krypted.com

Tiny Deathstars of Foulness

April 6th, 2017

Posted In: MacAdmins Podcast

Tags: , , , , , ,

AppleTVs automatically update. They do so using a process similar to how iOS updates, but instead of looking at the feed I posted in http://krypted.com/mac-security/how-the-os-x-caching-server-caches-updates/, they look at http://mesu.apple.com/assets/tv/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml.

The AppleTV feed is similar to that available for iOS updates, with each dictionary having roughly the same data:

<key>ActualMinimumSystemPartition</key>
<integer>1482</integer>
<key>Build</key>
<string>13Y6234</string>
<key>InstallationSize</key>
<string>0</string>
<key>MinimumSystemPartition</key>
<integer>1534</integer>
<key>OSVersion</key>
<string>9.2</string>
<key>ReleaseType</key>
<string>Beta</string>
<key>SUDocumentationID</key>
<string>PreRelease</string>
<key>SUInstallTonightEnabled</key>
<true/>
<key>SUMultiPassEnabled</key>
<true/>
<key>SUProductSystemName</key>
<string>iOS</string>
<key>SUPublisher</key>
<string>Apple Inc.</string>
<key>SupportedDeviceModels</key>
<array>
<string>J42dAP</string>
</array>
<key>SupportedDevices</key>
<array>
<string>AppleTV5,3</string>
</array>
<key>SystemPartitionPadding</key>
<dict>
<key>1024</key>
<integer>1280</integer>
<key>128</key>
<integer>1280</integer>
<key>16</key>
<integer>160</integer>
<key>256</key>
<integer>1280</integer>
<key>32</key>
<integer>320</integer>
<key>512</key>
<integer>1280</integer>
<key>64</key>
<integer>640</integer>
<key>768</key>
<integer>1280</integer>
<key>8</key>
<integer>80</integer>
</dict>
<key>_CompressionAlgorithm</key>
<string>zip</string>
<key>_DownloadSize</key>
<integer>856434408</integer>
<key>_EventRecordingServiceURL</key>
<string>https://xp.apple.com/report</string>
<key>_IsZipStreamable</key>
<true/>
<key>_Measurement</key>
<data>cm8k41In38EOJEj20IwJp5Suskw=</data>
<key>_MeasurementAlgorithm</key>
<string>SHA-1</string>
<key>_UnarchivedSize</key>
<integer>3438532888</integer>
<key>__AssetDefaultGarbageCollectionBehavior</key>
<string>NeverCollected</string>
<key>__BaseURL</key>
<string>
http://appldnld.apple.com/tvOS9.2//031-53364-20160321-7C5E21F2-E7B5-11E5-89F7-525CBD379832/
</string>
<key>__CanUseLocalCacheServer</key>
<true/>
<key>__RelativePath</key>
<string>
com_apple_MobileAsset_SoftwareUpdate/f58f4b324a9c717ea57b0cee063473a99d9e9e92.zip
</string>
To construct a URL to a zip, you would then simply merge the _BaseURL and the _RelativePath to the asset from the feed for a given model, in the above example, ending up with the following URL to manually download tvOS 9.2 for AppleTV 5,3:
http://appldnld.apple.com/tvOS9.2//031-53364-20160321-7C5E21F2-E7B5-11E5-89F7-525CBD379832/com_apple_MobileAsset_SoftwareUpdate/f58f4b324a9c717ea57b0cee063473a99d9e9e92.zip
BTW, Applednld is load balanced between 17.253.29.201 and 17.253.29.202, both within Apple’s Class C.
You don’t need two / characters in the path, but if you take the same process from my earlier post, you end up with
http://10.1.1.2:55491/tvOS9.2/031-53364-20160321-7C5E21F2-E7B5-11E5-89F7-525CBD379832/f58f4b324a9c717ea57b0cee063473a99d9e9e92.zip?source=appldnld.apple.com

April 27th, 2016

Posted In: Apple TV, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , , , ,

Configuring Calendar Server in Yosemite Server is a fairly simple and straight forward process. The Calendar Server is a CalDAV Server, leveraging HTTP and HTTPS, running on ports 8008 and 8443 respectively. To enable the Calendar service in Yosemite Server, open the Server application and click on Calendar in the SERVICES section of the sidebar.

Calendar1

Once open, click on Edit to enable email notifications of invitations in the Calendar Server. Provide the email address and then click on the Next button.

Calendar2

At the Configure Server Email Address screen, provide the type of incoming mail service in use, provide the address of the mail server and then the port number used, if not a standard port for HTTPS-based IMAP (or POP if you’d prefer), the user name and the valid password for the account. Then click on the Next button.

Calendar3

At the outgoing mail server screen, provide the Outgoing Mail Server address, the port, whether or not SSL is in use (it should be if possible), the password protocol, the user name and the password. Then click on the Next button.

Calendar4

At the Mail Account Summary screen, review the settings and if correct, click Finish. Back at the service configuration screen, click on the plus sign (“+”) and provide a type of location, an address, a delegate, a name for the location, whether or not invitations to the resource are accepted and then enter the account name for any accounts that can manage the location’s calendar (they will auto-complete, so there’s no need to remember users and groups exactly). Click Done to complete the setup. Use the Resource setting in type to configure a resource instead of a location. The two are the same, except the Type field.

