unflyingobject

No news there, but some neat tricks:
To test a certificate:

> cat mycert.crt mycert.key > mycert.pem

> openssl s_server -cert mycert.pem -www

and then check https://localhost:4433

To strip a passphrase from an RSA keyfile:

> openssl rsa -in mykey.key -out newkey.pem

Whenever someone says you should "use make to create hash links" what they really mean is you should use Makefile.crt that comes with mod_ssl to create hash symlinks for Apache. This file doesn't come with OS X Server however, so either grab one from the mod_ssl source distribution (from the pkg.sslcfg directory) or use the script described here.

All taken from this brilliant Q&A.

After a power outage, this started happening:

Feb 14 15:36:35 www serveradmin: servermgr_nat: nat config:Error:Cannot launch natd

The Appple front-ends (like serveradmin) are not very verbose so I've found a good troubleshooting step to be to run the underlying deamon with the same config files, manually:

www:/etc/nat root# natd -config /etc/nat/natd.conf.apple

natd: unknown protocol (null). Expected tcp or udp

Aha! Indeed, the last line looks weird:

redirect_port (null) (null):3050

When it should be something like:

 -redirect_port proto targetIP:targetPORT[-targetPORT]

                 [aliasIP:]aliasPORT[-aliasPORT]

                 [remoteIP[:remotePORT[-remotePORT]]]

Digging a little deeper, we find that natd.conf.apple is actually re-written every time you serveradmin start nat (so modifying it directly is pointless). The values are populated from /etc/nat/natd.plist. If the latter doesn't exist, it's it's created from /etc/nat/natd.plist.default.

Since I was convnced I hadn't modified my natd.plist, I just did a

> mv natd.conf.apple natd.conf.apple.old

> mv natd.plist natd.plist.old

> serveradmin start nat

And that got things running again. What's really weird is the cause of this:

www:/etc/nat root# diff natd.plist natd.plist.old 

18a19,25

><key>redirect_port</key>

>  <array>

>    <dict>

>        <key>targetPortRange</key>

>            <integer>3050</integer>

>        </dict>

>  </array>

How that targetPortRange got there, I still don't know...

Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: exited with exit code: 75

Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: respawning too quickly! throttling

Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: 1 more failure without living at least 60 seconds will cause job removal

Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: will restart in 10 seconds

Feb 12 23:35:45 server master[14119]: empty option value on line 14 of configuration file

Feb 12 23:35:45 server master[14119]: exiting

That's just launchd's special way of saying that that cyrus is not starting up. The question is - what conf file is it talking about?
Let's check:

> man cyrus-master

OK, so there's two of them - /etc/cyrus.conf and /etc/imapd.conf. The first one had a comment on line 14, but the second one:

tls_common_name:

Setting a CN fixed the problem and cyrus was purring like a kitten again:

Feb 12 23:40:42 server master[14244]: process started

Feb 12 23:40:43 server ctl_cyrusdb[14245]: verifying cyrus databases

Feb 12 23:40:43 server ctl_cyrusdb[14245]: skiplist: recovered /var/imap/mailboxes.db (30 records, 5008 bytes) in 0 seconds

Feb 12 23:40:43 server ctl_cyrusdb[14245]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds

Feb 12 23:40:43 server ctl_cyrusdb[14245]: done verifying cyrus databases

Feb 12 23:40:44 server master[14244]: ready for work

For my thesis, I'm building a simple (there's that word again!) publishing backend that basically just accepts any kind of media, gives you an interface to catalogue it, creates Torrent metafiles, etc and then spits out XHTML and RSS. For this to look nice, I decided to use Apache's mod_rewrite to use simple canonical URI's (like show/get/11, genre/Horror etc), so my rule looked something like this (L flag means it's the last rule and NC that the regex is case-insensitive)

RewriteRule ^([a-z]+)/(.*)? shows.php?p=$1&id=$2 [L,NC]

But then you hit the age-old problem. You have some files (like images, css, javascript etc) that you want the browser to access directly, without the redirect. I must have tried a bazillion different permutations of Rewrite conditions, but then ended up with these two:

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !-f

Which, put before your RewriteRule, simply say:

Only apply the rule if the accessed file or directory doesn't exist on the server

Perfect. Mind you, there's also a "-U" switch which the Apache docs say should do the same thing, but I simply couldn't get it to work.

A really good way to learn these is to, in your httpd.conf set:

RewriteLog /private/var/log/httpd/rewrite_log

RewriteLogLevel 9

And just follow the output of that while your working on these.

Here's also some good practical RewriteRule documentation.Oh, and there's also a handy RewriteRule cheatsheet over at ILJD.

This happened after a failed attempt to add a signed cert from a CA - servermgrd just crashed. Trying to disable all SSL (/Library/Preferences/com.apple.servermgrd.plist) had no effect. Starting in debug mode just said this:

# servermgrd -d

2007-01-28 23:39:04.717 servermgrd[20540] *** _NSAutoreleaseNoPool(): Object 0x306030 of class NSCFData autoreleased with no pool in place - just leaking

2007-01-28 23:39:04.717 servermgrd[20540] *** _NSAutoreleaseNoPool(): Object 0x306420 of class NSCFData autoreleased with no pool in place - just leaking

2007-01-28 23:39:04.733 servermgrd[20540] Entering initialize

2007-01-28 23:39:05.600 servermgrd[20540] Starting idle processing

Bus error

Well, it turns out that the stuff about memory leaking is "normal". Here's the output of the same command on a totally unrelated, perfectly in-order Tiger server:

# servermgrd -d

2007-01-28 23:52:46.348 servermgrd[21665] *** _NSAutoreleaseNoPool(): Object 0x306020 of class NSCFData autoreleased with no pool in place - just leaking

2007-01-28 23:52:46.348 servermgrd[21665] *** _NSAutoreleaseNoPool(): Object 0x306410 of class NSCFData autoreleased with no pool in place - just leaking

2007-01-28 23:52:46.349 servermgrd[21665] Entering initialize

It's the Bus error that I'm worried about. Most of ktrace servermgrd -d and kdump -f ktrace.out is incomprehensible and so is pretty much /Library/Logs/CrashReporter/servermgrd.crash.log

Checking the last lines of kdump (kdump -f ktrace.out | tail -n 20) did mention /Library/Keychains/System.keychain, just shortly before the crash. A find -ctime 2 confirms that System.keychain was modified just around that fateful moment when this problem started. For the heck of it, I decided to move the old keychain aside, and create a new one:

# mv System.keychain System.keychain.old

# security create-keychain /Library/Keychains/System.keychain

Sure enough, servermgrd was open for business again:

server:/Library/Keychains root# servermgrd -d       

2007-01-29 00:20:48.654 servermgrd[20712] *** _NSAutoreleaseNoPool(): Object 0x306030 of class NSCFData autoreleased with no pool in place - just leaking

2007-01-29 00:20:48.655 servermgrd[20712] *** _NSAutoreleaseNoPool(): Object 0x306420 of class NSCFData autoreleased with no pool in place - just leaking

2007-01-29 00:20:48.655 servermgrd[20712] Entering initialize

2007-01-29 00:20:48.946 servermgrd[20712] Starting idle processing

2007-01-29 00:20:51.534 servermgrd[20712] Done with idle processing

I was actually able to salvage the certs and private keys from the damaged keychain file like thus:

# security export -k /Library/Keychains/System.keychain.old -t all -o ./all.pem

and then import them back into the fresh keychain:

# security import ./all.pem -P -k /Library/Keychains/System.keychain   

2 keys imported.

3 certificates imported.

The bad news is that although Server Admin works again, I'm unable to use the Certificate Manager. Any attempt to either add or import a cert gets replied by a dull "The selected certificate could not be retrieved. Going back to the list." Oh well, just another good reason to get more comfortable with the CLI - it's not as fragile... By the way, If you change SSL certs in httpd conf files, it seems it's better to stop and start the server, not restart (otherwise the old cert is still used).

