Volumes/USBSTICK/wikidatabase.pgdump -U collab collab
  BTW- you can connect to the database, of course:
  bash-3.2# psql -h "/Library/Server/PostgreSQL For Server Services/Socket/" -p 5432 collab collab
  try it and RATE correct answers
  Here is my thread https://discussions.apple.com/thread/5751873

• How do I make a wiki on OS X Mountain Lion Server?

  I'm trying to make a wiki with my OS X Mountain Lion server my question is how do i do it? Please help me?

  When running Server.app do you see that little button that says 'Next Steps' in the bottom left corner of the window ?  Click on it and read stuff.
  Alternatively click on the 'Help' menu and type 'wiki' into the search field that appears.

• Can I install Snow leopard server on the new Mac Mini Lion server?

  Hi guys, I purchased a Lion Server and I am wondering if its possible to install Snow Leopard server on it.
  I have the Snow Leopard Server install discs and everything , just wondering if there is any thing I should take note of, I personally prefer SLS over Lion.
  What do you guys think?

  There's a huge thread on this (client, not server, but same concept) which you can find here.
  https://discussions.apple.com/thread/3209335?tstart=30

• Server admin is unable to login to server.app after upgrade to Mountain Lion Server?

  After upgrade to Mountain Lion Server I am unable to login to the server tools. When I input the admin user name and password the dialog box just shakes indicating the wrong password. But it is the correct password. How do I reset the password or if necessary how do I rest the server and start over on Mountain Lion. I found info on how to reset the server on previous versions of the server which involved executing a plist in the LaunchDaemon folder. However that file does not exist on the server following upgrade to Mountain Lion.
  Thanks, Howard

  I upgraded today and had the same issue. I took following steps to fix my computer.
  Boot into Recovery Partition (Hold Option Button while booting)
  Open Terminal.
  Type resetpassword
  Select your hard drive
  Select the user account (Administrator)
  Enter a new password for the user
  Reenter password
  Save
  Restart
  Boot normally, Login as Adminstrator with the new password and add "Admin" permission to your account.
  Restart
  Everything should be working as expected

• How to migrate backup of Wiki to clean install of Leopard server

  I've just completed a clean reinstall of Leopard server:
  http://discussions.apple.com/thread.jspa?threadID=1871946
  I'm having trouble, however, migrating the Wiki.
  I've followed the instructions in the following link but I'm just getting a service unavailable 503 error:
  http://support.apple.com/kb/TA25138
  Any ideas?

