VPN server configuration - dns troubles
Some variants of this issue have popped up on this forum, but could not quite resolve my issue. I have VPN running on OSX 10.6 server, but when the client connects to the server, they cannot browse the Internet by their host-name. However, they are able to browse the web by entering IP addresses. On the server side, DNS servers are configured to be 8.8.8.8, and network routing definition set to 192.168.1.0 / 255.255.255.0. L2TP IP range is 192.168.1.2 - 10. Any suggestions?
Thanks!
Many parts of Mac OS X Server require functional DNS services.
When you are operating behind NAT, no external DNS provider can typically provide you with DNS translations.
Neither your ISP nor Google can provide you with DNS translations within private IP blocks. Only local DNS can do that.
The other matter here is the attempt to operate Mac OS X Server as a gateway. That gets gnarly, and there are many discussions of that posted around the forums. It's far easier to use an external gateway box, and to avoid configuring a Mac as an expensive and awkward and ungainly and insecure IP router; to avoid the potential to expose open ports or random server applications to the wilds of the internet, as well as avoiding the routing configuration difficulties inherent in the default Mac OS X and Mac OS X Server user interfaces.
Irrespective of all that DNS configuration and LAN-local stuff, your VPN needs to have a DNS server from the target LAN or it will have no translations for a NAT'd network. By default, most VPNs will use the provided DNS for NAT'd hosts as well as public hosts. Which you don't have.
The usual Mac OS X Server configuration order is the host software, basic IP networking and LAN routing, DNS services, Open Directory (OD), and only then with the rest of everything else.
If that sudo changeip -checkhostname command is tossing a DNS warning, then you have DNS issues on the LAN. Need help setting up LAN-local DNS on Mac OS X Server? Here are detailed DNS set-up instructions.
Similar Messages
-
Help configure DNS Enabler for Bonjour discovery
Hi!
I have a MacBook with Snow Leopard acting as a VPN server configured by the iVPN software.
The shares on the local network can I connect to using Command-K, but I would like to have Bonjour to have it advertise all the shares.
Then I heard about the program DNS Enabler which can advertise Bonjour services on wide area
network.
In DNS Enabler I have created a domain as they said in the manual and then added the AFP shares in the Bonjour tab.
For a AFP share I must add: afpovertcp.tcp, example.domain.com, 548.
I did this for my local shares and then tried to connect through the VPN I was very happy to see that
the AFP shares show up in Finder sidebar under the "All..." icon.
But now to the problem:
I thought I could do the same for my iTunes server I have on the local network. I added; daap.tcp, example.domain.com, 3689.
But why won't it show up in iTunes when all other Bonjour services working in Finder?
Thanks for your help!Hi,
have you figured it out yet? Otherwise you might want to try the Home-Sharing service home-sharing.tcp, which to my knowledge also runs through port 3689?
I am still in the first stage of your post. I am trying to get AFP to work through VPN with DNS-Enabler. No success so far. Could you be so kind to post your exact settings?
Thank you! -
How to setup built-in VPN server on Mountain Lion
Anyone have information on configuring the built-in VPN server in OS X Mountain Lion ?
Update - it works ! At least I can connect to Mountain Lion (not server) from my iPhone using the VPN Server Configurator app.
Here's what I did :
1) download the app and install
2) setup using the help files on the web page : http://www.greenworldsoft.com/product-vpn-server-help.html
3) at the last stage you need to setup port forwardin on your router
4) under Airport Utility 6.0 you cannot setup ports 500 or 4500 due to BTTM conflicts but setup the other 2 ports (1723 TCP and 1701 UDP), update airport extreme
5) download Airport Utility 5.6 from here : download already extracted utility it is in it's extracted form as is necessary under Mtn Lion (thanks to NetUse Monitor for the download - great app by the way)
6) run 5.6 and setup port forwarding (Advanced-Port Mapping) for the other 2 ports (500 and 4500 UDP), update airport extreme
7) that's it, I was able to connect to the VPN from my iPhone ! -
PIX 501 passthrough with to a Win VPN Server
Can this piece of %^$ pix 501 allow port 1723 to be open so users can connect to a Windows VPN server configured by PDM?
pix 6.3(5)
Outside staic IP - whatever 111.111.111.111
Inside 192.168.1.1
Win VPN server 192.168.1.10
Thanks to anybody that can help.
Note - I wnat to know if thi can be accomplished using PDM 3.0.4
This pix has to have a use other than a glorified 4 port switchYes you can enable PIX501 with version 6.3.5 for PPTP pass through.
