krypted.com

Tiny Deathstars of Foulness

Ever wanted to be able to view devices from your Jamf server from within your Freshdesk environment? Well, I just posted a new integration on the Jamf Marketplace just for Freshdesk.


This plugin will display a search bar on the right side of the screen. Enter a serial number to find your devices. If a match is found, you’ll see information on the device (note: this is up on GitHub so you can change what fields you see).

If you don’t find anything that matches a given pattern, you’ll get an error.

April 2nd, 2018

Posted In: JAMF, Product Management

Tags: , ,

There’s a new MDM option to skip the privacy screen at setup for Mac. But, you can also skip that screen programmatically. Do so by sending a DidSeePrivacy boolean key into com.apple.SetupAssistant. This could be done via an MDM or through a simple defaults command, as follows: defaults write com.apple.SetupAssistant DidSeePrivacy -bool TRUE Note: Since writing this, Rich Trouton has published a script that includes the other options at https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/disable_apple_icloud_data_privacy_diagnostic_and_siri_pop_ups.

April 2nd, 2018

Posted In: Mac OS X

Tags: , ,

/etc/Sudoers is a file that controls what happens when you use sudo. /etc/sudo_lecture is a file that Apple includes in macOS that tells your users that what they’re about to do is dangerous. You can enable a lecture, which will be displayed each time sudo is invoked. To turn on the lecture option in sudo, open /etc/sudoers and add the following two lines (if they’re not already there):

Defaults lecture=always
Defaults lecture_file = “/etc/sudo_lecture”

Then save the file and edit /etc/sudo_lecture. Apple has kindly included the following
Warning: Improper use of the sudo command could lead to data loss or the deletion of important system files. Please double-check your typing when using sudo. Type “man sudo” for more information. To proceed, enter your password, or type Ctrl-C to abort.
Let’s change this to:
Hack the planet.

Now save and open a new Terminal screen. Run sudo bash and viola, you will get your new message. Enjoy.

April 1st, 2018

Posted In: Mac OS X, Mac Security

Tags: , , , , ,

DNS is an integral service to most modern networks. The Domain Name System, or DNS is comprised of hierarchical and decentralized Domain Name Servers, or DNS Servers. This is how we connect to computers and the websites that reside on computers by their names, rather than having to memorize the IP addresses of every single computer out there. So you get to type krypted.com and come to my website instead of typing the IP address. Or more likely, Facebook.com, but just because my website is older, I’m not mad about that. No really…

So you have a macOS Server and you need to take your DNS records out of it and move them to another solution. Luckily, DNS on any operating system is one of the easiest to manage. So let’s start by dumping all of our DNS records:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig list

ACLs:
    com.apple.ServerAdmin.DNS.public
Options:
    directory: /Library/Server/named
    allow-recursion: com.apple.ServerAdmin.DNS.public 
    allow-transfer: none 
    forwarders: 8.8.8.8 4.4.4.4 
Views:
    com.apple.ServerAdmin.DNS.public
        Zones:
            test.com
                Options:
                    allow-transfer: none 
                    allow-update: none 
                Resource Recs:
                        testalias.test.com (CNAME)
                        test.com (SOA)
                        test.com (NS)
                        test.com (MX)
                        test.test.com (A)
                Resource Recs:
                    no resource recs
            0.0.127.in-addr.arpa
                Options:
                    allow-update: none 
                Resource Recs:
                        0.0.127.in-addr.arpa (SOA)
                        0.0.127.in-addr.arpa (NS)
                        1.0.0.127.in-addr.arpa (PTR)
            0.0.10.in-addr.arpa
                Options:
                    allow-transfer: none 
                    allow-update: none 
                Resource Recs:
                        1.0.0.10.in-addr.arpa (PTR)
                        0.0.10.in-addr.arpa (SOA)
                        0.0.10.in-addr.arpa (NS)

