Mac OS X Server

Getting Started for Version 10.4 or Later Second Edition

K Apple Computer, Inc.

2006 Apple Computer, Inc. All rights reserved.
The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Computer, Inc., is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino, CA 95014-2084 408-996-1010 www.apple.com The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the keyboard Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AirPort, AppleShare, AppleTalk, FireWire, iBook, iMac, iPod, Keychain, LaserWriter, Mac, Mac OS, Macintosh, Power Mac, Power Macintosh,

Quartz, QuickTime, WebObjects, and Xserve are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Apple Remote Desktop, Disk First Aid, eMac, Finder, FireWire logo, Xcode, and Xgrid are trademarks of Apple Computer, Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. Intel and Intel Core are trademarks of Intel Corp. in the U.S. and other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. PowerPC and the PowerPC logo are trademarks of International Business Machines Corporation, used under license therefrom. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. 034-3778-A/7-21-06

Contents
9 9 10 10 12 13 14 16 17 19 20 21 21 22 23 24 25 28 29 30 About This Guide Whats New in Version 10.4 High-Performance Computing User Access Management Server Administration Collaboration Services Whats in This Guide Using Onscreen Help The Mac OS X Server Suite Getting Documentation Updates Getting Additional Information Chapter 1: Installation and Setup Overview Planning Installing Server Software Upgrading and Migrating Local Installation From the Server Installation Disc Remote Installation From the Server Installation Disc Automating Server Installation With a Disk Image Initial Server Setup Settings Established During Initial Server Setup

31 Setting Up Servers Interactively 33 Automating Server Setup 37 Setting Up Services 38 Keeping Current 39 40 41 41 43 43 44 45 45 46 48 48 50 50 51 51 Chapter 2: Before You Begin Setting Up a Planning Team Identifying the Servers Youll Need to Set Up Determining Services to Host on Each Server Define a Migration Strategy Upgrading and Migrating From an Earlier Version of Mac OS X Server Migrating From Windows NT Defining an Integration Strategy Defining Physical Infrastructure Requirements Defining Server Setup Infrastructure Requirements Making Sure Required Server Hardware Is Available Minimizing the Need to Relocate Servers After Setup Changing the Servers Host Name After Setup Changing the Servers IP Address After Setup Determining the Installation and Setup Strategy to Use Collecting and Organizing Information

53 Chapter 3: Installing Server Software 54 Understanding System Requirements for Installing Mac OS X Server 55 Information You Need 55 Using the Server Installation Disc 56 Upgrading and Migrating
4 Contents

57 59 59 60 60 60 61 63 65 68 71 72 73 77

Preparing Disks for Installing Mac OS X Server Hardware-Specific Instructions for Installing Mac OS X Server Identifying Remote Servers When Installing Mac OS X Server Installing Server Software Interactively From the Installation Disc Connecting to the Network During Installation Installing Server Software on a Networked Computer Using a VNC Viewer to Prepare a Disk Before Installation Using the Installer to Install Locally From the Installation Disc Using Server Assistant to Install Remotely From the Installation Disc Using a VNC Viewer to Install Remotely From the Installation DVD Upgrading a Computer From Mac OS X to Mac OS X Server Automating Server Software Installation With a Disk Image Using the installer Command-Line Tool to Install Server Software Installing Multiple Servers

79 Chapter 4: Initial Server Setup 80 Information You Need 80 Saving Setup Data 87 Specifying Initial Open Directory Usage 92 Connecting to the Network During Initial Server Setup 93 Configuring Servers With Multiple Ethernet Ports 93 Using Interactive Server Setup 94 Setting Up a Local Server Interactively 95 Postponing Local Server Setups Following Installation 95 Setting Up a Remote Server Interactively 97 Setting Up Multiple Remote Servers Interactively in a Batch

Contents

98 Setting Up Multiple Remote Servers Interactively One at a Time 100 Using Automatic Server Setup 101 Setting Up Servers Automatically Using Data Saved in a File 105 Setting Up Servers Automatically Using Data Saved in a Directory 109 Determining the Status of Setups 109 Using the Destination Pane for Setup Status Information 110 Handling Setup Failures 111 Handling Setup Warnings 111 Getting Upgrade Installation Status Information 112 Setting Up Services 112 Setting Up Open Directory 112 Setting Up User Management 113 Setting Up File Services 114 Setting Up Print Service 115 Setting Up Web Service 116 Setting Up Mail Service 116 Setting Up Network Services 117 Setting Up System Image and Software Update Services 117 Setting Up Media Streaming and Broadcasting 117 Setting Up an Application Server 118 Setting Up a WebObjects Server 118 Setting Up Collaboration Service 119 Chapter 5: Server Administration 120 Using the Administration Tools 121 Computers You Can Use to Administer a Server

Contents

122 123 123 124 124 124 125 126 128 130 131 132 133 134 134 135 138 140 141 142 142 143 144 146 147 148

Setting Up an Administrator Computer Using a Non-Mac OS X Computer for Administration Installer Server Assistant Directory Access Workgroup Manager Opening and Authenticating in Workgroup Manager Administering Accounts Defining Managed Preferences Working With Directory Data Managing Sharing Configuring Managed Network Views Customizing the Workgroup Manager Environment Server Admin Opening and Authenticating in Server Admin Working With Specific Servers Administering Services Controlling Access to Services Using SSL for Remote Server Administration Customizing the Server Admin Environment Gateway Setup Assistant System Image Management Server Monitor Media Streaming Management Apple Remote Desktop Command-Line Tools
Contents 7

149 Xgrid Admin 149 Working With Pre-Version 10.4 Computers From Version 10.4 Servers 151 Index

Contents

This guide provides an orientation to the initial setup and administration of Mac OS X Server version 10.4.
The guide will help you prepare your server to start serving your users and your business needs.

Whats New in Version 10.4

Mac OS X Server version 10.4 offers major enhancements in the following key areas: High-performance computing User access management Server administration Collaboration services Version 10.4.7 adds support for Macintosh desktop computers and servers that have Intel processors.

Preface

About This Guide

High-Performance Computing
Mac OS X Server offers a high-performance, cost-effective approach to computationally intensive activities: Xgrid service. Xgrid computational service lets you achieve supercomputer performance levels by distributing computations over collections of dedicated or shared Mac OS X computers. The Xgrid cluster controller provides centralized access to the distributed computing pool, referred to as a computational cluster. 64-bit computing. Support for 64-bit processing includes 64-bit addressable memory and the ability to run 64- and 32-bit applications simultaneously. Accelerated networking. Link aggregation lets you configure several physical network links as a single logical link to improve the capacity of network connections. You can also take advantage of jumbo frames and IP over FireWire to optimize network transmissions.

User Access Management

Numerous new features in version 10.4 enhance your ability to both facilitate and manage user access to services: Access Control Lists (ACLs). ACLs give you a way to craft share point, folder, and file access permissions with a high degree of precision. A wide range of permissions can be assigned to individual users and to groups, which can be nested. In addition, you can use inheritance to propagate permissions through a file system hierarchy. Nested groups. A nested group is a group thats a member of another group. Nesting groups lets you manage groups of users at both a global level (when you want to influence all members of a group) and at a smaller, more focused level (when you want to influence only certain members of a group).

10

Preface About This Guide

 Unified locking. Mac OS X Server unifies file locking across AFP and SMB/CIFS protocols. This feature lets users working on multiple platforms simultaneously share files without worrying about file corruption. Service access. You can specify which users and groups can use services hosted by a server. Pervasive Kerberos support. The following services on Mac OS X Server now support Kerberos authentication: AFP, mail, File Transfer Protocol (FTP), Secure Shell (SSH), login window, LDAPv3, Virtual Private Network (VPN), screen saver, and Apache (via the SPNEGO protocol). Network browsing. You can set up managed network views, which are custom views that users see when they select the Network icon in the sidebar of a Finder window. A managed network view is one or more network neighborhoods, which appear in the Finder as folders. Each folder contains a list of resources that an administrator has associated with the view. Managed network views offer a meaningful way to present network resources. You can create multiple views for different client computers. And because the views are stored using Open Directory, a computers network view is automatically available when a user logs in. Site-to-site VPN. Site-to-site VPN connects two networks. It offers a secure connection thats easy to establish when its necessary to set up a network at another site, as when a business expands. Site-to-site VPN makes both networks appear as one to users working at either site. Mobility. Users with portable computers can use trusted binding to make sure that servers accessed as they move around are trustworthy. Trusted binding offers a way for a client computer to authenticate to an LDAP server and for the LDAP server to authenticate to the client.
Preface About This Guide 11

 Trusted directory binding. Trusted directory binding, also called authenticated directory binding, provides an authenticated connection between a client computer and an LDAP directory on Mac OS X Server. Because the client computer authenticates the LDAP server before connecting to it, a malicious user cant control the client computer by interposing a counterfeit, unauthenticated LDAP server. Importing accounts. The performance of importing accounts into an LDAPv3 directory has been greatly improved. In addition, you can now import password policy settings, control whether presets are applied during import, and specify the amount of information logged.

Server Administration
Mac OS X Server management continues to become easier and more effective: Open Directory schema replication. You can now store LDAP schema in the directory, letting you add new schema without manually copying configuration files. Changes are automatically propagated from the Open Directory master to all its replicas. Preference editor. If you want fine-grain control of preference settings, you can work with preference manifests using Workgroup Managers new preference editor. Preference manifests are files that describe the structure and values of an applications or utilitys preferences. The preference editor lets you work with preference manifests for the predefined preferences or add new preference manifests for applications and utilities of interest.

12

Preface About This Guide

 Junk mail and virus filtering. Mail service protects users from junk mail and other annoying or unauthorized messages. You can define filters that help minimize junk mail and viruses, filter out unsolicited commercial email, and detect messages that contain particular content. Junk mail filtering, based on the powerful SpamAssassin, includes an autolearning option. Network gateway setup. A new application, Gateway Setup Assistant, automates the configuration of a simple gateway between the local network and the Internet. A gateway lets you share the servers Internet connection among computers on the local area network (LAN). Gateway Setup Assistant configures Dynamic Host Configuration Protocol (DHCP), Network Address Translation (NAT), firewall, DNS, and VPN services automatically. Secure Sockets Layer (SSL) certificate management. Server Admin makes it easy to manage SSL certificates that can be used by mail, web, Open Directory, and other services that support them. You can create a self-signed certificate, and generate a Certificate Signing Request (CSR) to obtain an SSL certificate from an issuing authority and install the certificate.

Collaboration Services
Collaboration services promote interactions among users, facilitating teamwork and productivity. Mac OS X Server continues to provide such collaborative support as mailing list management, group account and folder management, and cross-platform file sharing. Two new collaborative services have been added for version 10.4: Weblog service. Mac OS X Server provides a multiuser weblog server that complies with the RSS and Atom XML standards. Weblog service supports Open Directory authentication. For additional safety, users can access Weblog service using a website thats SSL enabled.
Preface About This Guide 13

 iChat service. Mac OS X Server provides instant messaging for Macintosh, Windows, and Linux users. User authentication is integrated into Open Directory, and setup and administration of iChat service is done using the graphical Server Admin application.

Whats in This Guide

This guide includes five chapters. Chapter 1, Installation and Setup Overview, is a road map to details presented in later chapters. It surveys the stages of installation and initial server setup and the options available to you during each stage. Chapter 2, Before You Begin, helps you think about how to maximize the benefits of Mac OS X Server in your environment, address server user and administrator needs, and identify server and service prerequisites that affect installation and initial setup. Chapter 3, Installing Server Software, provides detailed instructions for several methods of installing Mac OS X Server software. Chapter 4, Initial Server Setup, explains how to set up the basic characteristics of Mac OS X Server interactively or automatically. It also describes what to do after initial setup. Chapter 5, Server Administration,describes the graphical applications you can use to administer Mac OS X Server locally on the server or remotely from another server or an administrator computer.

14

Preface About This Guide

Additional chapters and appendixes that were part of the getting started guide first edition are now a separate document, Mac OS X Server Getting Started for Version 10.4 or Later, Supplement to Second Edition. Read it to familiarize yourself with Mac OS X Server usage scenarios, services, and terminology. The included setup example details how you might install Mac OS X Server and perform initial server setup in a small business. And you can use the included Mac OS X Server Worksheet for Version 10.4 or Later to record information youll need when you install and set up Mac OS X Server. The worksheet is also available as a separate document. Youll find the getting started supplement and worksheet as PDF files in the Documentation folder of the Mac OS X Server installation disc and the Mac OS X Server Admin Tools CD. These documents are also available from the server documentation website: www.apple.com/server/documentation/ Note: Because Apple frequently releases new versions and updates to its software, images shown in this book may be different from what you see on your screen.

