034-2412_Cvr 9/12/03 10:19 AM Page 1 Mac OS X Server Getting Started For Version 10.
LL2412CR Page 2 Thursday, September 11, 2003 3:47 PM K Apple Computer, Inc. © 2003 Apple Computer, Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid for support services.
LL2343.Book Page 3 Thursday, August 14, 2003 5:12 PM 1 Preface 9 9 9 10 11 12 13 13 13 13 13 14 Part I Contents About This Guide What’s New in Version 10.
LL2343.
LL2343.Book Page 5 Thursday, August 14, 2003 5:12 PM 51 51 52 55 55 55 58 58 59 59 60 60 60 Part II Workgroup Manager Opening and Authenticating in Workgroup Manager Using Workgroup Manager Server Admin Opening and Authenticating in Server Admin Using Server Admin System Image Management Server Monitor Media Streaming Management Apple Remote Desktop Command-Line Tools Macintosh Manager Working With Version 10.2 Servers From Version 10.
LL2343.Book Page 6 Thursday, August 14, 2003 5:12 PM 80 80 81 82 82 82 82 83 85 85 85 88 6 Information You Need Upgrading From Version 10.1 or 10.
LL2343.
LL2343.
About This Guide Preface LL2343.Book Page 9 Thursday, August 14, 2003 5:12 PM This guide provides an orientation to the features and initial setup of Mac OS X Server version 10.3. The guide will help you prepare your server to start serving your users and your business needs. What’s New in Version 10.3 Mac OS X Server version 10.3 builds on the award-winning capabilities of version 10.
LL2343.Book Page 10 Thursday, August 14, 2003 5:12 PM • Optimized for the G5. Mac OS X Server version 10.3 features support for Apple’s G5 systems. In addition to benefiting from the increased performance and faster clock speed of the ultrafast 64-bit processor, Mac OS X Server enables users to leverage the advanced capabilities of the G5-based architecture, such as native double-precision (64-bit) arithmetic and support for more than 4 GB of physical memory.
LL2343.Book Page 11 Thursday, August 14, 2003 5:12 PM Enhanced Network and Directory Services Network and directory services in Mac OS X Server version 10.3 have been greatly enhanced to provide more scalability, performance, and enterprise-strength capabilities: • Open Directory 2—robust LDAP solution with Kerberos authentication. Mac OS X Server version 10.3 features Open Directory 2, the latest version of Apple’s standardsbased directory and authentication services architecture.
LL2343.Book Page 12 Thursday, August 14, 2003 5:12 PM • Support from home directories—Support for streaming movies from users’ network home directories. • Apache web server deployment and configuration enhancements. Mac OS X Server version 10.3 features an enhanced user interface for configuring Apache—the world’s most widely used web server.
LL2343.Book Page 13 Thursday, August 14, 2003 5:12 PM New Workgroup and Desktop Management Features Mac OS X Server version 10.3 improves your ability to manage Macintosh client desktops: • Enhanced image management. You can create a NetBoot or Network Install image that mimics an existing system. The source of the image can be a volume or a partition. Other image management enhancements include improved client filtering and diskless NetBoot for Mac OS X clients. • Mobile accounts.
LL2343.Book Page 14 Thursday, August 14, 2003 5:12 PM Getting Additional Information Mac OS X Server comes with a suite of guides that explain the services and provide instructions for configuring, managing, and troubleshooting them. Most of these documents come on the Mac OS X Server Administration Tools disc. All of them are available in PDF format from www.apple.com/server/documentation/. This guide Tells you how to Mac OS X Server Migration To Version 10.
LL2343.Book Page 15 Thursday, August 14, 2003 5:12 PM For more information, consult these resources: • Read Me documents contain important updates and special information. Look for them on the server discs. • Online help, available from the Help menu in all the server applications, provides onscreen instructions for administration tasks as well as late breaking news and web updates. • Apple support web pages and Knowledge Base provide answers to common questions and the latest information updates.
LL2343.
LL2343.Book Page 17 Thursday, August 14, 2003 5:12 PM Part I: Introduction to Mac OS X Server I The chapters in this part of the guide introduce you to Mac OS X Server and the applications and tools available for administering its services.
LL2343.
LL2343.Book Page 19 Thursday, August 14, 2003 5:12 PM 1 Mac OS X Server in Action 1 Mac OS X Server addresses the needs of many environments.
LL2343.Book Page 20 Thursday, August 14, 2003 5:12 PM Enterprise Organizations In large organizations, Mac OS X Server helps you support the special needs of departments and workgroups, but centralize corporate-level services.
LL2343.Book Page 21 Thursday, August 14, 2003 5:12 PM • Mac OS X Server integrates well with existing corporate services, from directory systems to Simple Network Management Protocol (SNMP) implementations. • In addition to hosting replicated Open Directory domains for local authentication, departmental servers can be tailored to support workgroup needs.
LL2343.Book Page 22 Thursday, August 14, 2003 5:12 PM • The wide range of client computers—Macintosh, Windows, UNIX, Linux—demands • • • • • • flexible file access support. The highly scalable IP-based file services in Mac OS X Server support file access from anywhere on the network via Apple Filing Protocol (AFP), Network File System (NFS), File Transfer Protocol (FTP), and Server Message Block (SMB). Mac OS X Server can host home directories for users of all these client computers.
LL2343.Book Page 23 Thursday, August 14, 2003 5:12 PM Teachers need file services support so they can make lesson plans and teaching materials available to students online. Teachers also need a way to retrieve and perhaps update student records and other administrative information that is centralized on a remote server.
LL2343.Book Page 24 Thursday, August 14, 2003 5:12 PM Small and Medium Businesses Small businesses (fewer than 100 employees) and medium businesses (about 100 to 500 employees) benefit from cross-platform file and printer sharing, network services, mail, web, and database applications. The directory and network services in the following picture reside on one Mac OS X Server, while a second server hosts mail, web, and other employee productivity services.
LL2343.Book Page 25 Thursday, August 14, 2003 5:12 PM • Network Address Translation (NAT) service lets employees share a single Internet connection. NAT converts all client IP addresses to one IP address for Internet communications. Computational Clustering Clusters of Xserves offer a high-performance, cost-effective approach to the computationally intensive processing needed for genetic research, video production, or other high-bandwidth computing.
LL2343.Book Page 26 Thursday, August 14, 2003 5:12 PM You can write, compile, and debug using C, C++, Objective-C, or Java. Project Builder can be used to port command-line applications to Mac OS X and Mac OS X Server or to enhance them with a Mac OS X user interface. • An administrator computer, such as an iBook running Mac OS X Server administrative applications, can be used to manage the entire network.
LL2343.Book Page 27 Thursday, August 14, 2003 5:12 PM Web Service Providers Mac OS X Server provides the full range of services you need if you host ecommerce websites or provide other Internet services that require high availability and scalability.
LL2343.Book Page 28 Thursday, August 14, 2003 5:12 PM • QuickTime Streaming Server lets you broadcast multimedia in real time, including live QuickTime Broadcaster streams. • Xserve RAID provides extended storage. • High availability support includes automatic restart following a service or power failure and IP failover. IP failover can be configured using IP over FireWire, which lets you interconnect redundant servers without using up gigabit Ethernet ports.
LL2343.Book Page 29 Thursday, August 14, 2003 5:12 PM 2 Inside Mac OS X Server 2 Mac OS X Server blends a mature, stable UNIX foundation with open standards support and Macintosh ease of use. This chapter introduces the services that Mac OS X Server offers and tells you where to find more information about them. Core System Services Mac OS X Server is built on top of Darwin—the core Mac OS X operating system. Darwin integrates Mach 3.0 operating-system services based on 4.
LL2343.Book Page 30 Thursday, August 14, 2003 5:12 PM Open Directory Open Directory is Mac OS X Server’s directory services framework. Directory services are the means by which a server and its clients (users and services) locate and retrieve information needed for authentication, network resource discovery, and other crucial system activities. User and group information is needed to authenticate users when they log in and to authorize their access to services and files.
LL2343.Book Page 31 Thursday, August 14, 2003 5:12 PM Using Other Directories Open Directory lets you take advantage of information you have already set up in nonApple directories and in flat files: • On other LDAPv3 servers • On Active Directory servers • In Berkeley Software Distribution (BSD) configuration files • In Sun Microsystems Network Information System (NIS) files Mac OS X Server provides full read/write and Secure Sockets Layer (SSL) communications support for LDAPv3 directories.
LL2343.Book Page 32 Thursday, August 14, 2003 5:12 PM The following services on Mac OS X Server support Kerberos authentication: AFP, mail, FTP, SSH, and login window. • Storing passwords in user accounts. This approach may be useful when migrating user accounts from earlier server versions. However, this approach may not support clients that require certain network-secure authentication protocols, such as APOP. • Non-Apple LDAPv3 authentication.
LL2343.Book Page 33 Thursday, August 14, 2003 5:12 PM Group Accounts Group accounts offer a simple way to manage a collection of users with similar needs. A group account stores the identities of users who belong to the group as well as information that lets you customize the working environment for members of a group. Home Directories A home directory is a folder where a user’s files and preferences are stored.
LL2343.Book Page 34 Thursday, August 14, 2003 5:12 PM • You can set up mobile accounts to support users who use their computers both on and off the network. Mobile Accounts Mobile accounts let the user of a Mac OS X version 10.
LL2343.Book Page 35 Thursday, August 14, 2003 5:12 PM • NetBoot simplifies the administration of large-scale deployments of network-based Macintosh systems or racks of Xserves. It’s ideal for an organization with a number of computers that need to be identically configured; for example, NetBoot can offer a web service provider a way to configure multiple web servers.
LL2343.Book Page 36 Thursday, August 14, 2003 5:12 PM The file services administration guide describes how to set up and manage Mac OS X Server file services. The Windows services administration guide provides information on sharing files with Windows users. Sharing You share files among users by designating share points. A share point is a folder, hard disk (or hard disk partition), or CD that you make accessible over the network. It’s the point of access at the top level of a group of shared items.
LL2343.Book Page 37 Thursday, August 14, 2003 5:12 PM Windows file service provides several ways to manage locks for Windows share points: • Opportunistic locking offers a way to optimize performance for share points used only by Windows clients. Opportunistic locking is disabled by default because it is not compatible with NFS or AFP. Opportunistic locks, which allow clients to do more dynamic client-side caching, are only enforced by SMB.
LL2343.Book Page 38 Thursday, August 14, 2003 5:12 PM Mac OS X Server supports anonymous FTP and by default prevents anonymous FTP users from deleting files, renaming files, overwriting files, and changing file permissions. Explicit action must be taken by the server administrator to allow uploads from anonymous FTP users, and then only into a specific share point. Print Service Print service in Mac OS X Server lets you share network and direct-connect printers among clients on your network.
