Mac OS X Server Getting Started for Version 10.
K Apple Computer, Inc. © 2006 Apple Computer, Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Quartz, QuickTime, WebObjects, and Xserve are trademarks of Apple Computer, Inc., registered in the U.S.
Contents 9 9 10 10 12 13 14 16 17 19 20 About This Guide What’s New in Version 10.
31 Setting Up Servers Interactively 33 Automating Server Setup 37 Setting Up Services 38 Keeping Current 39 40 41 41 43 43 44 45 45 46 48 48 50 50 51 51 Chapter 2: Before You Begin Setting Up a Planning Team Identifying the Servers You’ll Need to Set Up Determining Services to Host on Each Server Define a Migration Strategy Upgrading and Migrating From an Earlier Version of Mac OS X Server Migrating From Windows NT Defining an Integration Strategy Defining Physical Infrastructure Requirements Defining Serv
7 59 59 60 60 60 61 63 65 68 71 72 73 77 Preparing Disks for Installing Mac OS X Server Hardware-Specific Instructions for Installing Mac OS X Server Identifying Remote Servers When Installing Mac OS X Server Installing Server Software Interactively From the Installation Disc Connecting to the Network During Installation Installing Server Software on a Networked Computer Using a VNC Viewer to Prepare a Disk Before Installation Using the Installer to Install Locally From the Installation Disc Using Server
98 Setting Up Multiple Remote Servers Interactively One at a Time 100 Using Automatic Server Setup 101 Setting Up Servers Automatically Using Data Saved in a File 105 Setting Up Servers Automatically Using Data Saved in a Directory 109 Determining the Status of Setups 109 Using the Destination Pane for Setup Status Information 110 Handling Setup Failures 111 Handling Setup Warnings 111 Getting Upgrade Installation Status Information 112 Setting Up Services 112 Setting Up Open Directory 112 Setting Up User M
122 123 123 124 124 124 125 126 128 130 131 132 133 134 134 135 138 140 141 142 142 143 144 146 147 148 Setting Up an Administrator Computer Using a Non-Mac OS X Computer for Administration Installer Server Assistant Directory Access Workgroup Manager Opening and Authenticating in Workgroup Manager Administering Accounts Defining Managed Preferences Working With Directory Data Managing Sharing Configuring Managed Network Views Customizing the Workgroup Manager Environment Server Admin Opening and Authentic
149 Xgrid Admin 149 Working With Pre-Version 10.4 Computers From Version 10.
Preface About This Guide This guide provides an orientation to the initial setup and administration of Mac OS X Server version 10.4. The guide will help you prepare your server to start serving your users and your business needs. What’s New in Version 10.4 Mac OS X Server version 10.4 offers major enhancements in the following key areas:  High-performance computing  User access management  Server administration  Collaboration services Version 10.4.
High-Performance Computing Mac OS X Server offers a high-performance, cost-effective approach to computationally intensive activities: Â Xgrid service. Xgrid computational service lets you achieve supercomputer performance levels by distributing computations over collections of dedicated or shared Mac OS X computers. The Xgrid cluster controller provides centralized access to the distributed computing pool, referred to as a computational cluster. Â 64-bit computing.
 Unified locking. Mac OS X Server unifies file locking across AFP and SMB/CIFS protocols. This feature lets users working on multiple platforms simultaneously share files without worrying about file corruption.  Service access. You can specify which users and groups can use services hosted by a server.  Pervasive Kerberos support.
 Trusted directory binding. Trusted directory binding, also called authenticated directory binding, provides an authenticated connection between a client computer and an LDAP directory on Mac OS X Server. Because the client computer authenticates the LDAP server before connecting to it, a malicious user can’t control the client computer by interposing a counterfeit, unauthenticated LDAP server.  Importing accounts. The performance of importing accounts into an LDAPv3 directory has been greatly improved.
 Junk mail and virus filtering. Mail service protects users from junk mail and other annoying or unauthorized messages. You can define filters that help minimize junk mail and viruses, filter out unsolicited commercial email, and detect messages that contain particular content. Junk mail filtering, based on the powerful SpamAssassin, includes an autolearning option.  Network gateway setup.
 iChat service. Mac OS X Server provides instant messaging for Macintosh, Windows, and Linux users. User authentication is integrated into Open Directory, and setup and administration of iChat service is done using the graphical Server Admin application. What’s in This Guide This guide includes five chapters.  Chapter 1, “Installation and Setup Overview,” is a road map to details presented in later chapters.
Additional chapters and appendixes that were part of the getting started guide first edition are now a separate document, Mac OS X Server Getting Started for Version 10.4 or Later, Supplement to Second Edition. Read it to familiarize yourself with Mac OS X Server usage scenarios, services, and terminology. The included setup example details how you might install Mac OS X Server and perform initial server setup in a small business. And you can use the included Mac OS X Server Worksheet for Version 10.
Using Onscreen Help You can view instructions and other useful information from this and other documents in the server suite by using onscreen help. On a computer running Mac OS X Server, you can access onscreen help after opening Workgroup Manager or Server Admin. From the Help menu, select one of the options: Â Workgroup Manager Help or Server Admin Help displays information about the application.
The Mac OS X Server Suite The Mac OS X Server documentation includes a suite of guides that explain the services and provide instructions for configuring, managing, and troubleshooting the services. All of the guides are available in PDF format from: www.apple.com/server/documentation/ This guide ... tells you how to: Getting Started, Getting Started Supplement, and Mac OS X Server Worksheet Install Mac OS X Server and set it up for the first time.
This guide ... tells you how to: Mac OS X Server Security Configuration Secure Mac OS X Server computers. Mail Service Administration Set up, configure, and administer mail services on the server. Migrating to Mac OS X Server From Windows NT Move accounts, shared folders, and services from Windows NT servers to Mac OS X Server. Network Services Administration Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall, and NAT services on the server.