Preface About This Guide

15

Using Onscreen Help

You can view instructions and other useful information from this and other documents in the server suite by using onscreen help. On a computer running Mac OS X Server, you can access onscreen help after opening Workgroup Manager or Server Admin. From the Help menu, select one of the options: Workgroup Manager Help or Server Admin Help displays information about the application. Mac OS X Server Help displays the main server help page, from which you can search or browse for server information. Documentation takes you to www.apple.com/server/documentation/, from which you can download server documentation. You can also access onscreen help from the Finder or other applications on a server or on an administrator computer. (An administrator computer is a Mac OS X computer with server administration software installed on it.) Use the Help menu to open Help Viewer, and then choose Library > Mac OS X Server Help. To see the latest server help topics, make sure the server or administrator computer is connected to the Internet while youre using Help Viewer. Help Viewer automatically retrieves and caches the latest server help topics from the Internet. When not connected to the Internet, Help Viewer displays cached help topics.

16

Preface About This Guide

The Mac OS X Server Suite

The Mac OS X Server documentation includes a suite of guides that explain the services and provide instructions for configuring, managing, and troubleshooting the services. All of the guides are available in PDF format from: www.apple.com/server/documentation/
This guide ... Getting Started, Getting Started Supplement, and Mac OS X Server Worksheet Collaboration Services Administration Command-line Administration Deploying Mac OS X Computers for K-12 Education Deploying Mac OS X Server for High Performance Computing File Services Administration High Availability Administration tells you how to: Install Mac OS X Server and set it up for the first time.

Set up and manage weblog, chat, and other services that facilitate interactions among users. Use commands and configuration files to perform server administration tasks in a UNIX command shell. Configure and deploy Mac OS X Server and a set of Mac OS X computers for use by K-12 staff, teachers, and students. Set up and manage Mac OS X Server and Apple cluster computers to speed up processing of complex computations. Share selected server volumes or folders among server clients using these protocols: AFP, NFS, FTP, and SMB/CIFS. Manage IP failover, link aggregation, load balancing, and other hardware and software configurations to ensure high availability of Mac OS X Server services. Configure and administer a JBoss application server on Mac OS X Server. Secure Mac OS X client computers.

Java Application Server Guide Mac OS X Security Configuration

Preface About This Guide

17

This guide ... Mac OS X Server Security Configuration Mail Service Administration Migrating to Mac OS X Server From Windows NT Network Services Administration Open Directory Administration Print Service Administration QuickTime Streaming Server 5.5 Administration System Imaging and Software Update Administration

tells you how to: Secure Mac OS X Server computers. Set up, configure, and administer mail services on the server. Move accounts, shared folders, and services from Windows NT servers to Mac OS X Server. Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall, and NAT services on the server. Manage directory and authentication services. Host shared printers and manage their associated queues and print jobs. Set up and manage QuickTime streaming services. Use NetBoot and Network Install to create disk images from which Macintosh computers can start up over the network. Set up a software update server for updating client computers over the network. Use data and service settings that are currently being used on earlier versions of the server software. Create and manage user accounts, groups, and computer lists. Set up managed preferences for Mac OS X clients.

Upgrading And Migrating User Management

18

Preface About This Guide

This guide ... Web Technologies Administration Windows Services Administration Xgrid Administration Mac OS X Server Glossary

tells you how to: Set up and manage a web server, including WebDAV, WebMail, and web modules. Set up and manage services including PDC, BDC, file, and print, for Windows computer users. Manage computational Xserve clusters using the Xgrid application. Learn about terms used for server and storage products.

Getting Documentation Updates

Periodically, Apple posts new onscreen help topics, revised guides, and solution papers. The new help topics include updates to the latest guides. To view new onscreen help topics, make sure your server or administrator computer is connected to the Internet and click the Late-Breaking News link on the main Mac OS X Server help page. To download the latest guides and solution papers in PDF format, go to the Mac OS X Server documentation webpage: www.apple.com/server/documentation/.

Preface About This Guide

19

Getting Additional Information

For more information, consult these resources: Read Me documentsimportant updates and special information. Look for them on the server discs. Mac OS X Server website (www.apple.com/macosx/server/)gateway to extensive product and technology information. Apple Service & Support website (www.apple.com/support/)access to hundreds of articles from Apples support organization. Apple customer training (train.apple.com/)instructor-led and self-paced courses for honing your server administration skills. Apple discussion groups (discussions.info.apple.com/)a way to share questions, knowledge, and advice with other administrators. Apple mailing list directory (www.lists.apple.com/)subscribe to mailing lists so you can communicate with other administrators using email.

20

Preface About This Guide

Installation and Setup Overview

1
Stay up to date

Before installing and setting up Mac OS X Server, take the time to do a little planning and to become familiar with your options.
This chapter is a roadmap to details presented in later chapters. It surveys the stages of installation and initial server setup and the options available to you during each stage.
Install server software Set up the server Set up services

Plan

Planning
During the planning stage, you determine how you want to use Mac OS X Server and identify whether theres anything you need to accomplish before setting it up. You may, for example, want to convert an existing server to version 10.4 and continue hosting directory, file, and mail services for clients on your network. Before you install server software, you may need to prepare data you want to migrate to your new server, and perhaps consider whether its a good time to implement a different directory services solution.

21

Chapter 2, Before You Begin, on page 39 will help you understand what you might want to do now and what you can postpone until later. During the planning stage, youll also decide which installation and server setup options best suit your needs. The getting started supplement contains an example that illustrates server installation and initial setup in a small business scenario.

Installing Server Software

Some computers come with Mac OS X Server version 10.4 software already installed. Nonetheless, there are several times when you need to install server software, such as when you want to upgrade from a version 10.2 or 10.3 server, change a computer running Mac OS X version 10.4 into a server, or completely refresh your server environment. You can install server software: From the server installation disc From an installation image that you set up and store on disk, referred to as automated installation Chapter 3, Installing Server Software, on page 53 provides detailed instructions for all the installation scenarios, which are summarized in the following sections.

22

Chapter 1 Installation and Setup Overview

Upgrading and Migrating

If youre currently using a pre-10.4 version of Mac OS X Server and you want to reuse data and settings, you can upgrade or migrate to version 10.4. If youre using Mac OS X Server version 10.3.9 or 10.2.8 and you dont need to move to different computer hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data. You can perform an upgrade installation using any of the installation scenarios described in the following sections. If you cant perform an upgrade installation, as when you need to reformat the system disk or upgrade your server hardware, you can migrate data and settings to a computer onto which youve installed Mac OS X Server version 10.4. Migration from Mac OS X Server versions 10.3.9, 10.2.8, 10.1.4, 10.1.5, and 1.2; and from AppleShare IP version 6.3.3 are supported. The upgrading and migrating guide provides complete instructions for reusing data and settings in both these scenarios. Note: You cant update to a later 10.4 version by using a Mac OS X Server installation disc. For example, you cant use an installation DVD for version 10.4.7 to update an earlier version. To learn how to update to the latest version, see Keeping Current on page 38.

Chapter 1 Installation and Setup Overview

23

Local Installation From the Server Installation Disc

If the target server has a keyboard and display attached, and if it has an optical drive, you can start installing Mac OS X Server locally by booting the server from an installation disc.

Installer application or installer tool in Terminal application

The Installer application, which automatically opens after startup, offers a graphical, guided way to install server software. See Using the Installer to Install Locally From the Installation Disc on page 63 for instructions. If you prefer using the command line, start the Terminal application from the Installer menu and follow the instructions in Using the installer Command-Line Tool to Install Server Software on page 73.

24

Chapter 1 Installation and Setup Overview

Remote Installation From the Server Installation Disc

If the target server has no keyboard or display, or if its not the computer youre using, you can use an administrator computer to install server software from the server installation disc. An administrator computer is a version 10.4 Mac OS X Server or version 10.4 Mac OS X computer onto which youve installed server management software. Setting Up an Administrator Computer on page 122 tells you how to set up a Mac OS X administrator computer. The target server can be on the same subnet as the administrator computer or on a different subnet. You can also control installation of Mac OS X Server version 10.4.7 or later from another computer using VNC viewer software. Open source VNC viewer software is available, and Apple Remote Desktop, described on page 147, includes VNC viewer capability. If the target server has an optical drive that can read your installation disc, start up the server using a server installation disc, as illustrated on the next page. Then you can use Server Assistant from the administrator computer to initiate installation, or your can use VNC viewer software to control installation of Mac OS X Server v10.4.7 or later. If you have multiple servers onto which you want to install server software, you can start up each of them from an installation disc. Then open a Server Assistant window for each installation you want to perform, or use a VNC viewer to open a connection to each server that you started up from an installation disc for v10.4.7 or later. For instructions, see Using Server Assistant to Install Remotely From the Installation Disc on page 65 or Using a VNC Viewer to Install Remotely From the Installation DVD on page 68.

Chapter 1 Installation and Setup Overview

25

Administrator computer Welcome >installer >installer

Subnet 1

Subnet 2

Alternatively, you can use the command line. After booting the target server, connect to the target server from an administrator computer using SSH and follow the instructions in Using the installer Command-Line Tool to Install Server Software on page 73. If you have multiple servers onto which you want to install server software, start up each from an installation disc, then open a Terminal window for each installation.

26

Chapter 1 Installation and Setup Overview

If the target server lacks a keyboard, display, and optical drive that can read your installation disc, you can use the optical drive on an administrator computer connected to the target server using a FireWire cable.
Administrator computer

You start the server in target disk mode, which makes the target server appear as a FireWire hard disk on the administrator computer. (When you use this mode, you see a disk icon for each partition of the servers hard disk on the desktop of the administrator computer.) On the administrator computer, you install from an installation disc onto one of the mounted target server volumes. In this case, you need to complete one installation before starting another one. There are other ways to work with a target server that lacks an optical drive capable of reading your installation disc. For example, you can start up the server from an external optical drive connected to the target server using a FireWire cable. Or you can use the optical drive of another computer connected to the target server using a FireWire cable. Starting the other computer in target disk mode makes its optical drive available as an external optical drive on the target server.

Chapter 1 Installation and Setup Overview

27

After starting up the target server from an external optical drive, you use an administrator computer to initiate server software installation, or your can use VNC viewer software to control installation of Mac OS X Server v10.4.7 or later. You can also install server software on an Xserve system that lacks an optical drive by moving its drive module to another Xserve system that has an optical drive. Instructions for using target disk mode and external optical drives are in the Quick Start, Getting Started, or Users Guide that comes with Xserve systems and Macintosh computers.

Automating Server Installation With a Disk Image

If you need to install server software on a large number of servers, or if you need to reinstall server software frequently, you can speed up installation by using an installation image that resides on disk rather than on the installation disc. This technique is illustrated on the next page. See the system imaging and software update administration guide for instructions on creating and deploying Network Install images created from a CD, a DVD, or an existing volume or partition. See Automating Server Software Installation With a Disk Image on page 72 for instructions on using these images to install the server.

28

Chapter 1 Installation and Setup Overview

Mac OS X Server

Administrator computer

Destination

NetBoot target servers

Initiate server installation

Target servers

Initial Server Setup

After installing server software, the next task is to set up the server. There are several ways to set up a server: You can set up one or more servers interactively. You can automate the setup of servers by using setup data youve saved in a file or in a directory the servers are configured to access.

Chapter 1 Installation and Setup Overview

29

Chapter 4, Initial Server Setup, on page 79 provides detailed instructions for all the server setup scenarios, summarized next following an explanation of what happens during initial server setup.

Settings Established During Initial Server Setup

During server setup, basic server settings are established: The language to use for server administration and the computer keyboard layout is defined. The server software serial number is set. A server administrator user is defined and the users home directory is created. If you set the server up as an Open Directory master, a directory domain administrator for the LDAP directory is also defined. Default AFP and FTP share points, such as Shared Items, Users, and Groups, are defined. Basic Open Directory information is set up. At a minimum, a local NetInfo domain is created. You can also set up an LDAP directory for other computers to use or configure the server to obtain directory information from other servers. The servers host name, computer name, and local hostname are set. You can specify the computer name and local hostname, but Server Assistant automatically sets the host name to AUTOMATIC in /etc/hostconfig. This setting causes the servers host name to be the first name thats true in this list: The name provided by the DHCP or BootP server for the primary IP address The first name returned by a reverse DNS (address-to-name) query for the primary IP address The local hostname
30 Chapter 1 Installation and Setup Overview

 The name localhost Network interfaces (ports) are configured. TCP/IP and Ethernet settings are defined for each port you want to activate. Network time service can be set up. Services that require no additional configuration can be turned on. By default, to maximize security, the only server processes running after server setup are the essential ones needed for basic system function. Externally usable services, such as mail, web, and file services, are off by default and the corresponding ports are closed. If youre upgrading, the current basic settings are displayed during the setup process, but you can change them. Other settings, such as share points youve defined and services youve configured, are preserved. See the upgrading and migrating guide for a complete description of whats upgraded and actions you may want to take following server setup. You can perform initial server setup only once without reinstalling a server. If you need to change any of the settings established during setup, you have alternative means to do so. For example, you can use Server Admin or Directory Access to manage Open Directory settings.