  This is what my wiki error log looks like:
  2009-02-03 13:59:51+0000 [-] Log opened.
  2009-02-03 13:59:51+0000 [-] twistd 2.5.0 (/System/Library/Frameworks/Python.framework/Versions/2.5/Resources/Python.app/ Contents/MacOS/Python 2.5.1) starting up
  2009-02-03 13:59:51+0000 [-] reactor class: <class 'twisted.internet.selectreactor.SelectReactor'>
  2009-02-03 13:59:52+0000 [-] twisted.web.server.Site starting on 8086
  2009-02-03 13:59:52+0000 [-] Starting factory <twisted.web.server.Site instance at 0x2efb918>
  2009-02-03 13:59:52+0000 [-] twisted.web2.channel.http.HTTPFactory starting on 8087
  2009-02-03 13:59:52+0000 [-] Starting factory <twisted.web2.channel.http.HTTPFactory instance at 0x2efb580>
  2009-02-03 13:59:52+0000 [-] set uid/gid 94/94
  2009-02-03 13:59:55+0000 [-] Traceback (most recent call last):
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/bin/twistd", line 21, in <module>
  2009-02-03 13:59:55+0000 [-] run()
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/scripts/twistd.py", line 27, in run
  2009-02-03 13:59:55+0000 [-] app.run(runApp, ServerOptions)
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/application/app.py", line 379, in run
  2009-02-03 13:59:55+0000 [-] runApp(config)
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/scripts/twistd.py", line 23, in runApp
  2009-02-03 13:59:55+0000 [-] _SomeApplicationRunner(config).run()
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/application/app.py", line 158, in run
  2009-02-03 13:59:55+0000 [-] self.postApplication()
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/scripts/twistdunix.py", line 213, in postApplication
  2009-02-03 13:59:55+0000 [-] startApplication(self.config, self.application)
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/scripts/twistdunix.py", line 183, in startApplication
  2009-02-03 13:59:55+0000 [-] app.startApplication(application, not config['no_save'])
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/application/app.py", line 400, in startApplication
  2009-02-03 13:59:55+0000 [-] service.IService(application).startService()
  2009-02-03 13:59:55+0000 [-] File "/usr/share/caldavd/lib/python/twisted/application/service.py", line 233, in startService
  2009-02-03 13:59:55+0000 [-] service.startService()
  2009-02-03 13:59:55+0000 [-] File "/usr/share/wikid/lib/python/apple_utilities/service.py", line 62, in startService
  2009-02-03 13:59:55+0000 [-] SettingsManager.globalSettings.rebuildIndex())
  2009-02-03 13:59:55+0000 [-] File "/usr/share/wikid/lib/python/apple_utilities/SearchManager.py", line 424, in buildAllIndexes
  2009-02-03 13:59:55+0000 [-] buildSearchIndex(aPath, doRebuild)
  2009-02-03 13:59:55+0000 [-] File "/usr/share/wikid/lib/python/apple_utilities/SearchManager.py", line 406, in buildSearchIndex
  2009-02-03 13:59:55+0000 [-] GroupSqliteIndex.buildSearchIndex(whichPath, forceRebuild)
  2009-02-03 13:59:55+0000 [-] File "/usr/share/wikid/lib/python/apple_utilities/GroupSqliteIndex.py", line 624, in buildSearchIndex
  2009-02-03 13:59:55+0000 [-] metaData.saveData()
  2009-02-03 13:59:55+0000 [-] File "/usr/share/wikid/lib/python/apple_wlt/GroupSettings.py", line 369, in saveData
  2009-02-03 13:59:55+0000 [-] plistlib.writePlist(self.data, self.prefsPath)
  2009-02-03 13:59:55+0000 [-] File "/System/Library/Frameworks/Python.framework/Versions/2.5/lib/python2.5/plat-ma c/plistlib.py", line 89, in writePlist
  2009-02-03 13:59:55+0000 [-] IOError: [Errno 13] Permission denied: u'/Library/Collaboration/Groups/executive/metadata.plist'

• How to sync to Snow Leopard Server wiki group calendar

  I'm running the Mac Mini Snow Leopard Server in our law office of 8 attorneys.  We all use PC's with Outlook 2010.  We don't have Microsoft Exchange Server, and we bought the Snow Leopard Server because of its advertisement that you could achieve the same results on it as on Exchange Server, but without the cost.  SOUNDS LIKE-------OH WELL.  We want to be able to see everyone's calendar events on 1 calendar if possible.  I setup a Group Wiki for the group "Attorneys".  When I open that wiki, I've set it to be accessible by all attorneys in the group.  When the attorneys accounts were setup in Workgroup Manager, the Attorneys group was also setup, and they have access to the group.  I've been trying to figure out how to do this, and the result that seems to come closest is the Wiki Attorneys Group Calendar.  I have setup separate calendars in it for each attorney.  And so you can see them all on one screen, or deselect and only see the calendars you want.  Now the problem is how do I get the existing events off of Outlook 2010 on each machine and into the respective calendars in the Group Wiki, and also update that calendar as events change on each attorney's Outlook calendar?  If there is some better way to do this I'm certainly open for suggestions.  I don't believe that you can "sync" the iCal client calendar with the Wiki Calendar.  If you can that might also be a solution.  Thanks.

  Not_So wrote:
  I went to the AppStore and as I was running Snow Leopard Server it prompted me to purchase Lion Server which I didn't want.
  Luckily, I wasn't asked to purchase the 'Server' when I upgraded from SLS to Mountain Lion via the AppStore. I think your particular problem was mentioned in some other posts where the upgrade path to Lion became an infinite loop (hmmm... ). But that's all in the past now. Glad it all worked.