LL2343C2 Page 39 Monday, August 18, 2003 11:38 AM Web service’s Secure Sockets Layer (SSL) support enables secure encryption and authentication for ecommerce websites and confidential materials. An easy-to-use digital certificate provides non-forgeable proof of your website identity. Mac OS X Server offers extensive support for dynamic websites: • Web service supports Java Servlets, JavaServer Pages, MySQL, PHP, Perl, and UNIX and Mac CGI scripts.
LL2343.
LL2343.Book Page 41 Thursday, August 14, 2003 5:12 PM Mac OS X Server provides administration tools for service configuration management and zone control as well as for monitoring, providing a graphical way to: • Enable zone transfers and recursion • Specify interfaces on which to listen for DNS requests • Maintain blocked host lists • Work with log files • Manage zones and their records Firewall Firewall service protects your server and the content you store on it from intruders.
LL2343.Book Page 42 Thursday, August 14, 2003 5:12 PM VPN You can set up a Virtual Private Network (VPN) using Mac OS X Server. VPN is a network transmission protocol that uses encryption and other technologies to provide secure communications over a public network. Typically the public network is the Internet, but VPNs are also used to support connections between multiple intranets within the same organization and to join networks between two organizations to form an extranet.
LL2343.Book Page 43 Thursday, August 14, 2003 5:12 PM Two QuickTime applications that come with Mac OS X Server help you prepare content for streaming: • QTSS Publisher lets you upload content to the streaming server and prepare it for delivery. It provides these key features: creation and management of playlists, generation of content directory websites, and editing of content annotations. The QuickTime Streaming Server administration guide describes how to use QTSS Publisher.
LL2343.Book Page 44 Thursday, August 14, 2003 5:12 PM JBoss JBoss is a widely used full-featured Java application server. It provides a full Java 2 Platform, Enterprise Edition (J2EE) technology stack with features such as: • An Enterprise Java Bean (EJB) container • Java Management Extensions (JMX) • Java Connector Architecture (JCA) Mac OS X Server provides easy-to-use graphical tools for configuring and monitoring JBoss and simplifying the deployment of JBoss applications.
LL2343.Book Page 45 Thursday, August 14, 2003 5:12 PM For Windows users, your server can provide VPN service, file and printer sharing, and Open Directory authentication. You can also host Windows user home directories if you set up a Windows PDC on Mac OS X Server. You’ll find instructions for setting up a server to work with other vendors’ products in several guides: • The Open Directory administration guide provides guidelines and instructions for integrating into existing directory systems.
LL2343.
LL2343.Book Page 47 Thursday, August 14, 2003 5:12 PM 3 3 Server Administration Manage Mac OS X Server using graphical applications or command-line tools. These tools offer a diversity of approaches to server administration: • You can administer servers locally (directly on the server you are using) or remotely—from another server, a Mac OS X computer, or a UNIX workstation.
LL2343.
LL2343.Book Page 49 Thursday, August 14, 2003 5:12 PM Setting Up an Administrator Computer An administrator computer is a computer with Mac OS X or Mac OS X Server version 10.3 or later that you use to manage remote servers. Once you’ve installed and set up a Mac OS X Server that has a display, keyboard, and optical drive, it is already an administrator computer. To make a computer with Mac OS X into an administrator computer, you need to install additional software.
LL2343.Book Page 50 Thursday, August 14, 2003 5:12 PM Installer Use the Installer to install server software on a local server from the install discs that came with your server. The Installer lets you perform: • A clean installation of Mac OS X Server, which installs version 10.3 after erasing and formatting a target disk • An upgrade installation, which upgrades version 10.1 or 10.2 servers to version 10.
LL2343.Book Page 51 Thursday, August 14, 2003 5:12 PM Workgroup Manager You use Workgroup Manager to administer user, group, and computer accounts, work with managed client preferences for Mac OS X users, manage share points, and access the Inspector, an advanced feature that lets you do raw editing of Open Directory entries. Information about using Workgroup Manager appears in several documents: • The user management guide explains how to use Workgroup Manager for account and preference management.
LL2343C3 Page 52 Wednesday, August 27, 2003 4:36 PM Using Workgroup Manager After login, the user account window appears, showing a list of user accounts. Initially, the accounts listed are those stored in the last directory node of the server’s search path. Here is how to get started with the major tasks you perform with this application: • To administer user, group, or computer accounts, click the Accounts icon in the toolbar.
LL2343.Book Page 53 Thursday, August 14, 2003 5:12 PM • To work with managed client preferences for user, group, or computer accounts, click the Preferences icon in the toolbar. • To work with share points, click the Sharing icon in the toolbar.
LL2343.Book Page 54 Thursday, August 14, 2003 5:12 PM • To display the Inspector, choose Workgroup Manager > Preferences. Enable the setting that shows the Inspector and click OK. Select the “All records” button (which looks like a bull’s-eye) to access the Inspector. • To control the Workgroup Manager environment, you have several options. To control the way Workgroup Manager lists users and groups, whether it should use SSL transactions, and other behaviors, choose Workgroup Manager > Preferences.
LL2343.Book Page 55 Thursday, August 14, 2003 5:12 PM Server Admin You use Server Admin to administer services on one or more Mac OS X Server computers. Opening and Authenticating in Server Admin Server Admin is installed in /Applications/Server/. To open Server Admin, click the Server Admin icon in the Dock or click the Admin button on the Workgroup Manager toolbar. To select a server to work with, enter its IP address or DNS name in the login dialog, or click Browse to choose from a list of servers.