Setting Up Servers Interactively

The simplest way to set up a small number of servers is to use Server Assistants guided interview process after establishing a connection with each server in turn. You provide server setup data interactively, then initiate setup immediately.

Chapter 1 Installation and Setup Overview

31

This is the technique you use to set up a local server, as Setting Up a Local Server Interactively on page 94 describes. You can also use this interactive approach to set up a remote server from an administrator computer. See Setting Up a Remote Server Interactively on page 95 for instructions. When multiple remote servers can use the same setup data, you can supply the data, then initiate setup of all the servers at once, using a batch approach. This technique, shown on the left side of the following picture, requires that network identifiers for all the target servers be set using DHCP or BootP. See Setting Up Multiple Remote Servers Interactively in a Batch on page 97 for instructions.
Welcome Welcome Welcome

Subnet 1 Subnet 2

32

Chapter 1 Installation and Setup Overview

When you want to customize the setup of individual servers, you can manage each setup individually from a different Server Assistant window. This approach is shown on the right side of the picture above. See Setting Up Multiple Remote Servers Interactively One at a Time on page 98 for instructions. Although the previous picture shows target servers on the same subnet as the administrator computer in one scenario and target servers on a different subnet in the other scenario, both setup scenarios can be used to set up servers on the same and different subnets. If a target server is on a different subnet, you need to supply its IP address. Servers on the same subnet are listed by Server Assistant, so you just need to select one or more servers in the list.

Automating Server Setup

When you have more than just a few servers to set up, consider using automatic server setup. This approach also provides a way to preserve setup data so it can be reused should you need to reinstall server software. Use Server Assistant to specify setup data, then save the data in a file or in a directory. By default, saved setup data is encrypted for extra security.

Administrator computer Setup data in a directory

Setup data in a file

Chapter 1 Installation and Setup Overview

33

Using Setup Data Stored in a File When you place a setup file on a volume (CD, DVD, iPod, USB solid-state drive, disk partition) mounted locally on a server youve installed but not set up, the server detects the file and automatically uses it to set itself up. You could, for example, store multiple setup files on an iPod, then plug the iPod into the first server for which a setup file exists.

iPod

34

Chapter 1 Installation and Setup Overview

Then plug the iPod into the next server.

iPod

Each target server recognizes its own file, because its been named using one of its identifiers and resides in a known location. For example, a server with WXYZ1234 as the first eight characters of its built-in serial number would use this setup file to set itself up: /Volumes/MyIPod/Auto Server Setup/ WXYZ1234.plist. Or a servers IP address can be used as an identifier. A server with the IP address 10.0.0.4 would use the following file: /Volumes/MyIPod/Auto Server Setup/10.0.0.4.plist. You could also use a single file, which youd name generic.plist , to set up multiple servers if the setup data does not need to be unique and the servers network identities are provided using DHCP. See Setting Up Servers Automatically Using Data Saved in a File on page 101 for instructions.

Chapter 1 Installation and Setup Overview

35

Using Setup Data Stored in a Directory A target server can set itself up using setup data youve stored in a directory the server is configured to access. Although storing setup data in a directory is the most automated way to set up multiple servers, this approach requires that you set up an infrastructure first so that target servers can locate the setup data stored in the directory. The most critical components of the infrastructure are DHCP and Open Directory, as the following picture illustrates. The Open Directory server in this example hosts an LDAP directory in which setup data has been saved. The address of the Open Directory server is registered with DHCP service, running on another server in this example. The DHCP service provides the Open Directory server address to the target servers when it assigns IP addresses to those servers. The target servers automatically detect setup data that has been stored for them in the LDAP directory and use it to set themselves up.

Open Directory server

DHCP server

You can save setup data in an Apple OpenLDAP directory or in another directory that supports Apples schema extensions for saved setup data, documented in the Open Directory administration guide.
36 Chapter 1 Installation and Setup Overview

See Setting Up Servers Automatically Using Data Saved in a Directory on page 105 for instructions. Using Encryption By default, saved setup data is encrypted for extra security. Before any server sets itself up using encrypted data, it must have access to the passphrase used when the data was encrypted. The passphrase can be provided either interactively (using Server Assistant) or in a file on a local volume of the target server. For example, you can store the file with the passphrase on an iPod, then plug the iPod into each server that needs the passphrase. A server with the IP address 10.0.0.4 would use /Volumes/MyIPod/Auto Server Setup/ 10.0.0.4.pass.

Setting Up Services
After initial server setup is complete, you can: Migrate data and settings from a previous server. See the upgrading and migrating guide for instructions. Set up individual services you want to provide. Consult the administration guides for individual services for service-specific options. When you set up services, youll use the server administration tools described in Chapter 5, Server Administration, on page 119.

Chapter 1 Installation and Setup Overview

37

Keeping Current
After youve set up your server, youll want to update it as Apple releases server software updates. There are several ways to access update releases of Mac OS X Server: Use the Software Update pane of System Preferences. Use the softwareupdate command-line tool. In Server Admin, select a server in the Computers & Services list, then click the Update button. Use the servers software update service. Download a disk image of the software update from www.apple.com/support/ downloads/.

38

Chapter 1 Installation and Setup Overview

Before You Begin

Before installing and setting up Mac OS X Server, take the time to do a little planning.
The major goals of the planning phase are to make sure that: Server user and administrator needs are addressed by the servers you deploy Server and service prerequisites that affect installation and initial setup are identified Installation planning is especially important if youre integrating Mac OS X Server into an existing network, migrating from earlier versions of Mac OS X Server, or preparing to set up multiple servers. But even single-server environments can benefit from a brief assessment of the needs you want a server to address. Use this chapter to stimulate your thinking. It doesnt present a rigorous planning algorithm. Nor does it provide the details youll need to determine whether to implement a particular service and assess its resource requirements. Instead, view this chapter as an opportunity to pause and think about how to maximize the benefits of Mac OS X Server in your environment. Planning, like design, isnt necessarily a linear process. The sections in this chapter, for example, had to be in some particular order, but the order doesnt imply a mandatory sequence. Different sections in this chapter present suggestions that could be implemented simultaneously or iteratively.

39

Setting Up a Planning Team

Involve individuals in the installation planning process who can represent various points of view: What day-to-day user requirements need to be met by a server? For what activities will server users and workgroups depend on the server? If the server will be used in a classroom, make sure that the instructor who manages its services and administers it day to day provides input. What user management requirements need to be met? Will user computers need to be NetBooted? Will Macintosh client management and network home directories be required? Individuals with server administration experience should work with server users who may not have a technical background, so theyll appreciate how certain services might benefit them. What existing non-Apple services, such as Active Directory, will the server need to integrate with? If youve been planning to replace a Windows NT computer, consider using Mac OS X Server with its extensive built-in support for Windows clients. Make sure that administrators familiar with these other systems are part of the planning process. What are the characteristics of the network into which the server will be installed? Do you need to upgrade power supplies, switches, or other network components? Is it time to streamline the layout of facilities that house your servers? An individual with systems and networking knowledge can help with these details as well as completing the Mac OS X Server Worksheet for Version 10.4 or Later.

40

Chapter 2 Before You Begin

Identifying the Servers Youll Need to Set Up

Conduct a server inventory: How many servers do you currently have? How are they used? How can you streamline the use of servers you want to keep? Are there any existing servers that need to be retired? Which ones can Mac OS X Server replace? Which non-Apple servers will Mac OS X Server need to be integrated with? Why? Do you have any Mac OS X Server computers that need to be upgraded to version 10.4? How many new Mac OS X Server computers will you need to set up?

Determining Services to Host on Each Server

Identify which services you want to host on each Mac OS X Server and non-Apple server you decide to use. How you distribute services among servers requires an understanding of both users and services. Here are a few examples of how service options and hardware and software requirements can influence what you put on individual servers: Directory services implementations can range from using directories and Kerberos authentication hosted by non-Apple servers to setting up Open Directory directories on servers distributed throughout the world. Directory services require thoughtful analysis and planning. The Open Directory administration guide can help you understand the options and opportunities.

Chapter 2 Before You Begin

41

 Home directories for network users can be consolidated onto one server or distributed among various servers. While you can move home directories if you need to, you may need to change a large number of user and share point records, so devise a strategy that will persist for a reasonable amount of time. See the user management guide for information about home directories. Some services offer ways to control the amount of disk space used by individual users. For example, you can set up both home directory and mail quotas for users. Consider whether using quotas will offer a way to maximize the disk usage on a server that stores home directories and mail databases. The user management guide and mail service administration guide describe home directory and mail quotas, respectively. Disk space requirements are also affected by the type of files a server hosts. Creative environments need high-capacity storage to accommodate large media files, whereas elementary school classrooms have much more modest file storage needs. The file services administration guide describes file sharing. If youll be setting up a streaming media server, youll need to allocate enough disk space to accommodate a certain number of hours of streamed video or audio. See the QuickTime Streaming Server administration guide for hardware and software requirements and for a setup example. The number of NetBoot client computers you can connect to a server depends on the servers Ethernet connections, the number of users, the amount of available RAM and disk space, and other factors. DHCP service needs to be available. See the system imaging and software update administration guide for NetBoot capacity planning guidelines.

42

Chapter 2 Before You Begin

 Mac OS X Server offers extensive support for Windows users. You can consolidate Windows user support on servers that provide PDC services, or you can distribute services for Windows users among different servers. The Windows services administration guide describes the options available to you. If you want to use software RAID to stripe or mirror disks, youll need two or more drives (they cant be FireWire drives) on a server. See online help for Disk Utility for more information. Before finalizing decisions about which servers will host particular services, familiarize yourself with information in the individual administration guides for services you want to deploy.

Define a Migration Strategy

If youre using a pre-version 10.4 Mac OS X Server or a Windows NT server, examine the opportunities for moving data and settings to a version 10.4 Mac OS X Server.

Upgrading and Migrating From an Earlier Version of Mac OS X Server

If youre using computers with Mac OS X Server versions earlier than 10.4, consider updating them to version 10.4. If youre using version 10.3.9 or 10.2.8 and you dont need to move to different computer hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data. If youve been using Macintosh Manager to manage Mac OS 9 client computers, you can continue to do so, an option not available when you migrate. See the documentation for your version 10.2 or 10.3 server for Macintosh Manager information.

Chapter 2 Before You Begin

43

When you cant use the upgrade approach, you can migrate data and settings. Youll need to migrate, not upgrade, when: A version 10.2.8 or 10.3 servers hard disk needs reformatting or doesnt meet the minimum version 10.4 system requirements. Understanding System Requirements for Installing Mac OS X Server on page 54 describes the minimum requirements. You want to move data and settings youve been using on a version 10.2.8 or 10.3 server to different server hardware. The server version youve been using is earlier than version 10.2.8. Migration from versions 10.3.9, 10.2.8, 10.1.4, 10.1.5, and 1.2; and from AppleShare IP version 6.3.3 are supported. When you migrate, you install and set up a version 10.4 server, restore files onto it from the earlier server, and make some manual adjustments as required. Read the upgrading and migrating guide for complete information. Note: You cant update to a later 10.4 version by using a Mac OS X Server installation disc. For example, you cant use an installation DVD for version 10.4.7 to update an earlier version. To learn how to update to the latest version, see Keeping Current on page 38.

Migrating From Windows NT

Mac OS X Server can provide a variety of services to users of Microsoft Windows 95, 98, ME, XP, NT 4, and 2000 computers. By providing these services, Mac OS X Server can replace Windows NT servers in small workgroups. The Windows NT migration guide provides instructions for migrating users, groups, files, and more from a Windows NT server to Mac OS X Server.
44 Chapter 2 Before You Begin

Defining an Integration Strategy

Integrating Mac OS X Server into a heterogeneous environment has two aspects: Configuring Mac OS X Server to take advantage of existing services Configuring non-Apple computers to use Mac OS X Server The first aspect primarily involves directory services integration. Identify which Mac OS X Server computers will use existing directories (such as Active Directory, LDAPv3, and NIS directories) and existing authentication setups (such as Kerberos). See the Open Directory administration guide for options and instructions. Integration may be as easy as enabling a Directory Access option, or it may involve adjusting existing services and Mac OS X Server settings. The second aspect is largely a matter of determining the support you want Mac OS X Server to provide Windows computer users. The Windows services administration guide tells you whats available.

Defining Physical Infrastructure Requirements

Determine whether you need to make any site or network topology adjustments before installing and setting up servers. Who will administer the server, and what kind of server access will administrators need? Classroom servers may need to be conveniently accessible for instructors, while servers that host network-wide directory information should be secured with restricted access in a district office building or centralized computer facility. Because Mac OS X Server administration tools offer complete remote server administration support, there are few times when an administrator should need physical access to a server.
Chapter 2 Before You Begin 45

 Are there air conditioning or power requirements that need to be met? See the documentation that comes with server hardware for this kind of information. Have you been thinking about upgrading elements such as cables, switches, and power supplies? Now may be a good time to do it. Are your TCP/IP network and subnets configured to support the services and servers you want to deploy?

Defining Server Setup Infrastructure Requirements

The server setup infrastructure consists of the services and servers that need to be set up early because other services or servers depend on them. For example, If youll use Mac OS X Server to provide DHCP, network time, or BootP services to other servers youll be setting up, the server or servers that provide these services should be set up and the services running before you set up servers that depend on those services. Or if you want to automate server setup by using setup data stored in a directory, both DHCP and directory servers must be set up first. The amount of setup infrastructure you require depends on the complexity of your site and what you want to accomplish. In general, DHCP, DNS, and directory services are desirable or required for medium-sized and larger server networks: The most fundamental infrastructure layer comprises network services like DHCP and DNS. All services run better if DNS is on the network, and many services require DNS to work properly. If youre not hosting DNS, work with the administrator responsible for the DNS server youll use when you set up your own servers. DNS requirements for individual services are published in the service-specific administration guides.
46 Chapter 2 Before You Begin

Setting up DHCP will reflect the physical network topology youll be using. Another crucial infrastructure component is directory services, required for sharing data among services, servers, and user computers. The most common data you need to share is for users and groups, but configuration information such as mount records and other directory data is also shared. A directory services infrastructure is necessary when you want to host cross-platform authentication and when you want different services to share the same names and passwords. Heres an example of the sequence in which you might set up a server infrastructure that includes DNS, DHCP, and directory services; the services can be set up on the same server or on different servers: 1 Set up the DNS server. 2 Set up DHCP. 3 Configure DHCP to specify the DNS server address so it can be served to DHCP clients. 4 Set up a directory server, including Windows PDC service if required. 5 Populate the directory with data, such as users, groups, and home directory data. This process involves, for example, importing users and groups, setting up share points, setting up managed preferences, and so forth. 6 Configure DHCP to specify the address of the directory server so it can be served to DHCP clients.

Chapter 2 Before You Begin

47

Your particular needs may affect this sequence. For example, if you want to use VPN, NAT, or IP firewall services, you would factor their setup into the DNS and DHCP setups. The getting started supplement illustrates the steps you might take to set up the directory and network infrastructure of Mac OS X Server in a small business scenario. The supplement is located on the Mac OS X Server installation disc in the Documentation folder. The Preface tells you where else you can find the supplement.

Making Sure Required Server Hardware Is Available

You may want to postpone setting up a server until all its hardware is in place. For example, you might not want to set up a server whose data you want to mirror until all the disk drives on which you need to set up mirroring are available. You might also want to wait until a RAID subsystem is set up before setting up a home directory server or other server that will use it.

Minimizing the Need to Relocate Servers After Setup

Try to place a server in its final network location (subnet) before setting it up for the first time. If youre concerned about preventing unauthorized or premature access during setup, you can set up a firewall to protect the server while finalizing its configuration. If you cant avoid moving a server after initial setup, you must change settings that are sensitive to network location before it can be used. For example, the servers IP address and host name, stored in both directories and configuration files on the server, must be updated.

48

Chapter 2 Before You Begin

When you move a server, take these guidelines into account: Minimize the time the server is in its temporary location so the amount of information you need to change is limited. Postpone configuring services that depend on network settings until the server is in its final location. Such services include Open Directory replication, Apache settings (such as virtual hosts), DHCP, and other network infrastructure settings that other computers depend on. Wait to import final user accounts. Limit accounts to test accounts so you minimize the user-specific network information (such as home directory location) that will need to change after the move. After you move the server, use the changeip tool to change IP addresses, host names, and other data stored in Open Directory NetInfo and LDAP directories on the server. You may need to manually adjust some network configurations, such as the local DNS database, after using the tool. Because changeip doesnt actually change the servers IP address, use the networksetup command (or Network preferences) to change the servers IP address in its network settings. See the command-line administration guide or the man page for changeip for details. Reconfigure the search policy of computers (such as user computers and DHCP servers) that have been configured to use the server in its original location.

Chapter 2 Before You Begin

49

Changing the Servers Host Name After Setup

When you perform initial server setup for new installations, Server Assistant sets the host name value by assigning AUTOMATIC to the hostname parameter in /etc/ hostname. This setting causes the servers host name to be the first name thats true in this list: The name provided by the DHCP or BootP server for the primary IP address The first name returned by a reverse DNS (address-to-name) query for the primary IP address The local hostname The name localhost After initial setup, if you want to change the host name, dont use the System Preferences Sharing pane to modify the servers computer name; use the changeip command-line tool. See the command-line administration guide or the man page for changeip for details.

Changing the Servers IP Address After Setup

To change a servers IP address after initial setup, use the changeip tool. Because changeip doesnt actually change the servers IP address, use the
networksetup command (or Network preferences) to change the servers IP address in

its network settings. See the command-line administration guide or the man page for changeip for details.

50

Chapter 2 Before You Begin

Determining the Installation and Setup Strategy to Use

Review the installation and server setup options in Chapter 1, Installation and Setup Overview, on page 21. Select the options you want to use, then address the prerequisites for installation on page 55 and for initial server setup on page 80.

Collecting and Organizing Information

For each server you set up, fill out the Mac OS X Server Worksheet for Version 10.4 or Later. It lets you record all the data youll need to quickly move through any of the installation and setup options you decide to use. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. The Preface tells you where else you can find the worksheet.

Chapter 2 Before You Begin

51

Installing Server Software

3
Are on page 55 page 56 page 57 page 59 page 59 page 60 page 60 page 61 page 63

You can upgrade to Mac OS X Server version 10.4 from version 10.3 or 10.2 or you can install a fresh copy of Mac OS X Server version 10.4.
Review the system requirements below and record information for each server you want to install using the Mac OS X Server Worksheet for Version 10.4 or Later (located on the Mac OS X Server installation disc). Then use the detailed installation instructions, which youll find as indicated in the following table.
Instructions for Using the Server Installation Disc Upgrading and Migrating Preparing Disks for Installing Mac OS X Server Hardware-Specific Instructions for Installing Mac OS X Server Identifying Remote Servers When Installing Mac OS X Server Connecting to the Network During Installation Installing Server Software on a Networked Computer Using a VNC Viewer to Prepare a Disk Before Installation Using the Installer to Install Locally From the Installation Disc

53

Instructions for Using Server Assistant to Install Remotely From the Installation Disc Using a VNC Viewer to Install Remotely From the Installation DVD Upgrading a Computer From Mac OS X to Mac OS X Server Automating Server Software Installation With a Disk Image Using the installer Command-Line Tool to Install Server Software Installing Multiple Servers

Are on page 65 page 68 page 71 page 72 page 73 page 77

Understanding System Requirements for Installing Mac OS X Server

The Macintosh desktop computer or server onto which you install Mac OS X Server version 10.4.7 or later must have: An Intel or PowerPC G4 or G5 processor Built-in FireWire At least 512 megabytes (MB) of random access memory (RAM). At least 10 gigabytes (GB) of disk space available If you have an installation disc for a Mac OS X Server version earlier than 10.4.7, you can use it to install the server software only on a Macintosh desktop computer or server with a PowerPC G3, G4, or G5 processor.

54

Chapter 3 Installing Server Software

A display and keyboard are optional. You can install server software on a computer that has no display and keyboard by using an administrator computer. Setting Up an Administrator Computer on page 122 describes how to set one up. If youre using an installation disc for Mac OS X Server version 10.4.7 or later, you can control installation from another computer using VNC viewer software. Open source VNC viewer software is available, and Apple Remote Desktop, described on page 147, includes VNC viewer capability.

Information You Need

Use the Mac OS X Server Worksheet for Version 10.4 or Later to record information for each server you want to install. The information below provides supplemental explanations for items on the worksheet. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. The Preface tells you where else you can find the worksheet.

Using the Server Installation Disc

You can install the server software using an installation DVD. If youre installing a version of Mac OS X Server earlier than 10.4.7, you can also use a set of installation CDs. The installation DVD contains everything you need to install the server software, plus an installer for Xcode Tools (in the Other Installs folder). If you have the installation CDs (not available for version 10.4.7 or later), only the first two are required. Use the third CD if you want to install optional printer drivers. The installation DVD also contains utilities such as Disk First Aid, Firmware Updates, and Startup Disk. The first installation CD (if available) contains these utilities as well.
Chapter 3 Installing Server Software 55

In addition to the installation DVD or CDs, Mac OS X Server includes the Mac OS X Server Admin Tools CD, which you use to set up an administrator computer.

Upgrading and Migrating

If youre using computers with Mac OS X Server versions earlier than 10.4, consider updating them to version 10.4. If youre using version 10.3.9 or 10.2.8 and you dont need to move to different computer hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data. If youve been using Macintosh Manager to manage Mac OS 9 client computers, you can continue to do so, an option not available when you migrate. See the documentation for your version 10.2 or 10.3 server for Macintosh Manager information. When you cant use the upgrade approach, you can migrate data and settings. Youll need to migrate, not upgrade, when: A version 10.2.8 or 10.3 servers hard disk needs reformatting or doesnt meet the minimum version 10.4 hardware requirements. See Understanding System Requirements for Installing Mac OS X Server on page 54. You want to move data and settings youve been using on a version 10.2.8 or 10.3 server to different server hardware. The server version youve been using is earlier than version 10.2.8. Migration from Mac OS X Server versions 10.3.9, 10.2.8, 10.1.4, 10.1.5, and 1.2; and from AppleShare IP version 6.3.3 are supported. When you migrate, you install and set up a version 10.4 server, restore files onto it from the earlier server, and make some manual adjustments as required.

56

Chapter 3 Installing Server Software

Read the upgrading and migrating guide for more information. Note: You cant update to a later 10.4 version by using a Mac OS X Server installation disc. For example, you cant use an installation DVD for version 10.4.7 to update an earlier version. To learn how to update to the latest version, see Keeping Current on page 38.

Preparing Disks for Installing Mac OS X Server

Before performing a clean installation of Mac OS X Server, you can partition the server computers hard disk into multiple volumes, create a RAID set, or erase the target disk or partition. If youre using an installation disc for Mac OS X Server version 10.4.7 or later, you can perform these tasks from another networked computer using VNC viewer software, such as Apple Remote Desktop, before beginning a clean installation. Warning: Before partitioning a disk, creating a RAID set, or erasing a disk or partition on an existing server, preserve any user data you want to save by copying it to another disk or partition. Instructions provided later in this chapter tell you when to perform disk preparation tasks described in the following paragraphs. Partitioning a Hard Disk Partitioning the hard disk creates a volume for server system software and one or more additional volumes for data and other software. The minimum recommended size for an installation partition is 10 GB.

Chapter 3 Installing Server Software

57

Important: Dont store additional software or user data on the hard disk or partition where the operating system is installed. With this approach, you wont risk losing those files if you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive. Creating a RAID Set If the target server has a second physical drive, you can configure the target disk for RAID mirroring. RAID mirroring sets up two disks so that the second disk is used automatically if the primary disk isnt available. Both disks must have a single partition. To use all your disk capacity, both disks should be the same size. If the target disk has a single partition and the second physical drive has a single partition and no data, you can set up RAID mirroring after installation. To prevent data loss, however, its best to set up RAID mirroring as soon as possible. Erasing a Disk or Partition You can erase a disk or partition while using the Mac OS X Server Installer. When you select the target volume in the Installer, you can also select an option to have the target disk or partition erased during installation using the Mac OS Extended (Journaled) format. This is the most common format for a Mac OS X Server startup volume.

58

Chapter 3 Installing Server Software

You can also use the Installer to open the Disk Utility application and then use it to erase the target volume or another volume. You can erase the target volume using the Mac OS Extended format or Mac OS Extended (Journaled) format. You can erase other volumes using either of those formats, Mac OS Extended format (Case-Sensitive) format, Mac OS Extended (Journaled, Case-Sensitive) format, or UNIX File System (UFS) format. You should not use UFS format or either case-sensitive format for a Mac OS X Server startup volume.

Hardware-Specific Instructions for Installing Mac OS X Server

When you install server software on Xserve systems, the procedure you use when starting the computer for installation is specific to the kind of Xserve hardware you have. You may need to refer to the Xserve Users Guide or Quick Start that came with your Xserve, where these procedures are documented.

