Tag Archives: settings

iPhone

SimpleMDM Now With Apps

November 20, 2012 – 7:00 am

SimpleMDM has updated their Mobile Device Management solution (my original writeup is here) to now include the ability to manage apps. The apps functionality really comes in two flavors. The first is the ability to load up an app. This is handled handed by clicking on Settings in the right hand navigation bar and then at the Settings pop-over, clicking on Apps. Here, you can load up an internal, enterprise app or an App Store app.

Once you’ve loaded an app you can deploy it to devices by clicking on a group and then using the contextual menu to “Assign Apps.” Simple, as the name implies.

The second aspect of SimpleMDM is to white and blacklist apps. Doing so is done by clicking on the contextual menu and then clicking on Rules. Here, you can Allow or Disallow any app that has been loaded into the app catalog.

 

Tags , , , , , , , , , , , , , | Permalink | Comments Off
Mac OS X Mac OS X Server Mac Security Mass Deployment

Setting Up File Services in OS X 10.8 Mountain Lion Server

August 8, 2012 – 5:10 am

File Services are perhaps the most important aspect of any server because file servers are often the first server an organization purchases. There are a number of protocols built into OS X Mountain Lion Server dedicated to serving files, including AFP, SMB and WebDAV. These services, combined comprise the File Sharing service in OS X Mountain Lion Server.

File servers have shares. In OS X Mountain Lion Server we refer to these as Share Points. By default:

  • File Sharing has some built-in Share Points that not all environments will require.
  • Each of these shares is also served by AFP and SMB, something else you might not want (many purely Mac environments might not even need SMB). Or if you have iOS devices, you may only require WebDAV sharing.
  • Each share has permissions that Apple provides which will work for some but not all.

In short, the default configuration probably isn’t going to work for everyone. Therefore, before we do anything else, let’s edit the shares to make them secure. The first step is to create all of your users and groups (or at least the ones that will get permissions to the shares). This is done in Server app using the Users and Groups entries in the List Pane. Once users and groups are created, open the Server app and then click on the File Sharing service in the SERVICES list in the List Pane. Here, you will see a list of the shares on the server.

In our example configuration we’re going to disable the Groups share. To do so, click on Groups one time and then click on the minus button on the screen.

As mentioned, shares can be shared out using different protocols. Next, we’re going to disable SMB for Public. To do so, double-click on Public and then uncheck the SMB protocol checkbox for the share.

When you’ve disabled SMB, click on the Done button to save the changes to the server. Next, we’re going to create a new share for iPads to be able to put their work, above and beyond the WebDAV instance automatically used by the Wiki service. To create the share, first we’re going to create a directory for the share to live in on the computer, in this case in the /Shared Items/iPads directory. Then from the File Sharing pane in Server app, click on the plus sign (“+”).

At the browse dialog, browse to the location of your iPad directory and then click on the Choose button.

At the File Sharing pane, double-click on the new iPads share.

At the screen for the iPads share, feel free to edit the name of the share (how it appears to users) as it by default uses the name of the directory for the name of the share. Then, it’s time to configure who has access to what on the share. Here, use the plus sign (“+”) in the Access section of the pane to add groups that should be able to have permission to access the share. Also, change the groups in the list that should have access by double-clicking on the name of the group and providing a new group name or clicking on the plus sign to add a user or group.

The permissions available in this screen for users that are added are Read & Write, Read Only/Read and Write. POSIX permissions (the bottom three entries) also have the option for No Access, but ACLs (the top entries comprise an Access Control List) don’t need such an option as if there is no ACE (Access Control Entry) for the object then No Access is assumed.

If more granular permissions are required then click on the name of the server in the Server app (the top item in the List Pane) and click on the Storage tab. Here, browse to the directory and click on Edit Permissions.

As can be seen, there are a number of other options that more granularly allow you to control permissions to files and directories in this view.

Once you have provided all of the appropriate users access to the share, go back to the settings for the share and scroll to the bottom of the screen.

Here, you have the option to set which protocols the share is accessible through (AFP, SMB & WebDAV) as well as make the share accessible to guests (only do this if the share should be publicly accessible) and make the share an option for home folders. Click Done once you’ve configured the share appropriately.

Once a share has been made an option for home folders it appears in both Workgroup Manager and the Server app as an available Home Folder location for users in that directory service.

Once you have created all the appropriate shares, deleted all the shares you no longer need and configured the appropriate permissions for the share, click on the ON button to start the File Sharing service.

The File Sharing service can also be controlled from the command line. Mac OS X Server provides the sharing command. You can create, delete and augment information for share points using sharing.

To create a share point for AFP you can use the following command:

sharing -a -A

So let’s say you have a directory at /Shares/Public and you want to create a share point called PUBLIC. You can use the following command:

sharing -a /Shares/Public -A PUBLIC

Now, the -a here will create the share for AFP but what if you want to create a share for other protocols? Well, -F does FTP and -S does SMB. Once created you can disable the share using the following command:

sharing -r PUBLIC

To then get a listing of shares you can use the following command:

sharing -l

You can use the sharing command to enable FTP for various share points. To do so, enable FTP using the Server app and then use the instructions at this site to manage FTP on shares: http://krypted.com/mac-os-x/ftp-on-lion-server.

