Use Lion Server to set up security in Web Sharing

Similar Messages

• Can I use Lion server to set-up a WPA2 wireless network in place of an AEBS?

  I'm contemplating replacing my Airport Extreme Base Station with my Core i5 Mac mini as the wireless network server, because this will get rid of a "box" (that I can sell!) and reduce power consumption, since my iMac is on all the time as my iTunes media source anyway. At present my AEBS creates a WPA2 LAN network connected in bridge mode to my Billion modem/router, so DHCP serving is performed by the Billion router. I could replace the AEBS with the Mac mini running Lion simply by using internet sharing, but this has low security (WEP) and I understand there are often connection problems when clients awake from sleep. (Furthermore, my Airport Extreme at the back of the house probably wouldn't connect to that WEP network?)
  So, I wonder.... If I upgraded to Lion Server (only $49), can I set-up the Mac mini as the WPA2 network host in place of the AEBS? My mini is right next to the AEBS anyway, so it's in a suitable position to distribute the radio signal. As I understand it, the Lion Server software would need to allow the Mac mini to connect to the Billion router via ethernet in bridge mode - just like the AEBs, but I can't find any info that tells me whether this is possible.
  Does anyone know if what I want to do is possible? A simple solution may be to turn off the DHCP server functions of my Billion router, letting Lion Server become the DHCP server, but I don't think that's possible. I also don't want to replace the Billion with a simple modem because my Billion router provides VoIP for my home phone (and has done so reliably since 2005).
  Of course, if it's all too hard, I'll leave things as they are, because I don't have any need for the other Server functions of Lion Server.
  thanks

  Hello Chris,
  chrisfromnewtwon wrote:
  So, I wonder.... If I upgraded to Lion Server (only $49), can I set-up the Mac mini as the WPA2 network host in place of the AEBS?
  I don't know. I'm also looking for the same function because I want to
  make my iMac running Lion the router and the firewall of my personnal
  wireless network. The key advantage will be to have the firewall, its rules
  and its logging on the same server.
  What I already know is that turning the Internet sharing on turns a
  MacOS X Lion into a DHCP server on the wireless side.
  dan

• Use Lion server to share video?

  Since the gallery part of dot mac is gone, how can I share family videos?
  I would like to be able to use my Lion server to do that, but am not sure how, using a web-based GUI as was done on the dot mac gallery.
  Thanks.
  mac
  Note:  I have figured out (thanks to apple support) how to use lion server for web sharing and file sharing.

  Miracles do happen.
  Because I just bought Lion Server, I was able to get a guy from the Apple Server support group on the phone, for a long time, and he helped me set this up using the Server app and the Server Admin app.
  Now I have a password prompt on my Web Sharing files.
  It's an incredible relief to have this working.
  Thanks for the responses.

• Publish an iWeb site using Lion Server

  Does any one know how to publish an iWeb site using Lion Server.
  I've been getting failures every time I try to publish using ftp server choise.
  HELP!!!

  I solved this by turning off passive mode. I was using iWeb and Rapid Weaver for creating websites and had the same problem. Now they both work fine on the transfer. Hope this helps.
  JR

• Can I create my own iDisk spaces using Lion Server?

  Using Lion Server, can I create a space that would be like iDisk for my users to save and access documents and files remotely? Also to make that shared between users? Basically make my own cloud space.

  SSL Certificate is based on your domain, not the granularity of folders.  If you have a server named idisk.yourdomain.com and all users will access the same domain, than you need a cert for idisk.yourdomain.com.  If you plan to do multiple hosts within the same domain, such as idisk.yourdomain.com and clouddrive.yourdomain.com then look to get a wildcard cert.  If you are doing multiple domains, such as idisk.yourdomain.com and clouddisk.otherdomain.com then you need multiple certs.  One per domain.
  As for access control, that is handled through folder structure and permissions.  Make two folders.  AllAccess and LimitedAcces.  You can make a group that contails users A, B, and C and make them part of a group.  That group can access the AllAccess folder.  Then make another group containing users A & B and then grant them access to the LimitedAccess folder.