Calendar5

There are a number of settings that can also be configured. But those are exposed only at the command line. To configure them, open the command line and then review the list of Calendar service settings using the list option of the serveradmin command:

sudo serveradmin settings calendar

There are a number of settings for the Calendar service, including the following:

calendar:SSLCertificate = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.cert.pem"
calendar:EnableCalDAV = yes
calendar:Notifications:Services:APNS:CardDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.cert.pem"
calendar:Notifications:Services:APNS:CardDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.key.pem"
calendar:Notifications:Services:APNS:CardDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.contact.chain.pem"
calendar:Notifications:Services:APNS:CalDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.cert.pem"
calendar:Notifications:Services:APNS:CalDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.key.pem"
calendar:Notifications:Services:APNS:CalDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/apns:com.apple.calendar.chain.pem"
calendar:Notifications:Services:APNS:Enabled = yes
calendar:SSLAuthorityChain = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.chain.pem"
calendar:DefaultLogLevel = "warn"
calendar:Authentication:Digest:Enabled = yes
calendar:Authentication:Digest:AllowedOverWireUnencrypted = yes
calendar:Authentication:Kerberos:Enabled = yes
calendar:Authentication:Kerberos:AllowedOverWireUnencrypted = yes
calendar:Authentication:Wiki:Enabled = yes
calendar:Authentication:Basic:Enabled = yes
calendar:Authentication:Basic:AllowedOverWireUnencrypted = no
calendar:ServerHostName = "mavserver.takecontrolbooks.com"
calendar:Scheduling:iMIP:Sending:UseSSL = yes
calendar:Scheduling:iMIP:Sending:Server = "mail.krypted.com"
calendar:Scheduling:iMIP:Sending:Address = "com.apple.calendarserver@calendar.krypted.com"
calendar:Scheduling:iMIP:Sending:Username = "admin"
calendar:Scheduling:iMIP:Sending:Password = "Mitroae123"
calendar:Scheduling:iMIP:Sending:Port = 465
calendar:Scheduling:iMIP:Enabled = yes
calendar:Scheduling:iMIP:Receiving:UseSSL = yes
calendar:Scheduling:iMIP:Receiving:Server = "mail.krypted.com"
calendar:Scheduling:iMIP:Receiving:Type = "imap"
calendar:Scheduling:iMIP:Receiving:Username = "krypted"
calendar:Scheduling:iMIP:Receiving:Password = "Mitroae123"
calendar:Scheduling:iMIP:Receiving:Port = 993
calendar:DataRoot = "/Library/Server/Calendar and Contacts/Data"
calendar:EnableCardDAV = no
calendar:SSLPort = 8443
calendar:LogLevels = _empty_dictionary
calendar:DirectoryAddressBook:params:queryUserRecords = no
calendar:DirectoryAddressBook:params:queryPeopleRecords = no
calendar:SSLPrivateKey = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.key.pem"
calendar:EnableSSL = yes
calendar:RedirectHTTPToHTTPS = yes
calendar:EnableAPNS = yes
calendar:EnableSearchAddressBook = no
calendar:HTTPPort = 8008

One of the more common settings to configure is the port number that CalDAV runs on. To configure HTTP:

sudo serveradmin settings calendar:HTTPPort = 8008

For HTTPS:

sudo serveradmin settings calendar:SSLPort = 8443

You can then start the service using the start option:

sudo serveradmin start calendar

Or to stop it:

sudo serveradmin stop calendar

Or to get the status:

sudo serveradmin fullstatus calendar

Full status indicates that the three services are running:

calendar:readWriteSettingsVersion = 1
calendar:setStateVersion = 1
calendar:state = "RUNNING"
calendar:contactsState = "RUNNING"
calendar:calendarState = "RUNNING"

Once the Calendar server is configured, use the Calendar application to communicate with the server. Open the Calendar application and click on the Calendar menu and select Preferences. From the Preferences screen, click on Accounts to bring up a list of accounts. Here, click on the plus sign (“+”) to bring up the “Add an Account” screen.

Calendar6

At the “Add an Account” screen, select Add CalDAV Account.

Calendar7

CalDAV from the Account Type menu and then enter the User Name and password configured on the server, and add the address of the server if you don’t have any service records pointing to the server. The User Name is usually the name provided in Server app, followed by @ and then the address of the server.

Calendar8

Once the server is configured it appears in the list of accounts in the sidebar of the Calendar app. Create calendars in the account and then to share a calendar, right-click on the calendar and click on Share Calendar…

Calendar9

At the Share Calendar screen, provide the name the calendar should appear as to others and click on the plus sign (“+”) and enter any accounts to delegate administration to.

Calendar10

Back at the Calendar Settings screen, use the settings to configure Availability and refresh rate of calendars, as seen above. Click on Server Settings to assign custom port numbers.

Calendar11

Click on the Delegation tab to view any accounts you’ve been given access to.

Calendar12

Use the Edit button to configure who has delegated access to calendars, as opposed to configuring subscriptions.

Overall, the Calendar service in Yosemite Server is one of the easiest to configure. Most of the work goes into settings configured on client systems. This, as with Exchange, dedistributes administration, often making administration more complicated than with many other tools. But that’s a good thing; no one wants to access other peoples accounts, for calendars or mail for that matter, without those users knowing that it was done, as will happen when resetting passwords…

October 16th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , ,