[Anonymous]

yuppers, this is jason, nick’s former boarder 🙂

when you started making fun of me for packages at dinner the other week, i forgot that i was making packages just fine, it was the distributing them that was the problem, hence the post 🙂

[Anonymous]

When I add the new IPs they are not at the top. The original 192.168.1.27 is at the top and the others were added below.

I’m not sure what you are asking about directory access.

The ldap directory configuration I use is referenced by its name, and that resolves back to the main .27 address and the open directory option is what I( go with. Contacts and authentication go to the sanme place.

I have made no additional enteries in the LDAP directory for the additional IPs. One, I’m not sure what they should be, if any and two, I have had a devil of a time getting any mapping changes to write back to the server. What is the trick there?

thanks

[Anonymous]

Not surprisingly, to me, I still get the same error. 😥

[Anonymous]

I know. I read through it and there is really nothing different from the article by MacTroll (who also said to leave the optional pass phrase out) but I’ll run through it yet again (10 times at least). What do I have to lose? 🙂

[Anonymous]

Thanks but you are a few steps behind where I am. I have the certs. The issue seems to be Apache and Apple’s specific implementation of it for SSL. There is a plethora of posts on this and they all seem to point to Apache, not the creation of certs. We already know there is a bug in Apple’s pass phrase dialog interface through the GUI so I am at the next layer of the onion.

[Anonymous]

Oops! 😳 I just realized I need to start Apache manually so please diregard the above error. The rest of the rant is valid. The error I am now getting is:

Call to undefined routine after a NSUnLinkModule with the NSUNLINKMODULE_OPTION_RESET_LAZY_REFERENCES option

[Anonymous]

ditto ditto

[Anonymous]

Thanks for the tip but I am still unable to get this working. Now I get an error saying it cannot find the private key. This is so frustrating. Why is this rocket science?

Helllllppppppp!!!!!!!!!!! 😥

[Anonymous]

It looks like the well maybe dry on my thread. We still can’t use the PostFix Mail Server. If anyone out there feels they are knowledgeable with 10.3 and troubleshooting Postfix. Please contact me and maybe you can consult for us.

[Anonymous]

Hey All,

Well it looks like Watchguard invented this “IP Subnet” ID type. After some more research it looks like ‘peers_identifier address’ will not accept a subnet as it’s value. By the way, I just kill -HUP’ed racoon to get it to reread racoon.conf.

So it looks like VaporSec can’t really touch this issue, it is more of a Racoon/SDP/Whoever issue. I guess I’ll write them an email about this and see if their interested in implementing this ID type.

I hope this helps some other Watchguard user. Of course if you’re reading this and you’ve figured out something I’ve missed, I’d appreciate an email!

martin !_~@~_! rubensteintech.com

-Martin

[Anonymous]

The same error occured while I was using VaporSec. I believe it was becase I didn’t have an IP assigned to my computer at the time. So on the logs said the error was on line 102 and on that line there was ‘address /32’ where there should have been ‘address 1.2.3.4/32’. The problem was solved when my Airport card connected to the base station again.

So check your underlying IP connectivity/setting and try to ‘Vaporize’ again.

-Martin

[Anonymous]

Are you running any other VPN software which might bind to the port at startup? Perhaps Nortel or Cisco? If so, it may need to be disabled. Generally there is a script to start/stop the service.

[Anonymous]

[quote:3dca5a5fa5=”bcirvin”]

[i:3dca5a5fa5]also, keep in mind that there is a lot more change in the apple server world every year than in the mac server world, which makes it hard to write a book that stays relevant – any books on bsd would probably be good though.[/i:3dca5a5fa5]

The core technologies stay the same. There are some great books available for OSX client, the “ever changing” landscape doesn’t seem to deter them. There are no books covering OSX Server. That’s the problem.

[i:3dca5a5fa5]also, apple (for better or worse) keeps a tight handle on it’s assets (ie, server technologies), and so they like people to learn in their classes to ensure that best practices are followed (and so that they make lots of money on training).[/i:3dca5a5fa5]

I understand the “apple way” I’m just saying IMO it sucks. I don’t have $2,500.00 to spend preparing for two tests. You would think Apple would WANT as many people as possible to get certified. It is possible to learn this stuff on your own but some alternate source of info would be nice.

Also, The 10.3 server documentation is Ok but just scratches the surface but it’s the best so far compared to 10.2 & 10.1
blake/[/quote:3dca5a5fa5]

[Anonymous]

[quote:11d492c2e8=”MacTroll”]I find it hard to believe that Outlook does not do md5 encryption for IMAP. It’s been a while since I’ve set this up, but I swear I’ve set up Outlook on a PC with md5 encryption.

Either way, how about you just wrap your connection in SSL and then not worry so much about the password type?

Joel[/quote:11d492c2e8]

Outlook appears to support DIGEST-MD5 but not CRAM-MD5.

And SSL isn’t going to be a complete solution for me:
1. The server is our primary MX and therefore must have port 25 open.
2. To allow SMTP AUTH from Outlook I’d have to enable LOGIN/PLAIN.
3. I can’t trust the users to always use SSL.
4. I’d end up with users doing cleartext SMTP AUTH.

I really do want NTLM for cyrus and postfix. We have SASL. We support NTLM. We just need to plug them together.

[Anonymous]

[quote:fc2caf2bcd=”MacTroll”]You need to have plain logins enabled for Squirrelmail to work. It can’t do the MD5 hashes unless you install an additional plugin.

Joel[/quote:fc2caf2bcd]

Any tips on where to find such a thing?

[Author]

Posts