Just for the record, the cert and key in /etc/servermgrd are disposable. If you delete them, they will be re-created by servermgrd on the next launch. Oh, and there's also certadmin, but it did absolutely nothing for me.

Giving your (admin) account the "postmaster" alias doesn't actually do anything because /etc/postfix/aliases hardwires postmaster to root and that sends mail to /dev/null. I fixed this by setting the "root" config var in aliases.

In other news, watch out for failed user-specific crontab entries. Sometimes (more than once) running

> crontab -u user -e

will simply hang, creating a tmp.something into /var/cron/tabs. This drives cron mad, eating up all the cycles it can. To fix is to basically pull a:

$ rm -rf /var/cron/tabs/tmp.*

$ killall cron -SIGHUP

The problem:

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: mail for [127.0.0.1]:10024 is using up 20000 of 20000 active queue entries

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: you may need to reduce smtp-amavis connect and helo timeouts

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: so that Postfix quickly skips unavailable hosts

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: you may need to increase the main.cf minimal_backoff_time and maximal_backoff_time

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: so that Postfix wastes less time on undeliverable mail

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: you may need to increase the master.cf smtp-amavis process limit

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: please avoid flushing the whole queue when you have

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: lots of deferred mail, that is bad for performance

Jan 22 17:57:59 server postfix/qmgr[29037]: warning: to turn off these warnings specify: qmgr_clog_warn_time = 0

The solution (found from the postsuper manpage):

> mailq | tail +2 | awk  'BEGIN { RS = "" } / spam@host$/ { print $1 }' | tr -d '*!' | postsuper -d -

/ snip /

postsuper: Deleted: 39819 messages

The cause:
I wish I knew...

This is again one of those cool things that you could never do with OS 9 or older:

> dd count=`echo $((1024*1024/512*sizeinmegs))` if=/dev/zero of=myfile.zeros

Perfect for testing drives, networks or file transfer apps.
Update:

man mkfile

1) To allow only FTP access to a share (AFP/FTP/SMB):

$ sharing -e sharename -s 010

2) All the configuration files are in /Library/FTPServer/Configuration
3) "man ftpaccess" had some useful info on the different chrootType values:

chroot_type standard | homedir | restricted

            Sets  the type of restricted environment the user is under when he

            logs on.  standard Allows users to  access  the  ftp  root,  their

            homedir,  and  sharepoints.   homedir  Allows  users to access the

            their homedir and  sharepoints.   restricted  restricts  users  to

            their own home directory.

and they all work with serveradmin:

$ serveradmin settings ftp:chrootType = "HOMEDIR"

OK, so this one started with a rather ominous message in /var/log/mailaccess.log:

Dec 11 15:33:47 gw mbpath[4439]: DBERROR: critical database situation

Stopped the server, tried a db rebuild. Nothing. Noticed a "no space on device" error, indeed df confirmed it. On to finding what's taking up the room:

gw:/Library/Logs root# du -hc -d 1 /              

  0B    /.Trashes

1.5K    /.vol

318M    /Applications

1.5K    /automount

3.5M    /bin

  0B    /cores

2.0K    /dev

  0B    /Groups

1.8G    /Library

2.0K    /Network

 21M    /opt

 45G    /private

2.2M    /sbin

112K    /Shared Items

1.1G    /System

9.0M    /Users

1.6G    /usr

5.7G    /Volumes

 56G    /

 56G    total

Could it really be the logs? Yups:

gw:/Library/Logs root# du -hc /private/var/log/samba/log.*

68K    /private/var/log/samba/log.nmbd

624K    /private/var/log/samba/log.smbd

44G    /private/var/log/samba/log.smbd.old

44G    total

Yikes! Deleted log.smbd.old and thanks to some avid GNU/Linux users, was able to get things working again:

gw:~ root# nano /etc/smb.conf

[global]

        bind interfaces only = true

        interfaces = en1 192.168.0.1

        hosts deny = all

        hosts allow = 192.168.0.1/24

I've seen this more than once - the Update tab in SA doesn't do anything and neither does "softwareupdate -l" - they just wait forever. Here's a workaround (PPC!):

