After migrating OpenDirectory (LDAP) to FreeIPA, the next step in my MacOS Server replacement is to migrate the (Free)Radius service as well so that FreeIPA becomes the single authentication source within my network like the MacOS Server has been for years. There are several online guides available describing how to setup FreeRadius on FreeIPA, also on the FreeIPA HowTo list, though as I ended up using fragments of multiple guides to install and configure FreeRadius on FreeIPA with LDAP and MSCHAPv2 support (needed for EAP and other mechanisms) I wrote this post as a single step by step guide.
Continue reading “MacOS Server Replacement #4 – Moving (Free)Radius to FreeIPA”Manage devices with legacy Firefox versions on MacOS
I still have a few old web-managed devices of which the web UI does not work (correctly) with modern browser versions. It found out that they worked fine with Firefox 17.0.9esr (yes I know that is really old) and for quite a while I kept an outdated VM available to manage them. Since the OS that runs on now also is way beyond EOL I worked out a way to use older versions of the FireFox browser (as they keep a great archive of their historic versions).
Yes, one shouldn’t use obsolete browser versions as it is not safe for normal browsing, but to access a web interface of an internal device (that otherwise can’t be managed) should be safe enough as long as one doesn’t visit other sites. In this post I will describe how I set this up and also how I ensured that the browser would not conflict with a regular installation of the Firefox Browser
Continue reading “Manage devices with legacy Firefox versions on MacOS”MacOS Server Replacement #3 – Move OpenDirectory (LDAP) and DNS to FreeIPA on Fedora
As part of the migration of my MacOS Server to Linux the most tricky service to migrate is Apple’s OpenDirectory service. Although it is based on the open-source OpenLDAP project, Apple did customize things a lot, making it very tricky to move and block a real migration due to these closed-source customizations. Instead of spending a lot of time on trying to figure out how to migrate OpenDirectory, I decided to start with a clean FreeIPA installation and migrate the users to that. Since I have been using MacOS Server’s OpenDirectory handled my authentication for quite some time and ran in to issues before I learned that starting from scratch (and only migrating user information) isn’t that hard and in often the best approach.
As it is already quite long, this post focuses on how to configure FreeIPA on Fedora Core and migrating DNS and users. Integrating MacOS is covered on the FreeIPA WiKi and will be covered in a subsequent post including the integration with Apple’s Profile Server (the main component Apple seems to intend to support in the future). To aid with the configuration / setup I wrote a couple of scripts that are available from my Gitlab instance.
Continue reading “MacOS Server Replacement #3 – Move OpenDirectory (LDAP) and DNS to FreeIPA on Fedora”
Fixing quicklookd going nuts on MacOS
Today I looked into a problem with my father’s late 2012 Mac Mini running MacOS High Sierra. Since about a week the machine got terribly slow and often unresponsive. It turned out the system was extremely busy with kernel_task
and quicklookd
Continue reading “Fixing quicklookd going nuts on MacOS”
Reconnect BlueTooth audio device(s) on MacOS
I really enjoy listening to music while working on my Macbook using a bluetooth headset or speakers. However, as I am switching quite often between BT devices, sometimes the audio playing no longer works and I had to restart to get sound over bluetooth again. Today I found out how get it working again without restarting.
Continue reading “Reconnect BlueTooth audio device(s) on MacOS”
MacOS Server Replacement #2 – Migrating PostgreSQL
As part of the migration of my MacOS Server to Linux the next service to migrate is my PostgreSQL engine. Although PostgreSQL had already been hidden in MacOS Server for some time, it still was included (as internal services like ProfileManager and Calendar and Addressbook Server depend on it. Despite it being hidden, I had still enabled it (manually) and hosted my PostgreSQL databases on my MacOS Server for ages. Despite migrations sometimes being a pain (i.e. not automatic) this worked well so far, including integrating it with the MacOS Server way of using transaction logs for offline backups. (so I will also have to look for a new way to do this). Continue reading “MacOS Server Replacement #2 – Migrating PostgreSQL”
MacOS Server Replacement #1 – Migrating MySQL to MariaDB
As part of the migration of my MacOS Server to Linux the first service to migrate is my MySQL 5.7 engine. Although MySQL is not part of MacOS Server anymore for a long time (and I had installed it separately), I will cover the migration here as 1) I still had it running on my MacOS Server and 2) the migration wasn’t smooth so decided to share my learnings here. Continue reading “MacOS Server Replacement #1 – Migrating MySQL to MariaDB”
Apple totally strips MacOS Server
Today I noticed that there was a new update for MacOS Server that had quite a lengthy explaination:
As per Apple Knowledge Base article HT208312, the once great Apple Server product as this fall will be reduced to:
- Profile Manager
- Open Directory
- Xsan
The rationale of this is, according to Apple:
In fall 2018, Apple will stop bundling open source services such as Calendar Server, Contacts Server, the Mail Server, DNS, DHCP, VPN Server, and Websites with macOS Server. Customers can get these same services directly from open-source providers. This way, macOS Server customers can install the most secure and up-to-date services as soon as they’re available.
Signal Desktop stand-alone OS X Application
For quite some time I am an happy user of Open Whisper Systems’ Signal Messenger phone application as alternative to WhatsApp. The fact that this solution is open source and that the exchange of messages (and now also calls) is secure and that this can be verified by anyone are important and valuable. I use it on my phone but as I spend most of my time behind a laptop and still (call me old-fashioned) prefer a real keyboard over a touch screen I have been looking for a way to use it from my laptop as well. Continue reading “Signal Desktop stand-alone OS X Application”