|
theGuide
a step by step guide for successfully building your .mac replacement. IntroductionThis document details all steps to take for successfully building your .mac replacement. The staircaseStep 1Set up your serverSetup a basic Linux/Unix server; configure hostname and ip-address. Install Perl. Either install a build environment, or fetch precompiled packages for Apache httpd here (available shortly). In case you decided to compile your own Apache httpd server, fetch the source code and the (Patches) quota patch (from this site), patch, configure, compile. Install Apache httpd. Any OS specific notes can be found here Step 2Configure your webserverFetch the code/folders (here) from svn. All code (/server) assumes, it'll end up in /var/www/dotmac/ This'll guarantee a minimal configuration effort. A special .conf file was provided (here) in addition to your standard httpd.conf. This file ((Configuration) dotmac.conf) must be edited. Especially the ip-address for your ssl host needs to be specified. In most linux distros it should end up in /etc/httpd/conf.d or /etc/apache2/conf.d Step 3Set up you scriptsmod_perl needs to be installed with your webserver. mod_perl is available as package for most popular linux distributions.
The perlmodules have a few dependencies; they're easily installed from CPAN: perl -MCPAN -e 'install HTTPD::UserAdmin' perl -MCPAN -e 'install MD5' perl -MCPAN -e 'install XML::DOM' perl -MCPAN -e 'install HTTP::DAV' perl -MCPAN -e 'install XML::LibXML' Note: For XML::LibXML to compile, you will need to make sure that the development package for libxml2 in installed Step 4Setting up hosts on your client machine(s)www.mac.com syncmgmt.mac.com idisk.mac.com configuration.apple.com lcs.mac.com certinfo.mac.com delta.mac.com notify.mac.com publish.mac.com homepage.mac.com should all point to your server. You can either do this by editing /etc/hosts on your client machine(s); ###.###.###.### www.mac.com syncmgmt.mac.com idisk.mac.com configuration.apple.com lcs.mac.com certinfo.mac.com delta.mac.com notify.mac.com certinfo.me.com publish.mac.com homepage.mac.com ###.###.###.### www.mac.com. syncmgmt.mac.com. idisk.mac.com. configuration.apple.com. lcs.mac.com. certinfo.mac.com. delta.mac.com. notify.mac.com. publish.mac.com. homepage.mac.com. certinfo.me.com. or by setting up your own DNS server. Step 5Create your first user(s)A skeleton is provided for new users; create /var/www/dotmac/username, and copy everything in /var/www/dotmac/skel/ to /var/www/dotmac/idisk/username/ for testing purposes, a test user has been provided: l/p testuser/dotmac dotmac.conf has been completely re-written in perl. It automatically creates (.conf) locations for users, with quota specified. This requires the use of idiskAdmin; http://configuration.apple.com/idiskAdmin idiskAdmin is password protected (l/p admin/dotmac); users should change these credentials asap. htdigest /var/www/dotmac/private/iDiskAdmins idisk.mac.com admin For now, idiskAdmin just sets/edits quota and username/password; the skeleton still needs to be copied by hand. New users/changes will be reflected upon server restart (graceful). Step 6Check(s)By now you should be able to k (from the finder on a client machine) to http://idisk.mac.com/username (if not, try looking at your apache error logs, and adapt your configuration) this is to be repeated for all (new) clients: Point your (safari) browser to https://idisk.mac.com/username You will be challenged with an untrusted certificate - actually this is the certificate you do want to trust. Examine the certificate, and drag the icon of the certificate to your Desktop (or any folder of your choice). Open /Applications/Utilities/Keychain Access, and (if necessary, tick the button 'Show Keychains' at bottom-left) By now you should see a menu 'Keychains' in the top-left. Tick the 'login' entry. Drag the certificate (from whereever you put it when dragging it from your browser) in the pane where all other certificates reside. Locate it (in the pane) and double-click it. Change the trust settings to 'always trust'. After Logout/Login - check (pointing your browser https://idisk.mac.com/username) if the certificate is trusted. If so... you're done! Enjoy the magic, when choosing your .mac preferences pane from your system preferences ! Looking over the edgeCurrent status10.4 "Tiger"
10.5 "Leopard"
(note - currently there's no interoperability between 10.4 and 10.5 sync clients) Operating Systems VerifiedUsers reported the following Operating Systems Working:
please continue reporting! Updates for the binary release (0.5)some files were edited after the binary release - so these have to be updated by hand:
Global Hints
Continue Reading
|
It would be nice to have minimum hints about configuring BIND9 to spoof dotmac's domains without breaking access to all the rest of apple's domains.
I think BIND9's install and setup as a caching server is already well described out there, just to save time by making a quick guide focused on dotmac's particular setup.
Thanks and congrats for your work!
Setting up BIND to do this would not be difficult. Set up a normal caching server, but in your named.conf create master zones for example like www.mac.com or configuration.apple.com (rather than mac.com or apple.com) and then just put a single A record pointing to dotmac in that zone.
To get http://configuration.apple.com/idiskAdmin working on a server with multiple IPs, you need to edit the .conf file, change all the "*:80" to "$dotMacIPAddress:80" and remove the NameVirtualHost *:80 line, presuming you allready declare the vhost for your IP.