• Using Lion Server Radius for authenticating "other" clients

  Hi I've been trying to get the Radius service in Lion Server to authenticate users of my SQUID web proxy. I have followed the squid wiki's instructions to configure the squid server as a radius client and pass authentication requests to the Lion Server Radius (I hope). However I'm trying to configure and test the Lion Server Radius. As Lions Server Admin GUI for radius only lets to add Airport Basestations, I've been trying to dig around for what underlying config files to edit.  I have tried 2 methods of adding the client details to radius:
  1. By editing the /etc/raddb/client.conf, and adding/changing (for example):
  client localhost {
       secret     = mysecretpassphrase
  client 192.168.0.0/24 {
       secret              = mysecretpassphrase
       shortname       = local-lan-clients
  and restarting squid. Nothing seems to get mentioned in the radius log file! So I'm not completely convinced that the Lion Radius took any notice of this!
  2. Instead of above, added the same client info using radiusconfig:
  $ sudo radiusconfig -addclient 192.168.0.0/24 local-lan-clients other <return>
  - then it prompts for the secret. With this command I notice the entry/event is recognised in the radius log file, and also looks like some SQL activity. If I dont specify "other" for the nas-type, it defaults to "Aiport Base Station" or similar.
  OK, so forgetting about SQUID for a minute, I can't even get that far as I'm just trying to test the config using the "radclient" utility from the Lion Server and the squid server:
  $ sudo radclient localhost auth mysecretpassphrase <return>
  and... no response, just hangs, nothing in radius log either.
  The Lion Firewall allows TCP and UDP requests into the Radius authentication port.
  Any ideas what else I need to do? Scratching my head, I'm wondering if it is anything to do with SSL? e.g. do I need to make the authentication using the self-signed certificate that Open Directory has? I presume any Airport Base Stations added to radius will use this certificate to establish a secure connection for authentication.

  The RADIUS server in OS X Server is a standard FreeRADIUS implementation with Apple's own custom GUI frontend for configuring it and which only allows adding AirPort base-stations. In Mountain Lion Server it is even limited to a specific configuration for the AirPort base-station.
  However if you follow the normal command-line instructions and steps for configuring FreeRADIUS then it will be possible to add any type of RADIUS client.
  While as far as I can see by manually configuring the FreeRADIUS server in OS X Server should enable you to do what you want, most people chose to configure Squid to use either a PAM or the LDAP modules for Squid to in this case authenticate directly to Open Directory (which is of course based on LDAP).
  I myself have used a PAM in the past with Squid to successfully configure Squid to authenticate users via Open Directory. I was even able to specific an Open Directory group and only allow members of that group access via the Squid Proxy Server. I then went a bit OTT and set up another open-source tool (which was discontinued and I had to fix to get working) to process the Squid logs and store them in MySQL, and then setup FileMaker Pro to connect to the MySQL database via ODBC to allow producing reports.
  Unfortunately the AFP458 website had a major redesign a while ago and many previous technical articles on it are now hard to find. I had used two articles on that site to guide me through setting up Squid and the PAM on a Mac server. I believe the two articles I used are the ones listed below.
  http://afp548.com/2004/09/08/using-os-x-open-directory-to-authenticate-squid-pro xy-server/
  http://afp548.com/2004/12/13/squid-server-using-ldap-authentication/

• Lion Server Smtp set-up

  Hello to all,
  I have a Lion Server on Macmini, a static ip address, a Filemaker server runing perfectly, but I can't set-up the Lion Server mail smtp server.
  1st: is it possible to send email like "[email protected]" (the number beeing the static ip of the server).
  2nd: what will be the Incoming Mail Server name?
  3rd: what will be the Outgoing smtp Mail Server name?
  Thanks a lot for your help.
  Bruno

  but I can't set-up the Lion Server mail smtp server
  Why can't you? Are you saying you don't know how to? or that there's something that's preventing you from setting it up?
  1st: is it possible to send email like "[email protected]" (the number beeing the static ip of the server).
  Yes, but it's not recommended. You'll need to enclose the IP address in brackets in order for it to work:
  bruno@[123.45.67.89]
  2nd: what will be the Incoming Mail Server name?
  If you take this approach it's irrelevant since you're not using domain-based email, so set it to whatever you like, or the IP address of your server.
  3rd: what will be the Outgoing smtp Mail Server name?
  What 'Outgoing SMTP Mail Server?
  If you're running a mail server without valid DNS (e.g. without your own domain name, and without working reverse DNS, then most other mail servers are going to reject your messages no matter what.
  That is, unless you're asking about the client settings...? In which case you'll probably need to set that to the IP address of your ISP's mail server, since most other mail servers are going to reject mail from this server anyway.

