OSX VNC server restart

Do you want to start or restart an Apple Remote Desktop / VNC server on OSX 10.5 Leopard?

Use command ‘kickstart’ from ARDAgent.app package, replace YOURUSERNAME with your own:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users YOURUSERNAME -privs -all -restart -agent -menu
...
Starting...
Activated Remote Management.
Stopped ARD Agent.
Stopped VNC Privilege Proxy
Stopped VNC Server.
Stopped RFB Register MDNS
ClientSetup: Set user remote control privileges.
ClientSetup: Set user remote access.
Restarted Menu Extra (System UI Server).
Done.

Sometimes non-apple VNC clients – like TightVNC – killing ARD…

Get PDC SID value

To get the current SID (Security Identifier) value of running Windows service (Samba) in OSX server 10.4 (Tiger) or 10.5 (Leopard) server, you need to run following command with administrator (root/sudo) account:

net getdomainsid foo.com
    * where foo.com is the domain we are supporting, net is a samba command, and getdomainsid argument prints the local machine SID and the SID of the current domain.

The result is:

SID for domain FOO.COM is: F-7-9-19-899274321-7632837134-321543222

Banned IP in loop

I’ve been dealing with ssh and other port attacks today as well and noticed this problem, logged by emond.

Apple Mac OS X Leopard Server (10.5) has got an Adaptive Firewall feature – as a very useful function, that can set an IP address and a time-to-live value in minutes, then that ip instantly gets banned for about that many minutes.

Symptom presents in /var/log/system.log:

Oct 26 10:16:44 server emond[113]: Host at 69.162.110.123 will be blocked for at least 15.00 minutes
Oct 26 10:16:44 server emond[4349]: DoRunAction (child): setting the uid/gid to 0/0
Oct 26 10:16:49 server emond[113]: Host at by will be blocked for at least 15.00 minutes
Oct 26 10:16:49 server emond[4363]: DoRunAction (child): setting the uid/gid to 0/0
Oct 26 10:16:49 server emond[113]: Host at 69.162.110.123 will be blocked for at least 15.00 minutes
Oct 26 10:16:49 server emond[4365]: DoRunAction (child): setting the uid/gid to 0/0

As a solution, run afctl command with super-user account:

sudo /usr/libexec/afctl -f

Command afctl should set the start_behavior key to enable in file /etc/af.plist:

start_behavior
enable

Just verify, and fix the key firewall_address (ip address to bind) by hand:

firewall_address
xxx.xxx.xxx.xxx

Restart firewall module by serveradmin:

sudo serveradmin stop ipfilter
sudo serveradmin start ipfilter

SquirrelMail workaround for Mac OS X Server 10.5

Just small pieces of workarounds to avoid PHP warning messages in default webmail in Mac OS X Server 10.5 server.

The Webmail software is based on SquirrelMail (v1.4.9a), which is a collection of open source scripts run by the Apache server. For more information about SquirrelMail, see www.squirrelmail.org.

Squirrelmail as included with Mac OS X Server lets you remotely access your Inbox via a web-browser. It also automatically creates sub-folders to store drafts, sent, and trashed emails as done during a Squirrelmail session.

/private/etc/squirrelmail/config, line: 118

$domain = @getenv(SERVER_NAME);

/private/etc/squirrelmail/config, line: 1049

$provider_name = "SquirrelMail";                                                
$prefs_user_field = "user";                                                     
$prefs_key_field = "prefkey";                                                   
$prefs_val_field = "prefval";
$allow_charset_search = true;                                                   
$uid_support = true;                                                            
$default_use_mdn = true;                                                        
$pop_before_smtp = false;
$optional_delimiter = "detect";

/usr/share/squirrelmail/class/deliver/Deliver.class.php, line: 459

if (@strtolower($default_charset) == 'iso-2022-jp' && mb_detect_encoding($rfc822_header->subject) == 'JIS') {
  $header[] = 'Subject: ' . mb_convert_encoding($rfc822_header->subject, 'JIS') . $rn;
} else {
  $header[] = 'Subject: ' . encodeHeader($rfc822_header->subject) . $rn;
}