Prerequisites for Lion Server’s iChat Service - dummies

Prerequisites for Lion Server’s iChat Service

By John Rizzo

Before you set up iChat service, you need to take care of several network items. Quite likely, your network already has some of these things.

Open Directory configuration

To authenticate users, iChat uses Open Directory (or another Lightweight Directory Access Protocol [LDAP] server) bound to iChat Server. iChat Server doesn’t directly access the LDAP server. iChat users must have directory accounts in a directory domain.

You also need an Open Directory master if you want to enable authentication with Kerberos or to use a Kerberos domain controller on another server. If you use the latter, the Kerberos realms of the controller and iChat Server must match.

Firewall ports

If your iChat users are crossing a firewall to get to the server, you have to open some firewall ports. This is true for any service, but iChat requires a relatively large number of firewall ports to be open.

Internet routers

If you want Internet users to access iChat service on your server and you have a DSL, cable router, or other Internet router, you need to configure it for port forwarding.

DNS configuration for some situations

You may not need to do anything to your DNS server to support iChat service. But you could optionally add DNS records in two cases:

  • You’re enabling server-to-server communications so that your server talks to other chat servers. DNS can help users on different servers discover each other.

  • You want to provide your users with a shorter iChat address.

In either case, you’d add a service locator (SRV) record for iChat to your DNS server.

To have DNS control connections between your iChat Server and other XMPP servers, you’d add an SRV record that maps the XMPP’s TCP port 5269 to your server hostname. The SRV record takes the form

_xmpp-server._tcp 86400 IN SRV 0 1 5269

where is your server’s full domain name.

The other SRV records enable users to have a shorter iChat address (such as instead of using the server’s full hostname (such as The DNS record would look like this, specifying port 5222:

_xmpp-client._tcp 86400 IN SRV 0 1 5222

If you’re using Lion Server for your DNS service, when you create a new SRV record with Server Admin, type xmpp-client._tcp in the Service Type field. 0 and 1 are the Priority and Weight entries.