Sunday, May 31, 2009

OSX Server - What works and what Doesnt

So after 2 months of using OSX server, here's the update:

What we're using it for:

1) Central file server - I often have to fix permissions on the shares as someone will copy things into a share and the file will be read only to others in the same group. Since the UI is messed in Leopard (see previous post) you have to fix this through a VNC connection on the server which means you need to be an admin. Apple really needs to fix that.

2) DHCP - this is working, although some of the engineers have complained that the OSX DHCP server seems slow.

3) DNS - no real complaints here

4) Mail - The UI around the mail setup was weak and broken. Has anyone tested that? Some things we had to do:


/etc/postfix/master.cf -> uncomment submission inet n - n - - smtpd
enables port 587

/etc/postfix/main.cf -> add tls_random_source = dev:/dev/urandom (gets rid of some error messages)
"no entropy source specified with parameter tls_random_source"

/etc/imapd.conf -> add tls_ca_file: /etc/certificates/wasabi.nasuni.net.crt (gets rid of more error messages)
"TLS server engine: No CA file specified. Client side certs may not work"

http://www.corpmac.co.uk/2008/09/30/tls-no-ca-file-specified-reason-and-solution/

They also don't let you add aliases other than Groups so you need to:


sudo vi /etc/aliases
sudo newaliases


Also note that when you stop the mail server and restart it through their UI (i.e. after you changed some settings) you often lose the first email that gets sent after restart. Nice.

Generally i'd recommend using someone else's mail server. The experience was not an "apple" one.

5) Open Directory - Apple uses this for all the user/group management and I havent had to touch it.

6) Radius - We use this for Cisco VPN authentication. Note that OSX server didn't really support this in the UI, so you need to follow some instructions.

7) Software update - saves multiple macs downloading to the same spot. Note that the first time you turn this on its really painful as it brings in a lot of updates.

8) Backups - the server time machine's itself and presents itself as a time machine target for any clients to use.

What we're NOT using it for:

1) Wiki - I used the Apple Wiki quite a bit. Its VERY limited. The WYSIWYG is nice, but you don't always get what you see and it can do some odd formatting stuff. If you want to do more advanced stuff you get thrown into HTML and the HTML is cluttered and hard to manage. You can't do a lot of basic stuff and eventually I punted and went with the tried-and-true MediaWiki which i'm very happy with. Its running as its own VM.

2) Web Hosting - I didn't really even try this. I wanted a server that wasn't hosting all the stuff above to be our external web host. So I created a standard Linux VM and am hosting the site via Apache.

3) Firewall - We have a decent Cisco firewall so I didn't try the OSX server firewall.

4) Our source code control/bug tracking etc is off on Linux VMs.

0 comments: