« Tia - Teresa Anne Pham
Craig’s Grade Triumph! »

Mac OS X Server Travails

Some quick notes on setting up a Mac OS X 10.3 (Panther) Server:

DHCP:
* Existing workstations which already have a lease from another DHCP server must be manually release/reserved, at least on some Windows. The alternative is to issue a non-conflicting set of addresses in the same subnet until the old addresses expire.

DNS:
* Don’t forget to put in the final periods in the name of the domains, the SOA record fields, the NS fields and the MX fields, etc.

FTP:
* To change the umask of the FTP server in 10.3, cd to /etc/xinetd.d, vi ftp, and add a -u0002 argument.
* Set up sharing points in Workgroup Manager. Set sharing values for each protocol.

SSL:
* Got a $39 SSL certificate from StarterSSL?
* When ordering certificate, use browser/SSL combo…Apache/Leam? (spelling?)
* Must turn off the Performance Cache to get SSL certificate installed.
* Must use 443 for the Port to conform — it’s not changed automatically.

Multihoming:
* Must duplicate the entry in Network control panel.
Only run AppleTalk on one of them.
Set the subnet on the duplicate to 255.255.255.255.

HTTP and HTTPS on same port:
* Must have duplicate entries in Workgroup Manager “Web” Settings “Sites”…one of HTTP/80 and one for HTTPS/443.
* Add a “redirect” from http at base address of protected web to send over to https.

Mail:
* Don’t run an open relay. Set up “Accept SMTP relays only from…”
* Filter junk mail. Currently using these filters:
sbl-xbl.spamhaus.org
combined.njabl.org

WebMail:
* Set First Hop.
* Set Folder Names.
* Set up “redirect” from http:…/WebMail to https:…/WebMail.

Windows:
* Running as Primary Domain Controller

Comments

  1. John Blackburn wrote:

    Looks like useful information. Thanks!

    Posted 11 May 2004 at 7:57 am

  2. Tom Chappell wrote:

    Apple has documented a strange policy in Mac OS X Server:

    “Disk Quotas are set up in Workgroup Manager in Mac OS X Server 10.3. However, they are not enforced for an account until that user has logged in once via AFP.

    If the disk quotas you set up in Workgroup Manager aren’t being applied to some accounts, it’s probably because they connect via SMB. A user must log in at least once via AFP for the quota to apply.

    To set up Disk Quotas for an account, follow these steps in Workgroup Manager…”

    Posted 11 May 2004 at 11:50 am

  3. Tom Chappell wrote:

    John pointed out this section from Apple’s web site on the meaning of 10-client limit on the lower-cost version:

    Mac OS X Server is available in 10-client and Unlimited-client editions to meet the needs of your organization. Client restrictions apply only to simultaneous file sharing services for Mac and PC clients.

    Posted 11 May 2004 at 2:09 pm

  4. Tom Chappell wrote:

    I like that Mac OS X Server’s Mail Services protect against open relay exploits while still allowing authenticated users to relay mail—something WorldMail does not permit.

    Posted 11 May 2004 at 3:36 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

*

*