Using Workgroup Manager via SSH tunnel

Hi all,
I'm attempting to use the Workgroup Manager app to remotely administer a OS X Tiger Server box. The server sits inside my company's LAN behind a firewall, which only allows traffic to the server on ports 21 (ftp), 22 (ssh), 80 (http) and 311 (server admin with SSL, I believe). All services on those ports work fine.
My research on the net indicates that the Workgroup Manager app uses port 625, but since the hardware firewall is blocking traffic on that port to the server, I'd like to create an SSH tunnel to access it. I've tried the following command on my local machine (i.e., not the server):
$ sudo ssh -L 625:localhost:625 [email protected]
and am able to set up the tunnel with no problem. However when I try to connect Workgroup Manager (on the local machine) to localhost, it won't let me connect. So I tried telnetting to localhost port 625 (on the local machine) to see what's up, and received the following error:
$ telnet localhost 625
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
Am I missing something? I was under the impression that the SSH tunnel would allow me to access port 625 on the server via port 22. The software firewall is disabled on both machines, so it's not that. I'm not experienced with SSH tunnelling, so I could be totally wrong about the way this is supposed to work.
Thanks in advance!

A quick tcpdump here indicates that Workgroup Manager uses both 311 and 625 when establishing a connection to the server. It may be the lack of port 311 tunneling that's causing your problem.
$ sudo ssh -L 625:localhost:625 -L 311:localhost:311 [email protected]

Similar Messages

  • How to you "publish" Bonjour Shared printers using Workgroup Manager?

    Dear Friends,
    Hello. We have just spend considerable time setting up Mac OS X 10.6.4 server to host some printers to our Mac clients (previously we had used a Windows print server but it was too slow and inflexible). We have the printers we need set-up and shared out as Bonjour Shared printers because that sends out all of the duplex setting we need. I have tried to "publish" these using Workgroup Manager and they do not show up on the list. How do you "publish" these printers using WGM? NOT: We can't just let people select "nearby" printers because we want to set a default and use kerberos security.

    Eric T Gadsby wrote:
    Anthony,
    Thank you for you help. The procedure you outline is what we have attempted to do. We add the Bonjour-shared printers to a client and then open Work Group Manager on the same computer but when you go to the "Printing" pane of "Preferences" the printers do not show under "Available Printers", neither do USB printers.
    Hope this clarifies our problem. We would like to use Work Group Manager as advertised but it doesn't seem to be working for us.
    Welcome to my world…
    This 'bug' has existed for several major versions of Mac OS X Server (10.6, 10.5, and maybe 10.4). I did report it more than once to Apple as an official bug but they don't seem to 'get it' despite my best efforts.
    You can do the following
    Add a printer directly to a computer running WGM,
    Then use WGM to 'push' the printer out to clients,
    The model of the printer will then also be pushed out to clients so they automatically select the correct driver but not the correct paper tray/duplex/etc. settings.
    You can do the following
    Add a Mac OS X Printer Server queue to the computer running WGM (which must not be the same computer acting as the Mac OS X Printer Server) if you do this via the Bonjour advertisement of the queue then it will not get the model, or any settings from the print server.
    You can then push this queue out to clients via WGM
    You cannot do the following
    Add a Mac OS X Printer Server queue to the computer running WGM (which must not be the same computer acting as the Mac OS X Printer Server) if you do this via IPP, then the WGM machine will get the model automatically, but not any paper tray/duplex settings.
    However this queue cannot then be seen in WGM and therefore cannot be pushed out to clients.
    Apparently doing custom XML, would allow also pushing out printer settings, but this is so far from 'the Macintosh Way' that only a masochist would do it.
    This area is one of the few where the Mac is significantly worse than Windows, it is an area that Microsoft (mostly) sorted literally decades ago. Not only in the Windows world can you push the printer model, and the printer settings, but you can even if needed push the entire printer driver out to the (Windows) clients.

  • ORA Connect via SSH Tunnel on Windows failed! LINUX works ...

