Getting started with Messages Server couldn’t really be easier. Messages Server in the macOS Server 5.2 version of the Server app uses the open source jabber project as their back-end code base. The jabber binary is located at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd directory and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. The actual jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd, where there are a couple of perl scripts used to migrate the service between various versions as well.
Click on the Edit… button for the Permissions. Here, define which users and interfaces are allowed to use the service.
From Server app, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and provide the address for servers to federate to.
Next, click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server.
You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates.
At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin).
To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button. Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator:
sudo serveradmin fullstatus jabber
The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here:
jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "osxserver.krypted.lan"
jabber:hosts:_array_index:0 = "osxserver.krypted.lan"
jabber:setStateVersion = 1
jabber:startedTime = ""
jabber:readWriteSettingsVersion = 1
There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows:
sudo serveradmin settings jabber:jabberdClientPortSSL = 8080
To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book:
sudo serveradmin settings jabber:savedChatsLocation = “/Volumes/Pegasus/Book”
To see a full listing of the options, just run settings with the jabber service:
sudo serveradmin settings jabber
The output lists each setting configurable:
jabber:dataLocation = “/Library/Server/Messages”
jabber:s2sRestrictDomains = no
jabber:jabberdDatabasePath = “/Library/Server/Messages/Data/sqlite/jabberd2.db”
jabber:sslCAFile = “/etc/certificates/osxserver.krypted.com.31971C0C39DCBF4733FA671BCE3AF260769E4FB7.chain.pem”
jabber:jabberdClientPortTLS = 5222
jabber:sslKeyFile = “/etc/certificates/osxserver.krypted.com.31971C0C39DCBF4733FA671BCE3AF260769E4FB7.concat.pem”
jabber:initialized = yes
jabber:enableXMPP = yes
jabber:savedChatsArchiveInterval = 7
jabber:authLevel = “STANDARD”
jabber:hostsCommaDelimitedString = “osxserver.krypted.com”
jabber:jabberdClientPortSSL = 5223
jabber:requireSecureS2S = yes
jabber:savedChatsLocation = “/Library/Server/Messages/Data/message_archives”
jabber:enableSavedChats = yes
jabber:enableAutoBuddy = no
jabber:s2sAllowedDomains = _empty_array
jabber:logLevel = “ALL”
jabber:hosts:_array_index:0 = “osxserver.krypted.com”
jabber:eventLogArchiveInterval = 7
jabber:jabberdS2SPort = 5269
To stop the service:
sudo serveradmin stop jabber
And to start it back up:
sudo serveradmin start jabber
It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.
krypted October 12th, 2016
Posted In: Mac OS X Server
Recently, I had a bit of a problem with some code I was sending back and forth through Messages. This was caused by smart quotes, which replace single and double quotation marks with directional quotation marks. This can cause a lot of problems. To disable smart quotes:
defaults write com.apple.messageshelper.MessageController SOInputLineSettings -dict-add "automaticQuoteSubstitutionEnabled" -bool false
krypted August 16th, 2015
One of those funny calls we get every now and then is about how to block someone from calling or texting you. There are two main ways to go about this. The first is if someone is in your contacts. The second is if someone isn’t.
krypted August 12th, 2015
There are four ways to create groups in Mountain Lion Server. The first is using the Server app, the second is using Workgroup Manager, the third is using the Users & Groups System Preference pane and the fourth is using the command line. In this article we will look at creating groups in the Server app.
Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and group objects are stored locally when created in Server app. Once promoted to an Open Directory server, local groups must be created in Workgroup Manager, the Users & Groups System Preference pane or using a command line tool appropriate for group management.
Once changes have been made, click Done to commit the changes.
krypted September 2nd, 2012
Tags: 10.8, 10.8 Server, acl, autobuddy, create a group in mountain lion server, directory domain, dovecot groups, group mailing list, group management, group shared folders, group shares, hash table in dovecot, ichat server, local, messages, messages server, Open Directory, os x
Mountain Lion Server is now available on the OS X App Store and as with the last few updates there are some things missing that you might be expecting and depending on. First up, three major services are gone: Podcast Producer, RADIUS and dhcp. You can still do dhcp as you always did with OS X client as those features work on OS X Server, but the more granular controls available in OS X Server are now gone. The biggest impact of dhcp is probably in testing NetBoot services when there are network issues and you need to prove to network admins that it’s the network and not your server…
I had written an article before about FTP still being in OS X Server from the command line, but now it’s back in the GUI, which should make many an administrator happy. NAT is also gone from the GUI, but natd and natutil are still available from the command line. Might as well just use the Sharing System Preference pane for such things though… Server Admin is now gone (long live Server Admin!) and Workgroup Manager is now a download to be performed and installed following installation. Support for Managed Preferences is gone, even though most manifests technically still work.