LL2343.Book Page 56 Thursday, August 14, 2003 5:12 PM To add a server to the Computers & Services list, click Add Server in the toolbar and log in to the server. The next time you open Server Admin, any server you have added is displayed in the list. To limit the items that appear in the Computers & Services list, use the pop-up menu above the list to select the items you want to see listed. To change the order of servers in the list, drag a server to the new location in the list.
LL2343.Book Page 57 Thursday, August 14, 2003 5:12 PM • To work with a particular service on a server, click the service in the list under the server in the Computers & Services list. You can view information about a service (logs, graphs, and so forth) and manage its settings. Administration guides for individual services provide detailed instructions. To start or stop a service, select it in the Computers & Services list, then click Start Service or Stop Service in the toolbar.
LL2343.Book Page 58 Thursday, August 14, 2003 5:12 PM • To access Workgroup Manager, click the Workgroup Manager icon in the toolbar. System Image Management To create and manage NetBoot and Network Install images, you use several applications: • NetBoot Desktop Admin lets you modify Mac OS 9 images. • Network Image Utility lets you create and modify Mac OS X images, including Network Install images that re-create an existing volume or partition.
LL2343.Book Page 59 Thursday, August 14, 2003 5:12 PM • Use the “Update every” pop-up menu in the Info pane to specify how often you want • • • • to refresh data. Choose File > Export or File > Import to manage different lists of Xserve servers you want to monitor. Choose File > Merge to consolidate lists into one. The system identifier lights on the front and back of an Xserve server light when service is required. Use Server Monitor to understand why the lights are on.
LL2343.Book Page 60 Thursday, August 14, 2003 5:12 PM Command-Line Tools If you are an administrator who prefers to work in a command-line environment, you can do so with Mac OS X Server. From the Terminal application in Mac OS X, you can use the built-in UNIX shells (sh, csh, tsh, zsh, bash) to use tools for installing and setting up server software and for configuring and monitoring services. You can also submit commands from a nonMac OS X computer.
LL2343.Book Page 61 Thursday, August 14, 2003 5:12 PM Part II: Installation and Initial Setup The chapters in this part of this guide tell you how to install server software and set up a server for the first time.
LL2343.
LL2343.Book Page 63 Thursday, August 14, 2003 5:12 PM 4 Installation and Setup Overview 4 Before installing and setting up Mac OS X Server, take the time to do a little planning and to familiarize yourself with your options. This chapter is a roadmap to details presented in later chapters. It surveys the stages of installation and initial server setup and the options available to you during each stage.
LL2343.Book Page 64 Thursday, August 14, 2003 5:12 PM Installing Server Software Some computers come with Mac OS X Server version 10.3 software already installed. Nonetheless, there are several times you need to install server software, as when you want to upgrade from a version 10.1 or 10.2 server, change a computer with Mac OS X into a server, or completely refresh your server environment.
LL2343.Book Page 65 Thursday, August 14, 2003 5:12 PM Remote Installation From the Server Install Discs If the target server has no keyboard or display or if it’s not the computer you are using, you can use an administrator computer to install server software from the server install discs. An administrator computer is a version 10.3 Mac OS X Server or version 10.3 Mac OS X computer onto which you’ve installed server management software.
LL2343.Book Page 66 Thursday, August 14, 2003 5:12 PM Alternatively, you can use the command line. After booting the target server, from an administrator computer, connect to the target server using SSH and follow the instructions in “Using the installer Command-Line Tool to Install Server Software” on page 85. If you have multiple servers onto which you want to install server software, boot them from an install disc, then open a Terminal window for each installation.
LL2343.Book Page 67 Thursday, August 14, 2003 5:12 PM Initial Server Setup After installing server software, the next task is to set up the server. During server setup, basic server characteristics are established. For example: • The language to use for server administration and the computer keyboard layout are defined. • An administrator user is defined and the user’s home directory is created. • Default AFP and FTP share points, such as Shared Items, Users, and Groups, are defined.
LL2343.Book Page 68 Thursday, August 14, 2003 5:12 PM When multiple remote servers can use the same setup data, you can supply the data, and then initiate setup of all the servers at once, using a batch approach. This technique, shown on the left side of the picture below, requires that network identifiers for all the target servers be set using DHCP or BootP. See “Setting Up Multiple Remote Servers Interactively in a Batch” on page 98 for instructions.
LL2343.Book Page 69 Thursday, August 14, 2003 5:12 PM Automating Server Setup When you have more than just a few servers to set up, consider using automated server setup. This approach also provides a way to preserve setup data so it can be reused should you want or need to reinstall server software. Use Server Assistant to specify setup data, then save the data in a file or in a directory.
LL2343.Book Page 70 Thursday, August 14, 2003 5:12 PM Then plug the iPod into the next server. iPod Each server recognizes its own file, because it’s been named using one of its identifiers and resides in a known location. For example, a server with WXYZ1234 as the first eight characters of its built-in serial number would use this setup file to set itself up: /Volumes/MyIPod/Auto Server Setup/ WXYZ1234.plist. Alternatively, a server’s IP address can be used as an identifier.
LL2343.Book Page 71 Thursday, August 14, 2003 5:12 PM The most critical components of the infrastructure are DHCP and Open Directory, as the following picture illustrates. The Open Directory server in this example hosts an LDAP directory in which setup data has been saved. The address of the Open Directory server is registered with DHCP service, running on another server in this example.
LL2343.Book Page 72 Thursday, August 14, 2003 5:12 PM Setting Up Services After initial server setup is complete, you can: • Finish migrating data from a previous server, if you still need to do so. • Set up individual services you want to provide, using the server administration tools described in Chapter 3, “Server Administration,” on page 47.