    Hello again,
    i tried to establish a Oracle Client Connection via SSH Tunnel on WinXP Pro.
    1. Opened SSH-Tunnel Connection with plink (putty)
    TUNNEL: 10.5.1.111:1521 => localhost:1521
    (plink works fine with telnet, MySQL Client and other stuff)
    2. Connected with Oracle Client on Tunnel END => Localhost, Port 1521
    3. WIth ORA8i i got: Paket Error, With ORA10g i get: TNS: no listener
    plink works fine, so i dont think the problem is located there.
    i tried, tnsnames.ora, easyconnect and TNS-Less. So i guess, its not related to the connection method.
    i tried the same on LINUX ... ssh tunnel and sqlplus connect ... IT WORKS !
    Does Oracle need an aditional Port?
    Does it have Problems with WIN2UNIX Connections? (ORA DB is on UNIX)
    tnx

    Hi,
    Hum..., I guess this not work!
    Looking for this schema below, you need put the 1521 port
    If you desire, access the www.ssh.com site and download other ssh program
               Secure Connection
       +---->-------[SSH]-------->-----+
       |                               |
       |                               |
       ^                               |
       |       Insecure Connection     v
    CLIENTE--->--------------------> ORACLE
    ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                        |          |                |
                        |          |                |
                   A  LOCAL        |                |
                   B       INTERNAL IP ORACLE       |
                   C                       EXTERNAL IP (GATEWAY)
                                                         C                             B
          | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
          | Gateway |                                 |Gateway |                 192.148.1.251:1521
               .                                     200.10.11.12                                  
         A     .
       |Oracle Client|
       (TNSNAMES.ORA)
         <SERVICO> =
           (DESCRIPTION =
             (ADDRESS_LIST =                     
               (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
             (CONNECT_DATA =
               (SID = <ORCL>)
           )Cheers

  • How to enable Remote Management on multiple Macs using Workgroup Manager?

    Hi
    I want to use workgroup manager to enable remote management on multiple macs I manage.
    How can I do that?
    Regards,
    Omer Barel

    The only way I know to enable remote managment remotely is by running kickstart.
    http://support.apple.com/kb/HT2370
    If you are already using a login script you could run kickstart from there.
    We clone our Macs with remote management turned on.
    Otherwise, lace up your sneakers.   

  • I am using workgroup manager to restrict access in the finder to students, i have selected basic finder this seems to work when you try and launch finder, but when you are in another application eg safari and select open you can see shared devices

    as well as shared devices you can see locations etc in the side bar. i know you can edit this in finder preferences or simply drag them off and they will be removed but i want to remove them as a student logs on. i know you can edit the finder plist file in workgroup manager but i do not know what keys i need to add to remove these options and the keys are not there as default can anyone please help any ideas on how to achieve this would be great

    Please post in the Photoshop forum.
    http://forums.adobe.com/community/photoshop
    Bob

  • Can I use Workgroup Manager with a 10.4 server and a 10.6 admin station?

    I just upgraded my admin station from 10.5.x to 10.6.8.  Now my Workgroup Manager won't work.  I'm assuming it's because of the new operating system.  I keep getting an error message about ememory allocation.  My server is still running 10.4.11.  What can I do besides getting a new server to make this situation work?  I really need to control what programs that my students can access and I'm very frustrated right now.  Thanks for any help you can give me.

    Hello, I think it always been version specific, & is no longer even included...
    http://support.apple.com/kb/HT5308
    But as mentioned there, some older versions are available, but I think you'll have to figure a way to run your version on the older OS.

  • Opening Multiple DB Connections to MySQL via SSH Tunneling

    I'm connecting to a MySQL database through SSH.  Specifically I'm using PuTTY to establish a connection, and then tunnel the port through 3306.  Then I'm creating an ODBC Data source to my local 3306 port and using that datasource to open the connection in LabVIEW.
    I'm looking to run queries in parallel, and to do that, I believe I need to open up multiple connections.  Has anyone tried this before? Is there anyother way to do this?