Command line:
static (inside,outside) tcp interface 1723 192.168.1.10 1723 netmask 255.255.255.255
fixup protocol pptp 1723
access-list permit tcp any host 111.111.111.111 eq 1723
If you don't already have an access-list applied to outside interface, then you also need the following:
access-group in interface outside
Then "clear xlate" after the above configuration. I also assume that you would like to use the outside interface ip address of the PIX for the translation. Otherwise, if 111.111.111.111 is actually a spare public ip address, then the above static command should say:
static (inside,outside) 111.111.111.111 192.168.1.10 netmask 255.255.255.255
Yes, it can be accomplished using PDM. But i have to apologize that i don't have a handy access to a PDM hence, i can only advise you on the configuration using CLI.
Hope that helps a little. -
Windows 2012 VPN Server - Routing
Hi community,
I hope you can help me out with my problem.
Following situation:
I have a Win 2012 Server as VPN Server configured.
Connecting a VPN Client works fine and the VPN Client gets a IP address from a static IP range. The ip address it gets is 192.168.200.x
It works fine to ping to all devices in the 192.168.200.0/24 net. But I have a second net - 192.168.202.0/24. My VPN Server is connected to both nets. (2 NICs)
What I want to achieve is that the vpn clients can connect to devices in the 192.168.202.0 net as well.
When I put the following route into the clients ip table, it works:
#route add 192.168.202.0 mask 255.255.255.0 192.168.200.1
For me thats fine, but I have a bunch of other users, also connecting to this vpn server.
So the best would be if automatically when the user connects to the vpn, it also creates a static route like the one above.
Is this somehow possible?
I tried static route in the "Routing and Remote Access" Tool and static routes in the Dial-In config of the user in Active Directory - nothing workedHi Made1990 ,
When VPN is connected ,the clients will use VPN server as default gateway .
As a result ,clients will be able to connect the two subnets that VPN server is connected to .
We can use
Network Monitor on VPN server and the device on subnet 192.168.202.0 to find the problem :
Install and open
Network Monitor on the two devices .
Ping the device on subnet 192.168.202.0 from VPN client .
If the device on subnet 192.168.202.0 get ICMP Echo Request packet ,that means the routes to 192.168.202.0 is OK .
If the device sends ICMP Echo Reply packet and VPN client doesn’t get ,thar means reverse routes are wrong.Analyze the data on both devices can help to find the problem of routes .
Here is the guide for using
Network Monitor :
Network Monitor :
https://technet.microsoft.com/en-us/library/cc938655.aspx?f=255&MSPPError=-2147217396
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Do I have to configure DNS server before configuring VPN server?
Hi,
In my journey to get this mac os X server to actually work...
Do I need to configure DNS server on Mac OS X server first before setting up VPN or ICHAT server?
Or, it seems that I can use my D-Link Gaming router as a DNS server.
I think I'm most confused with which numbers to enter as my DNS... is it the local IP of my mac mini being used as the server (192.168.0.1) or is it the IP address assigned to my cabel modem?
There are so many posts on this, I am feeling lost.... has anyone found a really great step by step that explains how to do this?
thanks
Ethan-Ethan,
My experience is that it is absolutely necessary to have an external DNS server setup correctly BEFORE you even start installing your OS X Server, so why not keep it. Still, once you have set up OS X Server, you can also use its own DNS server, but be VERY careful to set it up correctly. DNS mistakes, especially the ones regarding server's own IP addresses, are usually not forgiven by OS X Server. Many of us here have learned that the hard way. As for me, I prefer to have a dedicated DNS.
Best regards,
Andrus -
DNS server configuration and behaivour
Hi all,
I'm looking for detail explanations which can explain how Mac OS X 10.6 *DNS client* works and may be configured.
According to http://discussions.apple.com/thread.jspa?threadID=2227251 nothing is not guaranteed like order and failover.
According to http://support.apple.com/kb/HT4030 failover will take affect when DNS server returns with SERV_FAIL (0x2) error code. What about NXDOMAIN (0x3) error code (which is more interesting scenario)?
What I'm looking for DNS client?
I'm looking for several DNS servers configuration which allow to split DNS domains for several areas. This, for example, may be very useful for VPN connections when VPN DNS server will resolve internal resource and another server (configured before VPN tunnel established) will resolve external resources.
Is there any possible configuration to achieve this requirement for Mac OS?