LL2343.Book Page 73 Thursday, August 14, 2003 5:12 PM 5 Before You Begin 5 Before installing and setting up Mac OS X Server, take the time to do a little planning.
LL2343.Book Page 74 Thursday, August 14, 2003 5:12 PM • What user management requirements need to be met? Will user computers need to be NetBooted? Will Macintosh client management and network home directories be required? Individuals with server administration experience should work with server users who may not have a technical background, so that they better appreciate how certain services might benefit them.
LL2343.Book Page 75 Thursday, August 14, 2003 5:12 PM • Home directories for network users can be consolidated onto one server or • • • • • • distributed among various servers. While you can move home directories if you need to, you may need to change a large number of user and share point records, so devise a strategy that will persist for a reasonable amount of time. See the user management guide for information about home directories.
LL2343.Book Page 76 Thursday, August 14, 2003 5:12 PM When you can’t use the upgrade approach, you can migrate data and settings. You’ll need to migrate, not upgrade, when • A version 10.1 or 10.2 server’s hard disk needs reformatting, or does not meet the minimum version 10.3 hardware requirements (see “Understanding System Requirements for Installing Mac OS X Server” on page 79). • You want to move data and settings you’ve been using on a version 10.1 or 10.2 server to a different server.
LL2343.Book Page 77 Thursday, August 14, 2003 5:12 PM • Are there air conditioning or power requirements that need to be met? See the documentation that comes with server hardware for this kind of information. • Have you been thinking about upgrading elements such as cables, switches, and power supplies? Now may be a good time to do it.
LL2343.Book Page 78 Thursday, August 14, 2003 5:12 PM 5 Populate the directory with data, such as users, groups, and home directory data. This process involves, for example, importing users and groups, setting up share points, setting up managed preferences, and so forth. 6 Configure DHCP to specify the address of the directory server so it can be served to DHCP clients. Your particular needs may affect this sequence.
LL2343.Book Page 79 Thursday, August 14, 2003 5:12 PM 6 6 Installing Server Software You can upgrade to Mac OS X Server version 10.3 from version 10.1 or 10.2 or you can perform a clean installation of Mac OS X Server version 10.3. Review the system requirements below and “Information You Need” on page 80 before using the detailed installation instructions, which you’ll find as indicated in the following table.
LL2343.Book Page 80 Thursday, August 14, 2003 5:12 PM The computer must have: • At least 128 megabytes (MB) of random access memory (RAM). At least 256 MB of RAM is required for high-demand servers running multiple services. • At least 4 gigabytes (GB) of disk space available. • A built-in USB port. A display and keyboard are optional. You can install server software on a computer that has no display and keyboard by using an administrator computer.
LL2343.Book Page 81 Thursday, August 14, 2003 5:12 PM • NetBoot settings and images • DHCP settings Preparing Disks for Installing Mac OS X Server When you perform a clean installation, the target disk or partition is erased and there are several disk-preparation tasks to perform: • Preserve any user data you want to save on the target disk or partition. See the migration guide for information on migrating data and settings. • In most cases, format the target disk using Mac OS Extended (Journaled) format.
LL2343.Book Page 82 Thursday, August 14, 2003 5:12 PM Hardware-Specific Instructions for Installing Mac OS X Server When you install server software on Xserve systems, the procedure you use when starting the computer for installation is specific to the kind of Xserve hardware you have. You may need to refer to the “Xserve User’s Guide” or “Quick Start” that came with your Xserve, where these procedures are documented.
LL2343.Book Page 83 Thursday, August 14, 2003 5:12 PM 3 Restart the computer while holding down the C key on the keyboard. The computer boots from the install disc. You can release the C key when you see the Apple logo. 4 When Installer opens, if you want to perform a clean installation, optionally use the Installer menu to open Disk Utility or Terminal to prepare the target disk before proceeding. Use Disk Utility to format the disk as Mac OS Extended.
LL2343.Book Page 84 Thursday, August 14, 2003 5:12 PM 2 Start the target computer from the first install disc. The procedure you use depends on the target server hardware. If the target server has a keyboard and an optical drive, insert the first install disc into the optical drive. Then hold down the C key on the keyboard while restarting the computer.
LL2343.Book Page 85 Thursday, August 14, 2003 5:12 PM Installing Server Software on a Computer With Mac OS X Version 10.3 Preinstalled Follow these instructions to install server software on a computer that came with Mac OS X version 10.3 installed. To install server software on your computer: 1 Start up the computer from the hard disk, as you would for normal use. Do not use the first install disc. 2 Insert the second install disc, then double-click MacOSXServerInstall.mpkg to run the Installer.
LL2343.Book Page 86 Thursday, August 14, 2003 5:12 PM If the target server has a keyboard and an optical drive, insert the first install disc into the optical drive. Then hold down the C key on the keyboard while restarting the computer. If the target server is an Xserve with a built-in optical drive, start the server using the first install disc by following the instructions in the “Xserve User’s Guide” for starting from a system disc.
LL2343.
LL2343.Book Page 88 Thursday, August 14, 2003 5:12 PM Installing Optional Server Software To install Macintosh Manager, insert the Mac OS X Server Administration Tools disc and read the installation information provided on the disc. To install NetBoot for Mac OS 9, download a copy of the “NetBoot for Mac OS 9” CD image from www.info.apple.com.
LL2343.Book Page 89 Thursday, August 14, 2003 5:12 PM 7 7 Initial Server Setup Basic characteristics of your Mac OS X Server are established during initial server setup. Review “Information You Need” on page 90 before using the detailed installation instructions, which you’ll find as indicated in the following table.