Now that we have our records, let’s think of how to use them in the new server. In the above example, we list test.com as a zone. And in that zone we have an A record for test.test.com and a CNAME for testalias.test.com that points to test.test.com – but we don’t know where test.test.com resolves to. Each of those domains has a corresponding file that starts with db. followed by the name of the domain in the /Library/Server/named directory. So we can cat the test.com file as follows:

cat /Library/Server/named/db.test.com

test.com.       10800 IN SOA test.com. admin.test.com. (
2018033001
3600
900
1209600
86400)
     10800 IN NS test.test.com.
     10800 IN MX 0 test.test.com.
test.test.com.       10800 IN A 10.0.0.1
testalias.test.com.       10800 IN CNAME test.test.com.

Now we know the IP address that each record points to and can start building them out in other systems. If you only have 5-20 records, this is pretty quick and easy. If you have hundreds, then you’re in luck, as those db files per domain are portable between hosts. Some of the settings to look out for from macOS Server include:
  • Primary Zone: The DNS “Domain”. For example, www.krypted.com would likely have a primary zone of krypted.com.
  • Machine Record: An A record for a computer, or a record that tells DNS to resolve whatever name is indicated in the “machine” record to an IP address, whether the IP address is reachable or not.
  • Name Server: NS record, indicates the authoritative DNS server for each zone. If you only have one DNS server then this should be the server itself.
  • Reverse Zone: Zone that maps each name that IP addresses within the zone answer with. Reverse Zones are comprised of Reverse Mappings and each octal change in an IP scheme that has records mapped represents a new Reverse Zone.
  • Reverse Mapping: PTR record, or a record that indicates the name that should respond for a given IP address. These are automatically created for the first IP address listed in a Machine Record.
  • Alias Record: A CNAME, or a name that points to another name.
  • Service Record: Records that can hold special types of data that describe where to look for services for a given zone. For example, iCal can leverage service records so that users can just type the username and password during the setup process.
  • Mail Exchanger Record (aka MX record): Mail Exchanger, points to the IP address of the mail server for a given domain (aka Primary or Secondary Zone).
  • Secondary Zone: A read only copy of a zone that is copied from the server where it’s a Primary Zone when created and routinely through what is known as a Zone Transfer.
The settings for the domains are as follows:
  • allow-transfer Takes one or more address match list entry. Address match list entries consist of any of these forms: IP addresses, Subnets or Keywords.
  • allow-recursion Takes one or more address match list entry.
  • allow-update Takes one or more address match list entry.
  • allow-query Takes one or more address match list entry.
  • allow-query-cache Takes one or more address match list entry.
  • forwarders Takes one or more IP addresses, e.g. 10.1.1.1
  • directory Takes a directory path
  • tkey-gssapi-credential Takes a kerberos service principal
  • tkey-domain Takes a kerberos realm
  • update-policy Takes one complete update-policy entry where you can grant or deny various matched objects and specify the dentity of the user/machine that is allowed/disallowed to update.. You can also identify match-type (Type of match to be used in evaulating the entry) and match-name (Name used to match) as well as rr-types (Resource record types that can be updated)
Now, let’s get to setting up the new server. We’ll open the Synology and then click on Package Center. Then we’ll click All in the sidebar and search for DNS, as you can see below.

Click Install and the service will be installed on your NAS. Once installed, use the menu item in the upper left corner of the screen to bring up DNS Manager. Here, you can create your first zone. We’ll recreate test.com. To get started, click on Create and then Master Zone.

At the Master Zone screen, select Forward Zone if you’re creating a zone with a name or Reverse Zone if you’re creating a zone for IP addresses to resolve back to names (or PTR records). Since test.com is a name, we’ll select Forward Zone and then enter test.com in the “Domain name” field. Enter the IP address of the NAS in the “Master DNS server” field and leave the serial format as-is unless you have a good reason not to.