• How to use Lion Server Profile Manager to require password after screensaver

  Our Company is upgrading to Lion server. One of our requirments for network security is to require a password to wake the computer from sleep or screensaver. In SL Server you would add a key to the com.apple.screensaver entery in workgroup manager.
  In Profile Manager in Lion server there is a custom setting section and I have tried adding a key there but it does not seem to work. Can anyone offer some help on how to put the require password to wake from sleep or screensaver in Profile Manager so the setting gets pushed out?

  Hi CodyCodes,
  Just discovered the same issue today as well.  Further complicating things, the screensaver timeout setting in Login Window doesn't apply to Profile Manager clients no matter what the setting.  This was reproduced and confirmed by the Apple Tech I was working with.  He's submitted the bug to their engineering staff.  I requested that he ask them why there is no setting for password on sleep or screensaver.  Hopefully this is resolved soon, as this feature is 99% of the reason we're implementing Profile Manager to begin with.
  Cheers

• OSStatus 5 when trying to use Lion Server as time machine

  I've set two volumes on hard disk 2 of the mac mini server with snow leopard server (now running lion server).
  When I point my new MacBook Air at the time machine the Lion Server is serving which is simply displayed as Time Machine on server1.voigtstr.com, I authenticate (both server and laptop share the same username and password) and then I get
  Time Machine can't access the backup disk "Time Machine"
  The operation couldn't be completed. (OSStatus error 5.)
  What needs to change at either the server or client side?
  thoughts so far were that the time machine volume was case sensitive and the laptop was not, so I reformatted the server volume to be not case sensitive.
  Any other thoughts?
  When I choose "Do Not Backup" the Time Machine system prefs applet is left in a state of "Preparing Disk".  Is that likely to finish in multiple hours? Or is it just in a hung state?
  Cheers
  Voigtstr!

  I had the same problem.
  Time machine on my server, updated from Lion to Mountain Lion.
  Fixed it by:
  (To be completely safe, always start by backing up to a extra external hard drive, if you can.)
  On the Machine that is your Server
  I went to (Server>Services>Time Machine). My Time Mahine backup folder was there.
  Open a Finder window and follow the path to your backup folder
  When I checked on the backup drive folder it didn't exist.
  In Finder use "New folder" and recreate the directory folder as shown in (Server>Services>Time Machine) eg. Volumes/TM folder/Shared Items/Backups.
  Go to the Server>Services>File Sharing. Check that the Master folder (ie. TM folder)you are using for your time machine is shared. Double click on it and check that the account you use to connect to the server has "Read & Write" access.
  Open the Server Panel, under Services >go to "Time Machine" and turn off the Time Machine. (Server>Services>Time Machine)
  Select the current folder and remove "-" the folder currently showing.
  Then add "+" the newly recreated folder
  Go back to Server>Services>Time Machine
  Then turn on the Time Machine
  Then try to connect your macbook to the Time Machine server again
  If you get to step 3 and find the folder is there then just skip step 4 and do the rest to reset it.
  It may not connect your machine to it's previous TM folder so before continuing on to step 5, mark that by ctrl+click>Label> any colour. You can then go back later when you have a couple of up to date backups in the new folder and delete the old on for more space.

• Using Lion Server as a web server for Wordpress sites?

  Is anyone doing this? I have a few low traffic Wordpress sites I'd like to move to a Lion server I already have at MacMiniColo to try and reduce my costs.
  Obviously I'll have to install MySQL and MySQL Workbench for the databases, which I'm fairly comfortable with, however I'm not sure what the best route for FTP access to the WP directories is. I've looked at Rumpus but it's just a little too pricy for my needs.
  Does anyone have any advice?

  John, I guess you did install MySQL and got Wordpress running? I use the default location for web sites on Lion server. So my site is in /Library/Server/Web/Data/Sites/wordpress/. Since the directory is owned by _www I use root to retrieve and put files under this directory. My own user account would not have sufficient rights. It is not safe to use root with ssh with a password, so you will have to make sure you can only login as root with an ssh key. Therefore edit /etc/sshd_config and make sure that a line with 'PermitRootLogin without-password' is present. sshd or your server should be restarted then.
  On you local mac you can use the terminal to generate a key. Use 'ssh-keygen'. Here (and on various other web pages) you can find how to do this:
  http://coolestguyplanettech.com/secure-ssh-keys-connection-with-remote-passwords -osx-10-6-linux/
  On the server you will have to put the authorized_keys file in /var/root/.ssh/
  Now you can use cyberduck and let it authenticate with the key you have generated (id_rsa if you use the web page I pointed to). Then you can go to the wordpress directory and upload or edit files.