Identifying Remote Servers When Installing Mac OS X Server

For remote server installations, you need to know this information about the target server: The identity of the target server. When using Server Assistant, you need to be able to recognize the target server in a list of servers on your local subnet or enter the IP address of the server (in IPv4 format: 000.000.000.000) if it resides on a different subnet. Information provided for servers in the list includes IP address, host name, and MAC (Media Access Control) address (also called hardware or Ethernet address).

Chapter 3 Installing Server Software

59

If you use VNC viewer software to remotely control installation of Mac OS X Server version 10.4.7 or later, it may let you select the target server from a list of available VNC servers. If not, you need to enter the IP address of the server (in IPv4 format: 000.000.000.000). The target servers IP address is assigned by a DHCP server on the network; if no DHCP server exists, the target server uses a 169.xxx.xxx.xxx address unique among servers on the local subnet. Later, when you set up the server, you can change the IP address. The preset password for the target server. The password consists of the first 8 digits of the servers built-in hardware serial number. To find a servers serial number, look for a label on the server. Older computers have no built-in hardware serial numbers; for these systems, use 12345678.

Installing Server Software Interactively From the Installation Disc

You can use the installation disc to install server software interactively on a local server, on a remote server, or on a computer with Mac OS X preinstalled.

Connecting to the Network During Installation

If you want to use a server as an Open Directory master, make sure it has an active Ethernet connection to a secure network before installation and initial setup.

Installing Server Software on a Networked Computer

When you start up a computer from a server installation disc, SSH starts automatically so that remote installations can be performed.
60 Chapter 3 Installing Server Software

Important: Make sure the network is secure before you install or reinstall Mac OS X Server, because SSH gives others access to the computer over the network. For example, design the network topology so that you can make the server computers subnet accessible only to trusted users.

Using a VNC Viewer to Prepare a Disk Before Installation

Before beginning a clean installation of Mac OS X Server version 10.4.7 or later, you can prepare the target computers hard disk from another networked computer using VNC viewer software. You can partition the hard disk into multiple volumes, create a RAID set, or erase the target disk or partition. To learn more about these tasks, see Preparing Disks for Installing Mac OS X Server on page 57. Warning: Before partitioning a disk, creating a RAID set, or erasing a disk or partition on an existing server, preserve any user data you want to save by copying it to another disk or partition. To prepare the target disk before installing Mac OS X Server v10.4.7 or later: 1 Start the target computer from the installation DVD for Mac OS X Server v10.4.7 or later. The procedure you use depends on the target server hardware. If the target server has a keyboard and a DVD-ROM drive, insert the installation DVD into the drive. Then hold down the C key on the keyboard while restarting the computer. If the target server is an Xserve with a built-in DVD-ROM drive, start the server using the installation DVD by following the instructions in the Xserve Users Guide for starting from a system disc.

Chapter 3 Installing Server Software

61

If the target server has no built-in DVD-ROM drive, you can use an external FireWire DVD-ROM drive. You can also install server software on an Xserve system that lacks a DVD-ROM drive by moving its drive module to another Xserve system that has a DVDROM drive. 2 Use your VNC viewer software to open a connection to the target server. 3 Identify the target server. If the VNC viewer includes the target server in a list of available servers, select it in the list. Otherwise, enter an IP address in IPv4 format (000.000.000.000). 4 When prompted for a password, type the first 8 digits of the servers built-in hardware serial number. To find a servers serial number, look for a label on the server. If youre installing on an older computer that has no built-in hardware serial number, use 12345678 for the password. If youre using Apple Remote Desktop as a VNC viewer, enter the password but dont specify a user name. 5 When the Installer opens, choose Utilities > Disk Utility and use Disk Utility to prepare the target disk. You can find instructions for partitioning the hard disk into multiple volumes, creating a RAID set, and erasing the target disk or partition by viewing Disk Utility Help. To view Disk Utility Help, open Disk Utility on another Macintosh computer with Mac OS X v10.4 and choose Help > Disk Utility Help. 6 When you finish preparing the target disk, quit Disk Utility. You can now continue using the VNC viewer to perform a clean installation, as described in Using a VNC Viewer to Install Remotely From the Installation DVD on page 68, or you can quit the Installer and use another installation method.
62 Chapter 3 Installing Server Software

Using the Installer to Install Locally From the Installation Disc

You can install Mac OS X Server directly onto a computer with a display, a keyboard, and an optical drive attached. If you have an installation DVD, the optical drive must be able to read DVD discs. You can also install directly onto a computer that lacks a display, keyboard, and optical drive capable of reading your installation disc. In this case, you start the target computer in target disk mode and connect it to an administrator computer using a FireWire cable. You use the administrator computer to install the server software on the target computers disk or partition, which appears as a disk icon on the administrator computer. To install server software locally: 1 If youll be performing a clean installation rather than upgrading, preserve any user data that resides on the disk or partition onto which youll install the server software. 2 Turn on the computer and insert the first Mac OS X Server installation disc into the optical drive. 3 Restart the computer while holding down the C key on the keyboard. The computer boots from the installation disc. You can release the C key when you see the Apple logo. 4 After the computer restarts, choose the language you want the server to use and click Continue. 5 When the Installer opens, if you want to perform a clean installation, optionally use the Utilities menu to open Disk Utility to prepare the target disk or partition before proceeding.

Chapter 3 Installing Server Software

63

With Disk Utility, you can partition the target disk or create a RAID set. You can also use Disk Utility to erase the disk using Mac OS Extended format. Important: Dont store additional software or user data on the hard disk or partition where the operating system is installed. With this approach, you wont risk losing those files if you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive. 6 Proceed through the Installers panes by following the onscreen instructions. 7 When the Select a Destination pane appears, select a target disk or volume (partition) and make sure its in the expected state. If youre doing a clean installation, you can choose Utilities > Open Disk Utility to work with disk preparation one final time before selecting the target volume and clicking Continue. Or you can click Options to format the destination disk or volume in Mac OS Extended (Journaled) format; select Erase to format the disk in Mac OS Extended (Journaled) format; then click OK. If the volume you selected contains Mac OS X Server version 10.3.9 or 10.2.8 and you want to upgrade, click Options and select Dont erase . Click OK. Important: When you perform an upgrade installation, make sure that saved setup data wont be inadvertently detected and used by the server. If saved setup data is used, existing server settings will be overwritten by the saved settings. See How a Server Searches for Saved Setup Data on page 81 for more information. 8 During installation, progress information is displayed. Insert the next installation disc if prompted. 9 After installation is complete, the computer restarts automatically and you can perform initial server setup.

64

Chapter 3 Installing Server Software

If youre using an administrator computer to install onto a server thats in target disk mode and connected using a FireWire cable, quit Server Assistant when it starts automatically on the administrator computer. Shut down the administrator computer and the server. Then start up the administrator computer and the server normally (not in target disk mode). Now you can use Server Assistant from the administrator computer to remotely set up the server. Chapter 4, Initial Server Setup, on page 79 describes how to set up a server locally or remotely.

Using Server Assistant to Install Remotely From the Installation Disc

To install Mac OS X Server on a remote server from the server installation disc, you need access to the target computer and an administrator computer from which to use Server Assistant to manage the installation. If you have a Mac OS X Server version 10.4.7 installation DVD, you have the alternative explained in Using a VNC Viewer to Install Remotely From the Installation DVD on page 68. To install on a remote server by using Server Assistant: 1 If youll be performing a clean installation rather than upgrading, preserve any user data that resides on the disk or partition onto which youll install the server software, and optionally use Disk Utility to prepare the target disk. With Disk Utility, you can partition the target disk or create a RAID set. You can also use Disk Utility to erase the disk using Mac OS Extended (Journaled) or Mac OS Extended format.

Chapter 3 Installing Server Software

65

If the target server has a keyboard and display, you can use Disk Utility by opening it on the server (in /Applications/Utilities/). You can find instructions on disk preparation tasks by viewing Disk Utility Help. Alternatively, if youre installing Mac OS X Server version 10.4.7 or later, you can control Disk Utility remotely from another computer using VNC viewer software. For instructions, see Using a VNC Viewer to Prepare a Disk Before Installation on page 61. Important: Dont store additional software or user data on the hard disk or partition where the operating system is installed. With this approach, you wont risk losing those files if you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive. 2 Start the target computer from the installation disc. The procedure you use depends on whether the target server has an optical drive that can read your installation disc or discs. If you have an installation DVD, the optical drive must be able to read DVD discs. If the target server has a keyboard and an optical drive that can read your installation disc, insert the first installation disc into the optical drive. Then hold down the C key on the keyboard while restarting the computer. If the target server is an Xserve with a built-in optical drive that can read your installation disc, start the server using the first installation disc by following the instructions in the Xserve Users Guide for starting from a system disc.

66

Chapter 3 Installing Server Software

If the target server lacks a built-in optical drive that can read your installation disc, you can start it in target disk mode and insert the installation disc into the optical drive on your administrator computer. You can also use an external FireWire optical drive. If the target server is an Xserve, you can move its drive module to another Xserve system that has an optical drive capable of reading your installation disc. Instructions for using target disk mode and external optical drives are in the Quick Start guide, Getting Started guide, or Users Guide that came with your Xserve system or Macintosh computer. 3 On an administrator computer, navigate to /Applications/Server/ and open Server Assistant (you dont have to be an administrator on the local computer to use Server Assistant). Select Install software on a remote server. 4 Identify the target server. If its on the local subnet, select it in the list. Otherwise, click Server at IP Address and enter an IP address in IPv4 format (000.000.000.000). 5 When prompted for a password, type the first 8 digits of the servers built-in hardware serial number. To find a servers serial number, look for a label on the server. If youre installing on an older computer that has no built-in hardware serial number, use 12345678 for the password. 6 Proceed by following the onscreen instructions. 7 When the Volumes pane appears, select a target disk or volume (partition) and make sure its in the expected state. Then select it and click Continue. If the volume you selected contains Mac OS X Server version 10.3.9 or 10.2.8 and you want to upgrade, select Dont erase. Otherwise, you can select Erase to format the disk in Mac OS Extended (Journaled) format. Click OK.

Chapter 3 Installing Server Software

67

Important: When you perform an upgrade installation, make sure that saved setup data wont be inadvertently detected and used by the server. If saved setup data is used, existing server settings will be overwritten by the saved settings. See How a Server Searches for Saved Setup Data on page 81 for more information. 8 During installation, progress information is displayed. Insert the next installation disc if prompted. While installation proceeds, you can open another Server Assistant window to install server software on another computer; choose File > New Window to do so. After installation is complete, the target server restarts automatically and you can perform initial server setup. Chapter 4, Initial Server Setup, on page 79 describes how.

Using a VNC Viewer to Install Remotely From the Installation DVD

If youre using an installation disc for Mac OS X Server version 10.4.7 or later, you can control installation from another computer using open source VNC viewer software or Apple Remote Desktop. This strategy allows you to remotely control preparation of the target disk or partition before beginning installation. You can partition the hard disk into multiple volumes, create a RAID set, or erase the target disk or partition. To install on a remote server by using a VNC viewer: 1 If youll be performing a clean installation rather than upgrading, preserve any user data that resides on the disk or partition onto which youll install the server software. 2 Start the target computer from the installation DVD for Mac OS X Server v10.4.7 or later. The procedure you use depends on the target server hardware. If the target server has a keyboard and a DVD-ROM drive, insert the installation DVD into the drive. Then hold down the C key on the keyboard while restarting the computer.
68 Chapter 3 Installing Server Software

If the target server is an Xserve with a built-in DVD-ROM drive, start the server using the installation DVD by following the instructions in the Xserve Users Guide for starting from a system disc. If the target server has no built-in DVD-ROM drive, you can use an external FireWire DVD-ROM drive. You can also install server software on an Xserve system that lacks a DVD-ROM drive by moving its drive module to another Xserve system that has a DVDROM drive. Instructions for using external FireWire drives are in the Quick Start guide, Getting Started guide, or Users Guide that came with your Xserve system or Macintosh computer. 3 Use your VNC viewer software to open a connection to the target server. 4 Identify the target server. If the VNC viewer includes the target server in a list of available servers, select it in the list. Otherwise, enter an IP address in IPv4 format (000.000.000.000). 5 When prompted for a password, type the first 8 digits of the servers built-in hardware serial number. To find a servers serial number, look for a label on the server. If youre installing on an older computer that has no built-in hardware serial number, use 12345678 for the password. If youre using Apple Remote Desktop as a VNC viewer, enter the password but dont specify a user name. 6 When the Installer opens, if you want to perform a clean installation, optionally use the Utilities menu to open Disk Utility to prepare the target disk or partition before proceeding.