You can also use the serveradmin command to manage file shares as well as the sharing service. To see settings for file shares, use the serveradmin command along with the settings option and then define the sharing service:

sudo serveradmin settings sharing

To see settings for the services use the serveradmin command with the settings option followed by the services: afp and smb:

sudo serveradmin settings afp

To see a run-down of some of the options for afp, see this article I did previously. Additionally, for a run-down of smb options, see this one.

Tags , , , , , , , , , , , , , , | Permalink | Comment (1)
Mac OS X Mac OS X Server Mac Security Mass Deployment

Setting Up The Messages Service In Mountain Lion Server

August 2, 2012 – 5:00 am

iChat Server was sooooo easy to configure. iChat Server is now Messages Server. Both use the open source jabber project as their back-end code base. Lucky us, all Apple did in the latest iteration is change the name of the service in the Server app, leaving the command line effectively untouched. The paths to things serverish have changed. The jabberd binary is now at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. Given the importance of having multiple binaries that do the same thing, another jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd. Note that the man page says it’s in /etc. But I digress.

Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.

“I brought you some supper but if you’d prefer a lecture, I’ve a few very catchy ones prepped…sin and hellfire… one has man page lepers.”

Once open, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and then click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server. You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates.

“Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious.”

At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin).

“And I think calling him that is an insult to the psychotic lowlife community.”

To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button.

Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator:

sudo serveradmin fullstatus jabber

The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here:

jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "32"
jabber:currentConnectionsPort1 = "32"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.177"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "kaylee.pretendco.com"
jabber:hosts:_array_index:0 = "kaylee.pretendco.com"
jabber:setStateVersion = 1
jabber:startedTime = "2012-08-02 02:53:26 +0000"
jabber:readWriteSettingsVersion = 1

There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows:

sudo serveradmin settings jabber:jabberdClientPortSSL = 8080

To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book:

sudo serveradmin settings jabber:savedChatsLocation = "/Volumes/Pegasus/Book"

To see a full listing of the options, just run settings with the jabber service:

sudo serveradmin settings jabber

The output lists each setting configurable

jabber:s2sRestrictDomains = no
jabber:authLevel = "STANDARD"
jabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"
jabber:sslKeyFile = ""
jabber:enableXMPP = yes
jabber:initialized = yes
jabber:jabberdClientPortSSL = 5223
jabber:sslCAFile = ""
jabber:requireSecureS2S = no
jabber:savedChatsArchiveInterval = 7
jabber:hostsCommaDelimitedString = "zoe.pretendco.com"
jabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"
jabber:jabberdS2SPort = 5269
jabber:hosts:_array_index:0 = "zoe.pretendco.com"
jabber:jabberdClientPortTLS = 5222
jabber:enableSavedChats = no

To stop the service:

sudo serveradmin stop jabber

And to start it back up:

sudo serveradmin start jabber

It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.

“This is what I do, darlin’. This is what I do.”

Tags , , , , , , , , , , , , , | Permalink | Comments (15)
iPhone

iPhone 4: Where is My FaceTime?

September 30, 2011 – 6:00 am

I am almost embarrassed how long this took me to figure out. FaceTime was missing on my iPhone 4. Apparently, if you upgrade from 3 to 4 it doesn’t automatically show up. Instead you need to go to Settings and then tap on the Phone settings. Right there, staring back at you is a screen that says FaceTime and it gives you the ability to turn it ON or OFF.

Tap ON and it should reappear in your apps (required me to reboot to show up).

Tags , , , , , , , | Permalink | Comment (1)
Mac OS X Server

When Zones Just Won’t Die

July 12, 2011 – 5:00 am

At times, you may find that information gets stuck in Server Admin and can’t be removed. For example, you see a Zone in Server Admin, and it doesn’t have a Name Server record attached to it. You can’t delete it but every time you add a Name Server it just disappears. This is often caused when you remove or change something and it gets dumped from the zone files in /var/named but not from the BIND view. Running serveradmin will show the data but as it’s serialized it can’t be removed:

serveradmin settings dns

Without a Name Server record, the zone is unresponsive to queries. Removing the zone can delete the zone file from /var/named/zones but doesn’t delete it from Server Admin. To go ahead and get rid of the bad records, open the /etc/dns/publicView.conf.apple file with your favorite text editor. Here, each zone in OS X Server has a corresponding block, such as:

*+zone "1.168.192.in-addr.arpa." {+*
*+type master;+*
*+file "db.1.168.192.in-addr.arpa.";+*
*+allow-transfer {none;};+*
*+allow-update {none;};+*
};

Locate the offending block for the jacked up and remove or comment it out. Don’t delet this block though:

+zone "." {+
+type hint;+
+file "named.ca";+
};

+zone "localhost" IN {+
+type master;+
+file "localhost.zone";+
+allow-update { none; };+
};

+zone "0.0.127.in-addr.arpa" IN {+
+type master;+
+file "named.local";+
+allow-update { none; };+
};

That block should stay in place. The Server Admin generated blocks should be towards the top and the above block that shouldn’t be removed should be at the bottom.

Tags , , , , , , , , , , , | Permalink | Comments Off
Mac OS X Windows XP

Firefox Settings

February 27, 2007 – 11:10 pm

From Firefox, type about:config in the address bar and hit the enter key.  You should then be looking at some settings for Firefox.  You can double-click on any of these and provide more granular settings that what is possible from the stock settings preference panel.  Have fun assigning the network.proxy.gopher_port for Firefox, I hear it comes in really handy.  ;)

Tags , , , , , | Permalink | Comments Off