• Migrate from Tiger (10.4) server to Lion server

  I have a Tiger (10.4) server that I would like to retire and upgrade to a Lion server. Does anyone know of any documentation on how I can migrate user data and mail to the new Lion server?

  bnowotny wrote:
  I have a Tiger (10.4) server that I would like to retire and upgrade to a Lion server. Does anyone know of any documentation on how I can migrate user data and mail to the new Lion server?
  Apple's official documentation is available here http://www.apple.com/macosx/server/resources/documentation.html the first choice is specifically about migrating.
  You might also find this article useful, see http://www.macresearch.org/tutorial-backup-your-open-directory-server-using-laun chd and also my previous post on a similar topic which you can read here https://discussions.apple.com/message/16430995#16430995

• Lion Server does it work?

  Is it me or is Lion Server the most user unfriendly piece of junk launched by apple in years? I am no idiot but am a MAC virgin having moved from PCs and WHS only recently. I have issues with ACL / permissions being corrupted (my 2.0TB WD ext hard drive gets trashed with server on) - no Wiki or Profile Manager  - directories not working - no VPN and when it (the server) does seem to work - it crashes for no apparent reason. As for iCAl and email - that's a joke...I have a new 27 iMAC and the latest software and since installing the server app I have had to get a thumb drive to rebuild my iMAC when that too failed to restart (no doubt keychain was corrupted?).  And, what is going on between server and server admin - do they not speak to each other?  There are no bugs, the native system is clean and it works well - without server running. Is there an idiots guide devoid of MAC acronyms and Apache code that can take me through a simple set up without the need for a PhD in Apache?? The blogs are really useful and enterprise support is good - to the point of not being able to solve some of the complex set up issues. Until I know what can be going wrong I do not want to start playing with Terminal. Bill Gates forgive me....I was misled by my siblings and tempted by shiny baubles !!!!! Signed an old MS DOS user :-)

  I think you would have been happier with a Snow Leopard Server. In my humble opinion Lion server is a transitional move that either produce a new server implementation or die completely.
  10.6 server was a mature product.
  Said this, i would recommend you these steps:
  - Machine--
  1. check your hardware (ram and Hard disk) for any possibile failure.
  2. format and reinstall osX (i know, that *****, but coming from MS-DOS you'll probably stand this ;-) )
  - Network -
  3. plan your network setup, the (static) ip you're going to assign to your server, domains, routes
  4. configure your mac network setup and THEN install server software
  5. quickly review your DNS service so that your server is properly visible and configured
  - Users -
  6. Configure open domain on your server, or set it up to get users from other servers
  - Services -
  7. configure your services (wiki, ichat, ical, iwhatever)
  8. configure apache
  This order of configuration usually avoids some errors you could stumble upon. As for apache if you have something internal and quick you can use it. I wouldn't use 10.7 as a webserver (i used 10.6 with satisfaction for a heavy load webserver).
  If you have more specific questions about Apache look up in these discussions and then ask if you don't find anything suitable for your needs.
  Server and Server Admin are a dirty patch of old and new. I don't understand why they came up with such a bad solution, but i guess they're going to transit everything to the new Server application very soon.

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• Can I convert Wiki's from SL to Lion

  Is it possible to convert Wiki's made in SLS to Lion Server?

  Not really. For starters, the database will be migrated to postgres, and probably be modified to suit the newer wiki server framework. In principle, it should be possible to continue using the SL wiki under Lion, or restore a SL Wiki implementation to run on Lion Server. It might be necessary to run on its own apache instance (using different ports), in order to avoid having the admin tool destroy legacy settings.

• Configuring postfix on Mountain Lion Server

  I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server.  The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
  I would like to configure Postfix to only accept email that is forwarded from a gmail business account.  The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to  [email protected]
  The server WAN domain is nonpublic.com  The ip address is 96.231.165.126
  The server LAN is nonpublic.local  The ip address is 10.6.18.201
  The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
  The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch.  The external traffic to the WAN flows through the switch as tagged packets.  The LAN traffic is not tagged.  The VLAN connection is running 802.1q
  When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
  Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
  I can send emails from a client on the LAN through this server with no problems.  The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info.  I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
  I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
  I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application.  I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
  What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
  I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
  Any help would be appreciated.