$ curl -O http://tinyurl.com/ynh85z

$ hdiutil attach ./*.dmg

$ cd /Volumes/Mac\ OS\ X\ Server\ 10.4.8\ Combined\ Update/

$ sudo installer -verbose -pkg ./MacOSXSrvrCombo10.4.8PPC.mpkg/ -target /

After that, softwareupdate and SA > Update seem to work again. :)

It's really quite simple when you know it. This is all also somewhere in the documentation, but here are the exact steps for easy reference:
1) Boot off the install media
2) On another machine that has the tools installed, pull a

/System/Library/ServerSetup/sa_srchr 224.0.0.1

That should get you something like this:

localhost#1.25 GHz PowerPC G4#192.168.0.114#00:11:24:3e:62:aa#Mac OS X Server 10.4#RDY4PkgInstall#3.0#512

3) Cool.

ssh root@192.168.0.114

Password: the first 8 characters of your server hardware's serial number

4) Set up the disks (if you have hardware RAID, remember to use megaraid!):

-sh-2.05b# diskutil list

/dev/disk0

   #:                   type name               size      identifier

   0: Apple_partition_scheme                    *37.3 GB  disk0

   1:    Apple_partition_map                    31.5 KB   disk0s1

   2:              Apple_HFS Mac OS X Server    37.1 GB   disk0s3

/dev/disk1

   #:                   type name               size      identifier

   0:    CD_partition_scheme                    *746.0 MB disk1

   1: Apple_partition_scheme                    649.6 MB  disk1s1

   2:    Apple_partition_map                    31.5 KB   disk1s1s1

   3:     Apple_Driver_ATAPI                    4.0 KB    disk1s1s2

   4:              Apple_HFS Mac OS X Server Install Disc 1 649.2 MB  disk1s1s3

/dev/disk2

   #:                   type name               size      identifier

   0:                        untitled           *467.0 KB disk2

/dev/disk3

   #:                   type name               size      identifier

   0:                        untitled           *95.0 KB  disk3

/dev/disk4

   #:                   type name               size      identifier

   0:                        untitled           *95.0 KB  disk4

/dev/disk5

   #:                   type name               size      identifier

   0:                        untitled           *95.0 KB  disk5

/dev/disk6

   #:                   type name               size      identifier

   0:                        untitled           *219.0 KB disk6

I want my install on disk0, also check that the disk is working OK:

-sh-2.05b# diskutil randomDisk 1 /dev/disk0

-sh-2.05b# diskutil eraseDisk "Journaled HFS+" Server disk0

Started erase on disk disk0 



Creating Partition Map

 5% ..

Formatting Disk                                                                                          100% ..

Finished erase on disk disk0 



Finished partitioning on disk disk0

4) Install (this installs everything)

installer -lang en -verbose -pkg /System/Installation/Packages/OSInstall.mpkg -target /Volumes/Server

5) Reboot. Run Server Assistant.

Actually managed to find some documentation on this (why their server won't list it's program arguments, I will never understand). It's here.

When you're wrapping to launchd, keep in mind that every parameter has to go in a separate <string> tag. Ie not <string>--port something</string>, but <string>--port</string> <string>something</string>

Otherwise the server will start up, but won't be accepting connections on that port.

Mac OS X Server: About Privilege Mapping and When It Is Used
defaults read -g com.apple.AppleShareClientCore
defaults read /Library/Preferences/com.apple.AppleFileServer

By default, the squirrelmail conf only allows plaintext, but you don't have to enable that just because of your webmail users. To fix it, just do:

sudo /etc/squirrelmail/config/config.pl

And set Server Settings > Update IMAP Settings > Authentication type > cram-md5. There are a bunch of other useful settings there that should be checked as well. This must be mentioned in the docs as well.