Thanks in advance,
Oleg.Thanks Felix for quick response.
In your scenario:
1. You configured to different DNS servers and probably only one of them replied to DNS queries. And this is OK.
2. When non valid IP configured means that DNS server will not reply to DNS query and than failover will query the second DNS server in the list. And this is also OK.
I'm looking 2 different DNS servers configuration when one of them will reply to different domains. For example:
First server will reply to *.mycompany.com.
The second one will reply to any query except mycompany.com domain(since it is not published).
Thanks again,
Oleg. -
Mail server and DNS configuration
I have an XServe G4 running Mac OS X 10.4 Tiger Server, and I have successfully configured two domains that I purchased from GoDaddy as websites on this XServe. It's behind an Airport Extreme, and I have forwarded a bunch of ports in order to enable FTP, SSH, Web, remote Server Administration, webmail, and I have also forwarded the IMAP and SMTP ports. All of these services work except for email, so I am wondering if there is any special DNS settings that I need to configure in the GoDaddy total dns configuration page. I have the MX record pointed directly to my IP, just like the A record. I also have mail.mydomain.com pointed to the A record's IP (maybe I described that poorly, but I hope it gets the point across). I am able to log into webmail and send email out to other people, but when I try replying back to the email which I sent from webmail, I get a bounced message. I also cannot configure a Mail client, but I think I need to get the accounts at least working first. Can someone provide a list of DNS requirements or server configuration requirements for me to check off in order to make this happen? Does anyone know of any great resources to learn this kind of stuff? I'm kinda new to the server thing.
Thanks!
Paulpostconf -n results:
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname,localhost.$mydomain,localhost,rubenkalath.com
mydomain = rubenkalath.com
mydomain_fallback = localhost
myhostname = mail.rubenkalath.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdtls_certfile = /etc/certificates/Default.crt
smtpdtls_keyfile = /etc/certificates/Default.key
smtpdusetls = no
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
ps U _postfix results:
ps: _postfix: no such user
tail -20 /var/log/mail.log results:
May 15 15:55:27 sincity postfix/cleanup[1257]: 765DC4517A: message-id=<[email protected]>
May 15 15:55:27 sincity postfix/qmgr[1239]: 765DC4517A: from=<[email protected]>, size=881, nrcpt=1 (queue active)
May 15 15:55:27 sincity postfix/smtpd[1254]: disconnect from localhost[127.0.0.1]
May 15 15:55:27 sincity postfix/pipe[1259]: 765DC4517A: to=<[email protected]>, relay=cyrus, delay=0, status=sent (mail.rubenkalath.com)
May 15 15:55:27 sincity postfix/qmgr[1239]: 765DC4517A: removed
May 15 15:58:09 sincity postfix/smtpd[1338]: connect from localhost[127.0.0.1]
May 15 15:58:13 sincity postfix/smtpd[1338]: lost connection after CONNECT from localhost[127.0.0.1]
May 15 15:58:13 sincity postfix/smtpd[1338]: disconnect from localhost[127.0.0.1]
May 15 16:06:09 sincity postfix/postfix-script: refreshing the Postfix mail system
May 15 16:06:09 sincity postfix/master[590]: reload configuration
May 15 16:12:48 sincity postfix/smtpd[1709]: connect from localhost[127.0.0.1]
May 15 16:12:54 sincity postfix/smtpd[1709]: lost connection after CONNECT from localhost[127.0.0.1]
May 15 16:12:54 sincity postfix/smtpd[1709]: disconnect from localhost[127.0.0.1]
May 15 16:28:58 sincity postfix/smtpd[2068]: connect from localhost[127.0.0.1]
May 15 16:28:58 sincity postfix/smtpd[2068]: 1FA354537C: client=localhost[127.0.0.1]
May 15 16:28:58 sincity postfix/cleanup[2071]: 1FA354537C: message-id=<[email protected]>
May 15 16:28:58 sincity postfix/qmgr[1530]: 1FA354537C: from=<[email protected]>, size=776, nrcpt=1 (queue active)
May 15 16:28:58 sincity postfix/smtpd[2068]: disconnect from localhost[127.0.0.1]
May 15 16:29:02 sincity postfix/smtp[2072]: 1FA354537C: to=<[email protected]>, relay=mercury.gatech.edu[130.207.192.26], delay=4, status=sent (250 Ok: queued as 67542CDF86) -
How setup SPA525 vpn client?How configuration Cisco VPN server?