This guide ... tells you how to: Web Technologies Administration Set up and manage a web server, including WebDAV, WebMail, and web modules. Windows Services Administration Set up and manage services including PDC, BDC, file, and print, for Windows computer users. Xgrid Administration Manage computational Xserve clusters using the Xgrid application. Mac OS X Server Glossary Learn about terms used for server and storage products.
Getting Additional Information For more information, consult these resources: Â Read Me documents—important updates and special information. Look for them on the server discs. Â Mac OS X Server website (www.apple.com/macosx/server/)—gateway to extensive product and technology information. Â Apple Service & Support website (www.apple.com/support/)—access to hundreds of articles from Apple’s support organization. Â Apple customer training (train.apple.
1 Installation and Setup Overview 1 Before installing and setting up Mac OS X Server, take the time to do a little planning and to become familiar with your options. This chapter is a roadmap to details presented in later chapters. It surveys the stages of installation and initial server setup and the options available to you during each stage.
Chapter 2, “Before You Begin,” on page 39 will help you understand what you might want to do now and what you can postpone until later. During the planning stage, you’ll also decide which installation and server setup options best suit your needs. The getting started supplement contains an example that illustrates server installation and initial setup in a small business scenario. Installing Server Software Some computers come with Mac OS X Server version 10.4 software already installed.
Upgrading and Migrating If you’re currently using a pre-10.4 version of Mac OS X Server and you want to reuse data and settings, you can upgrade or migrate to version 10.4. If you’re using Mac OS X Server version 10.3.9 or 10.2.8 and you don’t need to move to different computer hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data.
Local Installation From the Server Installation Disc If the target server has a keyboard and display attached, and if it has an optical drive, you can start installing Mac OS X Server locally by booting the server from an installation disc. Installer application or installer tool in Terminal application The Installer application, which automatically opens after startup, offers a graphical, guided way to install server software.
Remote Installation From the Server Installation Disc If the target server has no keyboard or display, or if it’s not the computer you’re using, you can use an administrator computer to install server software from the server installation disc. An administrator computer is a version 10.4 Mac OS X Server or version 10.4 Mac OS X computer onto which you’ve installed server management software. “Setting Up an Administrator Computer” on page 122 tells you how to set up a Mac OS X administrator computer.
Administrator computer Welcome >installer >installer Subnet 1 Subnet 2 Alternatively, you can use the command line. After booting the target server, connect to the target server from an administrator computer using SSH and follow the instructions in “Using the installer Command-Line Tool to Install Server Software” on page 73. If you have multiple servers onto which you want to install server software, start up each from an installation disc, then open a Terminal window for each installation.
If the target server lacks a keyboard, display, and optical drive that can read your installation disc, you can use the optical drive on an administrator computer connected to the target server using a FireWire cable. Administrator computer You start the server in target disk mode, which makes the target server appear as a FireWire hard disk on the administrator computer. (When you use this mode, you see a disk icon for each partition of the server’s hard disk on the desktop of the administrator computer.
After starting up the target server from an external optical drive, you use an administrator computer to initiate server software installation, or your can use VNC viewer software to control installation of Mac OS X Server v10.4.7 or later. You can also install server software on an Xserve system that lacks an optical drive by moving its drive module to another Xserve system that has an optical drive.
Mac OS X Server Administrator computer NetBoot target servers Destination Initiate server installation Target servers Initial Server Setup After installing server software, the next task is to set up the server. There are several ways to set up a server: Â You can set up one or more servers interactively. Â You can automate the setup of servers by using setup data you’ve saved in a file or in a directory the servers are configured to access.
Chapter 4, “Initial Server Setup,” on page 79 provides detailed instructions for all the server setup scenarios, summarized next following an explanation of what happens during initial server setup. Settings Established During Initial Server Setup During server setup, basic server settings are established: Â The language to use for server administration and the computer keyboard layout is defined. Â The server software serial number is set.
 The name “localhost”  Network interfaces (ports) are configured. TCP/IP and Ethernet settings are defined for each port you want to activate.  Network time service can be set up.  Services that require no additional configuration can be turned on. By default, to maximize security, the only server processes running after server setup are the essential ones needed for basic system function.
This is the technique you use to set up a local server, as “Setting Up a Local Server Interactively” on page 94 describes. You can also use this interactive approach to set up a remote server from an administrator computer. See “Setting Up a Remote Server Interactively” on page 95 for instructions. When multiple remote servers can use the same setup data, you can supply the data, then initiate setup of all the servers at once, using a batch approach.
When you want to customize the setup of individual servers, you can manage each setup individually from a different Server Assistant window. This approach is shown on the right side of the picture above. See “Setting Up Multiple Remote Servers Interactively One at a Time” on page 98 for instructions.
Using Setup Data Stored in a File When you place a setup file on a volume (CD, DVD, iPod, USB solid-state drive, disk partition) mounted locally on a server you’ve installed but not set up, the server detects the file and automatically uses it to set itself up. You could, for example, store multiple setup files on an iPod, then plug the iPod into the first server for which a setup file exists.
Then plug the iPod into the next server. iPod Each target server recognizes its own file, because it’s been named using one of its identifiers and resides in a known location. For example, a server with WXYZ1234 as the first eight characters of its built-in serial number would use this setup file to set itself up: /Volumes/MyIPod/Auto Server Setup/ WXYZ1234.plist. Or a server’s IP address can be used as an identifier. A server with the IP address 10.0.0.
Using Setup Data Stored in a Directory A target server can set itself up using setup data you’ve stored in a directory the server is configured to access. Although storing setup data in a directory is the most automated way to set up multiple servers, this approach requires that you set up an infrastructure first so that target servers can locate the setup data stored in the directory. The most critical components of the infrastructure are DHCP and Open Directory, as the following picture illustrates.
See “Setting Up Servers Automatically Using Data Saved in a Directory” on page 105 for instructions. Using Encryption By default, saved setup data is encrypted for extra security. Before any server sets itself up using encrypted data, it must have access to the passphrase used when the data was encrypted. The passphrase can be provided either interactively (using Server Assistant) or in a file on a local volume of the target server.
