macOS Server 5.2 running on Sierra 10.12) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with the firewall is…
-
-
Setup FTP in macOS Server 5.2 on macOS 10.12 (Sierra)
macOS Server 5.2 (for Sierra) sees no changes with the FTP Service from previous versions of OS X. Instead of sharing out each directory the new incantation of the FTP service allows administrators to share a single directory out. This directory can be any share that has previously been configured in the File Sharing service or a website configured in the Websites service. To setup FTP, first open the Server app and then click on the FTP service. Once open, use the Share: drop-down list to select a share that already exists (output of sharing -l basically) and click on one of the shares or Custom to create a new share for…
-
Manage Groups In macOS Server 5.2 Running On Sierra
There are a couple of ways to create groups in macOS Server 5.2, running on Sierra. The first is using the Server app, the second is using the Users & Groups System Preference pane and the third is using the command line. In this article we will look at creating groups in the directory service with the Server app. Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and group objects are stored locally when created in Server app. Once promoted to an Open Directory server, groups are created in the Open…
-
Demote an Open Directory Master using the Server app
macOS Server 5.2 running on Sierra can have problems with Open Directory. Sometimes, you just need to reset your directory service. You can demote and restore the server if needed. But buyer beware, you may end up screwing things up while the directory server is being demoted and you’re restoring a backup. Or if you haven’t built out the directory server, you may end up just demoting the server and starting over. In this article, we’ll look at demoting the server. To get started demoting the Open Directory master, first open the Server app and click on Open Directory. From the Open Directory screen, click on the minus button in the Servers…
-
Manage Users On macOS Server 5.2 On Sierra
There are a few ways to create users in macOS Server 5.2, running on Sierra. The first is using the Server app, the second is using using the Users & Groups System Preference pane and the third is using the command line. In this article we will look at creating users in the Server app. To do so, open the Server app and connect to your server. Then click on the Users entry in the ACCOUNTS list. The list of users is displayed, based on the directory domain(s) being browsed. A directory domain is a repository of account data, which can include local users, local network users and users in a shared directory…
-
Programatically Manage DNS In macOS Server 5.2 On Sierra
DNS is DNS. And named is named. Except in OS X Server. Sometimes. The configuration files for the DNS services in macOS Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/ makes it more portable across systems. The current version of BIND is BIND 9.9.7-P3 (Extended Support Version). Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still an option. In macOS Server 5.2 (for Sierra), a new command is available at /Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework called dnsconfig. The dnsconfig command appears simple at first. However,…
-
Accessing macOS Server 5.2 Logs
macOS Sierra (10.12) running the Server app has a lot of scripts used for enabling services, setting states, changing hostnames and the like. Once upon a time there was a script for macOS Server 5.2 called serversetup. It was a beautiful but too simplistic kind of script. Today, much of that logic has been moved out into more granular scripts, kept in /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup, used by the server to perform all kinds of tasks. These scripts are, like a lot of other things in OS X Server. Some of these include the configuration of amavisd, docecot and alerts. These scripts can also be used for migrating services and data. Sometimes the scripts are in…
-
Use Startup Profiles In macOS Sierra
There is a nifty feature available in the profiles command in Sierra (which dates back to Mavericks), where you can configure profiles to install at the next boot, rather than immediately. Useful in a number of scenarios. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure): profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v And that’s it. Nice and easy…
-
Setup An Open Directory Master In macOS Server 5.2 On Sierra (10.12)
Open Directory has never been this easy to setup for a basic environment as it is in macOS Server 5.2 (for macOS 10.12 on Sierra). It’s also never been so annoyingly simple to use that to do anything cool requires a bunch of command line foo. And never has removing replicas been so difficult. No offense to the developers, but this whole idea that the screens and concepts that were being continually refined for a decade just need to be thrown out seems to have led to a few babies thrown out along with that OD bathwater. Features mean buttons. Buttons make things a tad bit more complicated to use than…
-
Navigating Through accountsd in macOS
The directory services options in macOS has quietly been going through some slow changes over the past couple of years. Many of the tools we use to manage accounts look similar on the outside but sometimes work a little differently under the hood. Account information is still stored in the /var/db/dslocal/nodes directory. Here, the local directory service pulls files from within directories recursively when accountsd loads. You can still create a second instance of the local directory service by copying the Default directory. For example, here we’ll copy the Default directory node to a directory node called NEW: sudo cp -prnv /var/db/dslocal/nodes/Default /var/db/dslocal/nodes/NEW If you killall accountsd then wait (this is…