Koozali.org: home of the SME Server

.mac Do It Your Self

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
.mac Do It Your Self
« on: December 02, 2006, 11:21:18 PM »
I want to create my own .mac server or at least part of it.
- iDisk,
- iSync (between computers),
- iCal sharing,
- and Backup.

I have found a great little howto for FreeBSD and have been trying to get this to work on the Sme Sever 7.0

http://www.tnpi.biz/computing/mac/tips/idisk/idisk-v2.shtml
EDIT This has changed to http://www.tnpi.net/wiki/Do_It_Yourself_.Mac

I have mod_dav installed as per
http://no.longer.valid/phpwiki/index.php/How%20to%20install%20mod_dav%20on%20SME%207.x

and have created an ibay named idisk
- with a group named mac
- Group read and write access
- and access open to the entire internet with no passwords
- and php disabled

I enabled mod_dav for idisk
 /sbin/e-smith/db accounts setprop idisk ModDav enabled
/sbin/e-smith/signal-event ibay-modify idisk

Then created a virtualhost called /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/31idisk

<VirtualHost 0.0.0.0:80>
ServerName idisk.domain.com
DocumentRoot "/home/e-smith/files/ibays/idisk/html"
Alias /idisk "/home/e-smith/files/ibays/idisk/html"
</VirtualHost>

This is not working yet

and

 /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

But now I need to add a davLOCK for idisk and not sure where to put the text:

Code: [Select]
#  <Directory "/home/e-smith/files/ibays/idisk/html">

    * Dav on
    * AuthType Digest
    * AuthName iTools
    * AuthDigestDomain "/"
    * AuthDigestFile /home/e-smith/files/ibays/idisk/WebDavUsers
    * AuthGroupFile /home/e-smith/files/ibays/idisk/WebDavGroups
    * Options None
    * AllowOverride None
    *  
    * <LimitExcept GET HEAD OPTIONS>
          o require valid-user
    * </LimitExcept>
    *  
    * Order allow,deny
    * Allow from All

# </Directory>


Any Help Deciphering the rest of the Document would be most helpful
http://www.tnpi.biz/computing/mac/tips/idisk/idisk-v2.shtml
including what to change to work with SME and anyother hints

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
idisk.domain.com
« Reply #1 on: December 06, 2006, 07:06:22 PM »
In order to create idisk.domain.com

go to the server-manager and click on Domains.  Then add idisk.domain.com and resolve locally to the idisk folder

This is how I created the virtual disk

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
.mac Do It Your Self
« Reply #2 on: December 07, 2006, 07:26:26 PM »
I have added the code
Code: [Select]
#  <Directory "/home/e-smith/files/ibays/idisk/html">

    * Dav on
    * AuthType Digest
    * AuthName iTools
    * AuthDigestDomain "/"
    * AuthDigestFile /home/e-smith/files/ibays/idisk/WebDavUsers
    * AuthGroupFile /home/e-smith/files/ibays/idisk/WebDavGroups
    * Options None
    * AllowOverride None
    *
    * <LimitExcept GET HEAD OPTIONS>
          o require valid-user
    * </LimitExcept>
    *
    * Order allow,deny
    * Allow from All

# </Directory>

to the file /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35Davlock

I have never used web dav before so not sure what to expect at this point

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
Htdigest
« Reply #3 on: December 07, 2006, 07:36:02 PM »
next I changed to the directory
cd /home/e-smith/files/ibays/idisk

and
mkdir kingjm

then

htdigest -c WebDavUsers iTools kingjm

and entered in the password twice

This created a file called WebDavUsers with the names and encrypted password

I also added the code
Code: [Select]
# <Directory "/home/e-smith/files/ibays/idisk/html/*/Public">

    * Options +Indexes

# </Directory>
#  
# <Directory "/home/e-smith/files/ibays/idisk/html/kingjm">

    * <LimitExcept GET HEAD OPTIONS>
          o require user kingjm
    * </LimitExcept>

# </Directory>


to the 35Davlock file

and expanded the httpd.conf file

at this point there is no security measures in place as I thought there would be

I wish some one would help me figure this out

Coincidently
I have just found this on mod_dav
http://forums.contribs.org/index.php?topic=32078.msg135245#msg135245

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Htdigest
« Reply #4 on: December 07, 2006, 08:29:05 PM »
Try looking in the log files to see what mught go wrong at times you are accessing the specified domain and folder. To start go for /var/log/messages and /var/log/httpd/error_log and perhaps also /var/log/httpd/access_log. There might be some information there.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
error log
« Reply #5 on: December 07, 2006, 08:46:14 PM »
I checked all of the above

in the error log it says
Quote
[Thu Dec 07 13:00:22 2006] [error] [client 192.168.10.50] client denied by server configuration: /home/e-smith/files/ibays/idisk/html/kingjm/Documents/index.phtml


So does this mean that I was not authorized

I can still access this folder without even asking for a password

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: error log
« Reply #6 on: December 07, 2006, 08:48:27 PM »
Quote from: "kingjm"
I checked all of the above

in the error log it says
Quote
[Thu Dec 07 13:00:22 2006] [error] [client 192.168.10.50] client denied by server configuration: /home/e-smith/files/ibays/idisk/html/kingjm/Documents/index.phtml


So does this mean that I was not authorized

I can still access this folder without even asking for a password
Yes indeed at 13:00:22 (your local time on the server) you tried to access the location and you were not authorized.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
Ask for password?
« Reply #7 on: December 07, 2006, 08:54:48 PM »
Why will it not ask for password?

and why can I still access these folders

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Ask for password?
« Reply #8 on: December 07, 2006, 09:00:45 PM »
Quote from: "kingjm"
Why will it not ask for password?

and why can I still access these folders
I don't know. I find it hard to paste together the pieces you are posting here.... the error you posted was from 13 local time, is it still around 13h or is it later?