Many services also got some pretty nice updates. These include:
The Alerts options are much more robust in Mountain Lion than they were previously. You can now get alerts on a myriad of things, incuding certs, disks, space, storage quotas, virus detection, network changes and software updates.
The Server commands also moved and in fact the whole file and folder structure mostly fit nicely inside of the Server app. There are certain things that haven’t been dealt with in this regard such as NetBoot’s library, but for the most part Apple is getting Server to the point where it’s very self-contained. The ramification of which is that upgrades for future releases (and from Lion to Mountain Lion for that matter) are much simpler. Simply downloading a new version informs administrators that the app has been replaced and is good to go, service data in tact. In real world, this has been a little hit or miss but should prove to make our lives much easier in the future.
Reducing scope, aligning with better development practices and all the work to merge all of the remaining services into Server app are huge undertakings. I would fully expect no further support or updates to Workgroup Manager, no more testing of managed preferences in deference to profiles and a few other culture shifts that still need to shake themselves out. Most of us are going to seem underwhelmed (if that’s a word, no it’s not ’cause I looked it up -> awesome video below –> ’cause affection has 2 fs, especially when you’re dealin’ with me). But here’s the thing, with an incremental update, you’re not going to get massive changes. Instead we will get slow and steady updates hopefully continuing to build faster towards a better end goal. What’s important is that the foundation is actually better now, given changes to other parts of OS X and so Server is likely now better positioned than ever for great new features in subsequent releases.
Oh, and did I forget to mention that Xgrid is gone. I guess no one really noticed anyway…
krypted July 26th, 2012
Posted In: Mac OS X Server
Tags: auto buddy, automator, calendar, changes, Command line, configure, contacts, DNS, features, file sharing, files, firewall, FTP, iCal, imessages, install, jabber, mail, messages, mountain lion, NetBoot, NetInstall, NetRestore, Open Directory, os x, OS X Server, package, pf, profile manager 2, sharing -a, Software Update, System Image Utility, Time Machine, vpn, webdav, websites, what's new, wiki, wizard
The first thing that loads in OS X is the kernel. The kernel is how users interface with hardware and sets the stage for interaction by probing for each driver that needs to be loaded and tracking what is found. The presence of everything about the system is tracked when the kernel loads as well as pertinent boot parameters. Even if you’re booting in verbose mode, most of this probably happens too fast to notice. You might be able to pause it, but you’re still trying to react to things too quickly in many cases. That’s where the dmesg command comes into play, which lets you review and control the messages since the system has booted.
The dmesg command also looks at some diagnostic messages after the system is due booting, such as when a new interface is detected. The dmesg command allows for more than what you can see in console, except explicitly for I/O related kernel messages after boot, rather than all the pesky OS stuff you might otherwise see, such as snarky little “spotlight can’t index this or that” kind of errors. Instead, dmesg output is only a few screens, easily readable that focuses on the system hardware & I/O interfaces.
Using dmesg is pretty easy. Even if you’ve su’d, you need to run sudo in front of it each time, but there’s no need for any parameters:
You can use -n for the level of errors or -s to constrain the buffer size, but in Mac OS X you likely don’t need to do either as there’s not a ton of information. If you’re looking for something specific, such as information on an AirPort interface, just grep it out:
sudo dmesg | grep AirPort
Overall, dmesg is helpful for stuff like this:
vnic0: promiscuous mode enable failed
Apparently, Rajesh Koothrappali couldn’t find any booze…
USBF: 23952.350 AppleUSBEHCI[0xffffff800b7dc000]::Found a transaction which hasn't moved in 5 seconds on bus 0xfd, timing out! (Addr: 4, EP: 2)
I had a bad drobo on the system… Which I might have known by the fact that the Finder froze when plugged in. But I always like to see it in the logs. Swap out one drive, message goes away, drobo loads just fine. Have I mentioned recently I’m liking the low end drobos less and less…
krypted June 13th, 2012
Out of Office responses to incoming email are an incredibly useful thing to have with any mail server. In Microsoft Exchange, these are sent by the server on behalf of each user when the user has enabled them. Out of Office messages can be configured using the Exchange web portal or using a standard mail client, which has up until now, usually be Outlook. In Lion, Apple has built in an Out of Office setting in Mail.app.
To configure an Out of Office message using Mail in Mac OS X 10.7, first configure the Mail client to communicate with the Exchange server. Then open Mail.app from /Applications. Right-click on the name of the account (or Inbox if you only use one account) and select Get Info from the contextual menu.
Click on the Out Of Office tab and check Send Out of Office Replies to enable the Out of Office message. A different message can be sent to users in your domain than to users outside of your domain; enter the Out of Office Response for users of each.
krypted July 9th, 2011