Keeping Current After you’ve set up your server, you’ll want to update it as Apple releases server software updates. There are several ways to access update releases of Mac OS X Server: Â Use the Software Update pane of System Preferences. Â Use the softwareupdate command-line tool. Â In Server Admin, select a server in the Computers & Services list, then click the Update button. Â Use the server’s software update service. Â Download a disk image of the software update from www.apple.
2 Before You Begin 2 Before installing and setting up Mac OS X Server, take the time to do a little planning.
Setting Up a Planning Team Involve individuals in the installation planning process who can represent various points of view: Â What day-to-day user requirements need to be met by a server? For what activities will server users and workgroups depend on the server? If the server will be used in a classroom, make sure that the instructor who manages its services and administers it day to day provides input.
Identifying the Servers You’ll Need to Set Up Conduct a server inventory: Â How many servers do you currently have? Â How are they used? Â How can you streamline the use of servers you want to keep? Â Are there any existing servers that need to be retired? Which ones can Mac OS X Server replace? Â Which non-Apple servers will Mac OS X Server need to be integrated with? Why? Â Do you have any Mac OS X Server computers that need to be upgraded to version 10.
 Home directories for network users can be consolidated onto one server or distributed among various servers. While you can move home directories if you need to, you may need to change a large number of user and share point records, so devise a strategy that will persist for a reasonable amount of time. See the user management guide for information about home directories.  Some services offer ways to control the amount of disk space used by individual users.
 Mac OS X Server offers extensive support for Windows users. You can consolidate Windows user support on servers that provide PDC services, or you can distribute services for Windows users among different servers. The Windows services administration guide describes the options available to you.  If you want to use software RAID to stripe or mirror disks, you’ll need two or more drives (they can’t be FireWire drives) on a server. See online help for Disk Utility for more information.
When you can’t use the upgrade approach, you can migrate data and settings. You’ll need to migrate, not upgrade, when: Â A version 10.2.8 or 10.3 server’s hard disk needs reformatting or doesn’t meet the minimum version 10.4 system requirements. “Understanding System Requirements for Installing Mac OS X Server” on page 54 describes the minimum requirements. Â You want to move data and settings you’ve been using on a version 10.2.8 or 10.3 server to different server hardware.
Defining an Integration Strategy Integrating Mac OS X Server into a heterogeneous environment has two aspects:  Configuring Mac OS X Server to take advantage of existing services  Configuring non-Apple computers to use Mac OS X Server The first aspect primarily involves directory services integration. Identify which Mac OS X Server computers will use existing directories (such as Active Directory, LDAPv3, and NIS directories) and existing authentication setups (such as Kerberos).
 Are there air conditioning or power requirements that need to be met? See the documentation that comes with server hardware for this kind of information.  Have you been thinking about upgrading elements such as cables, switches, and power supplies? Now may be a good time to do it.
Setting up DHCP will reflect the physical network topology you’ll be using. Â Another crucial infrastructure component is directory services, required for sharing data among services, servers, and user computers. The most common data you need to share is for users and groups, but configuration information such as mount records and other directory data is also shared.
Your particular needs may affect this sequence. For example, if you want to use VPN, NAT, or IP firewall services, you would factor their setup into the DNS and DHCP setups. The getting started supplement illustrates the steps you might take to set up the directory and network infrastructure of Mac OS X Server in a small business scenario. The supplement is located on the Mac OS X Server installation disc in the Documentation folder. The Preface tells you where else you can find the supplement.
When you move a server, take these guidelines into account: Â Minimize the time the server is in its temporary location so the amount of information you need to change is limited. Â Postpone configuring services that depend on network settings until the server is in its final location. Such services include Open Directory replication, Apache settings (such as virtual hosts), DHCP, and other network infrastructure settings that other computers depend on. Â Wait to import final user accounts.
Changing the Server’s Host Name After Setup When you perform initial server setup for new installations, Server Assistant sets the host name value by assigning AUTOMATIC to the hostname parameter in /etc/ hostname.
Determining the Installation and Setup Strategy to Use Review the installation and server setup options in Chapter 1, “Installation and Setup Overview,” on page 21. Select the options you want to use, then address the prerequisites for installation on page 55 and for initial server setup on page 80. Collecting and Organizing Information For each server you set up, fill out the Mac OS X Server Worksheet for Version 10.4 or Later.
3 3 Installing Server Software You can upgrade to Mac OS X Server version 10.4 from version 10.3 or 10.2 or you can install a fresh copy of Mac OS X Server version 10.4. Review the system requirements below and record information for each server you want to install using the Mac OS X Server Worksheet for Version 10.4 or Later (located on the Mac OS X Server installation disc). Then use the detailed installation instructions, which you’ll find as indicated in the following table.
Instructions for Are on “Using Server Assistant to Install Remotely From the Installation Disc” page 65 “Using a VNC Viewer to Install Remotely From the Installation DVD” page 68 “Upgrading a Computer From Mac OS X to Mac OS X Server” page 71 “Automating Server Software Installation With a Disk Image” page 72 “Using the installer Command-Line Tool to Install Server Software” page 73 “Installing Multiple Servers” page 77 Understanding System Requirements for Installing Mac OS X Server The Macin
A display and keyboard are optional. You can install server software on a computer that has no display and keyboard by using an administrator computer. “Setting Up an Administrator Computer” on page 122 describes how to set one up. If you’re using an installation disc for Mac OS X Server version 10.4.7 or later, you can control installation from another computer using VNC viewer software.
In addition to the installation DVD or CDs, Mac OS X Server includes the Mac OS X Server Admin Tools CD, which you use to set up an administrator computer. Upgrading and Migrating If you’re using computers with Mac OS X Server versions earlier than 10.4, consider updating them to version 10.4. If you’re using version 10.3.9 or 10.2.8 and you don’t need to move to different computer hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data.