There are some options to secure connectivity to the service as well: 
  • Limit zone transfer: Restrict this option only to slave servers for each zone.
  • Limit source IP service: Restrict this option only to hosts that should be able to lookup records for the zone (which is usually everyone so this isn’t often used).
  • Enable slave zone notification: Identify all the slave servers so they get a notification about changes to zone files and can update their files based on those on the server.
  • Limit zone update: Only specify other servers that are allowed to update the zone files on your server.
Click OK when you’ve configured the zone as you’d like.

Double-click the zone to load a list of records and create new ones. 

Click Create to see a list of record types:

Record types include the following:
  • A Type: Resolve a name to an IPv4 address
  • AAAA Type: Resolve a name to an IPv6 address
  • CNAME: Resolve a name to a name
  • MX: Define the mail server for a domain
  • NS: Define DNS servers for a domain
  • SPF: Define what mail servers are allowed to send mail from a domain
  • SRV: Service records (e.g. the Active Directory or Exchange server for a domain)
  • TXT: Text records
  • CAA: Define the Certificate Authorities (CAs) for a domain
Click A Type to create that test.test.com record.

At the record screen, provide the hostname, along with the IP address that the name should resolve to. Notice that the TTL is a number of seconds. This is how many seconds before another DNS server expires their record. So when they cache them, they aren’t looking the records up against your server every time a client needs to resolve the address. I like the number provided, but when I’m about to move a service I’ll usually come back and reduce that a few days before the move. The nice thing about a high number of seconds before the next refresh though, is it can save on your bandwidth and on the bandwidth of the servers looking to yours to refresh their records. Once you’ve configured the record, click OK.

Click on Create and then CNAME. Enter the name that you’re pointing to another record (in this case CNAMEtest) in the Name: field and then the name that it’s pointing to (in this case test.test.com) in the Cononical Name: field. Click OK.

Now let’s get that MX record created. Click Create and select MX. Enter the name of the server you want to get mail (in this case test.test.com will be our mail server. Then provide a TTL (I usually use lower numbers for mail servers), the priority (if this is the only server I usually use 0 but if there’s a backup then I’ll use a number like 20), and finally the name of the domain. Click OK.

 
You’ll you can see all of your records. I know that Apple was always tinkering with the Server app to make DNS records display differently, trying to hide the complexity. But to be honest, I always considered this type of view (which is standard amongst most network appliances) to be much more logical. That might be because I’m just used to looking at db files back in the pre-GUI days. But it makes sense to me. 

Notice in the sidebar, you have an option for Resolution. This is if the server is going to be used to resolve addresses upstream. What are those upstream servers. This is where you configure them. Don’t enable this option if the DNS server is only used by external clients to resolve names hosted on the server. Do use this if there will be clients on your network attempting to resolve against your server.

Use the Views option to configure bind views. We’ll cover this at some point, but since this article is getting a bit long, let’s just say that this is where you configure different zone files for different subnets based on the source of the subnet. Useful if you want to use the same DNS server to host external and internal addressing, and you want the internals to point to LAN addresses and the externals to point to WAN addresses.

Finally, if this DNS server will be providing services to external hosts, then point port 53 to the new server and set the name server record to the IP address on the WAN with the registrar.

March 31st, 2018

Posted In: Mac OS X Server, Synology

Tags: , , , , , , , ,

Don’t let the name fool you, RADIUS, or Remote Authentication Dial-In User Service is more widely used today than ever before. This protocol enables remote access to servers and networks and is frequently a fundamental building block of VPNs, wireless networks and other high-security services that have nothing to do with dialup bulletin boards from the 80s. 

I’ve run RADIUS services on Mac servers for years. But as that code starts to become stale and no longer supported, let’s look at running a basic RADIUS service on a network appliance, such as a Synology. To get started, open Package Manager, click All in the sidebar and then search for RADIUS. 

Click Install for the RADIUS service.

Once installed, open RADIUS Server from the application menu in the upper left hand corner of the screen.