• Does anyone know how to publish a site using Lion server.

  I have made a web site using I web and was trying to publish it using FTP and lion server but was quite sure were to find the server address and other required info.
  If anyone can help it'd be greatly appreciated.
  Thanks

  You shouldn't need to use ftp to publish a site when using a server, this is the whole point, that you are not uploading anywhere external, but are hosting yourself on a dedicated computer running a server.
  This is not really the place to ask.  There should be more forums here that are specially dedicated to Lion server issues.
  Try looking at the pages on the Apple site under info on Lion server and there should be a user manual for you to look at for Lion sever.  Try looking at this.
  This is an iWeb forum so not really the right place to ask questions regarding server issues.

• Can I use Lion server to push updates to my mac clients

  Hi Everyone,
  I was wondering if I can run Lion server and use my clients (OS X ranging from 10.5 to 10.7) to pull updates from this server instead from Apple. Is it easy to setup Mac Update server?
  Thanks,

  There is a simple way for unmanaged clients.
  To point an unmanaged client to your update server, enter the following command in terminal:
  sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://<your_server>:8088/index-lion-snowleopard-leopard.merged-1.sucatalog
  (replace <your_server> with the dns name of your update server.  If the unmanaged client runs snowleopard or leopard, adjust the url accordingly. For snowleopard clients, remove the "lion-" part. For leopard clients, remove the "lion-snowleopard-" part

• Can I use Lion Server to sync files from my MBP and Mac Pro tower?

  I have a 2008 Macbook Pro and a Mac Pro I'd like to sync files between. I also have a Mac Mini that I'm considering for an OS X Lion Server install if it could help sync all my files across computers. Any suggestions would be greatly appriciated!

  There is a simple way for unmanaged clients.
  To point an unmanaged client to your update server, enter the following command in terminal:
  sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://<your_server>:8088/index-lion-snowleopard-leopard.merged-1.sucatalog
  (replace <your_server> with the dns name of your update server.  If the unmanaged client runs snowleopard or leopard, adjust the url accordingly. For snowleopard clients, remove the "lion-" part. For leopard clients, remove the "lion-snowleopard-" part

• Group folders when using Lion server machine as a client

  Hi,
  I want to use the server we use in a small lab as a client as well. Most of the collaborative work is done in a group folder, which works perfectly on all clients.
  However, when I log into the OD on that sever on the server itself (as a OD user) the logon procedure correctly finds that it should mount the group folder.
  However it also sees that the shared folder is a local folder, so it suggests (complains) that I should use the file locally instead.
  This is all wery well, but I have applications where the config items require a path to be specified. This path now differs between computers (server computer v.s. pure clients) which creats a problem for me.
  So, how do I make the server (loop) mount itself as if it was a pure client (and not complain about it)?
  Please help me.
  Fredrik

  Have you try this command ?
  $ sqlplus scott/tiger@scomachine
  -agun-
  null

• Setting up for Personal Web Sharing...

  Okay I followed the instructions from here
  http://discussions.apple.com/thread.jspa?threadID=352747
  I have web sharing on. It's allowed in the firewall. The airport express is configured both public and private to 80. The one question is, does the private address field stay at 201, or does this change dependent on your IP?
  Chris

  It's not really generic as such. Your Airport Express, by default, has a pool of private IP addresses from 10.0.1.2 through to 10.0.1.200 which it hands out to any computer which requests an IP address. So... when your iBook connects to the wireless network it asks the AirPort Express for an IP address. The AirPort Express will hand out the first address available in the pool of IP addresses it has. In this case the first available address is 10.0.1.2. If your iBook is the only computer on the network it will always be given this same address. Therefore you can safely set the "Private address" in the AirPort Admin's Port Forwarding to 10.0.1.2.
  Try this and see if it works. Go into Port Forwarding (in the AirPort Admin), click Add and enter "80" "2" "80" respectively in each box. Click OK and update the AirPort Express. Give the Express a moment to reboot and once you have your wireless network connection back, open up your web browser and as the web address type in your public IP address (this is the IP assigned by your ISP; find it on whatismyip.com). If all is set up correctly this should open up the default Mac OS X page stored on your iBook, if you haven't already changed it to something else.