Read the upgrading and migrating guide for more information. Note: You can’t update to a later 10.4 version by using a Mac OS X Server installation disc. For example, you can’t use an installation DVD for version 10.4.7 to update an earlier version. To learn how to update to the latest version, see “Keeping Current” on page 38.
Important: Don’t store additional software or user data on the hard disk or partition where the operating system is installed. With this approach, you won’t risk losing those files if you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive. Creating a RAID Set If the target server has a second physical drive, you can configure the target disk for RAID mirroring.
You can also use the Installer to open the Disk Utility application and then use it to erase the target volume or another volume. You can erase the target volume using the Mac OS Extended format or Mac OS Extended (Journaled) format. You can erase other volumes using either of those formats, Mac OS Extended format (Case-Sensitive) format, Mac OS Extended (Journaled, Case-Sensitive) format, or UNIX File System (UFS) format.
If you use VNC viewer software to remotely control installation of Mac OS X Server version 10.4.7 or later, it may let you select the target server from a list of available VNC servers. If not, you need to enter the IP address of the server (in IPv4 format: 000.000.000.000). The target server’s IP address is assigned by a DHCP server on the network; if no DHCP server exists, the target server uses a 169.xxx.xxx.xxx address unique among servers on the local subnet.
Important: Make sure the network is secure before you install or reinstall Mac OS X Server, because SSH gives others access to the computer over the network. For example, design the network topology so that you can make the server computer’s subnet accessible only to trusted users. Using a VNC Viewer to Prepare a Disk Before Installation Before beginning a clean installation of Mac OS X Server version 10.4.
If the target server has no built-in DVD-ROM drive, you can use an external FireWire DVD-ROM drive. You can also install server software on an Xserve system that lacks a DVD-ROM drive by moving its drive module to another Xserve system that has a DVDROM drive. 2 Use your VNC viewer software to open a connection to the target server. 3 Identify the target server. If the VNC viewer includes the target server in a list of available servers, select it in the list.
Using the Installer to Install Locally From the Installation Disc You can install Mac OS X Server directly onto a computer with a display, a keyboard, and an optical drive attached. If you have an installation DVD, the optical drive must be able to read DVD discs. You can also install directly onto a computer that lacks a display, keyboard, and optical drive capable of reading your installation disc.
With Disk Utility, you can partition the target disk or create a RAID set. You can also use Disk Utility to erase the disk using Mac OS Extended format. Important: Don’t store additional software or user data on the hard disk or partition where the operating system is installed. With this approach, you won’t risk losing those files if you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive.
If you’re using an administrator computer to install onto a server that’s in target disk mode and connected using a FireWire cable, quit Server Assistant when it starts automatically on the administrator computer. Shut down the administrator computer and the server. Then start up the administrator computer and the server normally (not in target disk mode). Now you can use Server Assistant from the administrator computer to remotely set up the server.
If the target server has a keyboard and display, you can use Disk Utility by opening it on the server (in /Applications/Utilities/). You can find instructions on disk preparation tasks by viewing Disk Utility Help. Alternatively, if you’re installing Mac OS X Server version 10.4.7 or later, you can control Disk Utility remotely from another computer using VNC viewer software. For instructions, see “Using a VNC Viewer to Prepare a Disk Before Installation” on page 61.
If the target server lacks a built-in optical drive that can read your installation disc, you can start it in target disk mode and insert the installation disc into the optical drive on your administrator computer. You can also use an external FireWire optical drive. If the target server is an Xserve, you can move its drive module to another Xserve system that has an optical drive capable of reading your installation disc.
Important: When you perform an upgrade installation, make sure that saved setup data won’t be inadvertently detected and used by the server. If saved setup data is used, existing server settings will be overwritten by the saved settings. See “How a Server Searches for Saved Setup Data” on page 81 for more information. 8 During installation, progress information is displayed. Insert the next installation disc if prompted.
If the target server is an Xserve with a built-in DVD-ROM drive, start the server using the installation DVD by following the instructions in the Xserve User’s Guide for starting from a system disc. If the target server has no built-in DVD-ROM drive, you can use an external FireWire DVD-ROM drive. You can also install server software on an Xserve system that lacks a DVD-ROM drive by moving its drive module to another Xserve system that has a DVDROM drive.
You can find instructions for partitioning the hard disk into multiple volumes, creating a RAID set, and erasing the target disk or partition by viewing Disk Utility Help. To view Disk Utility Help, open Disk Utility on another Macintosh computer with Mac OS X v10.4 and choose Help > Disk Utility Help. Important: Don’t store additional software or user data on the hard disk or partition where the operating system is installed.
10 During installation, progress information is displayed. While installation proceeds, you can use the VNC viewer to open a connection to another computer and install Mac OS X Server v10.4.7 or later on it. After installation is complete, the server restarts and closes the VNC viewer connection automatically. You can perform initial server setup interactively or automatically. Chapter 4, “Initial Server Setup,” on page 79 describes how.
Automating Server Software Installation With a Disk Image If you need to install server software on a large number of servers or if you need to reinstall server software frequently, you can automate installation by using an installation image that resides on disk rather than on the installation disc. To install server software using a disk image: 1 On a version 10.4 Mac OS X Server, open System Image Utility.
Using the installer Command-Line Tool to Install Server Software You use the installer tool to install server software on a local or remote computer from the command line. For detailed information about installer: Â See the command-line administration guide. Â Open the Terminal application and type installer, installer -help, or man installer. To use installer to install server software: 1 Start the target computer from the installation disc.
2 If you’re installing a local server, when the Installer opens choose Utilities > Open Terminal to open the Terminal application.
To list the volumes available for server software installation from the installation disc, type this command: /usr/sbin/installer -volinfo -pkg /System/Installation/Packages/ OSInstall.mpkg You can also identify a Network Install image you’ve created and mounted: /usr/sbin/installer -volinfo -pkg /Volumes/ServerNetworkImage10.4/ System/Installation/Packages/OSInstall.