    Hi Jonathan,
    I wasn't able to find too many resources on using multiple connections to a MySQL through SSH.  
    I was able to find this:
    http://digital.ni.com/public.nsf/allkb/C49602A79827DDBE86256CE9005757D5
    that might give you some more information.
    I would try to open up multiple connections if the database supports it and try it that way.
    If you have any troulbe with that route, feel free to let us know.
    Sincerely,
    Bogdan Buricea
    Applications Engineering
    National Instruments
    Bogdan Buricea
    Applications Engineer
    National Instruments

  • How to hide/disable Spotlight on a client by using Workgroup Manager

    Dear Apple Pro's
    I'm looking for a script or Policy whatever to hide/disable spotlight on a client. Iam using WGM for policy's to disable some applications, but I can not find an option disable spotlight on a client. I hide a lot directory's systemfiles but if I type in the spotlight "terminal" on the client and click on it the terminal will start.
    I've 400 iMacs on a school it makes me desperate.
    Hope to hear from you pro's!

    One possible solution might be to change the permissions on the Spotlight app on all client machines. The command would be:
    sudo chmod 600 /System/Library/CoreServices/Search.bundle/Contents/MacOS/Search
    That way only root can run Spotlight. One may be able to roll that out via a startup script, too.

  • Gnome X11 apps not working via ssh tunnel to Mac OS X 10.3.8

    Here's my environment:
    Solaris 10 SPARC (from release DVD isos)
    Sun Blade 100
    PowerBook G4 17" w/OS X 10.3.8 and X11 1.0 - XFree86 4.3.0 (same problems under 10.3.7)
    I have configured X11 forwarding on the Blade (sshd) and Mac client. (ssh). This seems to work for all X11 apps on the Blade, EXCEPT gnome-based apps, such as gnome-terminal, gnome-text-editor, mahjong, etc. These USED to work on the exact same hosts under Solaris 9 9/04.
    The error is the same for any "broken" app:
    -bash-3.00$ mahjongg
    The program 'mahjongg' received an X Window System error.
    This probably reflects a bug in the program.
    The error was 'BadWindow (invalid Window parameter)'.
    (Details: serial 11 error_code 3 request_code 128 minor_code 2)
    (Note to programmers: normally, X errors are reported asynchronously;
    that is, you will receive the error a while after causing it.
    To debug your program, run it with the --sync command line
    option to change this behavior. You can then get a meaningful
    backtrace from your debugger if you break on the gdk_x_error() function.)
    -bash-3.00$ gnome-text-editor
    The program 'gnome-text-editor' received an X Window System error.
    This probably reflects a bug in the program.
    The error was 'BadWindow (invalid Window parameter)'.
    (Details: serial 11 error_code 3 request_code 128 minor_code 2)
    (Note to programmers: normally, X errors are reported asynchronously;
    that is, you will receive the error a while after causing it.
    To debug your program, run it with the --sync command line
    option to change this behavior. You can then get a meaningful
    backtrace from your debugger if you break on the gdk_x_error() function.)
    I have tried this in rooted and non-rooted environments. I also tried it on an iBook (G3) and PowerMac G4, all with similar configurations to the one listed above.
    Any ideas?
    Thanks,
    Charles

    Try using 'ssh -Y' when connecting.

  • Replaced hard drive and used Recovery Manager via USB but now I don't have a D:recovery partition.

    I replaced my bad hard drive on my G62 Notebook and used HP Recovery Manager on a USB stick. Afterwords I restored from a back up but couldn't restore the D:recovery portion because the new hard drive doesn't have this partition. How can I create this now and restore the recovery partion now?

    Hi,
            When you reinstall the operating system using the USB recovery stick, it should create by default a recovery partation Drive D. Since you wont be able to create the partation manually. So if the HDD which you had replaced is not matching with the exact HDD which was shipped in the system, then it would have caused the issue. So try reinstalling the OS again.
    "I work for HP."
    Please click the "White Kudos" star to say thanks for helping.
    Please mark "Accept As Solution" if my help has solved your problem.