Hi all,
How setup SPA525 vpn?
How configuration Cisco VPN server for SPA525?
Regards
JohnHi John,
Do you want to setup the SPA525 on the UC300? If so the UC300 does not support any VPN or remote users. If you need configuration help with the UC5XX just let me know.
Thank you,
Jason Nickle -
Connect to server thru DNS using VPN
I want to do the following :
- connect to my server thru VPN (this is working) using VPN server of the OS X Server
- command -K connecting thru the fileshare on the same server using the dns name of my server. (not working)
when i see the settings of the VPN connection i see my DNS server in the tab DNS. But connection is not established.Are you typing the hostname of the server in the 'Connect to Server' dialog? or are you hoping to see the remote servers appear in the list when you Browse?
The former should work. The latter will not (at least not without extra significant hoops).
If you are trying the former, and you can't hit the server by name, check whether you can hit it via IP address. Also check whether you can resolve the name via some other means (e.g nslookup or dig in Terminal.app, or Network Utility.app). That will at least help pinpoint the problem. -
Configure VPN Server Cisco 877W
Hello!
I need to implement VPN Server on a Cisco 877W.
The idea is as follows:
Access the network from anywhere using the Cisco VPN Client;
The router need receive a minimum 5 simultaneous connections;
Each User would have a login and password;
Cisco 877W (System image file is "flash: C870-advipservicesk9-mz.150-1.M10.bin")
Following script:
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
hostname VPN
boot-start-marker
boot-end-marker
logging buffered 10240
enable secret PASS@PASS
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone BR -3
dot11 syslog
dot11 ssid ACESSO01
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii PASS@PASS
no ip source-route
ip dhcp pool ODIM
import all
network 192.168.100.224 255.255.255.224
default-router 192.168.100.254
dns-server 10.151.176.80 201.10.120.3 10.151.176.79 201.10.1.2
update arp
ip cef
no ip bootp server
no ip domain lookup
ip domain name local
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall skinny
no ipv6 cef
multilink bundle-name authenticated
archive
path flash:config
write-memory
file verify auto
username suporte privilege 15 secret 5 $1$WdPL$PHwugOutS3fztS8hBUl9g0
ip tcp timestamp
ip ssh version 2
bridge irb
interface ATM0
description #### A D S L - INTERNET ####
no ip address
no ip proxy-arp
load-interval 30
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description #### A D S L - INTERNET ####
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
description #### I N T R A N E T ####
switchport trunk native vlan 100
switchport mode trunk
load-interval 30
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
no ip address
no ip proxy-arp
load-interval 30
encryption mode ciphers aes-ccm tkip
ssid ACESSO01
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description #### ETH`S ####
no ip address
no ip proxy-arp
load-interval 30
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
description #### I N T R A N E T ####
ip address dhcp
no ip proxy-arp
ip nat outside
ip virtual-reassembly
interface Dialer0
description #### I N T E R N E T ####
ip address negotiated
ip access-group Traffic-Permit-IN in
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip inspect firewall out
ip virtual-reassembly
rate-limit input access-group 100 16000 8000 8000 conform-action transmit exceed-action drop
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname user@user
ppp chap password pass@pass
ppp pap sent-username user@user password pass@pass
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
interface BVI1
description #### BRIDGE Vlan1/Dot11Radio0 ####
ip address 192.168.100.254 255.255.255.224
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip policy route-map PBR
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL interface Dialer0 overload
ip nat inside source route-map INTRANET interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 name ADSL
ip route 0.0.0.0 0.0.0.0 10.48.50.1 name INTRANET
ip access-list extended ADSL
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
deny ip any host 192.168.100.255
deny udp any any eq tftp log
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny udp any any eq 135 log
deny tcp any any eq 135 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny tcp any any eq 445 log
deny ip any any log
ip access-list extended INTRANET
permit ip any 10.0.0.0 0.255.255.255
deny ip any any
deny ip any host 10.48.50.255
deny udp any any eq tftp log
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny udp any any eq 135 log
deny tcp any any eq 135 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny tcp any any eq 445 log
ip access-list extended Traffic-Permit-IN
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 224.0.0.0 0.15.255.255 any
deny ip any host 255.255.255.255
permit tcp any any eq 1723
permit gre any any
deny icmp any any echo
deny ip any any log
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any echo
access-list 110 permit ip 192.168.100.224 0.0.0.31 any
dialer-list 1 protocol ip permit
no cdp run
route-map ADSL permit 10
match ip address 110
match interface Dialer0
route-map INTRANET permit 10
match ip address 110
match interface Vlan100
route-map PBR permit 10
match ip address ADSL
set interface Dialer0
route-map PBR permit 20
match ip address INTRANET
set interface Vlan100
control-plane
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
endSome Help?