  MrHoffman, thank you for your response to my challenge to get the new test server working.  This is a migration from Snow Leopard Server to Mountain Lion Server.
  Here is the "checkhostname" test results:
  blue:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 96.231.165.211
  Current HostName    = blue.pderby.com
  DNS HostName        = blue.pderby.com
  The names match. There is nothing to change.
  dirserv:success = "success"
  blue:~ admin$
  Here is the response from postconf -n
  blue:~ admin$ postconf -n
  biff = no
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  data_directory = /var/lib/postfix
  debug_peer_level = 2
  debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
  dovecot_destination_recipient_limit = 1
  html_directory = /usr/share/doc/postfix/html
  imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
  inet_interfaces = loopback-only
  inet_protocols = all
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  message_size_limit = 10485760
  mydomain_fallback = localhost
  newaliases_path = /usr/bin/newaliases
  queue_directory = /Library/Server/Mail/Data/spool
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtpd_tls_ciphers = medium
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  use_sacl_cache = yes
  blue:~ admin$
  I agree that I should change the LAN domain from .local to something like .internal or whatever.   I've been running with .local for 5 years  on snow leopard server and never had any problems so that was a low priority.
  I hope I'm just not seeing some obvious setting in main.cf

• Why can't I uninstall the Mountain Lion Server?

  Background
  My windows laptop failed and my iMAC's hard drive was recalled recently.  During this time I decided to buy a MacBook Pro and migrate everthing from my Windows laptop.  I also bought Airport Extreme.  As I got recently unemployed, I wanted to create a private network accessible from my MacBrook and MacBook Air (until I could afford to buy the Mac Mini Server).  So I downloaded the Lion Server from the App Store using my MacBook Pro (I didn't realize it would install automatically).  So, I redownloaded from my iMac and went through the configuration.
  Issues
  I was unable to log in using my existing user accounts from the MacBook/Air.  I turned on the screen sharing (as I had lots of applications and documents on the iMac).  But my firewall reported access to screen sharing service, web service etc from external IP addresses.  iMac frequently went into freeze modes (no response to mouse/keyboard) and sometimes blank screen (monitor off).  So I turned off screen sharing.
  I struggled with finding a way to make the local accounts into network accounts.  I even tried adding them to a Network Group.  I was unsucessful in being authenticated by the iMac server.  The login window always showed "... unavailable ..".  I went through and tried all suggestions posted in this site. Nothing seemed to work.
  I decided to unistall the Server and do a fresh install.  Even here there were no clear documentation/instructions with the server app.  According to suggestions here and as per this http://support.apple.com/kb/HT4827 article, I removed the turned off all services, deleted the Server.app and also the /Library/Server folder.  Rebooted.  The iTunes store's purchased page still shows the Server as Installed.  I did the same on the MBP and it shows up asInstall.
  I don't see any of the server applications in the Activity Monitor.  But my firewall reported incoming requests to Kerberos, Port 464, 5000, 625, 749, and Program Linking.
  Airport Extreme is letting in external requests.  I did not use public domain for my server nor any dynamic dns service.
  Questions
  How do I remove completely the Server app from my iMac?
  The first time I installed the server, I used it to control the Airport Extreme.  So how do I reset the Airport Extreme to factory settings (assuming Apple's marketing literature is correct) so that it acts as a barrier between the wild, wild internet and my home network?
  Is there better control of the Airport Extreme base station? Like MAC filtering?
  How do you elevate existing users on iMac to the level of network users?  I want any of my family members to be able to use the MBP or MBA using their own account and see their documents and settings.
  Recommendations Solicited
  I cannot add a Mac Pro/Mac Mini Server at this point (unless Apple comes out payment plans for the consumers).  That is why I purchased the MBP/MBA from BestBuy.  So need the best way to use my existing resources to create a small home network for school, development, testing etc.

  I have captured the install log.  Right now I don't have the Sever.app and related files in the system.  But log shows the server is running or installed today.  I have seen MiniLauncher tag (don't know what it is).  And if the server is running, it is not appearing in the Activity log.