macosxhints.com OS X Server tips

Allow custom URL protocols in Lion Server wiki pages

Wed, 09 May 2012 07:30:00 -0700

If you use Lion Server, and its wiki server, you may find it useful to use custom URL protocols for internal documents and links. Apple has published a technical note explaining how to do this. This document explains how to create the necessary configuration file - /etc/collabd/filter_whitelist.plist - for any custom URL protocol you wish to use.

Replace SMB Server with open source version in Mac OS X Lion Server

Tue, 03 Apr 2012 07:30:00 -0700

I have had nothing but trouble with SMB (Windows Sharing) services in Mac OS X Server 10.7. These problems were supposedly solved in 10.7.3, but my particular issues seem to still be there in several cases (Windows XP name browsing not working, Guest access not working, performance issues, dropped connections), and may be related to the Windows XP (versus Windows Vista/7) clients I'm dealing with. All of these were working fine with Mac OS X Server 10.5.8 when a string of hardware failures required replacement with the current version, which is working well for the Mac OS X clients.

I have found that replacing the Apple supplied services with the open source Samba version (dropped by Apple in Mac OS X Lion for apparent licensing issues) has solved these problems, and provided faster performance. Unfortunately setup isn't well documented, takes a while, and has no GUI tool (SharePoints I miss you!).

In hopes that I can give someone a head start for doing this if ...

Redirect mail button on Wiki pages

Mon, 20 Feb 2012 07:30:00 -0800

I have seen on the Apple discussion forum that there is no solution for the mentioned redirection. Today I have found a solution which was plain simple as all things Apple.

Every time you click on the mail link in Wiki Server it will take you to SquirrelMail login screen. This screen is the login.php file.

So in order to redirect Wiki Mail to any URL of your choice you just need to edit or substitute the login.php file which is located in /usr/share/squirrelmail/ like this:

<?php
/* Redirect browser */
header("Location: http://your_preffered_url/");
exit;
?>

[crarko adds: I haven't tested this one, but it seems pretty straightforward. As always when editing system-related files, have a known good backup.]

10.7: Updating Lion Server if using CalDAV and CardDAV

Mon, 06 Feb 2012 07:30:00 -0800

If you plan to update your OS X Server to 10.7.2 be sure to restart your machine and stop all server services, especially iCal Server and Address book server before applying the update.

It happened to me yesterday that I applied the OS X 10.7.2 update to my Mac mini server without closing any apps. I just ran it. After the update it turned out, this was a big mistake. All calendar entries of the past three weeks and many contacts were lost.

I was not able to recover anything from time machine. Lion server keeps the CalDAV and CardDAV data in a PostgreSQL database which is apparently not backed up by TimeMachine. Also, the PostgreSQL uses transactions which need to be 'closed' before they end up being permanently written into the DB tables.

What I found from reviewing the postgres log file (/Library/Logs/PostgreSQL.log) is that the 10.7.2 server update will apply a whole bunch of database structure updates to PostgreSQL but without ...

Cannot boot to NetRestore Image

Wed, 14 Dec 2011 07:30:00 -0800

I ran into a problem recently where I was unable to boot into any of the images I had made from any Mac. I have NetRestore and one NetBoot image, but not one of my Macs could get to it. After many failed attempts, I finally tricked it into letting me boot. Here's how.

The problem actually has to do with the way that NetBoot filters computers. It used to be that you could turn filtering on and off, but now, it is not so simple. In the Image Properties window, you have the option to either all model types, or just the ones selected from a given list.

However, MAC filtering is different, you can't simply say allow all. The default selection is to allow only only those computers with the matching MAC addresses in the list below and deny others. This is what is preventing computers from being able to boot. And unless you are interested in manually entering in every new MAC address, it is impractical.

The second option is to deny only those computers in the lis ...

10.7: Virtual Hosts and multiple web servers

Thu, 13 Oct 2011 07:30:00 -0700

After a great deal of searching the net for answers I have pieced together what is needed to do a couple of things I have wanted to do for some time now. The first is to have virtual hosts working nicely on 10.7 Lion Server. The second and related item is to have multiple web servers within a LAN accessible from one WAN address.

Virtual Hosts

To get this working add the following line to the /etc/apache2/httpd.conf file and then restart the web service.

NameVirtualHost *:80

Restarting the web service can be done in the Terminal using:

sudo serveradmin stop web sudo serveradmin start web

Now you can add virtual hosts through the Server app.

Multiple web servers within a LAN accessed from one WAN address.

Set up: The following assumes that you have 3 servers with correctly working DNS and apache services. The 10.10.10.x subnet is used for the examples, change them to w ...

10.7: Setting the default timezone for calendars viewed on Wiki Server

Thu, 08 Sep 2011 07:30:00 -0700

Apple does not seem to have provided a setting to change the default timezone despite the obvious need to be able to do so. This hint is a workaround giving a way of changing the timezone for all users who view the calendar via the web interface.

