krypted.com

Tiny Deathstars of Foulness

Introduction Directory Services Configure Server Services Manage Servers Troubleshooting Command Line Miscellaneous
  • Pingback: The Bushel Blog | Backup and Restore iOS Devices Using iTunes()

  • i Teck

    Hi Charles… Again its a wonderful work done by you for Yosemite Server. We are looking for more information on profile management tweaks. keep up your good work.

    Thank you,
    Jude

    • krypted

      Thanks Jude!

  • James Miller

    Thanks for all the guides. For the past 2 years, this site has been invaluable to me. Do you have a guide on how to set up a reverse proxy for Yosemite server?

    I would really like to have a subdomain that people can go to sub.Mydomain.com but is actually mydomain.com:12345/web/index.html OR have mydomain.com/web/index.html for mydomain.com:1234/web/index.html

    I just don’t want my viewers to see the port number.

    Any suggestions?

    • krypted

      Hi James,

      I’ve usually used my firewall to redirect ports. I’ve not written anything up on doing a reverse proxy but I’ll try and give it a shot when I have some time. In the meantime, good luck!

      Charles

  • Felipe Elizagarate

    hi

    Known companies or professionals that support management osx server?

    As there are in rack911.com unix servers or ultimateservermanagement.com

    Thank You.

    • krypted

      Sorry for the delay, Felipe. Not a lot. Macminicolo would be one, The Foundation has some options as well. There was talk about Rackspace introducing something for that, but I never saw where it went. Also, many an Apple Consultant will have a hosting partner and the consultant often has a Managed Service-type of support plan to get costs static.

      Hope that helps!

  • Ian Wilson

    Hi Charles

    I have a nightmare of a problem concerning reversePTR. I’m running a mail server on Yosemite Server. I have a registered domain and a fixed IP address. The server (a MacMini) has a FQDN of mail.mydomain.org. Should I make the machine record for mail.mydomain.org point to both the internal IP address and the fixed external IP address?

    I’ve also created an alias called miniserver.mydomain.org and this points to the internal IP address. Is this correct? Or should I have two machine records: mail.mydomain.org which points only to the external address and miniserver.mydomain.org which points only to the internal IPaddress?

    Every time I check my registered domain on mxtoolbox, it reports a reversePTR error, but the only details it gives are the fixed external IP address and the mail.mydomain.org domain name, which appears to me to be correct! I’m extremely confused and would appreciate some wise words from you!!!!

  • krypted

    Hi Ian!

    Sorry for your troubles. The PTR needs to be configured by the ISP that owns the IP address (or have SOA transferred but it’s much easier to just get them to configure it for you. i would have it configured to match whatever the hostname is set to on the server (mail.mydomain.org). I’m usually a fan of using the WAN address, rather than an internal address on mail servers, so I’d stick with mail.mydomain.org rather than using local or something like that as the tld.

    Good luck!

    Charles

  • Chris Barczys

    Hi Charles,

    I have an Active Directory Domain Controller that a 40 system Mac lab is forced to login to via a WAN link. Often the link gets saturated & authentication gets to be spotty at best. The obvious solution would be to deploy Open Directory in the lab and authenticate to that. Do you know if it is possible to create what would essentially be an Open Directory Replica that is populated with account info from the Active Directory, & if so can you point me to any information on how to do it.

    Thank you in advance,
    Chris

    • krypted

      I would probably take a different route if possible. If you create another Active Directory Domain Controller (RODC if the AD owners consider the server to be not secure enough or a Global Master if they’re ok with that is probably the best option) then you would have users auth and obtain domain information locally to your network. DCs are built for low bandwidth scenarios (can work over ISDN). The reason is that you can’t really sync the passwords to an OD Master or Replica, so you’d end up doing some crazy cross-realm authentication otherwise, or having separate passwords, which would only get ugly really quickly. Licensing-wise, you only pay for CALs usually, so the cost of the server license itself would be the only software required and you should be able to run it on whatever craptastic Windows box can run the minimum OS for your functional level of AD.

      Anyway, hope that helps!

      Charles

      • Chris Barczys

        Thank you Charles. I was guessing that this was going to be the answer, But as I have little to no experience with AD I was hoping… If you don’t mind I have a followup question.
        I have a 2009 Mac Pro that i was going to put OS X Server on for the lab. The machine is WAY overkill, but it’s a use it or lose it thing.
        If I can get the powers that be to approve the creation of an RODC, what are your thoughts on splitting the Mac Pro via Parallels into both an OSX Server & RODC?

        Once again Thank you,
        Chris

        • krypted

          I’ve done that plenty of times for similar reasons. But I’d strongly recommend not binding the Mac running Parallels to AD. You can imagine this is a bit like looking at a mirror inside another mirror type of situation. Other than that, clone the VM from time to time and be prepared to forcefully remove it from AD some time if the VM gets corrupt as you likely won’t be able to rejoin. Then you’re good to go! Oh and it’s best if you can run it as a real DC rather than a RODC. Good luck! 🙂

  • Ben Coumerilh

    I have an OD master that has an SSL cert that is expired. How do I get it to renew. When I go through the cert renewal process, it seems as though OD is always wanting to not change to the new cert…

  • I am trying to understand how to enable NAT on Yosemite. I’m keen to upgrade due to security and feature details but having attempted to do so once (and consequently breaking my network) I am looking for a solid, nearly failsafe way of enabling this so that I don’t have to endure pissed off roommates again. Thanks.

  • Francisco J Montilla

    First of all congrats on this site. It is truly unique in the sense as a long time *nix admin I look for true tech details / CLI commands, whereas the Internet is full of GUI “mantra” nonsense “guides”. OS X is my OS of choice for personal use…

    I am looking a server where ACLs are all botched up and as a result almost all services are having sandbox errors (postgres for example) so neither wiki, calendar, contacts services are running.

    The only way to reset ACLs back to original state seems to be booting in recovery mode then using the resetpassword tool to reset home dir ACLs, something I couldn’t do (or is a server in recovery mode accesable from the network?) as it is a remote server.

    Additionally botched ACLs are everywhere not only on home dirs, so do you by chance know where could the original ACLs can be looked up in order to restore them?