Finally finished that piece on getting the iChat server to work with MSN. It's available for download here. (450kB PDF)

Changing IP-s is sometimes a risky business. Especially if your server's behind a firewall, in another country, across a great body of water. So here's a little backup strategy to use in case something does go bad:

> sudo at now + 1 hour

>networksetup -setmanual "Built-in Ethernet" youroldip youroldnetmask youroldrouter

> Ctrl -D

That way, if all goes to hell, it should go back to the previous state after an hour. If all goes well, don't forget to

> at -l

> at -r jobnumber

This actually did make it to afp548.com, but I'm putting it up here also in the hopes that it might come in useful for someone else too:

One way to train the spam filter that comes with OS X Server (10.4) is by setting up two accounts - "junkmail" and "notjunkmail" and redirecting all spam and false positives to them accordingly. This is all documented on page 52 of the Mail Service manual. Since users' Mail clients are usually quite well trained, I also instruct them to create a rule to do just that for all the email their client considers spam, but hasn't been tagged as such by the server.

The manual also mentions that the redirected emails are analysed every night at 1 AM after which they should be discarded. To automate that, all we have to do is add the correct ipurge command to the crontab (I use /etc/crontab here but normally you would just edit cyrusimap's crontab).

MAILTO="postmaster@myserver.com"

PATH=$PATH:/usr/bin/cyrus/bin



# min   hour    mday    month   wday    who     command



30      01      *       *       *       cyrusimap       ipurge -f -d 1 user/junkmail user/notjunkmail

I think these simple steps can go a long way in battling spam in a small business environment. One thing that's missing though, is any kind of overview of how much junk-mail we're actually processing. Preferably with some-sort of graphical representation. The MAILTO variable at the beginning of the crontab means that all the output of the ipurge command will be sent to the given address, usually the "postmaster" alias. This means we have all the necessary data and can generate the statistics on a remote machine.

I've chosen (what I think is) the most straight-forward approach by using AWK to generate a (partial) HTML file that displays the date of the processing, number of messages numerically and graphically and finally the total amount of messages. Although crude, this technique is very easy to use and doesn't depend on any extra software, except for Mail.app, which is assumed to be the mail client.

To run the script, I have to provide it with the directory with the email files and a name for the generated HTML file:

awk -f spamchart.awk of=test.html ~/Library/Mail/Mailboxes/Cron\ Jobs/mac.ee.mbox/Messages/*.emlx

The script itself is very simple, with most of the typing spent on CSS for the "bars". Please notice that the total message (per day) count is assumed to be on line 32 in the email. This should be fine for default setups, but must be changed accordingly in case your server adds additional headers (or doesn't add the spam headers etc).

#! /usr/bin/awk

#Usage: awk -f spamchart.awk of=outfile.html maildir



/^Date: / {

    theDate = sprintf ("%s %d %d", $4, $3, $5);

}



/^total\ messages / {

    if (FNR == 32) {

        total += $3;

            printf ("<div style=\"background: silver; height: 15px; width: %dpx; font-size: x-small;\">%s %d</div>", $3, theDate, $3) > of; 

    }

}



END { printf ("<br />Total messages: %s", total) >> of; }

Here's a sample of the output. Having a graphical view of our spam, I can immediately see that the numbers have been climbing steadily since August of this year. I guess I better get back to work then…

The home has to be inside an FTP share. Otherwise you'll get the FTP root contents instead. So to give local users access to their home folders over FTP, /Users would have to be set as an FTP share. The other, not so flexible solution, is to keep all homes within your FTP root.

Not keeping this in mind will throw your FTP users into the FTP root directory. The FTP transcript will say:
230-No directory! Logging in with home=/

Yes. Whenever you delete someone from WM, this line appears in system.log:
root : TTY=unknown ; PWD=/ ; USER=cyrusimap ; COMMAND=/usr/bin/cyrus/bin/ipurge -f -b 1 user/untitled_3

Weird but true: my small server was crashing intermittently for seemingly no apparent reason. After turning off the Software Update server that I simply didn't need anymore all has been well again...

The documentation says it's only good for static content anyways. The weird port 16080 is weird too.
The docs also said to put static stuff on a different vhost and enable cache on that. Pretty cool idea.

I've noticed that if you just disconnect without first closing nano, it will be eating up all your CPU the next time you connect. I've seen this on alot of different servers with 10.4.x.

