Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
101102103104105106107108109110
Chapter 5 Setting Up Open Directory Services 101
If any item in the array of preference categories has a small arrow next to its icon, the
item has managed preference settings. To remove managed preferences from an item,
click the item, select Not Managed, and click Apply Now. If the item has multiple panes,
select Not Managed in each pane, then click Apply Now.
6 To delegate Kerberos authority to user accounts, create the accounts:
a Make sure you are working in the LDAP directory of the Open Directory master server.
If necessary, click the small globe icon and use the pop-up menu to open this
directory, then click the lock and authenticate as an administrator of this directory.
b Click the Users button (on the left), then click New User or choose Server > New User.
c Enter a name, short name, and password.
d Make sure “User can access account” or “User may administer this server” are
not selected.
You can change settings in other panes, but do not change the User Password Type
setting in the Advanced pane. A user with delegated Kerberos authority must have
an Open Directory password.
7 Click Save to save the new user account.
8 Open Server Admin and connect to the Open Directory master server.
9 Click the triangle at the left of the server.
The list of services appears.
10 From the expanded Servers list, select Open Directory.
11 Click Settings, then click General.
12 Conrm that the Role is Open Directory Master, then click Add Kerberos Record and
enter the following information:
 Administrator Name: Enter the name of an LDAP directory administrator on the
Open Directory master server.
 Administrator Password: Enter the password of the administrator account you entered.
 Conguration Record Name: Enter the fully qualied DNS name as you entered it
when adding the dependent server to the computer group in step 2.
 Delegated Administrators: Enter a short or long name for each user account to which
you want to delegate Kerberos authority for the specied server.
13 Click Add, then click Save to delegate Kerberos authority as specied.
To delegate authority for more than one dependent server, repeat this procedure for
each one.
For more information about joining a server to an Open Directory Kerberos realm,
see Joining a Server to a Kerberos Realm on page 102.