LL2343.Book Page 90 Thursday, August 14, 2003 5:12 PM Information You Need See Appendix A, “Mac OS X Server Worksheet,” on page 111 to understand and record information for each server you want to set up. The information below provides supplemental explanations for some of the items on the worksheet. When you are upgrading from Mac OS X Server version 10.1 or 10.2, Server Assistant displays the version 10.1 or 10.2 server settings, but you can change them.
LL2343.Book Page 91 Thursday, August 14, 2003 5:12 PM The device that is mounted as a file system can be the server’s hard drive or an iPod, CD, FireWire drive, USB drive, or other device plugged in to the server. For example, /Volumes/AdminiPod/Auto Server Setup/myserver.example.com.plist. • The setup file name is one of these; when searching for setup files, target servers search for names in the order listed: .plist (include any leading zeros but omit colons).
LL2343.Book Page 92 Thursday, August 14, 2003 5:12 PM Using Setup Data Saved in a Directory Using this approach offers the most unattended way to set up multiple servers, but it requires that you have a DHCP and directory infrastructure in place. Using Server Assistant, you save setup data to an existing directory the computer you are using is configured to access and from which you want newly installed servers to retrieve setup data. The schema of the directory must support stored setup data.
LL2343.Book Page 93 Thursday, August 14, 2003 5:12 PM The passphrase file can have one of these names; target servers search for names in the order listed: .pass (include any leading zeros but omit colons). For example, 0030654dbcef.pass. .pass. For example, 10.0.0.4.pass. .pass. For example, myserver.pass. .pass (first 8 characters only). For example, ABCD1234.pass.
LL2343.Book Page 94 Thursday, August 14, 2003 5:12 PM After setup, use the Directory Access or Server Admin applications to refine the server’s directory configuration, if necessary. Directory Access lets you set up connections with multiple directory domains and specify a search policy—the order in which the server should search through the domains. Server Admin lets you set up replication and manage other aspects of a server’s directory service configuration.
LL2343.Book Page 95 Thursday, August 14, 2003 5:12 PM When a user attempts to log in to the server or use one of its services that require authentication, the server authenticates the user by consulting the local database. If the user has an account on the system and supplies the appropriate password, authentication succeeds.
LL2343.Book Page 96 Thursday, August 14, 2003 5:12 PM You can set up a server to use a NetInfo directory on Mac OS X Server version 10.0 and later or an LDAP directory on version 10.2. However, you may not be able to take advantage of some version 10.3 features: • Windows PDC service requires a version 10.3 LDAP master directory. • VPN needs version 10.3 if you want to use MS-CHAP2 authentication. • Password Server on version 10.2 can’t be replicated.
LL2343.Book Page 97 Thursday, August 14, 2003 5:12 PM Postponing Local Server Setups Following Installation After installation of server software on a local computer is complete, the computer restarts and Server Assistant opens automatically. If you want to postpone server setup until a later time, press Command-Q. The computer shuts down. When it’s restarted, Server Assistant opens automatically.
LL2343.Book Page 98 Thursday, August 14, 2003 5:12 PM 11 To save the setup data as a text file or in a form you can reuse (a setup file or directory record), click Save As. All the settings you specified except the server serial number are saved. When you use setup data saved in a file or directory to set up a server, you need to use Server Admin to enter the serial number after the server setup is complete. To encrypt the file, select “Save in Encrypted Format” then enter and verify a passphrase.
LL2343.Book Page 99 Thursday, August 14, 2003 5:12 PM 9 Enter the setup data as you move through the Assistant’s panes, following the onscreen instructions. When prompted, enter the serial number for each target server. 10 After all setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 To save the setup data as a text file or in a form you can reuse (a setup file or directory record), click Save As.
LL2343.Book Page 100 Thursday, August 14, 2003 5:12 PM 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to use. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it. 9 Enter the setup data as you move through the Assistant’s panes, following the onscreen instructions.
LL2343.Book Page 101 Thursday, August 14, 2003 5:12 PM Setting Up Servers Automatically Using Data Saved in a File After server software has been installed on a server, you can set it up automatically using data saved in a file. To save and apply setup data in a file: 1 Fill out the Mac OS X Server worksheet for each server you want to set up. The worksheet is on page 111. Supplemental information appears in “Information You Need” on page 90. 2 On an administrator computer, open Server Assistant.
LL2343.Book Page 102 Thursday, August 14, 2003 5:12 PM 12 Click OK, navigate to the location where you want to save the file, name the file using one of the following options, and click Save; when searching for setup files, target servers search for names in the order listed: .plist (include any leading zeros but omit colons). For example, 0030654dbcef.plist. .plist. For example, 10.0.0.4.plist. .plist. For example, myserver.plist.
LL2343.Book Page 103 Thursday, August 14, 2003 5:12 PM generic.pass (a file that any server will recognize). Place the passphrase file on a volume mounted locally on the target server in /Volumes/*/SA_Keys/, where * is any device mounted under /Volumes. 16 To provide a passphrase interactively, use Server Assistant on an administrator computer that can connect with the target server. In the Welcome pane, choose File > Supply Passphrase.
LL2343.Book Page 104 Thursday, August 14, 2003 5:12 PM 7 Enter the setup data as you move through the Assistant’s panes, following the onscreen instructions. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to work with. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it.