This might be OK with other editors, but is still a good thing to keep in mind.

Was finally able to have the same site respond to different aadresses differently:
http://httpd.apache.org/docs/2.0/vhosts/examples.html

Just check /etc/httpd/sites/virtual_host_global.conf and make sure it looks like what's described in the article. Rearranging them in the Sites list also seems to help.

http://www.oreilly.com/catalog/macosxtigersa/

Needed to get gd2 support so thought why not as well update to latest 4.x PHP:

For JPG support, you'll ned libjpeg which won't compile directly. From the instructions here I found that you should simply:

> export MACOSX_DEPLOYMENT_TARGET=10.4

> ln -s `which glibtool` ./libtool

> cp /usr/share/libtool/config.sub .

> cp /usr/share/libtool/config.guess .

then just "configure --enable-shared" etc

LIBPNG

>curl -O http://surfnet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.12.tar.gz

Don't bother with the no-config option, it can't find ZLIB.

>./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --with-apxs --with-ldap=/usr --with-kerberos=/usr --enable-cli --with-zlib-dir=/usr --enable-trans-sid --with-xml --enable-exif --enable-ftp --enable-mbstring --enable-mbregex --enable-dbx --enable-sockets --with-iodbc=/usr --with-curl=/usr --with-config-file-path=/etc --sysconfdir=/private/etc --with-mysql=/usr --with-mysql-sock=/var/mysql/mysql.sock --with-gd --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-openssl=/usr

> make && sudo make install

And you should have PHP 4.4.4 with gdlib and OS X Server didn't notice a thing :P

Some stuff also from Apple, although IMHO Fink is overkill in this case:

I noticed cron had been churning away at 82% CPU for the past 140 hours (!). sc_usage and fs_usage came up empty (with the latter crashing) - so did ktrace. Remembering that "crontab -e -u someuser" hung on "Installing new crontab", I checked the tabs dir for any temp files. There were many of them. Ultimately, this seemed to help:

$ rm -rf /var/cron/tabs/tmp.*
$ launchctl stop com.vix.cron

Back to using just /etc/crontab! :-/

If You're using the "junkmail@yourdomain" technique to teach your server junk, You can make the server auto-delete learned stuff like this:

$ sudo bash

$ export EDITOR=nano; crontab -e -u cyrusimap

30 13 * * * /usr/bin/cyrus/bin/ipurge -d 1 -f user/junkmail

and if "crontab -e" gives you grief (like hanging and not writing the file), then just edit /etc/crontab

Well, there's really no such thing. But you can make it work.
In SA, create a realm where you want your WebDAV home folders to be.
Give Auth/Browse access only to an admin. Then just create something like /etc/httpd/sites/WebDavUsers.conf
and add the following:

<Directory "/WebDAV/folder/username">

  <LimitExcept GET HEAD OPTIONS>

    require user  username

  </LimitExcept>

</Directory>

It seems that Digest authentication under OS X comes automagically from NetInfo which means we don't have to edit any passwordfiles.

Now only the admin can see all the home folders, but each user can connect to http://server/username and see only their home.

10.4 server won't allow a user to log in without a "valid" shell. So here's a workaround (many thanks to unixgeek!!):

> /etc/shells

Set '/usr/bin/false' as the user's shell
According to some sources, this works also for SFTP, but I haven't been able to confirm this.

man named-checkconf
man named-checkzone

If you can ping your server, but services won't answer, try expanding your netmask!

1) echo "sudo servaradmin stop $1; sudo serveradin start $1" > /usr/bin/local/restart

2) http://www.ibiblio.org/pub/Linux/docs/howto/DNS-HOWTO
3) http://www.macdevcenter.com/pub/a/mac/2003/04/15/bind.html?page=1

with neither .4.6 or 7. The older model did.
The SmallTree drivers won't help.