-
OS X 10.4.11 Server - configured name and reverse DNS do not match / DNS
Hi all,
I have looked for similar posts but all seem to have different scenarios, hoping to get an answer from someone more experienced than myself before I do anything silly.
Help much appreciated!
Scenario:
We run a 10.4.11 OS X Server on an XServe, hosted at an ISP. ISP provides all DNS services, incl. the reversed DNS entry.
I am currently only running the following services (based on the display in ServerAdmin):
AFP
Firewall
iChat
Mail
QuickTimeStreaming
Web
All others (incl. DNS) are grayed out. (As ISP instructed us not to add a DNS service on our box, that's "normal" according to my experiences with dedicated /co-location server hosting).
We never used changeip after the initial setup, meaning the server's
Current Hostname = somename.local and
DNS Hostname = mail.ourdomainname.net
So in system.log I find this re-occuring entry:
Jul 8 11:41:22 somename servermgrd: servermgr_dns: configured name and reverse DNS name do not match (somename.local != mail.ourdomainname.net), various services may not function properly - use changeip to repair and/or correct DNS
Finally, my question:
As Mail and Web services etc. are currently running OK from what I can tell,
1) do I HAVE to change this at all?
2) Would it be much better / why?
3) Could I change this using the following command
(111.11.111.1 indicating the server's IP address)
changeip 111.11.111.1 111.11.111.1 somename.local mail.ourdomainname.net
4) without running a DNS server on the machine, i.e. DNS service is not required for this to work?
5) obviously I want to be able to use Server Admin after I issue this command...
6) can I fall back easily in case this would screw it up, or is there no risk whatsoever doing this in my case?
THANK YOU so much for any help!Hi Jonas
If port 443 is already being used on the same box as KMS then it will complain and probably not start the service? I've seen this with LDAP port 636. This is when Kerio is installed on a server configured as an OD Master. Clearly the port can't be used by both servers.
It might be easier to change the port your sites are currently using to something else? Although don't do anything yet. Pose the question to Kerio Support and see what advice they offer.
Yes moving the mail to a local folder on the mail client will do it.
Is Kerio going on the same box? If its a different box (presumably different IP address?) Then what you can do is to port forward to the new server's IP address instead of disabling it. This way while you are bringing the new server on line users can still send mail right up until the time you give instructions on changing their inbound/outbound mail server details. Of course they won't be able to receive but if you time it right they may not even get an error message? Depends on what their schedules are.
If it was me I would choose IMAP every time. As the mail admin you have full control and a central location for easy backup. KMS has a built in archiving feature that makes this a simple process. This is an easier option than going round individual client machines and making sure mail held locally in POP accounts are backed up. Besides there is always someone who falls through the loop and I'm not taking into account drive failures. It makes good sense anyway as there is talk of legislation being introduced to make this a requirement for businesses who run their own mail servers. This is certainly true for certain parts of the US and what usually happens there is generally taken up in the UK and most parts of Europe.
Kerio's WebMail Client means users don't even have to have their own computer. Just as long as they have access to one that has access to the internet they can send/receive mail. No need for dedicated mail applications such as Apple Mail, Thunderbird, Entourage etc. How mail is uses remains consistent for all users.
Yes. I did this not so long ago with Leopard's built in Mail Server. I sent an e-mail defining a time when no inbound mail would be received. Disabled port forwarding for SMTP port 25 and approx 30 minutes after that another mail stating no outbound mail should be sent. Once everything was swopped over (we were changing from a G4 10.4 server to a G5 10.5 Server) port 25 was enabled, new server brought online and everyone was mailing again with no appreciable downtime.
These boxes were to have the same IP address hence the slightly different approach.
Does this help?
Tony -
Configuring DNS when clients get DHCP from a Windows server
Hi
I'm getting to grips with OD and have managed to configure a test environment at home with static IPs and all the DNS entries being entered manually for each computer.
However, how do I configure the DNS in an environment where clients get their IPs from a Windows DHCP server (which I have no access to)?
Setting clients to have static IPs is not an option nor enabling DHCP on the Mac server, I suspect.
Your help is really appreciated.