The options aren’t like raccoon. You can select a port, choose a directory service (which covers the authentication and a bit of the authorization portions of RADIUS. Click Clients and then Add.

Here you can configure a shared secret for a client, and allow for the source IP and netmask. To grab your certificate for deployment to clients, open the Control Panel, then Security, then Certificate and export the .p12. If you’re using this RADIUS service to enable other services for Macs, you’ll likely then want to distribute that certificate in a profile. We’ll cover how to leverage RADIUS for other services in other articles.


March 31st, 2018

Posted In: Synology

Tags: , , , ,

Apple won’t be keeping all of the services in macOS Server after the next few months. In the meantime, we have a big old guide to read. I have some overlapping articles I’ve been working on, but I’d say we’re in a similar headspace. The Apple macOS Server Services Migration Guide is available at https://developer.apple.com/support/macos-server/macOS-Server-Service-Migration-Guide.pdf and covers bind, vpnd, freeradius, manual netinstall with bootp and tftp, apache, wordpress, CalendarServer, and ftp. It’s pretty technical, but nothing too crazy in there!

Overall, an easy read and I’m glad to see some content coming out to help admins!

March 30th, 2018

Posted In: Mac OS X Server

Tags: , , , , , , , , , ,

DNS is an integral service to most modern networks. The Domain Name System, or DNS is comprised of hierarchical and decentralized Domain Name Servers, or DNS Servers. This is how we connect to computers and the websites that reside on computers by their names, rather than having to memorize the IP addresses of every single computer out there. So you get to type krypted.com and come to my website instead of typing the IP address. Or more likely, Facebook.com, but just because my website is older, I’m not mad about that. No really…

So you have a macOS Server and you need to take your DNS records out of it and move them to another solution. Luckily, DNS on any operating system is one of the easiest to manage. So let’s start by dumping all of our zone records and settings using the dnsconfig command:

/Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework/dnsconfig list

ACLs:
com.apple.ServerAdmin.DNS.public
Options:
directory: /Library/Server/named
allow-recursion: com.apple.ServerAdmin.DNS.public 
allow-transfer: none 
forwarders: 8.8.8.8 4.4.4.4 
Views:
com.apple.ServerAdmin.DNS.public
Zones:
test.com
Options:
allow-transfer: none 
allow-update: none 
Resource Recs:
testalias.test.com (CNAME)
test.com (SOA)
test.com (NS)
test.com (MX)
test.test.com (A)
Resource Recs:
no resource recs
0.0.127.in-addr.arpa
Options:
allow-update: none 
Resource Recs:
0.0.127.in-addr.arpa (SOA)
0.0.127.in-addr.arpa (NS)
1.0.0.127.in-addr.arpa (PTR)
0.0.10.in-addr.arpa
Options:
allow-transfer: none 
allow-update: none 
Resource Recs:
1.0.0.10.in-addr.arpa (PTR)
0.0.10.in-addr.arpa (SOA)
0.0.10.in-addr.arpa (NS)

Now that we have our records, let’s think of how to use them in the new server. In the above example, we list test.com as a zone. And in that zone we have an A record for test.test.com and a CNAME for testalias.test.com that points to test.test.com – but we don’t know where test.test.com resolves to. Each of those domains has a corresponding file that starts with db. followed by the name of the domain in the /Library/Server/named directory. So we can cat the test.com file as follows:

cat /Library/Server/named/db.test.com

test.com.   10800 IN SOA test.com. admin.test.com. (
2018033001
3600
900
1209600
86400)
 10800 IN NS test.test.com.
 10800 IN MX 0 test.test.com.
test.test.com.   10800 IN A 10.0.0.1
testalias.test.com.   10800 IN CNAME test.test.com.