LL2343.Book Page 105 Thursday, August 14, 2003 5:12 PM See “Define Server Setup Infrastructure Requirements” on page 77 for some additional infrastructure information. The Open Directory and network services administration guides provide instructions for setting up directories and DHCP. 15 If the setup data is encrypted, make the passphrase available to the target server or servers. You can supply the passphrase interactively, using Server Assistant, or you provide it in a text file.
LL2343.Book Page 106 Thursday, August 14, 2003 5:12 PM Determining the Status of Setups There are several ways to view setup status information in Server Assistant: • After you’ve interactively initiated the setup of one or more servers, progress information is displayed. If setup is successful, a target server reboots when setup is complete. If setup is not successful, Server Assistant displays error information.
LL2343.Book Page 107 Thursday, August 14, 2003 5:12 PM Setting Up User Management Unless you are using a server exclusively to host Internet content (such as webpages) or perform computational clustering, you probably want to set up user accounts in addition to the administrator account created during server setup. To set up a user account: 1 Open Workgroup Manager. 2 Click the small globe near the top of the application window to select the directory you want to add users to. 3 Click the New User button.
LL2343.Book Page 108 Thursday, August 14, 2003 5:12 PM Setting Up Print Service When you turn on print service, server users can share network PostScript printers or Postscript and non-Postscript printers connected directly to the server. When you turn on print service in Server Admin, a queue is set up for any USB printer connected to the server. No printer queues are set up automatically for network printers, but they are easy to add. To set up a shared printer queue: 1 Open Server Admin.
LL2343.Book Page 109 Thursday, August 14, 2003 5:12 PM 3 In the list beneath the server of interest, click the button for web service. 4 If it is not running, click the Start Service button in the toolbar. The web technologies administration guide describes the many features of web service, including how to set up SSL for a site, enable WebMail, and use WebDAV for file sharing.
LL2343.Book Page 110 Thursday, August 14, 2003 5:12 PM Setting Up an Application Server If you want to set up a Java application server, see the JBoss administration guide. It tells you how to develop and deploy servlets, enterprise beans, and enterprise applications and how to configure and administer a Java application server. Use Server Admin to administer JBoss and Tomcat. To turn on JBoss if it’s not running: 1 Open Server Admin. 2 In the list beneath the server of interest, click Application Server.
A A Mac OS X Server Worksheet Appendix LL2343.Book Page 111 Thursday, August 14, 2003 5:12 PM Identify the server for which information appears in the table below: Item Description Identity of server for installation and setup For interactive installation and setup of a server on the local subnet, one of these values for the server: - IP address in IPv4 format (000.000.000.000) - DNS name (someserver.example.com) - MAC address (00:03:93:71:26:52).
LL2343.Book Page 112 Thursday, August 14, 2003 5:12 PM 112 Item Description Disk format (for clean installations only) In most cases, use Mac OS Extended (Journaled). You can also use Mac OS Extended or case-sensitive HFS+. Disk partitioning (for clean installations only) The minimum recommended size of a target disk partition is 4 GB. Disk mirroring (for clean installations only) If you have a second disk in your target server, you can mirror the startup disk onto the second disk.
LL2343.Book Page 113 Thursday, August 14, 2003 5:12 PM Item Description Administrator’s short name A short name can contain as many as 255 Roman characters, typically eight or fewer. Use only a through z, A through Z, 0 through 9, or _ (underscore). Administrator’s password If you record this value, be sure to keep this worksheet in a safe place. This value is case sensitive. It is also the password for the root user. Host name The name you want DNS to use for your server.
LL2343.Book Page 114 Thursday, August 14, 2003 5:12 PM Item Description Open Directory usage Select one: - Standalone Server (use only the local domain). - Connected to a Directory System (get information from an existing directory). If you choose this option, use one of the next four rows in this table to indicate how the server will locate the directory. - Open Directory Master (provide directory information to other computers). If you choose this option, use the row for “Using Open Directory Master.
LL2343.Book Page 115 Thursday, August 14, 2003 5:12 PM Item Description Using “Open Directory Master” Optionally indicate you want to enable a Windows Primary Domain Controller on the server. Provide a computer name and a domain name for the controller. The computer name can contain a-z, A-Z, 0-9, -, but no . or space and can’t contain only numbers. Finish setting up the directory you want to host by using Server Admin after completing server setup.
LL2343.Book Page 116 Thursday, August 14, 2003 5:12 PM Network interface data for this server is in the table below: Port Characteristic Built-in Ethernet (en0) Whether to use the port for TCP/IP connections Whether to use the port for AppleTalk connections. Mac OS 9 clients use AppleTalk for Chooser browsing, and some printers require AppleTalk. Enable no more than one port for AppleTalk per AppleTalk network.
LL2343.
LL2343.
B B Setup Example Appendix LL2343.Book Page 119 Thursday, August 14, 2003 5:12 PM The setup example in this appendix illustrates one way to set up the directory and network infrastructure of Mac OS X Server in a small business scenario. Mac OS X Server in a Small Business In this example, Mac OS X Server provides directory, network, and productivity services to employees in a small business. Mac OS X Server (example.com) ISP’s DNS server Firewall DSL 192.168.0.
LL2343.Book Page 120 Thursday, August 14, 2003 5:12 PM • An Open Directory master LDAP domain on the server centralizes user management, • • • • • including authentication of Mac OS X and Windows users. The ISP’s DNS service provides a domain name for the company (example.com). A DNS server running on Mac OS X Server provides name services for the server, the printer, and any other intranet device that has a static IP address.