First backup the following file:

/usr/share/collabd/coreclient/app/views/projects/calendar.html.erb

You will need root privileges to edit the file; this can be accomplished by:

sudo nano /usr/share/collabd/coreclient/app/views/projects/calendar.html.erb

Add the following line to the original file below the line <% content_for(:head) do %>:

<meta name="tzid" content="Europe/London">

Where "Europe/London" is replaced by the desired timezone.

The file should now read (in its entirety) ...

10.6 Server: Workaround for recurring CalDAV password dialogs on iOS devices

Thu, 26 May 2011 07:30:00 -0700

Follow these steps to work around an issue that causes recurring password dialogs on iOS devices that are configured to connect to a CalDAV account hosted by Mac OS X Server 10.6.

The procedure involves turning off Digest authentication and enabling Basic authentication. Since all passwords will be sent in the clear, make sure that all traffic to the iCal server is encrypted. This can be done either by requiring users to connect via VPN or by using a valid SSL certificate and setting SSL to 'Redirect' in the iCal Service settings in Server Admin.

Log in to an administrative user's account on the server and open the Terminal application located in /Applications/Utilities/.
Type the following command to change to the directory containing the settings for the iCal service:
cd /private/etc/caldavd
Make a copy of the preference file. You will be asked for the administrative user's password after en ...

Change iCal Server invitations so they will clear spam assassin

Thu, 31 Mar 2011 07:30:00 -0700

The default invitations which iCal Server sends may be seen as spam by Spam Assassin (score of 5.8 or so), because of a large picture attachment.

The workaround for this I found was to modify the template for the invitation to eliminate the attachment.

The templates for iCal Server invitations are located in: /usr/share/caldavd/share/email_templates.

I changed mine so they are straightforward but at least not seen as spam. For example, my invite.html is:

<html>
<head></head>
<body>
<p>Event: %(summary)s</p>
<p>Organizer: %(htmlOrganizer)s</p>
<p>Location: %(location)s</p>
<p>Date: %(dateInfo)s %(recurrenceInfo)s</p>
<p>Time: %(timeInfo)s %(durationInfo)s</p>
<p>Description: %(desc ...

Make event emails sent from 10.6 iCal Server come from actual user

Tue, 29 Mar 2011 07:30:00 -0700

In Server Admin, the iCal settings allow you to specify a single email from which event invitations will come. For a personal calendar though, you really want the email to come from your own email.

The script which sends invitations is found at:

/usr/share/caldavd/lib/python/twistedcaldav/mail.py

It appears that it tries to find the appropriate email address, but I could not figure out how to make a value ever be present where it was looking.

So, I modified the script as shown below. Change:

 if organizer.startswith("mailto:"):
  orgEmail = fromAddr = organizer[7:]
 else:
  fromAddr = serverAddress
  orgEmail = None
 cn = calendar.getOrganizerProperty().params().get('CN', (None,))[0]

To: ...

10.6 Virtualize machine-specific OS X Server in Fusion

Mon, 20 Dec 2010 07:30:00 -0800

I did all this on a new mid-2010 Mac mini Server (with an external MacBook Air SuperDrive), with OS X Server 10.6.5 (re)installed on the upper drive (*disk1*) and OS X client 10.6.5 (and Fusion, many other apps, etc.) installed on the lower drive (*disk0*): i.e., with the computer used mainly as a client desktop rather than a server; so, virtualizing the server OS might be the most convenient solution, while - if desired - also being able to natively boot into the server (at least as an experiment).

So, you want to virtualize a whole hard drive (HD) with OS X Server installed? Or, more simply, if you want to install OS X Server onto an 'ordinary,' file-based Fusion virtual machine (VM), but only have a machine-specific install DVD (which will refuse to install if used to boot the VM), here is what I did. Part 1: If you want to virtualize a whole dis ...

10.6: Exclude Software Update data in Time Machine backups

Tue, 25 May 2010 07:30:00 -0700

Using the Time Machine preference pane, it is not possible to effectively exclude the data for the Software Update service from Time Machine backups on Mac OS X Server 10.6. A method is presented here which will do that.

By default the software downloaded from Apple�s servers necessary for the Software Update service is located at /private/var/db/swupd. When excluding this directory using the Time Machine preference pane the path is changed to /var/db/swupd (/var being a symbolic link to /private/var) and the data is still backed up. [crarko adds: This is for Snow Leopard Server only.] To remove the Software Update service data from the backups, follow these steps using an administrative account:

Exclude /private/var/db/swupd or /var/db/swupd in the Time Machine preference pane.
Quit t ...

10.6: Stream high-resolution chapter-marked movies

Fri, 26 Mar 2010 07:30:00 -0700

So here was my problem: I needed to be able to produce high-resolution movies of live screen presentations (PowerPoint as it happens) with audio. And because these presentations were two hours long, people wanted chapter/section marks so they could go directly to the part they were interested in seeing again.

We wanted to stream the movies, so that people did not have to download the entire 2GB+ movie. They movies also had to be on a server I could get to, so that we could get the video online quickly.

This all proved harder than it sounds, and took me about three weeks to figure out and set up -- it wasn't hard, but it was undocumented and not intuitive. I am providing this information because the online information is either wrong, or it doesn't seem to exist.

...