Chapter 3 Installing Server Software

69

You can find instructions for partitioning the hard disk into multiple volumes, creating a RAID set, and erasing the target disk or partition by viewing Disk Utility Help. To view Disk Utility Help, open Disk Utility on another Macintosh computer with Mac OS X v10.4 and choose Help > Disk Utility Help. Important: Dont store additional software or user data on the hard disk or partition where the operating system is installed. With this approach, you wont risk losing those files if you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive. 7 When you finish preparing the target disk, quit Disk Utility. 8 Proceed through the Installers panes by following the onscreen instructions. 9 When the Select a Destination pane appears, select a target disk or volume (partition) and make sure its in the expected state. If youre doing a clean installation, you can choose Utilities > Open Disk Utility to work with disk preparation one final time before selecting the target volume and clicking Continue. Or you can click Options to format the destination disk or volume in Mac OS Extended (Journaled) format: Select Erase to format the disk in Mac OS Extended (Journaled) format, and then click OK. If the volume you selected contains Mac OS X Server version 10.3.9 or 10.2.8 and you want to upgrade, click Options and select Dont erase . Click OK. Important: When you perform an upgrade installation, make sure that saved setup data wont be inadvertently detected and used by the server. If saved setup data is used, existing server settings will be overwritten by the saved settings. See How a Server Searches for Saved Setup Data on page 81 for more information.

70

Chapter 3 Installing Server Software

10 During installation, progress information is displayed. While installation proceeds, you can use the VNC viewer to open a connection to another computer and install Mac OS X Server v10.4.7 or later on it. After installation is complete, the server restarts and closes the VNC viewer connection automatically. You can perform initial server setup interactively or automatically. Chapter 4, Initial Server Setup, on page 79 describes how.

Upgrading a Computer From Mac OS X to Mac OS X Server

You can use the installation DVD for Mac OS X Server version 10.4.7 to upgrade a desktop computer that: Already has Mac OS X v10.4.7 or later installed Has an Intel processor Was introduced in summer 2006 or later Meets the system requirements in Understanding System Requirements for Installing Mac OS X Server on page 54 To upgrade a computer from Mac OS X to Mac OS X Server: 1 Start up the computer from the hard disk, as you would for normal use. Do not use an installation disc. 2 Insert the installation DVD, open the Other Installs folder, and double-click MacOSXServerInstall.mpkg to run the Installer. 3 When the Installer finishes, your computer restarts automatically and Server Assistant opens to let you set up the server. 4 After the server restarts, use Software Update to install any available server software updates.

Chapter 3 Installing Server Software

71

Automating Server Software Installation With a Disk Image

If you need to install server software on a large number of servers or if you need to reinstall server software frequently, you can automate installation by using an installation image that resides on disk rather than on the installation disc. To install server software using a disk image: 1 On a version 10.4 Mac OS X Server, open System Image Utility. 2 Create a Network Install image from the server installation DVD (or CDs, if available) or from a model version 10.4 server youve already set up. 3 Use Server Admin to start NetBoot service and enable the disk image. 4 Configure each target computer to start up using the Network Install image. 5 Initiate installation remotely by opening Server Assistant on an administrator computer or using a VNC viewer on a networked computer. With Server Assistant, choose Install software on a remote server. When you get to the Destination pane, identify the computers that started up using the Network Install image. With VNC viewer software, connect to each computer that has started up using a Network Install image for Mac OS X Server version 10.4.7 or later, and then control disk preparation and installation remotely. 6 Proceed as you would to install server software on any remote computer. The system imaging and software update administration guide describes how to create and deploy disk images.

72

Chapter 3 Installing Server Software

Using the installer Command-Line Tool to Install Server Software

You use the installer tool to install server software on a local or remote computer from the command line. For detailed information about installer: See the command-line administration guide. Open the Terminal application and type installer, installer -help, or man installer. To use installer to install server software: 1 Start the target computer from the installation disc. The procedure you use depends on whether the target server has an optical drive that can read your installation disc or discs. If you have an installation DVD, the optical drive must be able to read DVD discs. If the target server has a keyboard and an optical drive that can read your installation disc, insert the first installation disc into the optical drive. Then hold down the C key on the keyboard while restarting the computer. If the target server is an Xserve with a built-in optical drive that can read your installation disc, start the server using the first installation disc by following the instructions in the Xserve Users Guide for starting from a system disc. If the target server lacks a built-in optical drive that can read your installation disc, you can start it in target disk mode and insert the installation disc into the optical drive on your administrator computer. You can also use an external FireWire optical drive. If the target server is an Xserve, you can move its drive module to another Xserve system that has an optical drive capable of reading your installation disc. Instructions for using target disk mode and external optical drives are in the Quick Start guide, Getting Started guide, or Users Guide that came with your Xserve system or Macintosh computer.

Chapter 3 Installing Server Software

73

2 If youre installing a local server, when the Installer opens choose Utilities > Open Terminal to open the Terminal application. If youre installing a remote server, from Terminal on an administrator computer or from a UNIX workstation, establish an SSH session as the root user with the target server, substituting the target servers actual IP address for <ip address>:
ssh root@<ip address>

If you dont know the IP address and the remote server is on the local subnet, you can use the sa_srchr command to identify computers on the local subnet on which you can install server software:
/System/Library/Serversetup/sa_srchr 224.0.0.1 mycomputer.example.com#PowerMac4,4#<ip address>#<mac address>#Mac OS X Server 10.4#RDY4PkgInstall#2.0#512

You can also use Server Assistant to generate information for computers on the local subnet. Open Server Assistant, select Install software on a remote computer , and click Continue to access the Destination pane and generate a list of servers awaiting installation. 3 When prompted for a password, type the first 8 digits of the servers built-in hardware serial number. To find a servers serial number, look for a label on the server. If the target computer had been set up as a server, youll also find the hardware serial number in /System/Library/ServerSetup/SerialNumber. If youre installing on an older computer that has no built-in hardware serial number, use 12345678 for the password. 4 Identify the target-server volume onto which you want to install the server software.

74

Chapter 3 Installing Server Software

To list the volumes available for server software installation from the installation disc, type this command:
/usr/sbin/installer -volinfo -pkg /System/Installation/Packages/ OSInstall.mpkg

You can also identify a Network Install image youve created and mounted:
/usr/sbin/installer -volinfo -pkg /Volumes/ServerNetworkImage10.4/ System/Installation/Packages/OSInstall.mpkg

The list displayed reflects your particular environment, but heres an example showing three available volumes:
/Volumes/Mount 01 /Volumes/Mount1 /Volumes/Mount02

5 If the target volume has Mac OS X Server 10.3.9 or 10.2.8 installed, when you run installer it will upgrade the server to version 10.4 and preserve user files. If youre not upgrading but performing a clean installation, back up the user files you want to preserve, then use diskutil to erase the volume and format it and to enable journaling:
/usr/sbin/diskutil eraseVolume HFS+ "Mount 01" "/Volumes/Mount 01" /usr/sbin/diskutil enableJournal "/Volumes/Mount 01"

You can also use diskutil to partition the volume and to set up mirroring. See the diskutil man page for more information about the command. Important: Dont store data on the hard disk or hard disk partition where the operating system is installed. With this approach, you wont risk losing data should you need to reinstall or upgrade system software. If you must store additional software or data on the system partition, consider mirroring the drive.

Chapter 3 Installing Server Software

75

6 Install the operating system on a volume from the list generated in step 4. For example, to use Mount 01 in the example in step 4 to install from a server installation disc, type:
/usr/sbin/installer -verboseR -lang en -pkg /System/Installation/ Packages/OSInstall.mpkg -target "/Volumes/Mount 01"

If youre using a Network Install image, the command identifies them as step 4 shows. When you type the -lang parameter, use one of the following values: en (for English), de (for German), fr (for French), or ja (for Japanese). 7 During installation, progress information is displayed. While installation proceeds, you can open another Terminal window to install server software on another computer. 8 When installation from the disc is complete, restart the server. Type:
/sbin/reboot

or
/sbin/shutdown -r

Server Assistant opens automatically when installation is complete. If you have installation CDs (not available for version 10.4.7 or later), use the following instructions to install the remaining software from the remaining installation CDs. To use the next installation disc, type the sa_srchr command to locate the server thats waiting. For <ip address>, specify the address you used in step 2:
/System/Library/Serversetup/sa_srchr <ip address>

When the sa_srchr response includes the string #InstallInProgress , insert the next installation disc:
mycomputer.example.com#PowerMac4,4#<ip address>#<mac address> #Mac OS X Server 10.4#InstallInProgress#2.0#2080

76

Chapter 3 Installing Server Software

Installing Multiple Servers

You can use Server Assistant, VNC viewer software, or the installer tool to initiate multiple server software installations. After using Server Assistant to initiate server software installation on one remote computer, choose File > New Window to install the software on another computer. After using a VNC viewer to control installation of Mac OS X Server version 10.4.7 or later on one remote computer, you can use the VNC viewer to open a connection to another remote computer and control installation on it. Alternatively, open the Terminal application and use the installer tool to initiate another server software installation.

Chapter 3 Installing Server Software

77

Initial Server Setup

4
On page 80 page 87 page 92 page 93 installation disc page 93 page 94 page 95 page 95 page 97 page 98

Basic characteristics of your Mac OS X Server are established during initial server setup.
Heres a quick reference to the topics in this chapter.
To read about Options and prerequisites See Saving Setup Data Specifying Initial Open Directory Usage Connecting to the Network During Initial Server Setup Configuring Servers With Multiple Ethernet Ports The Mac OS X Server Worksheet for Version 10.4 or Later Using Interactive Server Setup Setting Up a Local Server Interactively Postponing Local Server Setups Following Installation Setting Up a Remote Server Interactively Setting Up Multiple Remote Servers Interactively in a Batch Setting Up Multiple Remote Servers Interactively One at a Time

Collecting information Setting up servers interactively

79

To read about Setting up servers automatically

See

On

Using Automatic Server Setup page 100 Setting Up Servers Automatically Using Data Saved in a File page 101 Setting Up Servers Automatically Using Data Saved in a page 105 Directory Determining the Status of Setups Setting Up Services page 109 page 112

Monitoring and troubleshooting What to do after initial setup

Information You Need

See the Mac OS X Server Worksheet for Version 10.4 or Later to understand and record information for each server you want to set up. The information below provides supplemental explanations for some of the items on the worksheet. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. The Preface tells you where else you can find the worksheet. When youre upgrading from Mac OS X Server version 10.3.9 or 10.2.8, Server Assistant displays the existing server settings, but you can change them. Use the worksheet to record settings you want the version 10.4 server to use.

Saving Setup Data

When you want to work with saved setup data, determine a strategy for naming, encrypting, and storing the data.

80

Chapter 4 Initial Server Setup

How a Server Searches for Saved Setup Data A freshly installed server sets itself up using saved setup data it finds while using the following search sequence. When the server finds any saved setup data that matches the criteria described, it stops searching and uses the data to set itself up. 1 The server first searches through locally mounted volumes for setup files in /Volumes/ */Auto Server Setup/, where * is a file system (device) name. It searches through volumes alphabetically by device name, looking for a file with the extension .plist thats named using its MAC address, its IP address, its partial DNS name, its built-in hardware serial number, its fully qualified DNS name, its partial IP address, or generic.plist, in that order. 2 Next, the server looks in a directory its configured to use for a setup record in a path named AutoServerSetup . It searches for records named using its MAC address, its IP address, its partial DNS name (myserver), its built-in hardware serial number, its fully qualified DNS name (myserver.example.com), its partial IP address, or generic, in that order. If the setup data is encrypted, the server needs the correct passphrase before setting itself up. You can use Server Assistant to supply the passphrase interactively, or you can supply the passphrase in a text file in /Volumes/*/Auto Server Setup/<pass-phrasefile>. The target server searches through volumes alphabetically by file system name, looking for a file with the extension .pass thats named using its MAC address, its IP address, its partial DNS name, its built-in hardware serial number, its fully qualified DNS name, its partial IP address, or generic, in that order. Important: When you perform an upgrade installation, make sure that saved setup data wont be inadvertently detected and used by the server youre upgrading. If saved setup data is used, existing server settings will be overwritten by the saved settings.
Chapter 4 Initial Server Setup 81

The next two sections provide more details about how to use saved setup data. Using Setup Data Saved in a File When you save setup data in a file, a target server automatically detects and uses the file if: Setup data the target server recognizes isnt found in a directory the server is configured to use. See Using Setup Data Saved in a Directory on page 84 for information on how a server detects and uses directory data to set itself up. The setup file is on a volume mounted locally in /Volumes/*/Auto Server Setup/, where * is any device mounted under /Volumes. A target server searches through volumes alphabetically by device name. The device that is mounted as a file system can be the servers hard drive or an iPod, DVD, CD, FireWire drive, USB drive, or other device plugged in to the server. For example, /Volumes/AdminiPod/Auto Server Setup/myserver.example.com.plist. The setup file name is one of these; when searching for setup files, target servers search for names in the order listed: <MAC-address-of-server>.plist (include any leading zeros but omit colons). For example, 0030654dbcef.plist. <IP-address-of-server>.plist. For example, 10.0.0.4.plist. <partial-DNS-name-of-server>.plist. For example, myserver.plist. <built-in-hardware-serial-number-of-server>.plist (first 8 characters only). For example, ABCD1234.plist. <fully-qualified-DNS-name-of-server>.plist. For example, myserver.example.com.plist. <partial-IP-address-of-server>.plist. For example, 10.0.plist (matches 10.0.0.4 and 10.0.1.2).
82 Chapter 4 Initial Server Setup

generic.plist (a file that any server will recognize, used to set up servers that need the same setup values). If the serial number specified in the file isnt site licensed, after setup you need to manually set it. Use Server Admin or the following command in the Terminal application: serversetup -setServerSerialNumber. The correct passphrase is provided to the server if the setup data is encrypted. You can use Server Assistant to supply a passphrase interactively, or you can supply the passphrase in a text file. Place the passphrase file on a volume mounted locally on the target server in /Volumes/*/Auto Server Setup/<pass-phrase-file>. The passphrase file can have one of these names; target servers search for names in the order listed: <MAC-address-of-server>.pass (include any leading zeros but omit colons). For example, 0030654dbcef.pass. <IP-address-of-server>.pass. For example, 10.0.0.4.pass. <partial-DNS-name-of-server>.pass. For example, myserver.pass. <built-in-hardware-serial-number-of-server>.pass (first 8 characters only). For example, ABCD1234.pass. <fully-qualified-DNS-name-of-server>.pass. For example, myserver.example.com.pass. <partial-IP-address-of-server>.pass. For example, 10.0.pass (matches 10.0.0.4 and 10.0.1.2). generic.pass (a file that any server will recognize). If the server software serial number isnt site licensed, after setup you need to manually set it. Use Server Admin or the following command in Terminal: serversetup -setServerSerialNumber.