  • How do i set up System/Library/User Template/English.lproj on  10.8 a file server using workgroup manager.

    any suggestion will be appreciated

    I've requested your thread be moved to the server forum. 
    For future reference Server based questions scroll down the Communities section:
    iPad
    iPhone
    iPod
    iTunes
    Desktop Computers
    Notebooks
    Mac OS & System Software
    Mac App Store
    iOS Apps
    iBooks
    iBooks Author
    iLife
    iWork
    Professional Applications
    Accessiblity
    iCloud
    AppleTV
    Peripherals
    Applications
    Servers and Enterprise Software

  • Remote printing problem using ssh tunnel in Leopard

    Haho,
    I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
    So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
    This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
    I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
    Thanks in advance for your help!

    Had the same issue with MS Terminal Server printing over vpn tunnel.
    what kind of internet connection do you have? one which adds extra headers like pppoe ?
    for me ...
    sysopt connection tcpmss
    helped
    default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

  • Enable File Sharing via Workgroup Manager

    Is there a way to Enable File Sharing and it's AFP and SMB options using Workgroup Manager? If not, can it be done through a command prompt? I several hundred Mac Notebooks and IMacs and I refuse to configure them manually.

    https://discussions.apple.com/community/servers_enterprise_software

  • Cannot connect Workgroup Manager using a domain administrator account

    Hello,
    I'm trying to determine if this is normal behavior or something is not working right:
    When using Workgroup Manager (remotely or locally on the server) it will only let me connect with the local (Netinfo) administrator account that was created upon install of the server. It will NOT let me log in with the diradmin account that was created when promoting the server to an OD master (or any other accounts I created (under the LDAP directory) and checked User can "administer the server" and "administer this directory domain").
    Once connected to WGM with the local admin account I then can (and still need to) authenticate to the directory database using the diradmin account (which works). Is this normal behavior?
    From reading Apple's User Management documentation it seems to indicate that once a domain administrator account is set up you can use that account to log into WGM.
    Thanks in advance.
    - Brian
    Mac OS X (10.4.6)

    OK, it looks as though I've figured this out. Using the Directory Access utility on the server itself, I needed to add the "LDAPv3/127.0.0.1" directory domain to the list of domains to search for authentication.

  • Workgroup Manager and Server Admin 10.5 - Use to manage Tiger Server?

    Is it possible to use Workgroup Manager and Server Admin 10.5 running on Leopard Client to administer Tiger Server?

    I'm having major problems with server tools managing my 10.4.11 server. I'm finding that at least with the web management tools, I cannot make any changes to the 10.4 server Sites. To make matters worse, I cannot install 10.4 tools to get back that functionality.

Maybe you are looking for

  • Convert CustomAttribute from Text to Date - setup 2 date range filters

    Background: We have setup an Active Directory OU called Quarantine to temporarily store user accounts that have just been terminated before terminating their office 365 mailboxes licenses, legal holds and archives.  My director wants me to search tha

  • Re: Help please!! ipad do not rings when someone...

    How to set the notification is the way to go, but this does not work on my ipad 3thd generation with ios 10.1.2. I did go to apple and everything is set correctly and skype does not make the ipad ring. So the problem is with Skype and Microsoft. So t

  • Netweaver Mobile Add-in Installation on NW700 with EHP1

    Dear all, we have a netweaver 7.00 EHP1 platform, on which Mobile Infrastructure also has to be installed But i am not sure how it can be done. Reading notes i saw that as of EHP1 it is not possible to install MI as Java Add-in Many thanks in advance

  • Upgrade 4.6C to ECC 6.0; Unicode - non-Unicode -- Unicode

    Hi, My client has a R/3 4.6c UNICODE, he wants to upgrade to ECC6.0 UNICODE. According to a SAP document, to upgrade, I upgrade directly to ECC 6.0 NON_UNICODE then convert the system to ECC 6.0 UNICODE. I'm wonder why Unicode -> non-Unicode --> Unic

  • Urgent : Plantage constant de Media encoder, premiere pro CC et CC2014.

    Bonjour à tous ! Je rencontre de grosses difficultés avec Premier Pro et média encoder CC et CC2014. Lorsque je veux mettre en fil d’attente mes projets que je passe par Fichier>Importer (composition After ou même Première) ou que je fasse simplement