6 Install the operating system on a volume from the list generated in step 4. For example, to use Mount 01 in the example in step 4 to install from a server installation disc, type: /usr/sbin/installer -verboseR -lang en -pkg /System/Installation/ Packages/OSInstall.mpkg -target "/Volumes/Mount 01" If you’re using a Network Install image, the command identifies them as step 4 shows.
Installing Multiple Servers You can use Server Assistant, VNC viewer software, or the installer tool to initiate multiple server software installations. After using Server Assistant to initiate server software installation on one remote computer, choose File > New Window to install the software on another computer. After using a VNC viewer to control installation of Mac OS X Server version 10.4.
4 4 Initial Server Setup Basic characteristics of your Mac OS X Server are established during initial server setup. Here’s a quick reference to the topics in this chapter. To read about See On Options and prerequisites “Saving Setup Data” “Specifying Initial Open Directory Usage” “Connecting to the Network During Initial Server Setup” “Configuring Servers With Multiple Ethernet Ports” page 80 page 87 page 92 page 93 Collecting information The Mac OS X Server Worksheet for Version 10.
To read about See Setting up servers automatically “Using Automatic Server Setup” page 100 “Setting Up Servers Automatically Using Data Saved in a File” page 101 “Setting Up Servers Automatically Using Data Saved in a page 105 Directory” On Monitoring and troubleshooting “Determining the Status of Setups” page 109 What to do after initial setup “Setting Up Services” page 112 Information You Need See the Mac OS X Server Worksheet for Version 10.
How a Server Searches for Saved Setup Data A freshly installed server sets itself up using saved setup data it finds while using the following search sequence. When the server finds any saved setup data that matches the criteria described, it stops searching and uses the data to set itself up. 1 The server first searches through locally mounted volumes for setup files in /Volumes/ */Auto Server Setup/, where * is a file system (device) name.
The next two sections provide more details about how to use saved setup data. Using Setup Data Saved in a File When you save setup data in a file, a target server automatically detects and uses the file if: Â Setup data the target server recognizes isn’t found in a directory the server is configured to use. See “Using Setup Data Saved in a Directory” on page 84 for information on how a server detects and uses directory data to set itself up.
generic.plist (a file that any server will recognize, used to set up servers that need the same setup values). If the serial number specified in the file isn’t site licensed, after setup you need to manually set it. Use Server Admin or the following command in the Terminal application: serversetup -setServerSerialNumber. Â The correct passphrase is provided to the server if the setup data is encrypted.
If you want to reuse saved setup data after reinstalling a server, you can store the server’s setup file(s) in a small local partition that isn’t erased when you reinstall the server. The setup files are automatically detected and reused after each reinstallation. Using Setup Data Saved in a Directory Using this approach offers the most unattended way to set up multiple servers, but it requires that you have a DHCP and directory infrastructure in place.
 The setup data is stored in the directory in a path named /AutoServerSetup/ and a record having one of these names; target servers search for names in the order listed: (include any leading zeros but omit colons). For example, 0030654dbcef. . For example, 10.0.0.4. . For example, myserver. (first 8 characters only). For example, ABCD1234. .
The passphrase file can have one of these names; target servers search for names in the order listed: .pass (include any leading zeros but omit colons). For example, 0030654dbcef.pass. .pass. For example, 10.0.0.4.pass. .pass. For example, myserver.pass. .pass (first 8 characters only). For example, ABCD1234.pass. .pass. For example, myserver.example.com.
Specifying Initial Open Directory Usage When you set up a server initially, you specify its directory services configuration. Choices are: Â No change, available only when upgrading from Mac OS X Server version 10.3.9 or 10.2.8. Â Standalone Server, used to set up only a local NetInfo directory domain on the server. Â Open Directory Master, used to set up an LDAP directory on the server for other computers to share.
After setup, use the Directory Access or Server Admin applications to refine the server’s directory configuration, if necessary. Directory Access lets you set up connections to multiple directories, including Active Directory and other non-Apple directory systems, and specify a search policy (the order in which the server should search through the domains). Server Admin lets you set up replicas of an Open Directory master and manage other aspects of a server’s directory service configuration.
See the Open Directory administration guide for information about all the directory usage options available to you and how to use Directory Access and Server Admin to make directory changes. See the upgrading and migrating guide for information on how to continue using existing directory data when you change directory service settings. If you choose the “No change” option and the server wasn’t using a Password Server, Open Directory authentication will be set up.
Setting Up a Server as an Open Directory Master When you want a server you’re setting up to host an LDAP directory for use by itself and other computers, make sure the server is connected to the network when you set it up and choose the directory usage option called Open Directory Master in Server Assistant. This option: Â Sets up an LDAP directory on the server. Â Creates a directory domain administrator for the directory.
Open Directory authentication is set up on the server and used by default for any users added to domains that reside on the server. Setting Up a Server to Connect to a Directory System When you want a server you’re setting up to use a shared directory on another computer, choose the directory usage option called Connected to a Directory System in Server Assistant.
You can set up a server to connect to a shared NetInfo directory on Mac OS X Server version 10.0 and later or an LDAP directory on version 10.2 or version 10.3. However, you may not be able to take advantage of some features: Â VPN service on version 10.3 or later requires MS-CHAP2 authentication, which isn’t available with version 10.2 and earlier. Â Replication isn’t supported by version 10.2 or earlier. Â Kerberos configuration is much more complex on version 10.2.
Configuring Servers With Multiple Ethernet Ports Your server has a built-in Ethernet port and may have additional Ethernet ports built in or added on. When you’re using Server Assistant to interactively set up one or more servers, all of a server’s available Ethernet ports are listed and you select one or more to activate and configure. When you work in Server Assistant’s offline mode, you click an Add button to manually create a list of ports to configure.
Setting Up a Local Server Interactively After server software has been installed on a server, you can use the interactive approach to set it up locally if you have physical access to the computer. To set up a local server interactively: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in “Information You Need” on page 80.
