Always Remember: With Gusto Comes Data Loss.

Enabling FTP in OS X Server (10.8) and Common Problems You May Encounter

This article will go over how to setup FTP File Sharing in 10.8 server. There are a few things that can trip you up if you are not careful, so if you are running into weird connection errors, read on. In previous versions of OS X Server, you were able to share out as many directories as you wanted – this is not so in 10.8. Instead, the FTP service allows administrators to share a single directory out. This directory can be any share that has previously been configured in the File Sharing service or a website configured in the Websites service.

The very basic setup of FTP is very simple. It consists of navigating to the FTP service, choosing a share point from the drop-down, and turning the toggle to “on”.

Once you have done this, you can test it from any other Mac by connecting via Terminal:

ftp <user>@<server> (e.g. ftp josh@10.1.1.1)

You will then be prompted for the user password – if you are successfully able to connect, as indicated below, you have done everything perfectly and FTP is up and running. Obviously, you should test with various users to be sure it works with everyone that needs access (especially test OD users for reasons you will see below).

230 User josh logged in.
Remote system type is UNIX.
Using binary mode to transfer files.

 

However, as I mentioned, there are a few catches.

You may run into the following errors when trying to connect:

Error 1:

550 Can't change root.
ftp: Login failed

This indicates that there is a problem with the FTP Share path. In order for FTP to connect successfully, there can be NO spaces in the directory path. This means if you are trying to share:

 /Shared Items/Server/Documents/Scans

It is going to fail. To get this working you must rename “Shared Items” to something like “Shared_Items”. If that is not an option for whatever reason, you can create a symlink to Shared Items and place it in a path with no spaces (for example: /private/tmp). To do this you would use the “ln” command like so:

ln -s "/Shared Items/Server/Documents/Scans" /private/tmp/Scans

You would then just need to select the symlink as the destination for your share, rather than the file itself.

 

Error 2:

530 User josh may not use FTP.
ftp: Login failed

With this error, you may have noticed that Local Users are able to connect while OD users are not able to. This is likely caused by the OD users being “service only” users. Part of the implications of making a user “Service Only” is that that user is not assigned a Login Shell (or more accurately, the login shell is set to false). In order to allow one of these users to login, you must assign them a valid login shell. To do this, follow these steps:

Open Server.app and navigate to Users
Locate the desired user and right-click then select Advanced Options
You will notice that Login Shell is set to:

/usr/bin/false

Change this value to:

/bin/sh
This should allow this specific user to login correctly. Once you have verified that this works, you will need to make the same change to each user that will be accessing the FTP share.

Manually Rebuilding Microsoft Outlook for Mac (2011)

From my experience, it is not uncommon for Microsoft Outlook 2011 to develop problems that are essentially unrecoverable using the standard tools (such as the Microsoft Database Utility). When rebuilding, restoring and upgrading fails, you can still recover your data and return to a working state with relative ease. If you restore your Identity from Time Machine or another backup and it fails to rebuild, or you upgraded to Service Pack 2 (SP2) 14.2.1 and you have missing data you can restore your data from your old Identity. Outlook stores your data in the Data Records folder in your Identity folder:

~/Documents/Microsoft User Data/Office 2011 Identities/Main Identity/Data Records
  1. Upgrade to Service Pack 2 (SP2) 14.2.1 or later.
  2. Create a new blank SP2 Identity using the Microsoft Database Utility.
  3. Quit Outlook.
    1. Some users have found that deleting the database file in the new Identity helped.
  4. COPY these Data Records folders from the old Identity to the new blank Identity replacing the new folders. Do NOT replace the root Data Records folder. Only the sub-folders listed here:
    • Contacts
    • Events
    • Folders (one user reported replace Categories (not folders) worked better)
    • Mail Accounts
    • Message Attachments
    • Message Sources
    • Messages
    • Note
    • Signatures
    • Signature Attachments
  5. Rebuild the new Identity in Database Utility.
  6. Open Outlook and your data should be back.

Note: ALWAYS WORK OFF A COPY.

Python Script For Grabbing Log Files Remotely

Below is a Python script I wrote to quickly harvest various logs from remote systems. This is a very simple script that was written for a very specific setup, so if you want to use it you will likely need to modify it. What it does is allow the user to enter an IP address, then uses scp to transfer the specified logs to the user’s system at the specified location. I don’t claim this is the best way, or even the correct way, to do this, but it solved a need that I had quickly and easily – your milage may vary.

This script was designed to work in an environment where every system that is being administered is accessible to the machine running it, via ssh, without a password. In the future I’ll likely post a guide on how to set up this sort of thing, but for now you’ll have to Google that.

To run the script you simply type:

./harvestLogs --ip <IP Address>

If you intend to use this script, be sure to change everything within the < > – and, of course, remove the brackets. I have pasted it here with example settings to show you the proper formatting.

##########################
# Created by: Josh Gold  #
# Created on: 03/28/2012 #
##########################

import os, subprocess, optparse

# Allow the program to accept the input of the --ip option
parser = optparse.OptionParser('Usage requires --ip ')
parser.add_option('--ip', dest='systemIP', type='string', help='specify IP address')
(options, args) = parser.parse_args()

# If no option and arguement are added return the usage instructions
if (options.systemIP == None):
	print parser.usage
	exit(0)

# Otherwise set systemIP equal to the user's input
else:
	systemIP = options.systemIP

# Gathers the DNS hostname from the IP
harvest_dns = subprocess.check_output(['ssh', '<josh@>' + systemIP, ' hostname']).strip()
print('Connected to: ' + harvest_dns)

# Sets the locations for the logs to gather
harvest_sys = str('<josh@>' + systemIP + '<:/var/log/system.log>')
harvest_sec = str('<josh@>' + systemIP + '<:/var/log/secure.log>')

# Uses scp to transfer the remote logs to the local system at the specified location
os.system("scp " + harvest_sys + " " + harvest_dns + "")
os.system("scp " + harvest_sec + " " + harvest_dns + "")

print('Done!')

Bonjour Devices Not Seen on Ruckus Wi-Fi

This is a known issue that affects ZoneFlex 7363’s. This does not present under all conditions, and Ruckus is still working on figuring out exactly what the cause is. In the meantime there is a work around that fixes this issue. To implement this workaround follow these instructions:

1. Connect to the Ruckus unit via SSH

2. Run the command:

set qos <ifname> directed multicast disable

Where you see <ifname> replace this with the interface name. You can figure this out by running:

get ssid wlan0

then

get ssid wlan1

…and so on until you locate the SSID of the network you are trying to get bonjour working on. By default, the first 2.4GHz SSID has the ifname wlan0 and the first 5GHz SSID has the ifname wlan8.

3. Exit SSH

4. Reboot the Ruckus