Now we know the IP address that each record points to and can start building them out in other systems. If you only have 5-20 records, this is pretty quick and easy. If you have hundreds, then you’re in luck, as those db files per domain are portable between hosts. Some of the settings to look out for from macOS Server include:
  • Primary Zone: The DNS “Domain”. For example, www.krypted.com would likely have a primary zone of krypted.com.
  • Machine Record: An A record for a computer, or a record that tells DNS to resolve whatever name is indicated in the “machine” record to an IP address, whether the IP address is reachable or not.
  • Name Server: NS record, indicates the authoritative DNS server for each zone. If you only have one DNS server then this should be the server itself.
  • Reverse Zone: Zone that maps each name that IP addresses within the zone answer with. Reverse Zones are comprised of Reverse Mappings and each octal change in an IP scheme that has records mapped represents a new Reverse Zone.
  • Reverse Mapping: PTR record, or a record that indicates the name that should respond for a given IP address. These are automatically created for the first IP address listed in a Machine Record.
  • Alias Record: A CNAME, or a name that points to another name.
  • Service Record: Records that can hold special types of data that describe where to look for services for a given zone. For example, iCal can leverage service records so that users can just type the username and password during the setup process.
  • Mail Exchanger Record (aka MX record): Mail Exchanger, points to the IP address of the mail server for a given domain (aka Primary or Secondary Zone).
  • Secondary Zone: A read only copy of a zone that is copied from the server where it’s a Primary Zone when created and routinely through what is known as a Zone Transfer.
The settings for the domains are as follows:
  • allow-transfer Takes one or more address match list entry. Address match list entries consist of any of these forms: IP addresses, Subnets or Keywords.
  • allow-recursion Takes one or more address match list entry.
  • allow-update Takes one or more address match list entry.
  • allow-query Takes one or more address match list entry.
  • allow-query-cache Takes one or more address match list entry.
  • forwarders Takes one or more IP addresses, e.g. 10.1.1.1
  • directory Takes a directory path
  • tkey-gssapi-credential Takes a kerberos service principal
  • tkey-domain Takes a kerberos realm
  • update-policy Takes one complete update-policy entry where you can grant or deny various matched objects and specify the dentity of the user/machine that is allowed/disallowed to update.. You can also identify match-type (Type of match to be used in evaulating the entry) and match-name (Name used to match) as well as rr-types (Resource record types that can be updated)
You can also use the serveradmin command, and should certainly back up all of your settings and records this way. This is easily done using the serveradmin command as follows:

serveradmin settings dns

And the output would look something like this: 

dns:acls:_array_index:0:name = “com.apple.ServerAdmin.DNS.public”
dns:acls:_array_index:0:addressMatchList:_array_index:0 = “localhost”
dns:acls:_array_index:0:addressMatchList:_array_index:1 = “localnets”
dns:forwarders:_array_index:0 = “8.8.8.8”
dns:forwarders:_array_index:1 = “4.4.4.4”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:aliases = _empty_array
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:expire = 1209600
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:serial = 2018033001
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:allow-update = no
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:adminEmail = “admin@0.0.10.in-addr.arpa”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:machines = _empty_array
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:nameservers:_array_index:0:name = “0.0.10.in-addr.arpa”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:nameservers:_array_index:0:value = “test.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:refresh = 3600
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:mailExchangers = _empty_array
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:reverseMappings:_array_index:0:value = “test.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:reverseMappings:_array_index:0:ipAddress = “10.0.0.1”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:retry = 900
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:timeToLive = 86400
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:serviceRecords = _empty_array
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:name = “0.0.10.in-addr.arpa”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:reverseZones:_array_id:0.0.10.in-addr.arpa:allowZoneTransfer = no
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:aliases:_array_index:0:name = “testalias.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:aliases:_array_index:0:value = “test.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:expire = 1209600
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:serial = 2018033001
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:allow-update = no
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:adminEmail = “admin@test.com”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:machines:_array_index:0:name = “test.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:machines:_array_index:0:ipAddresses:_array_index:0:ipAddress = “10.0.0.1”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:nameservers:_array_index:0:name = “test.com”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:nameservers:_array_index:0:value = “test.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:refresh = 3600
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:mailExchangers:_array_index:0:address = “test.test.com.”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:mailExchangers:_array_index:0:priority = 0
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:reverseMappings = _empty_array
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:retry = 900
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:timeToLive = 86400
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:serviceRecords = _empty_array
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:name = “test.com”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:primaryZones:_array_id:test.com:allowZoneTransfer = no
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:name = “com.apple.ServerAdmin.DNS.public”
dns:views:_array_id:com.apple.ServerAdmin.DNS.public:secondaryZones = _empty_array