SteveHi
Your suspicion is correct.
To be honest I would what is available on the Windows Server as the basis for your Open Directory deployment. If the Windows Server is already the DHCP Server odds are it is also the DNS Server. DNS can be provided to your clients using the Windows based DHCP service.
If you have no direct access to the windows server you should be able at the least ask the windows administrator to add a Host Record with a Reverse Pointer for the OSX Server. Make sure its resolving correctly first using the relevant tools first then add the IP address of the Windows Server in the network preferences pane on your OSX Server. Thereafter you should be able to promote from Standalone to Open Directory Master without too many problems.
If the Windows Server is using .local as its FQDN then it could scupper any chances you have of providing OSX LDAP services to your mac clients. It can work with .local, its just better if its not used.
Hope this helps – Tony -
Help with configuration vpn server on mac os
Does anyone know a step by step way to configurtae a vpn server on the normal snowleopard
i tried ivpn but i cannot connect to the L2TP vpn server ( i configurated it as described )
does anyone has a solution to try out ivpn
or is there any alternativ way for ivpnDoes anyone know a step by step way to configurtae a vpn server on the normal snowleopard
i tried ivpn but i cannot connect to the L2TP vpn server ( i configurated it as described )
does anyone has a solution to try out ivpn
or is there any alternativ way for ivpn -
Hi,
Just wondering if anyone can help.
We have set up RAS/VPN on our Windows Server 2012 Essentials server. One of our users when trying to log in gets the below error when trying to connect to VPN:
"Error 812: The connection was prevented because of a policy configuration on your RAS/VPN server. Specifically the authentication method used by the server to verify your username and password may not match the authentication method configured in your
connection profile. Please contact the Administrator of the RAS server and notify them of this error."
The domain admin account can log in to VPN fine and any new AD account that I create can log in fine, but just not this particular user account. I checked that this account has "Dial In" access on their user account on AD and on the Anywhere Access
tab on the users properties in Windows server 2012 Essentials Dashboard the "Allow Virtual Private Network (VPN)" is ticked. They are a member of the RA_AllowVPNAccess security group.
I also configured the authentication protocol MS-CHAPv2 on the server and on the client. I also tried to connect using PPTP rather than automatic, with no luck.
I did some searching on the Internet, but virtually all of the resolutions for this issue are related to setup or configuration problems that would result in the VPN either consistently working or not-working. I tried changing a number of the NPS policies,
since the error seemed to point to an NPS issue, but this did not resolve the problem.
I'm buffled why just this user cannot connect to VPN.
Any thoughts?Hi,
à
The domain admin account can log in to VPN fine and any new AD account that I create can log in fine, but just not this particular user account.
It is really a strange issue. I noticed that you have checked “Dial-in” tab of this problematic user properties
in ADUC. Just a confirmation, did you mean that “Allow access” option was checked under Network Access Permission? Or anything I misunderstand?
On current situation, please view the problematic account properties on Dashboard and navigate to
Anywhere Access tab, and please uncheck “Allow Virtual Private Network (VPN)” option and click Apply button. Then please re-check
“Allow Virtual Private Network (VPN)” option and apply again. Any difference?
By the way, did you check the event logs if find any related event or error?
If anything I misunderstand or any update, please don’t hesitate to let me know.
Hope this helps.
Best regards,
Justin Gu
Maybe you are looking for
-
can't remember exact wordage of statement
-
BADI ME_GUI_PO_CUST in PO Creation
hello people, I am having some trouble implementing BADI ME_GUI_PO_CUST. i have this code in my subscribe method. CHECK IM_APPLICATION = 'PO'. IF IM_ELEMENT = 'ITEM'. CLEAR RE_SUBSCRIBERS[]. LS_SUBSCRIBER-NAME = subscreen1. LS_SUBSCRIBER-DY
-
Tree Layout and a Where Clause
I have built a uix application using Jdev (10.1.2) + Jheadstart (10.1.2). I followed Jheadstart for ADF developers guide (10.1.2) for creating a page with a recursive tree, tree layout style and it works well. Now I need to apply a where clause, pro
-
So I was just syncing my music to my ipod and it hasn't got rid of the do ot disconnect screen even though on my itunes it told me the ipod sync is complete so i decided to restore my settings (advice given from a friend) and well it's not doing anyt
-
Client for maintenance optimizer
Hi friends, Which client is to be ussed for maintenance optimizer configuration (its 000 or 001) Kindly advice. Regards Ayush johri