Perhaps you misconfigured something so unresticted access is granted. Could you paste the relevant sections from the expanded httpd.conf file to see how that reads, maybe we can help you from there.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
Time
« Reply #9 on: December 07, 2006, 09:10:10 PM »
it is now 14:04 my time

The Code from my httpd.conf

Code: [Select]
<VirtualHost 0.0.0.0:80>
ServerName idisk.domain.com
DocumentRoot "/home/e-smith/files/ibays/idisk/html"
Alias /idisk "/home/e-smith/files/ibays/idisk/html"
</VirtualHost>
DAVLockDB /var/run/davLocks/DAVLock

<Directory "/home/e-smith/files/ibays/idisk/html">
Dav on
          AuthType Digest
          AuthName iTools
          AuthDigestDomain "/"
          AuthDigestFile /home/e-smith/files/ibays/idisk/WebDavUsers
          AuthGroupFile /home/e-smith/files/ibays/idisk/WebDavGroups
          Options None
          AllowOverride None
                require valid-user
          Order allow,deny
          Allow from All
    </Directory>

<Directory "/home/e-smith/files/ibays/idisk/html/*/Public">
    Options +Indexes
</Directory>
 
<Directory "/home/e-smith/files/ibays/idisk/html/kingjm">
    require user kingjm
</Directory>

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Time
« Reply #10 on: December 08, 2006, 09:41:31 AM »
Quote from: "kingjm"
<Directory "/home/e-smith/files/ibays/idisk/html/kingjm">
       require user kingjm
</Directory>
[/code]

Shouldn't the last part read:

Code: [Select]
<Directory "/home/e-smith/files/ibays/idisk/html/kingjm">
    Order deny, allow
    Deny from All  
    require valid-user
    require user kingjm
</Directory>
I don't know for sure if everything is inherited from other more general settings, therefore it could be that you need to set every configuration entry for a directory section.

On top of that it could well be possible that you need to access over SSL (https) in order to be prompted for a username and password.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
.mac Do It Your Self
« Reply #11 on: December 09, 2006, 09:55:50 PM »
hmmm I rebooted my computer without changing from the code I listed above... haven't got to your last post yet.

Now when I go to mydomain.com it is asking for the login/passwrd that I wanted for just idisk.mydomain.com

I should add that I have just changed mydomain.com to a new one
now the new mydomain.com automatically goes to mydomain.com/idisk
but only shows mydomain.com in the address bar.  I know that it is mydomain.com/idisk because the title of the page is "idisk directory"

error log says
Quote
[Sat Dec 09 18:20:56 2006] [error] [client 192.168.10.50] File does not exist: /home/e-smith/files/ibays/Primary/html/nf-images, referer: http://mydomain.com/


I am stumped but will keep looking

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
www.mydomain.com
« Reply #12 on: December 10, 2006, 06:09:43 AM »
well I think that now I am a little close

mydomain.com asks for the login and password.  If I give the password takes me directly to idisk.mydomain.com but the address in web browser still says mydomain.com.

The Good news

www.mydomain.com works as no login/password is asked for.

I still have not changed any of the code.

except that I have entered another user and given that user another name/password... When i enter one name in I can still access the other users space

I will now continue to try and get this .mac to work

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
Emulation Scripts
« Reply #13 on: January 09, 2007, 06:36:16 AM »
I have created an ibay called www.mac.com with permission so that everyone locally can read without a password

then mkdir -p /home/e-smith/files/ibays/www.mac.com/WebObjects/Info.woa/wa/Query

then pico and add a file to the Query directory named retrieveDiskConfiguration

Code: [Select]
#!/bin/sh

echo Content-type: text/plain
echo

cat << EOT
{
   payload = {
       guestReadEnabled = Y;
       guestWriteEnabled = N;
       hasGeneralPassword = N;
       iDiskQuotaInBytes = 1048576000;
       iDiskUsedBytes = 339338752;
       relativePath = Public;
   };
   statusCode = success;
}
EOT


next pico a file named accountInfo

Code: [Select]
#!/bin/sh

echo Content-type: text/plain
echo
 
cat << EOT
{
   payload = {
     iToolsBackupActivated = Y; trialAccountDaysLeft = -1;
   };
   statusCode = success;
}
EOT

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
DNS Configuration
« Reply #14 on: January 09, 2007, 06:55:34 AM »
I want to change www.mac.com to a local ibay

I tried to change this under the Domain tab in the server-manager and resolve locally but this is not working at present

When I ping from the sme box it shows that it is pinging locally but on a computer behind the sme box it still goes to the apple site

Can anyone help?