With minor tweaks like this, it can be made to work on a Plesk-based server rather simply, as long as you give it a dedicated IP address.
With apache 2.0.x, I needed to skip the DAVSATMaxAreaSize options in the entire setup and remove it from the dotmac.conf in order to make it work.
If you use this on a multi site server by the way, you can just use dotmac.conf as a site conf in sites-enabled/sites-available.
Wonderful project, seems to work very well if you rtfm.
@mrsixer - although parts of the solution work without DAVSATMaxAreaSize (setting quota), other parts won't! Backup.app will not work without quota support, nor will the majority of the iLife suite we're currently working on. There is at least one known Apache 2.0.x install with quota support ( from OS_specific_notes )
One problem some people could have connecting to their dotMac servers is that if they're behind a proxy, the proxy will use its own DNS to find the server, breaking the HOSTS change. This is especially prevalent on nanny-like proxies that use look-up tables to block certain sites. Make sure you're not behind a proxy before complaining that you can't connect.
I look forward to the iPhoto/iWeb support. Congratulations on an excellent project.
It is suggested to install perl MD5 but from CPAN I read this: "The MD5 module is depreciated. Use Digest::MD5 instead."
So it might be usefull to adopt Digest:MD5 instead for MD5.
One minor problem I ran into, and the fix:
No matter what URL I tried, my Apache logs showed an error like:
client denied by server configuration: /var/www/dotmac/configuration/idiskAdmin
The fix (found at http://lists.freebsd.org/pipermail/freebsd-questions/2005-October/101002.html) was to remove the following bit from elsewhere in my Apache configuration. I use Gentoo which tends to spread it's Apache config all over creation. In this case, the offending bit was in /etc/apache2/modules.d/00_default_settings.conf
Just commenting this out & restarting made things start working:
Woh! This realy works very well, good work!
It was only an hour setting up, but had some problems in the progress on Debian etch: - Some of the Perl install commands failed, fixed by using apt-get instead of the perl command - Didn't want to compile Apache, so removed the quota stuff, just like mrsixer above - Don't forget to restart Apache after every config change :)
Just donated a little, keep up the good work!
Nice job guys, this is a great piece of software. Took me a couple of hours to get it running on Debian etch, I may contribute the steps I took to get it working, and the Parallels image I have of it.
I'm looking forward to iPhoto/iWeb/etc support.
It's working great on Leopard but... is MobileMe? for Windows supported? If yes, how can I redirect WinXP to my dotmac server (i.e. the equivalent of editing /etc/hosts in Windows)?
lonewolf1870: You can find your hosts file in c:\windows\system32\drivers\etc\ on windows. Hopefully everything else works!
FYI - It looks like Apple "tweaked" some of the MobileMe? features with 10.5.6: http://support.apple.com/kb/HT3248
I noticed that OS X now tries to periodically contact aosnotify.mac.com (which apparently is related to the Jabber protocol which is being used to "push" new mail notifications to the iPhone, but now might also be used on OS X), and m3.mac.com.
Anyone try to decode any of the payloads?
(also, while I'm commenting - I'd love to see the traffic exchange between the iPhone and MobileMe? for syncing, which is different from the OS X exchange. If anyone can help out, it would be great!)
The server certificate stored in SVN is expired. You need to generate a new one by running signKey.sh and restart Apache.
@kurtzmarc: Have a look at http://samj.net/2008/07/apple-iphone-20-real-story-behind-push.html for decoded XMPP-pubsub Messages.
Apple uses openfire as a messaging Platform to its MobileMe?-Clients.
Sync differs for Mac-Clients, iPhone and Windows MobileMe? Extension. We should overcome this and at least for me it has a higher priority than iLife-Support. I am very interested in Push-Mail-Support, which I currently realize with z-push.
@ kurtzmarc & IdentDee?, try dropping me an email. We are in desperate need for developers here.
@walinsky: i'm not perl expert but i have strong expertise in C++, linux, php. I might be able to help
@Alkpone try dropping me an email as well
Hey all, Can I help you with the iphone sync somehow?
@atonhawk Try installing from the iLife branch first.. this'll be our starting point for developing iphone sync support. Once you've got that sorted out - try contacting the developers. Kurtzmarc's main focus will lie on iphone sync support.
If/when there's anything you would like to share - try opening a new issue
One very important question: somebody was able to crack the machine on which I set up the Mobile Me service, I think because of the service itself but I'm not sure.
I used that machine to synchronize passwords, calendars, bookmarks, ecc. The question is: is the password synchronization encrypted? I guess (and hope!!!) so, hence my passwords should be safe...
For calendars and bookmarks I think they are not encrypted, but this is not such a big deal.
Got it working on debian lenny and clients 10.5.7 and 10.5.8.
Happy to report system running on Centos 5 server with Snow Leopard 10.6.2 clients. However, I do not know how to patch up Apache 2.2.3 with the ampquotefix.patch and quota.patch since I am NOT a unix guru. I have had to comment out the
# DAVSATMaxAreaSize => "$userquota",
If somebody can give clear instructions how to do that it would be great. Then I might try the Snow Leopard branch - scary.
must enable the following apache2 modules in Lenny dbd authn_dbd rewrite
How would i patch apache with the ampquotefix.patch and quota.patch?