Postponing Local Server Setups Following Installation After installation of server software on a local computer is complete, the computer restarts and Server Assistant opens automatically. If you want to postpone server setup until a later time, press Command-Q. The computer shuts down. When it’s restarted, Server Assistant opens automatically.
6 In the Language pane, specify the language you want to use to administer the target server. 7 Use step 8 if you want to use saved setup data. Otherwise, use step 9. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to use. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it.
Setting Up Multiple Remote Servers Interactively in a Batch You can use the interactive approach to set up multiple servers as a batch if:  All the servers are accessible from an administrator computer  All the servers use the same setup data except for server software serial numbers and network identities (host name, computer name, and local hostname)  Network identities are provided by a DHCP or BootP server To set up multiple remote servers interactively in a batch: 1 Fill out the Mac OS X Server Work
7 Use step 8 if you want to use saved setup data. Otherwise, use step 9. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to use. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it.
To set up multiple remote servers interactively one at a time: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later for each server you want to set up. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in “Information You Need” on page 80. The Preface tells you where else you can find the worksheet. 2 Make sure the target servers and any DHCP or DNS servers you want them to use are running.
9 Click Continue and enter the setup data as you move through the Assistant’s panes, following the onscreen instructions. 10 After all setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 To save the setup data as a text file or in a form you can use for automatic server setup (a saved setup file or saved directory record), click Save As.
One way to use this approach is to use Server Assistant’s offline mode, which lets you work with setup data without connecting to specific servers. You specify setup data, then save it in a file or in a directory accessible from target servers, as the next two sections describe. Target servers on which Mac OS X Server version 10.4 software has been installed automatically detect the presence of the saved setup information and use it to set themselves up. You can define generic setup data.
2 On an administrator computer, open Server Assistant. It’s in /Applications/Server/. You don’t need to be an administrator on the administrator computer to use Server Assistant. 3 In the Welcome pane, select “Save setup information in a file or directory record” to work in offline mode, which doesn’t require a server connection. 4 In the Language pane, specify the language you want to use to administer the target server or servers. 5 If you want to create a new setup file, use step 6.
11 To encrypt the file, select “Save in Encrypted Format” then enter and verify a passphrase. You must supply the passphrase before an encrypted setup file can be used by a target server. 12 Click OK, navigate to the location where you want to save the file, name the file using one of the following options, and click Save; when searching for setup files, target servers search for names in the order listed: .plist (include any leading zeros but omit colons). For example, 0030654dbcef.
For example, if you have an iPod named AdminiPod, the path used would be /Volumes/ AdminiPod/Auto Server Setup/. 14 If the setup data is encrypted, make the passphrase available to the target server or servers. You can supply the passphrase interactively using Server Assistant, or you can provide it in a text file. To provide the passphrase in a file, use step 15. To provide it interactively, use step 16.
In the Welcome or Destination pane, choose File > Supply Passphrase. In the dialog box, enter the target server’s IP address, password, and the passphrase. Click Send. 17 If you’re using a generic setup file, and the serial number isn’t site licensed, after setup you must specify the server’s serial number by using Server Admin or the command line. In Server Admin, select the server, click Settings, and click General.
The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in “Information You Need” on page 80. The Preface tells you where else you can find the worksheet. 3 On an administrator computer, open Server Assistant. It’s in /Applications/Server/. You don’t have to be an administrator on the administrator computer to use Server Assistant.
10 After all the setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 Click Save As, then select “Directory Record.” 12 To encrypt the file, select “Save in Encrypted Format” then enter and verify a passphrase. You must supply the passphrase before an encrypted directory record can be used by a target server. 13 Specify the directory where you want to save the setup, name the setup record, and click OK.
The directory server storing the setup record needs to be running. DHCP needs to be configured to identify the directory server to the target servers using Option 95. In addition, you may need to have DNS configured if your directory data includes DNS names. See “Defining Server Setup Infrastructure Requirements” on page 46 for some additional infrastructure information. The Open Directory and network services administration guides provide instructions for setting up directories and DHCP.
Put the passphrase file on a volume mounted locally on the target server in /Volumes/ */Auto Server Setup/, where * is any device that is mounted under the directory /Volumes. 17 To provide a passphrase interactively, use Server Assistant on an administrator computer that can connect with the target server. In the Welcome or Destination pane, choose File > Supply Passphrase. In the dialog box, enter the target server’s IP address, password, and the passphrase. Click Send.
If the server of interest isn’t listed, click Add to list it. Select the server and review the information displayed. You can save a list of servers you’re interested in monitoring in the Destination pane using File > Save Server List. When you want to monitor the status of those servers, choose File > Load Server List. Handling Setup Failures When a server’s setup fails, an error log is created as /System/Library/ServerSetup/ Configured/POR.err on the target server.
If a local server setup fails, you can restart the computer, rerun Server Assistant, and reinitiate setup, or you can reinstall the server software. Handling Setup Warnings When setup completes but a condition that warrants your attention exists, a warning log is created as /Library/Logs/ServerAssistant.POR.status on the target server. Click the target server’s desktop link named ServerAssistant.status to open this file.
Setting Up Services The following sections survey initial setup of individual services and tell you where to find complete instructions for tailoring services to support your needs. Setting Up Open Directory Unless your server needs to be integrated with another vendor’s directory system or the directory architecture of a server you’re upgrading needs changing immediately, you can start using the directories you configured during server setup right away.
3 Click the New User button. 4 Specify user settings in the panes that appear. You can set up user accounts by using Workgroup Manager to import settings from a file. The user management guide tells you how to define user settings, set up group accounts and computer lists, define managed preferences, and import accounts. Setting Up File Services When you turn on file sharing services, users can share items in selected folders.
4 Select a volume or folder you want to share from the All list. 5 Click General, then select “Share this item and its contents.” 6 Click the other tabs to specify attributes for the share point. The file services administration guide provides instructions for managing share points and for configuring file sharing using all the protocols.