If Server Admin doesn't want to enable quotas, try this:

sudo rm /.quota.*

> quotaon filesys

> reboot

Since 10.4.6 all services (it seems) require a FQDN to function. With a NAT-d IP this is ofcourse impossible.
So to get servermgrd to cool down behind a NAT:
* Configure DNS service (just add your local IP, no MX etc)
* Enable DNS server
* Add server IP to DNS servers
* Add NAT router's IP to DNS servers

Then check

host localip

host name.of.server

sudo changeip -checkhostname

http://docs.info.apple.com/article.html?artnum=303697
http://lists.apple.com/archives/macos-x-server/2006/May/msg01265.html

Interesting differences running ab -n 1000 -c 10 http://localhost/

1.5Ghz PowerBook G4 running Apache 1.3.3 OS X 10.4.6 

Server Software: Apache/1.3.33  

Server Hostname: localhost 

Server Port: 80 

 

Document Path: / 

Document Length: 1456 bytes 

 

Concurrency Level: 10 

Time taken for tests: 2.432 seconds 

Complete requests: 1000 

Failed requests: 0 

Broken pipe errors: 0 

Total transferred: 1867000 bytes 

HTML transferred: 1456000 bytes 

Requests per second: 411.18 [#/sec] (mean) 

Time per request: 24.32 [ms] (mean) 

Time per request: 2.43 [ms] (mean, across all concurrent requests) 

Transfer rate: 767.68 [Kbytes/sec] received 

 

Connnection Times (ms) 

min mean[+/-sd] median max 

Connect: 0 1 1.4 0 13 

Processing: 8 22 28.9 13 292 

Waiting: 2 22 28.9 12 291 

Total: 8 23 28.8 13 292 

 

Percentage of the requests served within a certain time (ms) 

50% 13 

66% 15 

75% 18 

80% 23 

90% 41 

95% 75 

98% 134 

99% 153 

100% 292 (last request) 

 

And Mac mini 1.25 Apache 2.2 OS X 10.4.6 Server: 

Server Software: Apache/2.2.0 

Server Hostname: localhost 

Server Port: 80 

 

Document Path: / 

Document Length: 5634 bytes 

 

Concurrency Level: 10 

Time taken for tests: 2.655151 seconds 

Complete requests: 1000 

Failed requests: 0 

Write errors: 5 

Total transferred: 5939098 bytes 

HTML transferred: 5622732 bytes 

Requests per second: 376.63 [#/sec] (mean) 

Time per request: 26.552 [ms] (mean) 

Time per request: 2.655 [ms] (mean, across all concurrent requests) 

Transfer rate: 2184.06 [Kbytes/sec] received 

 

Connection Times (ms) 

min mean[+/-sd] median max 

Connect: 0 0 3.2 0 97 

Processing: 4 25 27.1 15 140 

Waiting: 0 0 0.0 0 0 

Total: 4 25 27.3 15 140 

 

Percentage of the requests served within a certain time (ms) 

50% 15 

66% 15 

75% 20 

80% 26 

90% 56 

95% 110 

98% 118 

99% 130 

100% 140 (longest request) 

>/System/Library/ServerSetup/sa_srchr 224.0.0.1

Sadly it only works with machines booted off the install disc. :(

Backup everything (/var/imap, /var/spool/imap) , then run:
sudo /usr/bin/cyrus/bin/reconstruct
The "Repair" and "Reconstruct" buttons don't seem to do much in SA. :-/

When moving something to/from a WebDAV volume (such as an iDisk), try saving something to the desktop.
Here, the file is saved but doesnt show up, neither on the desktop, nor by browsing the Desktop folder (in any view). Things get really weird when you "open file" from the Terminal, then Command-click on the title bar - suddenly the file just appears.

This actually happens in any folder.

$ SystemStarter -v stop VNC 

$ cd /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources 

$ ./kickstart -configure -access -privs -all -users admin 

$ ./kickstart -restart -agent -console 

$ ./kickstart -activate

Don't do it!