Chapter 4 Initial Server Setup

83

If you want to reuse saved setup data after reinstalling a server, you can store the servers setup file(s) in a small local partition that isnt erased when you reinstall the server. The setup files are automatically detected and reused after each reinstallation. Using Setup Data Saved in a Directory Using this approach offers the most unattended way to set up multiple servers, but it requires that you have a DHCP and directory infrastructure in place. Using Server Assistant, you save setup data to an existing directory the computer youre using is configured to access and from which you want newly installed servers to retrieve setup data. The schema of the directory must support stored setup data. Open Directory has built-in support for stored setup data. If you want to store setup data in a non-Apple directory, you first need to extend its schema as the Open Directory administration guide describes. When you save setup data in a directory, a target server automatically detects and uses the setup data if: The target server receives its network names (host name, computer name, and local hostname) and its port configuration from a DHCP server. The DHCP server is configured to identify the IP address of the directory server where the setup data resides. See the network services administration guide for DHCP server configuration instructions. The directory and DHCP servers are running.

84

Chapter 4 Initial Server Setup

 The setup data is stored in the directory in a path named /AutoServerSetup/ and a record having one of these names; target servers search for names in the order listed: <MAC-address-of-server> (include any leading zeros but omit colons). For example, 0030654dbcef. <IP-address-of-server>. For example, 10.0.0.4. <partial-DNS-name-of-server>. For example, myserver. <built-in-hardware-serial-number-of-server> (first 8 characters only). For example, ABCD1234. <fully-qualified-DNS-name-of-server>. For example, myserver.example.com. <partial-IP-address-of-server>. For example, 10.0 (matches 10.0.0.4 and 10.0.1.2). generic (a record that any server will recognize, used to set up servers that need the same setup values). If the serial number specified in the file isnt site licensed, after setup you need to manually set it. Use Server Admin or the following command in the Terminal application: serversetup -setServerSerialNumber. The correct passphrase is provided to the server (setup data stored in a directory should always be encrypted). You can use Server Assistant to supply a passphrase interactively, or you can supply the passphrase in a text file. Place the passphrase file on a volume mounted locally on the target server in /Volumes/*/Auto Server Setup/<pass-phrase-file>, where * is any device mounted under /Volumes. A target server searches through volumes alphabetically by device name.

Chapter 4 Initial Server Setup

85

The passphrase file can have one of these names; target servers search for names in the order listed: <MAC-address-of-server>.pass (include any leading zeros but omit colons). For example, 0030654dbcef.pass. <IP-address-of-server>.pass. For example, 10.0.0.4.pass. <partial-DNS-name-of-server>.pass. For example, myserver.pass. <built-in-hardware-serial-number-of-server>.pass (first 8 characters only). For example, ABCD1234.pass. <fully-qualified-DNS-name-of-server>.pass. For example, myserver.example.com.pass. <partial-IP-address-of-server>.pass. For example, 10.0.pass (matches 10.0.0.4 and 10.0.1.2). generic.pass (a file that any server will recognize). If the server software serial number isnt site licensed, after setup you need to manually set it. Use Server Admin or the following command in Terminal: serversetup -setServerSerialNumber. Keeping Backup Copies of Saved Setup Data Saved setup data isnt only useful for automating the setup of multiple servers. It also provides a way to set up servers again if you ever need to reinstall server software on them. You can keep backup copies of setup data files on a network file server. Alternatively, you can store setup data files in a local partition that wont be erased when you reinstall server software.

86

Chapter 4 Initial Server Setup

Specifying Initial Open Directory Usage

When you set up a server initially, you specify its directory services configuration. Choices are: No change, available only when upgrading from Mac OS X Server version 10.3.9 or 10.2.8. Standalone Server, used to set up only a local NetInfo directory domain on the server. Open Directory Master, used to set up an LDAP directory on the server for other computers to share. Connected to a Directory System, used to set up the server to obtain directory information from a shared directory domain thats already been set up on another server. In all these cases, Open Directory authentication is set up on the server and used by default for any new users added to domains that reside on the server. If youre setting up multiple servers and one or more of them will host a shared directory, set up those servers before setting up servers that will use those shared directories. Note: If you connect Mac OS X Server version 10.4 to a directory domain of Mac OS X Server version 10.2 or earlier, be aware that users defined in the older directory domain cannot be authenticated with the MS-CHAPv2 method. This method may be required to securely authenticate users for the VPN service of Mac OS X Server version 10.4. Open Directory in Mac OS X Server version 10.4 supports MSCHAPv2 authentication, but Password Server in Mac OS X Server version 10.2 doesnt support MS-CHAPv2.

Chapter 4 Initial Server Setup

87

After setup, use the Directory Access or Server Admin applications to refine the servers directory configuration, if necessary. Directory Access lets you set up connections to multiple directories, including Active Directory and other non-Apple directory systems, and specify a search policy (the order in which the server should search through the domains). Server Admin lets you set up replicas of an Open Directory master and manage other aspects of a servers directory service configuration. The Open Directory administration guide can help you decide which of the directory usage setup options is right for you. If youre upgrading, the best choice is usually No change, and if youre setting up a new server, the simplest choice is Standalone Server. After initial server setup, you can use Directory Access or Server Admin to adjust and finalize the directory setup. Not Changing Directory Usage When Upgrading When setting up a server that youre upgrading to version 10.4 from version 10.3.9 or 10.2.8, and you want the server to use the same directory setup its been using, choose No change in the Directory Usage pane in Server Assistant. Even when you want to change the servers directory setup, selecting No change is the safest option, especially if youre considering changing a servers shared directory configuration. Changing from hosting a directory to using another servers shared directory or vice versa, or migrating a shared NetInfo domain to LDAP are examples of directory usage changes you should make after server setup in order to preserve access to directory information on your network.

88

Chapter 4 Initial Server Setup

See the Open Directory administration guide for information about all the directory usage options available to you and how to use Directory Access and Server Admin to make directory changes. See the upgrading and migrating guide for information on how to continue using existing directory data when you change directory service settings. If you choose the No change option and the server wasnt using a Password Server, Open Directory authentication will be set up. When you add users to any Apple directory domain residing on the server, their passwords are validated by default using Open Directory authentication. Setting Up a Server as a Standalone Server When you dont want the server youre setting up to host or use shared directory information, choose the directory usage option called Standalone Server in Server Assistant. This option sets up only a local NetInfo domain on the server. Because its a local domain, the data stored in it is accessible only to the server youre setting up. Open Directory authentication is also set up on the server. By default, Open Directory authentication is used when a user is added to the local domain. When a user attempts to log in to the server or use one of its services that require authentication, the server authenticates the user by consulting the local database. If the user has an account on the system and supplies the appropriate password, authentication succeeds.

Chapter 4 Initial Server Setup

89

Setting Up a Server as an Open Directory Master When you want a server youre setting up to host an LDAP directory for use by itself and other computers, make sure the server is connected to the network when you set it up and choose the directory usage option called Open Directory Master in Server Assistant. This option: Sets up an LDAP directory on the server. Creates a directory domain administrator for the directory. This is the administrator who has the privileges required to change information stored in the directory, such as accounts and managed network views. Turns on Open Directory authentication for validating all users defined in the local NetInfo domain and the LDAP directory. Sets up a Kerberos KDC on the server. Before an Open Directory master can provide Kerberos and single sign-on authentication, DNS must be properly configured. DNS must resolve the fully qualified DNS names of all servers, including the Open Directory master itself, to their IP addresses and provide the corresponding reverse lookups. Optionally enables a Windows Primary Domain Controller on the server, letting your server authenticate and provide home directories for users of computers with Windows NT4.x, Windows 9x, and Windows XP. To set up another server as an Open Directory replica and optional backup domain controller (BDC) for a PDC, use Server Admin after setup is complete. To configure additional directory connectivity, use Directory Access. See the Open Directory administration guide for more information about directory configuration.

90

Chapter 4 Initial Server Setup

Open Directory authentication is set up on the server and used by default for any users added to domains that reside on the server. Setting Up a Server to Connect to a Directory System When you want a server youre setting up to use a shared directory on another computer, choose the directory usage option called Connected to a Directory System in Server Assistant. Then choose one of the following options: As Specified by DHCP Server, which sets up a server to use a DHCP server to obtain information for connecting to a directory system. The DHCP server must be set up to provide the address and search base of an LDAP server (DHCP option 95) or the address and tag of a legacy NetInfo server. The directory service and DHCP service are independent; they dont have to be provided by the same server. Open Directory Server, which lets you indicate that the address of the Mac OS X Server hosting the LDAP directory should be obtained using DHCP or specify the IP address or DNS name of the server. NetInfo Server, which lets you indicate how the server being set up should locate the server hosting a shared domain. Choose one or more of these: Broadcast, DHCP, and Static IP Address, the last of which requires that you supply the NetInfo servers IP address and the NetInfo tag of the directory domain, usually network. Other Directory Server, which is the selection to make when you want to configure access to non-Apple directories such as Active Directory, Novell eDirectory, or an NIS domain. After server setup, use Directory Access to specify the servers directory configuration. See the Open Directory administration guide for more information.

Chapter 4 Initial Server Setup

91

You can set up a server to connect to a shared NetInfo directory on Mac OS X Server version 10.0 and later or an LDAP directory on version 10.2 or version 10.3. However, you may not be able to take advantage of some features: VPN service on version 10.3 or later requires MS-CHAP2 authentication, which isnt available with version 10.2 and earlier. Replication isnt supported by version 10.2 or earlier. Kerberos configuration is much more complex on version 10.2. In addition, automatic synchronization of Kerberos and Password Server requires version 10.3 or later. On version 10.3 and earlier, trusted directory binding, support for LDAP subdomains, and directory access controls arent available.

Connecting to the Network During Initial Server Setup

Try to place a server in its final network location (subnet) before setting it up for the first time. If youre concerned about preventing unauthorized or premature access during setup, you can set up a firewall to protect the server while youre finalizing its configuration. If you cant avoid moving a server after initial setup, you must change settings that are sensitive to network location before it can be used. For example, the servers IP address and host name, stored in both directories and configuration files on the server, must be updated. See Changing the Servers Host Name After Setup on page 50 for more information.

92

Chapter 4 Initial Server Setup

Configuring Servers With Multiple Ethernet Ports

Your server has a built-in Ethernet port and may have additional Ethernet ports built in or added on. When youre using Server Assistant to interactively set up one or more servers, all of a servers available Ethernet ports are listed and you select one or more to activate and configure. When you work in Server Assistants offline mode, you click an Add button to manually create a list of ports to configure. If you enable more than one port, you specify the order in which the ports should be used by the server when routing traffic to the network. While the server receives network traffic on any active port, network traffic initiated by the server is routed through the first active port. See the Mac OS X Server Worksheet for Version 10.4 or Later for a description of port configuration attributes. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. The Preface tells you where else you can find the worksheet.