Setting Up Web Service You can use the Apache HTTP Server that comes with Mac OS X Server to host server and individual user websites. If you turned on web service in Server Assistant, your server is ready to serve HTML pages from the general server and individual user sites folders. Â To view the main server site, open a web browser on any computer with access to the server and type the server’s IP address or domain name.
The web technologies administration guide describes the many features of web service, including how to set up SSL for a site, enable WebMail, and use WebDAV for file sharing. Setting Up Mail Service If you didn’t turn on email service in Server Assistant, you can start it by using Server Admin, in the same fashion described above for other services. Providing full mail service for your users requires additional configuration.
Setting Up System Image and Software Update Services For details on using NetBoot and Network Install to simplify the management and installation of client operating systems and other software, see the system imaging and software update administration guide. It tells you how to create disk images and set up Mac OS X Server so other Macintosh computers can start up from, or install, those images over the network.
Setting Up a WebObjects Server If you want to develop WebObjects applications, see the WebObjects Reference Library, available at developer.apple.com/referencelibrary/WebObjects/. If you want to set up a WebObjects application server, see the Deployment section of the WebObjects Reference Library. To turn on WebObjects if it’s not running: 1 Open Server Admin. 2 In the list beneath the server of interest, click WebObjects. 3 Click Start Service.
5 Server Administration 5 Manage Mac OS X Server using graphical applications or command-line tools. These tools offer a diversity of approaches to server administration: Â You can administer servers locally (directly on the server you’re using) or remotely, from another server, a Mac OS X computer, or a UNIX workstation. Â Graphical applications, such as Server Admin and Workgroup Manager, offer easy-touse server administration and secure communications for remote server management.
Using the Administration Tools Information about individual administration tools can be found on the pages indicated in the following table. 120 Use this application or tool To For more information, see Installer Install server software or upgrade it from version 10.2 or 10.3 page 123 Server Assistant Set up a version 10.
Use this application or tool To For more information, see QTSS Publisher Manage media and prepare it for streaming or progressive download page 146 Apple Remote Desktop (optional) Monitor and control other Macintosh computers page 147 Command-line tools Administer a server using a UNIX command shell page 148 Xgrid Admin Monitor local or remote Xgrid controllers, grids, and jobs page 149 The next section describes how to set up a computer on which you can use these applications and tools.
Setting Up an Administrator Computer An administrator computer is a computer with Mac OS X or Mac OS X Server version 10.4 or later that you use to manage remote servers. In the picture below, the arrows originate from administrator computers and point to servers the administrator computers might be used to manage. Mac OS X administrator computer Mac OS X Servers Once you’ve installed and set up a Mac OS X Server that has a display, keyboard, and optical drive, it’s already an administrator computer.
In addition, make sure the computer has at least 128 MB of RAM and 1 GB of unused disk space. 2 Insert the Mac OS X Server Admin Tools CD. 3 Open the Installer folder. 4 Start the installer (ServerAdministrationSoftware.mpkg) and follow the onscreen instructions. Using a Non-Mac OS X Computer for Administration You can use a non-Mac OS X computer that offers SSH support, such as a UNIX workstation, to administer Mac OS X Server using command-line tools.
Server Assistant Server Assistant (located in /Applications/Server/) is used for:  Remote server installations  Initial setup of a local server  Initial setup of one or more remote servers  Preparing data for automated server setups See Chapter 4, “Initial Server Setup,” for information about how to use Server Assistant. You can also click the Learn More button in Server Assistant for usage information.
Information about using Workgroup Manager appears in several documents: Â The user management guide explains how to use Workgroup Manager for account and preference management. This guide also explains how to configure managed network views and how to import and export accounts. Â The file service administration guide explains how to use Sharing in Workgroup Manager to manage share points. Â The Open Directory administration guide describes how to use the Inspector.
 To authenticate as an administrator for a particular server, local or remote, enter the server’s IP address or DNS name in the login dialog box, or click Browse to choose from a list of servers. Specify the user name and password for an administrator of the server, then click Connect. Use this approach when you’ll be working most of the time with a particular server.
To simplify defining an account’s initial attributes when you create the account, you can use presets. A preset is an account template. To create a preset, select an account, set up all the values the way you want them, then choose Save Preset from the Presets pop-up menu at the bottom of the window. If you want to work with only accounts that satisfy very specific criteria, click Search in the toolbar. The Search features include the option for batch editing selected accounts.
Defining Managed Preferences To work with managed preferences for user accounts, group accounts, or computer lists, click the Preferences icon in the Workgroup Manager toolbar.
Click Details to use the preference editor to work with preference manifests.
Working With Directory Data If you want to work with raw directory data, use Workgroup Manager’s Inspector. To display the Inspector, choose Workgroup Manager > Preferences. Enable “Show “All Records” tab and inspector” and click OK. Select the “All records” button (which looks like a bull’s-eye) to access the Inspector. Use the pop-up menu above the Name list to select the records of interest. For example, you can work with users, groups, computers, share points, and many other directory objects.
Managing Sharing To work with share points and access control lists, click the Sharing icon in the Workgroup Manager toolbar.
Configuring Managed Network Views To configure how resources are listed when a user selects the Network icon in the sidebar of a Finder window, define a managed network view. Click Network in the Workgroup Manager toolbar, then click Layout to specify the objects in the view hierarchy.
Click Settings to specify which computers should use a particular view. Customizing the Workgroup Manager Environment There are several ways to tailor the Workgroup Manager environment: Â You can control the way Workgroup Manager lists accounts, whether it should use SSL transactions for Sharing, and other behaviors by choosing Workgroup Manager > Preferences. Â To customize the toolbar, choose View > Customize Toolbar.
 To include predefined users and groups in the user and group lists, choose View > Show System Users and Groups.  To open Server Admin so you can monitor and work with services on particular servers, click the Admin icon in the toolbar. Server Admin You use Server Admin to administer services on one or more Mac OS X Server computers.