LL2343.Book Page 121 Thursday, August 14, 2003 5:12 PM “Using Server Assistant to Install Remotely From the Install Discs” on page 83 tells you how to start up other kinds of computers to install server software. 2 When the Installer opens, proceed through its panes by following the onscreen instructions. If you need to format the target disk, see “Preparing Disks for Installing Mac OS X Server” on page 81 for instructions. Insert the second install disc when prompted.
LL2343.Book Page 122 Thursday, August 14, 2003 5:12 PM 9 In the Directory Usage Pane, choose Open Directory Master to set up a master LDAP directory on the server. Select Enable Windows Primary Domain Controller and enter a Domain/Workgroup name. These settings will set up a Windows PDC so that employees who use Windows NT, Windows 2000, and Windows XP workstations can log in to the PDC, change passwords during login, and have roaming user profiles and network home directories on the server.
LL2343.Book Page 123 Thursday, August 14, 2003 5:12 PM 5 To define the master zone’s records, select the master zone in the Zone list. You’ll see that a Name Server (NS) record already exists; it was created when the zone was created. Click the Add button (+) under the Records in Zone list to add an Address (A) record for your server. Enter these values, then click OK: Map from: myserver.example.com. (The trailing period is required.) Map to: 192.168.0.
LL2343.Book Page 124 Thursday, August 14, 2003 5:12 PM 7 Click LDAP to configure DHCP to identify the server you are configuring as the source of directory information for clients who are served dynamic IP addresses. The server you are setting up is automatically identified in the Server Name field, because you set up a master LDAP domain on the server when you used Server Assistant. Other settings are optional for this example.
LL2343.Book Page 125 Thursday, August 14, 2003 5:12 PM 4 Enable PPTP (Point to Point Tunneling Protocol) if employees will need to access the intranet from Windows workstations other than Windows XP computers or from Mac OS X version 10.2 computers when they are away from the office. If you need to support older Windows clients that don’t have 128-bit PPTP support, select “Allow 40bit encryption keys in addition to 128-bit”.
LL2343.Book Page 126 Thursday, August 14, 2003 5:12 PM Step 10: Configure client computers The information that follows applies to Mac OS X version 10.3 computers. For information about how to support Windows client computers, see the Windows administration guide. 1 If necessary, configure Mac OS X clients to retrieve information from the DHCP server. Mac OS X version 10.3 computers are preconfigured to use DHCP to obtain IP addresses and retrieve information about an LDAP directory from the DHCP server.
Glossary Glossary LL2343.Book Page 127 Thursday, August 14, 2003 5:12 PM administrator A user with server or directory domain administration privileges. Administrators are always members of the predefined “admin” group. administrator computer A Mac OS X computer onto which you have installed the server administration applications from the Mac OS X Server Admin CD.
LL2343.Book Page 128 Thursday, August 14, 2003 5:12 PM CGI (Common Gateway Interface) A script or program that adds dynamic functions to a website. A CGI sends information back and forth between a website and an application that provides a service for the site. For example, if a user fills out a form on the site, a CGI could send the message to an application that processes the data and sends a response back to the user.
LL2343.Book Page 129 Thursday, August 14, 2003 5:12 PM firewall Software that protects the network applications running on your server. IP firewall service, which is part of Mac OS X Server software, scans incoming IP packets and rejects or accepts these packets based on a set of filters you create. FireWire A hardware technology for exchanging data with peripheral devices, defined by IEEE Standard 1394. FTP (File Transfer Protocol) A protocol that allows computers to transfer files over a network.
LL2343.Book Page 130 Thursday, August 14, 2003 5:12 PM IP (Internet Protocol) Also known as IPv4. A method used with Transmission Control Protocol (TCP) to send data between computers over a local network or the Internet. IP delivers packets of data, while TCP keeps track of data packets. IP address A unique numeric address that identifies a computer on the Internet.
LL2343.Book Page 131 Thursday, August 14, 2003 5:12 PM managed client A user, group, or computer whose access privileges and/or preferences are under administrative control. managed preferences System or application preferences that are under administrative control. Workgroup Manager allows administrators to control settings for certain system preferences for Mac OS X managed clients.
LL2343.Book Page 132 Thursday, August 14, 2003 5:12 PM owner The person who created a file or folder and who therefore has the ability to assign access privileges for other users. The owner of an item automatically has read/ write privileges for that item. An owner can also transfer ownership of an item to another user. PHP (PHP: Hypertext Preprocessor) A scripting language embedded in HTML that is used to create dynamic webpages. POP (Post Office Protocol) A protocol for retrieving incoming mail.
LL2343.Book Page 133 Thursday, August 14, 2003 5:12 PM search policy A list of directory domains searched by a Mac OS X computer when it needs configuration information; also the order in which domains are searched. Sometimes called a search path. shadow image A file, hidden from regular system and application software, used by NetBoot to write system-related information while a client computer is running off a server-based system disk image.
LL2343.Book Page 134 Thursday, August 14, 2003 5:12 PM TCP (Transmission Control Protocol) A method used along with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. IP takes care of handling the actual delivery of the data, and TCP takes care of keeping track of the individual units of data (called packets) into which a message is divided for efficient routing through the Internet. Tomcat The official reference implementation for Java Servlet 2.
LL2343.Book Page 135 Thursday, August 14, 2003 5:12 PM workgroup A set of users for whom you define preferences and privileges as a group. Any preferences you define for a group are stored in the group account.
LL2343.
LL2343.
LL2343.Book Page 138 Thursday, August 14, 2003 5:12 PM information you need 80 interactive remote installation 83 on Mac OS X version 10.
LL2343IX.