Or to output it to a file, just pipe it as follows:

sudo serveradmin settings dns > test.dns

March 30th, 2018

Posted In: Mac OS X Server

Tags: , , ,

Web services was always easy to install on macOS Server and it’s no different on a Synology. To do so, open Package Manager from the home screen.

Click All in the sidebar and enter web into the search box.

Click Web Station.

Click Install. This installs a few dependencies. Click Open once the install is finished.

Click General Settings. Note that the default web server is Nginx. You can install Apache and then Apache will be available in the HTTP back-end server list. If you’ll be using a different service (Apache) then do the switch before you proceed. 

Otherwise (or after you switch to Apache), click on Virtual Host.

Click on Create.

Click into the hostname field and provide the name of the site. The ports can stay as are unless you’d like to customize the port that a site runs on. Then select a document root. This is where you’ll place your index.html or index.php file that sits at the root of a site.

Select the back-end server (e.g. Nginx or Apache 2.4) and then the PHP Profile (I usually stick with the default profile unless I’m using a method in PHP that’s unsupported in 7.x).

Click OK. And that’s it. Put your web directory into the document root, and viola – you have a new web server.

March 30th, 2018

Posted In: Synology

Tags: , , , ,

Earlier, I wrote an article on how to export data from the macOS Wiki Service. But now that you have your data in a file, where are you going to import it into. Well, you could do some kind of custom hosting service. Or if you want to run your own server, you could use a Synology. Synology makes installing WordPress a snap. To get started, first open Package Manager. From Package Manager, search for WordPress.

Click Install.

Click Yes to install the dependencies.

Enter a username and password to pass to Maria DB (root with a blank password).

Enter a username and password for the wordpress database and click Next.

Click Apply. 

Click Open under WordPress.

Select a language for WordPress to use.

Set the title of blog, provide a username and password to log in and make new articles, provide an email address, and select whether your site will be indexed by search engines and then click Install WordPress.

Click Log In. You’ll then be placed into the main WordPress screen. Bookmark this page, but you can get back any time by visiting <IPADDRESS>/wp-admin or <IPADDRESS>/wp-login where <IPADDRESS> is the address or hostname of the server.

If you’re migrating from macOS Server, you can then import your database into WordPress. To do so, log into WordPress and hover over Tools, clicking Import.

At the Import screen, select Run Importer under WordPress as the format to import from.

At the Importer screen, select the database you exported from the macOS Server wiki export article.

Click “Upload file and import”. Now that you have data in WordPress, let’s do the fun part. Hover over Appearance in the left sidebar and click on Themes. Then, find a theme that best suits your needs using the Search box!

March 29th, 2018

Posted In: Mac OS X Server, Microsoft Exchange Server, Synology, WordPress

Tags:

Apple has published a new page that goes through all of the settings and commands available via MDM and explains many in much more detail. This is available at http://help.apple.com/deployment/mdm/. The new guide is a great addition to the work @Mosen has done at https://mosen.github.io/profiledocs/ in terms of explaining what each setting, command, and payload do. And let’s not forget the definitive MDM protocol reference guide, available at https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/1-Introduction/Introduction.html#//apple_ref/doc/uid/TP40017387-CH1-SW1

Overall, I’m excited to see so much information now available about MDM, including how to develop an MDM properly, what each setting does, and now what you should expect out of an MDM!

March 28th, 2018

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , ,

« Previous PageNext Page »