Working With Specific Servers The servers you can administer using Server Admin appear in the Computers & Services list on the left side of the application window. To add a server to the Computers & Services list, click Add Server in the toolbar and log in to the server; the next time you open Server Admin, any server you’ve added is displayed in the list. To remove a server from the Computers & Services list, select the server, choose Server > Disconnect, and choose Server > Remove Server.
If a server in the Computers & Services list appears gray, double-click the server or click the Connect button in the toolbar to log in again. Check the “Add to Keychain” option while you log in to enable autoreconnect the next time you open Server Admin. To work with general server settings, select a server in the Computers & Services list. Â Click Overview to view information about the server. Â Click Logs to view the system log and software update log.
Macintosh Manager is enabled only if an upgrade installation was used to upgrade a version 10.2 or 10.3 server to version 10.4. See “Upgrading and Migrating From an Earlier Version of Mac OS X Server” on page 43 for more information about upgrade installations. SSH is the abbreviation for Secure Shell. The server uses the open source OpenSSH project for its SSH implementation. When you enable SSH, you can use commandline tools to remotely administer the server.
Administering Services To work with a particular service on a server selected in the Computers & Services list of Server Admin, click the service in the list under the server. You can view information about a service (logs, graphs, and so forth) and manage its settings. To start or stop a service, select it then click Start Service or Stop Service in the toolbar.
You can disable changes to service settings by unauthorized individuals by using Server Admin’s view locking options. Â To disable changes to service settings following a period of inactivity, choose Server Admin > Preferences. Select “Auto-lock view after” and specify the period, which is 60 minutes by default. Â To disable changes on demand, choose View > Lock View. To reenable changes, choose View > Unlock View and reauthenticate using the name and password used to log in to the system.
Controlling Access to Services You can use Server Admin to configure which users and groups can use services hosted by a server. Select a server in the Computers & Services list, click Settings, then click Access. You can separately specify access controls for individual services, or you can define one set of controls that applies for all services that the server hosts.
Using SSL for Remote Server Administration You can control the level of security of communications between Server Admin and remote servers by choosing Server Admin > Preferences. By default, “Use secure connections (SSL)” is enabled, and all communications with remote servers are encrypted using SSL. This option uses a self-signed 128-bit certificate installed in /etc/servermgrd/ssl.crt/ when you install the server. Communications use the HTTPS protocol (port 311).
Customizing the Server Admin Environment To control the Server Admin environment, you have several options. Â To control the appearance of the Server Admin lists, refresh rates, and other behaviors, choose Server Admin > Preferences. Â To customize the toolbar, choose View > Customize Toolbar. Â To add a button to the toolbar that’s a shortcut to a particular Server Admin view, go to the pane you want then choose View > Add Shortcut to View.
System Image Management You can use the following Mac OS X Server applications to set up and manage NetBoot and Network Install images: Â System Image Utility creates Mac OS X disk images. It’s installed with Mac OS X Server software in the /Applications/Server/ folder. Â Server Admin enables and configures NetBoot service and supporting services. It’s installed with Mac OS X Server software in the /Applications/Server/ folder.
Server Monitor You use Server Monitor to monitor local or remote Xserve hardware and trigger email notifications when circumstances warrant attention. Server Monitor shows you information about the installed operating system, drives, power supply, enclosure and processor temperature, cooling blowers, security, and network. Server Monitor is installed in /Applications/Server/ when you install your server or set up an administrator computer.
To identify the Xserve server to monitor, click Add Server, identify the server of interest, and enter user name and password information for an administrator of the server. Use the “Update every” pop-up menu in the Info pane to specify how often you want to refresh data. Choose File > Export or File > Import to manage different lists of Xserve servers you want to monitor. Choose File > Merge to consolidate lists into one.
Media Streaming Management The QuickTime Streaming Server 5.5 administration guide provides instructions for administering a QuickTime streaming server (QTSS) using Server Admin. The QuickTime Streaming Server 5.5 administration guide also describes QTSS Publisher, an easy-to-use application for managing media and preparing it for streaming or progressive download. QTSS Publisher is installed with Mac OS X Server in /Applications/Server/.
Apple Remote Desktop Apple Remote Desktop (ARD), which you can optionally purchase, is an easy-to-use network-computer management application. It simplifies the setup, monitoring, and maintenance of remote computers and lets you interact with users. You can use ARD to control and observe computer screens. You can configure computers and install software. You can conduct one-on-one or one-to-many user interactions to provide help or tutoring. You can perform basic network troubleshooting.
You can also use ARD to control installation on a computer that you have started up from an installation disc for Mac OS X Server version 10.4.7 or later, because ARD includes VNC viewer capability. For more information on Apple Remote Desktop, go to: www.apple.com/remotedesktop/ Command-Line Tools If you’re an administrator who prefers to work in a command-line environment, you can do so with Mac OS X Server.
Xgrid Admin You can use Xgrid Admin to monitor local or remote Xgrid controllers, grids, and jobs. You can add controllers and agents to monitor and specify agents that have not yet joined a grid. You also use Xgrid Admin to pause, stop, or restart jobs. Xgrid Admin is installed in /Applications/Server/ when you install your server or set up an administrator computer. To open Xgrid Admin, double-click the Xgrid Admin icon in /Applications/Server/. For additional information, see Xgrid Admin help.
A administrator computer setup 122 Apple Remote Desktop (ARD) 147 automating server setup 101 automating server software installation 72 C command-line tools 148 D Directory Access 124 documentation 17 E exporting users and groups 127 G Gateway Setup Assistant 142 I importing accounts 127 installation 21 Index Index installation planning changing the server’s host name after setup 50 collecting and organizing information 51 defining a migration strategy 43, 56 defining an integration strategy 45 defi
preset 127 Property List Editor 143 S Server Admin 134 administering services 138 controlling access to services 140 customizing the Server Admin environment 142 opening and authenticating 134 using SSL for remote server administration 141 working with servers 135 server administration guides 17 Server Assistant 124 Server Monitor 144 server setup 21 automated setup using directory data 105 automatic setup using data in a file 101 basic settings that are established 30 information you need 80 152 Index