10.6: Avoid a DHCP issue with Dual Band Airport Extreme

Thu, 18 Mar 2010 07:30:00 -0700

While playing with Snow Leopard Server's various services, I noticed DHCP wasn't working. Actually, it worked at first for my laptop, then it stopped. Then I noticed the iPhones were not able to receive IPs either. I thought it was something with my server, so I drew a network diagram, and it gave me an idea.

I have an Internet modem connected to a Netgear router, to which the AirPort Extreme (Dual Band) is connected. My Snow Leopard Server machine is connected via the AirPort, as are all other clients. My drawing showed that when my Server was connected on the 5Ghz side, and the DHCP clients were connected on the 2.4Ghz side, DHCP would not work.

I confirmed this by splitting the dual band and connecting server and all clients on the 2.4GHz channel only. Set up this way, DHCP worked great; problem solved! I'm not sure if that makes perfect ...

Add Volumes for mount at login directly on OS X Server Mac

Thu, 25 Feb 2010 07:30:02 -0800

Today I needed to use Workgroup Manager to add a Login Item that Mounts an afp Volume. Apple provides no instructions for doing this while logged in directly on the server; instead this task is done using Workgroup Manager on a client (see this Apple support document). I didn't have my MacBook with me at the time, nor did I want to install the Server Admin Tools on another machine just for this one task.

The solution is:

Open Safari and enter the URL in the form of afp://IP-address-OR-Server-name/Share Point
Drag the favicon (next to the URL) onto the Desktop.
Drag the favicon into the System Preferences » Login » Items section of Workgroup Manager.
Click Apply Now.

Note that you do not need to add %20 to any white space when typing the URL in Safari; this will automatically be added when you drag the Favicon to the Desktop. Also, the colon and fo ...

10.6 Server: How to get NFS disk serving working properly

Tue, 23 Feb 2010 07:30:00 -0800

You may be surprised to learn that if you follow the detailed 136 page instructions for setting up an NFS disk server that Apple provides for the OS X server machines, it won't actually work. The problem is the firewall. Unlike the non-server OS, which has an application firewall, the Server OS uses IPFW, which is port-based not application-based.

This means every service that takes inbound connections has to have fixed port range assignments so you can tell IPFW which port to open. NFS required the RPC deamon, and by default, RPC takes whatever ports are free at the moment and does not keep them fixed. You need to fix these to specific ports by hand because the GUI won't do it.

This can be confusing to diagnose because if you start NFS with the firewall down and then put it up, you find the server continues to work for about 30 minutes, be ...

10.6 Server: Set the appropriate Software Update Server

Wed, 21 Oct 2009 07:30:00 -0700

With Mac OS X Server 10.5 and below, Software Update Server only had one catalog of updates -- thus, you could run a command like this one, and have it point Software Update to your server:

defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "http://Server.local:8088/"

With Mac OS X Server 10.6, Apple has divided the catalog file into three separate catalogs: one for 10.4, one for 10.5, and one for 10.6. Each is a separate URL, and if you set the wrong catalog for the OS, you'll get the (incorrect) message that your software is already up-to-date. Having three separate scripts is a hassle, though, and is prone to error.

On the Hints Forums, users tw and Hal Itosis were instrumental in crafting this AppleScript. It checks the OS that you ...

Update the Software Update Server without re-downloading

Tue, 20 Oct 2009 07:30:02 -0700

I had the need to update a server that was acting as a Software Update Server. I knew that the machine had the update on it, but was unsure of how to get it to see the locally-hosted update. If you open Terminal and issue this command...

open /usr/share/swupd/html/index.sucatalog

...then Software Update will launch, looking at the localhost -- no need to re-download the update from Apple.

10.6: Using iCal Group calendars on Snow Leopard Server

Mon, 21 Sep 2009 07:30:02 -0700

Snow Leopard's iCal Server changed the location of the Wiki-based calendars, so that this previous hint no longer works. Intead of using the path of /principals/groups/groupname, the URL for wiki-based calendars has changed to one of the following:

https://ical.domain.com:8443/principals/wikis/groupname/
http://ical.domain.com:8008/principals/wikis/groupname/

When you add this in as a URL for an additional account, you can then access this shared calendar, with your changes reflected on the wiki page. You could alternatively create a specific user in workgroup manager to be used as the 'silent' owner of a group calendar, create your calendars, assign delegation to all the real users. But if done in that way, you don't get to see the calendar in the wiki, online.

...

10.5: List service ACLs on Mac OS X 10.5 Server

Mon, 20 Jul 2009 07:30:00 -0700

Mac OS X lacks a good command line tool for following a Services Access Control List (SACL) tree of users and groups. If you don't want to, or just can't, use the GUI to list users in service ACLs of your Mac OS X server (or managed client), you need to parse the groups/nested groups/users tree one group at a time, using dscl. It's really painful. As an alternative, I've created a script to handle this for sys admins.

I won't promise you a killer command line tool with foolproof error and recursion handling, but I still believe I've designed a usable piece of shell script -- even if it looks like it's the worst code I've ever written (which is not true; I've made things way uglier). The source code is too long and messy to be just copy-pasted here; just download the getsacls.sh script (4KB) directly from my mach ...