[option8]

as someone kindly pointed out “outlook” is not a mail server, Exchange is. whatever.*

the point is, i’d like to configure my Mini as a barrier between the outside world and the internal mail server, whatever it’s running.

* some, of course, would argue that Exchange isn’t a mail server either, but that’s a discussion for another forum.

[option8]

so… nothing?

i have tons of log messages like this that tell me something like fail2ban is needed:

(sophie is my server’s hostname)

Apr 11 08:02:20 sophie com.apple.SecurityServer: authinternal failed to authenticate user normann.
Apr 11 08:02:25 sophie com.apple.SecurityServer: authinternal failed to authenticate user kai.
Apr 11 08:02:28 sophie com.apple.SecurityServer: authinternal failed to authenticate user studio.
Apr 11 08:02:31 sophie com.apple.SecurityServer: authinternal failed to authenticate user nurit.
Apr 11 08:02:34 sophie com.apple.SecurityServer: authinternal failed to authenticate user hari.
Apr 11 08:02:38 sophie com.apple.SecurityServer: authinternal failed to authenticate user manfred.
Apr 11 08:02:44 sophie com.apple.SecurityServer: authinternal failed to authenticate user dominik.
Apr 11 08:02:47 sophie com.apple.SecurityServer: authinternal failed to authenticate user nastuh.
Apr 11 08:02:51 sophie com.apple.SecurityServer: authinternal failed to authenticate user claudius.
Apr 11 08:02:56 sophie com.apple.SecurityServer: authinternal failed to authenticate user geyer.
Apr 11 08:03:00 sophie com.apple.SecurityServer: authinternal failed to authenticate user renate.
Apr 11 08:03:05 sophie com.apple.SecurityServer: authinternal failed to authenticate user norbert.
Apr 11 08:03:08 sophie com.apple.SecurityServer: authinternal failed to authenticate user cornelia.
Apr 11 08:03:11 sophie com.apple.SecurityServer: authinternal failed to authenticate user herr.
Apr 11 08:03:14 sophie com.apple.SecurityServer: authinternal failed to authenticate user liane.
Apr 11 08:03:19 sophie com.apple.SecurityServer: authinternal failed to authenticate user reinhold.
Apr 11 08:03:21 sophie com.apple.SecurityServer: authinternal failed to authenticate user digital.
Apr 11 08:03:25 sophie com.apple.SecurityServer: authinternal failed to authenticate user pay.
Apr 11 08:03:29 sophie com.apple.SecurityServer: authinternal failed to authenticate user bobby.
Apr 11 08:03:32 sophie com.apple.SecurityServer: authinternal failed to authenticate user mp3.
Apr 11 08:03:40 sophie com.apple.SecurityServer: authinternal failed to authenticate user music.
Apr 11 08:03:49 sophie com.apple.SecurityServer: authinternal failed to authenticate user index.
Apr 11 08:03:52 sophie com.apple.SecurityServer: authinternal failed to authenticate user ethan.
Apr 11 08:03:56 sophie com.apple.SecurityServer: authinternal failed to authenticate user isabelle.
Apr 11 08:04:10 sophie com.apple.SecurityServer: authinternal failed to authenticate user mariane.

*bump*

[option8]

well, if it were just for the Adobe and Apple apps, which constitute about 90% of what my design and video clients use, that would be a big help. i’m surprised Adobe doesn’t offer something like an “Adobe Activation Scanner” or something to let sysadmins poll their networks for active SNs. maybe if i called in the BSA on myself, and let them do an audit for me…

[option8]

that’s kinda what i’ve figured. i was hoping some intrepid sysadmin that’s handy with xcode would have come up with something automated by now, but the number of permutations is probably too many to be bothered with.

as it is, i’ve been kicking users off their machines (or waiting until they go to lunch) to have access to all their apps for a few minutes. i open the apps in question one at a time and take screenshots of the about box or splash screen where it shows the registered user and SN. these i can transcribe later, or just add to a PDF to print out for later reference.

not terribly elegant or efficient, but then, what about my job is?

[option8]

so… i went ahead and tried it. opened up 3283 (tcp/udp – ARD reporting) and 5900 (tcp – VNC/screen sharing) on the firewall and forwarded them to the xserve. while i was at it, i opened up SSH.

SSH works like a charm. i can log in, see that the server hasn’t yet run amok.

ARD not so much. in order to run remote desktop (or, failing that, a simple VNC connection) to the server, what else do i need to do at the firewall end of things?

all this, of course, is moot if what i’m doing is monumentally stupid – so feel free to tell me, so i can undo it 🙂

thanks

[option8]

our workgroup is currently at about 15 users, two of them doing a lot of video and the rest doing print and web design, and i see that load increasing over the next 6-12 months. the video guys each have about 1.5 TB of storage attached to their machines for final cut and uncompressed video, so they’re not going to be using the server for their stuff, but it’s worth considering their needs into the future.

by my rough estimates (and some poking around with remote desktop reporting) i figure we have roughtly 485 gigs of data spread between the 15 desktops and the server now. much of that is system overhead (apps, library, fonts, etc) and not project files that need to live on the server, but still, it’s a lot more than the G4 can handle as-is. even by adding the SATA software RAID to the G4, it would probably be immediately filled up, or be at capacity shortly thereafter.

i’m leaning towards an xserve, especially considering the availability of 400 gig modules for it now. three of those in RAID3 gives me ~800 gigs to play with, which should be enough to grow on for a while. this leaves the G4 i have for doing archiving and backups. in a year or three, if we’ve outgrown the xserve, we can add another, or an xserve RAID to the mix.

while this is a ~$5,000 solution, i think it’s a good compromise, considering the potential for expansion.

[option8]

thanks for the insights guys. to respond to a previous post, i’m already using OSX Server on the G4, and it’s handling the load pretty well as is. the immediate problem is one of storage, not one of speed (if it were, i’d be replacing the 100 mbit network with something much faster, but this is the network i share with ~30 PC users, and they have their own server to worry about)

i’m working through my options now, and thought i’d ask another followup re: future expansion.

the way i see it, the best option in that regard is the Xserve RAID. 14 bays to add new drives to for more capacity, vs the Xserve’s 3 bays. if i fill an Xserve up with 3 250s and set it up with RAID5, that’s ~500 gigs of storage, max. if i wanted to replace the 250s with 400s, say, how would that go? i’d have to offload everything to something else that can handle 500g, install and format the 400s, then move it all back.

where do i get another 500g for the short term? if i had that, i wouldn’t need to upgrade the 250s in the first place… also, what do you do with 3 Xserve drive modules? hold onto them? ebay them? throw them into an Xserve RAID if/when i get one?

has anybody gone through the process of upgrading all 3 drives in an Xserve before that can share with the group?

[option8]

ah ha! i knew i wasn’t the only one…

and this part of the article –

The other solution I found was in the Windows settings for the file server. It’s completely counterintuitive to Windows structure but works in this case. I changed the machine from being a Windows domain member server to a stand-alone machine. This has the effect of forcing the server to use OD authentication instead of NT authentication, which in this implementation is the source of the problem.

– is what i ended up doing. i added the 2 windows users as local/netinfo users and they were able to log in. there’s still some oddity with one of them, though, but i’ve managed to get him logged in as guest, so everything’s at least working now.

i’m curious as to whether the 10.3.3 server update fixed any of these issues.

[Author]

Posts