Or if you do, and the session window doesn't open anymore, just trash com.apple.RemoteDesktop.plist

Server Admin took really long to start up.
Noticed that reverse DNS wasn't working:
[filipp@Scruffy filipp]$ host 192.168.1.10
;; connection timed out; no servers could be reached

Added server to my name servers list, all scrolls like butter again. :)

Create image in 10.4
Create softRAID in 10.3
Restore from 10.4

Had to rearrange my IP setup due to a new router:

changeip /LDAPv3/127.0.0.1 192.168.0.111 192.168.1.10 oldhost newhost 

/usr/sbin/networksetup -setmanual "Built-in Ethernet" 192.168.1.10 255.255.255.0 192.168.1.1

Solution:
http://david.codeferous.com/?p=216

There seems to be some problems with certain Apache 2.x configs under OS X (10.4 only?) where the connection would just randomly quit. One fix is to install 2.2

./configure --prefix=/usr/local/apache2 --enable-so --enable-mods-shared=most --enable-ssl --with-ssl=/usr --enable-cgi --enable-mime-magic --enable-dav

These settings worked well for me:

./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/lib --with-apxs2=/usr/local/apache2/bin/apxs --with-iconv --with-openssl=/usr --with-zlib=/usr --with-mysql --with-libxml-dir=/usr/local/php --with-xsl=/usr/local/php --with-pdflib=/usr/local/php --with-png-dir=/usr/local/php --with-zlib-dir=/usr --with-ldap--with-iodbc=/usr --with-xmlrpc --with-expat-dir=/usr/local/php --with-iconv-dir=/usr --with-curl=/usr/local/php --enable-exif --enable-soap --enable-sockets --enable-calendar --with-bz2=/usr --enable-calendar --enable-memory-limit

> nano -w /usr/local/php/lib/php.ini
include_path .:

http://www.wmwweb.com/apache/tomcat/tomcat-connectors/jk/source/jk-1.2.15/jakarta-tomcat-connectors-1.2.15-src.tar.gz

./configure --with-apxs=/usr/local/apache2/bin/apxs 

 

> nano /usr/local/apache2/conf/httpd.conf 

 

## WebLog 

 

JKWorkersFile /etc/httpd/workers.properties 

JKLogFile /var/log/httpd/mod_jk.log 

JKLogLevel error 

JKMount /*.jsp JBoss1 

JKMount /servlet/* JBoss1 

JKMount /examples/* JBoss1 

JKMount /weblog/* blojsomworker 

JKMount /blojsom_resources/* blojsomworker 

http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-standard-5.0.18-osx10.4-powerpc.dmg/from/pick#mirrors

G5 version (& RAM > 4GB)
http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-standard-5.0.18-osx10.4-powerpc-64bit.dmg/from/pick#mirrors

> mkdir /Library/StartupItems/MySQLCOM 

> nano /Library/StartupItems/MySQLCOM/MySQLCOM 



#!/bin/sh 

 

## 

# MySQL 5 Server 

## 

 

. /etc/rc.common 

 

StartService () 

{ 

 if [ "${MYSQL:=-NO-}" = "-YES-" ]; then 

  ConsoleMessage "Starting MySQL 5 Server" 

 cd /usr/local/mysql 

      ./bin/mysqld_safe & 

      fi 

} 

 

StopService () 

{ 

   ConsoleMessage "Stopping MySQL 5 Server" 

 PIDS=`ps ax | grep mysql | grep -v grep | awk '{print $1}'` 

      for pid in $PIDS; do 

             kill -KILL $pid

   done

} 

 

RestartService () 

{ 

       StopService 

      sleep 3 

  StartService 

} 

 

RunService "$1" 

 

 

> nano /Library/StartupItems/MySQLCOM/StartupParameters.plist 

{ 

      Description = "MySQL 5 Server"; 

  Provides = ("MySQLCOM"); 

 Requires = ("Resolver"); 

 OrderPreference = "Late"; 

        Messages = 

       { 

                start = "Starting MySQL 5 Server"; 

               stop = "Stopping MySQL 5 Server"; 

        }; 

} 

 

Check /etc/hostconfig

MySQLCOM -=YES=- 

Create DB:

>/usr/local/mysql/bin/mysqladmin -u root -p create TESTING

Add users:

GRANT ALL PRIVILEGES ON TESTING.* TO 'name'@'localhost' IDENTIFIED BY 'password';