Using Interactive Server Setup

When you have only a few servers to set up, the interactive approach is useful. To use this approach, open Server Assistant, connect to one or more target servers, supply setup data, then initiate the setup immediately. You can use the interactive approach to set up a local server, a remote server, or several remote servers.

Chapter 4 Initial Server Setup

93

Setting Up a Local Server Interactively

After server software has been installed on a server, you can use the interactive approach to set it up locally if you have physical access to the computer. To set up a local server interactively: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in Information You Need on page 80. The Preface tells you where else you can find the worksheet. 2 When the server is restarted, Server Assistant opens automatically. 3 Enter the setup data youve recorded on the worksheet as you move through the Assistants panes, following the onscreen instructions. Make sure that any DHCP or DNS servers you specify for the server youre setting up to use are running. 4 After all setup data has been entered, Server Assistant displays a summary of the data. 5 Review the setup data you entered. Optionally click Go Back to change it. 6 To save the setup data as a text file or in a form you can use for automatic server setup (a saved setup file or saved directory record), click Save As. To encrypt the file or record, select Save in Encrypted Format then enter and verify a passphrase. You must supply the passphrase before an encrypted setup file can be used by a target server. 7 To initiate setup of the local server, click Apply. When server setup is complete, click Restart Now. Now you can log in as the server administrator user created during setup to configure services.

94

Chapter 4 Initial Server Setup

Postponing Local Server Setups Following Installation

After installation of server software on a local computer is complete, the computer restarts and Server Assistant opens automatically. If you want to postpone server setup until a later time, press Command-Q. The computer shuts down. When its restarted, Server Assistant opens automatically.

Setting Up a Remote Server Interactively

After server software has been installed on a server, you can use the interactive approach to set it up remotely from an administrator computer that can connect to the target server. To set up a remote server interactively: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in Information You Need on page 80. The Preface tells you where else you can find the worksheet. 2 Make sure the target server is running. 3 On an administrator computer, open Server Assistant. Its in /Applications/Server/. You dont have to be an administrator on the administrator computer to use Server Assistant. 4 In the Welcome pane, select Set up a remote server and click Continue. 5 In the Destination pane, put a check in the Apply column for the remote server you want to set up, then type its preset password in the Password field and click Continue to connect to the server. If you dont see the target server on the list, click Add to add it or Refresh to determine whether its available.
Chapter 4 Initial Server Setup 95

6 In the Language pane, specify the language you want to use to administer the target server. 7 Use step 8 if you want to use saved setup data. Otherwise, use step 9. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to use. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it. 9 Click Continue and enter the setup data as you move through the Assistants panes, following the onscreen instructions. Make sure that any DHCP or DNS servers you specify for the server youre setting up to use are running. 10 After all setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 To save the setup data as a text file or in a form you can use for automatic server setup (a saved setup file or saved directory record), click Save As. To encrypt the file or record, select Save in Encrypted Format then enter and verify a passphrase. You must supply the passphrase before an encrypted setup file can be used by a target server. 12 To initiate setup of the remote target server, click Apply. When server setup is complete, click Continue Now. The target server restarts automatically and you can log in as the server administrator user created during setup to configure services.

96

Chapter 4 Initial Server Setup

Setting Up Multiple Remote Servers Interactively in a Batch

You can use the interactive approach to set up multiple servers as a batch if: All the servers are accessible from an administrator computer All the servers use the same setup data except for server software serial numbers and network identities (host name, computer name, and local hostname) Network identities are provided by a DHCP or BootP server To set up multiple remote servers interactively in a batch: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later with settings you want to use for all servers you want to set up. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in Information You Need on page 80. The Preface tells you where else you can find the worksheet. 2 Make sure the target servers and any DHCP or DNS servers you want them to use are running. 3 On an administrator computer that can connect to all the target servers, open Server Assistant. Its located in /Applications/Server/. You dont have to be an administrator on the administrator computer to use Server Assistant. 4 In the Welcome pane, select Set up a remote server and click Continue. 5 In the Destination pane, put a check in the Apply column for each remote server you want to set up. Then type the preset password in the Password field for each server and click Continue to connect to the servers. If you dont see a target server you want to set up on the list, click Add to add it. 6 In the Language pane, specify the language you want to use to administer the target servers.
Chapter 4 Initial Server Setup 97

7 Use step 8 if you want to use saved setup data. Otherwise, use step 9. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to use. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it. 9 Click Continue and enter the setup data as you move through the Assistants panes, following the onscreen instructions. When prompted, enter the server software serial number for each target server. 10 After all setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 To save the setup data as a text file or in a form you can use for automatic server setup (a saved setup file or saved directory record), click Save As. To encrypt the file or record, select Save in Encrypted Format then enter and verify a passphrase. You must supply the passphrase before an encrypted setup file can be used by a target server. 12 To initiate server setup, click Apply. When server setup is complete, click Continue Now. The target servers restart automatically and you can log in as the server administrator user created during setup to configure their services.

Setting Up Multiple Remote Servers Interactively One at a Time

You can use the interactive approach to set up multiple servers by using multiple Server Assistant windows on an administrator computer.

98

Chapter 4 Initial Server Setup

To set up multiple remote servers interactively one at a time: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later for each server you want to set up. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in Information You Need on page 80. The Preface tells you where else you can find the worksheet. 2 Make sure the target servers and any DHCP or DNS servers you want them to use are running. 3 On an administrator computer that can connect to all the target servers, open Server Assistant. Its located in /Applications/Server/. You dont have to be an administrator on the administrator computer to use Server Assistant. 4 In the Welcome pane, select Set up a remote server and click Continue. 5 In the Destination pane, check one of the remote servers you want to set up. Then type the preset password in the Password field for the server and click Continue to connect to the server. If you dont see the server you want to set up on the list, click Add to add it. 6 In the Language pane, specify the language you want to use to administer the target server. 7 Use step 8 if you want to use saved setup data. Otherwise, use step 9. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to use. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it.

Chapter 4 Initial Server Setup

99

9 Click Continue and enter the setup data as you move through the Assistants panes, following the onscreen instructions. 10 After all setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 To save the setup data as a text file or in a form you can use for automatic server setup (a saved setup file or saved directory record), click Save As. To encrypt the file or record, select Save in Encrypted Format then enter and verify a passphrase. You must supply the passphrase before an encrypted setup file can be used by a target server. 12 To initiate server setup, click Apply. 13 To work with another servers setup before the setup you started is complete, choose File > New Window and repeat steps 4 through 12. When its setup is complete, the target server restarts automatically and you can log in as the server administrator user created during setup to configure its services.

Using Automatic Server Setup

The automatic approach is useful when you: Have more than just a few servers to set up. Want to prepare for setting up servers that arent yet available. Want to save setup data for backup purposes. Need to reinstall servers frequently.

100

Chapter 4 Initial Server Setup

One way to use this approach is to use Server Assistants offline mode, which lets you work with setup data without connecting to specific servers. You specify setup data, then save it in a file or in a directory accessible from target servers, as the next two sections describe. Target servers on which Mac OS X Server version 10.4 software has been installed automatically detect the presence of the saved setup information and use it to set themselves up. You can define generic setup data. Generic setup data can be used to set up any server. For example, you might want to define generic setup data for a server thats on order, or to configure 50 Xserve computers you want to be identically configured. Alternatively, you can save setup data thats specifically tailored for a particular server. Important: When you perform an upgrade installation, make sure that saved setup data wont be inadvertently detected and used by the server. If saved setup data is used, existing server settings will be overwritten by the saved settings. See See How a Server Searches for Saved Setup Data on page 81. for more information.

Setting Up Servers Automatically Using Data Saved in a File

After server software has been installed on a server, you can set it up automatically using data saved in a file. To save and apply setup data in a file: 1 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later for each server you want to set up. The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in Information You Need on page 80. The Preface tells you where else you can find the worksheet.

Chapter 4 Initial Server Setup

101

2 On an administrator computer, open Server Assistant. Its in /Applications/Server/. You dont need to be an administrator on the administrator computer to use Server Assistant. 3 In the Welcome pane, select Save setup information in a file or directory record to work in offline mode, which doesnt require a server connection. 4 In the Language pane, specify the language you want to use to administer the target server or servers. 5 If you want to create a new setup file, use step 6. If you want to work with a setup file that already exists, use step 7. If you intend to create a generic setup file because you want to use the file to set up more than one server, dont specify network names (computer name and local hostname) and make sure that each network interface (port) is set to be configured Using DHCP or Using BootP. 6 Click Continue and enter the setup data as you move through the Assistants panes, following the onscreen instructions. 7 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to work with. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it. 8 In the Network Interfaces pane, click Add to specify network interfaces. 9 After all the setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 10 Click Save As, then select Configuration File.

102

Chapter 4 Initial Server Setup

11 To encrypt the file, select Save in Encrypted Format then enter and verify a passphrase. You must supply the passphrase before an encrypted setup file can be used by a target server. 12 Click OK, navigate to the location where you want to save the file, name the file using one of the following options, and click Save; when searching for setup files, target servers search for names in the order listed: <MAC-address-of-server>.plist (include any leading zeros but omit colons). For example, 0030654dbcef.plist. <IP-address-of-server>.plist. For example, 10.0.0.4.plist. <partial-DNS-name-of-server>.plist. For example, myserver.plist. <built-in-hardware-serial-number-of-server>.plist (first 8 characters only). For example, ABCD1234.plist. <fully-qualified-DNS-name-of-server>.plist. For example, myserver.example.com.plist. <partial-IP-address-of-server>.plist. For example, 10.0.plist (matches 10.0.0.4 and 10.0.1.2). generic.plist (a file that any server will recognize, used to set up servers that need the same setup values). 13 Place the file in a location where the target server or servers can detect it. A server can detect a setup file if it resides on a volume mounted locally in /Volumes/*/ Auto Server Setup/, where * is any device mounted under /Volumes. The device can be the servers hard drive or an iPod, DVD, CD, FireWire drive, USB drive, or other device plugged into the server.

Chapter 4 Initial Server Setup

103

For example, if you have an iPod named AdminiPod, the path used would be /Volumes/ AdminiPod/Auto Server Setup/<setup-file-name>. 14 If the setup data is encrypted, make the passphrase available to the target server or servers. You can supply the passphrase interactively using Server Assistant, or you can provide it in a text file. To provide the passphrase in a file, use step 15. To provide it interactively, use step 16. 15 To provide a passphrase in a file, create a new text file and type the passphrase for the saved setup file on the first line. Save the file using one of the following names; target servers search for names in the order listed: <MAC-address-of-server>.pass (include any leading zeros but omit colons). For example, 0030654dbcef.pass. <IP-address-of-server>.pass. For example, 10.0.0.4.pass. <partial-DNS-name-of-server>.pass. For example, myserver.pass. <built-in-hardware-serial-number-of-server>.pass (first 8 characters only). For example, ABCD1234.pass. <fully-qualified-DNS-name-of-server>.pass. For example, myserver.example.com.pass. <partial-IP-address-of-server>.pass. For example, 10.0.pass (matches 10.0.0.4 and 10.0.1.2). generic.pass (a file that any server will recognize). Put the passphrase file on a volume mounted locally on the target server in /Volumes/ */Auto Server Setup/<pass-phrase-file>, where * is any device mounted under / Volumes. 16 To provide a passphrase interactively, use Server Assistant on an administrator computer that can connect with the target server.
104 Chapter 4 Initial Server Setup

In the Welcome or Destination pane, choose File > Supply Passphrase. In the dialog box, enter the target servers IP address, password, and the passphrase. Click Send. 17 If youre using a generic setup file, and the serial number isnt site licensed, after setup you must specify the servers serial number by using Server Admin or the command line. In Server Admin, select the server, click Settings, and click General. Alternatively, in the Terminal application, use ssh to connect with the server and type the serversetup -setServerSerialNumber command. See the command-line administration guide for a description of the layout of a saved setup file and more information about the serversetup command.

Setting Up Servers Automatically Using Data Saved in a Directory

After server software has been installed on a server, you can set it up automatically using data saved in a directory. This method requires a pre-existing directory and DHCP infrastructure, as the procedure below describes. To save and apply setup data in a directory record: 1 Make sure that the directory in which you want to save setup data exists, that its schema supports stored setup data, and that its accessible from the administrator computer youre using. The Open Directory administration guide describes how to set up and access directories. It also describes the schema for stored setup data. Stored setup data support is built into Apple OpenLDAP directories, but the schema of other directories needs to be extended to support stored setup data. 2 Fill out the Mac OS X Server Worksheet for Version 10.4 or Later for each server you want to set up.

Chapter 4 Initial Server Setup

105

The worksheet is located on the Mac OS X Server installation disc in the Documentation folder. Supplemental information appears in Information You Need on page 80. The Preface tells you where else you can find the worksheet. 3 On an administrator computer, open Server Assistant. Its in /Applications/Server/. You dont have to be an administrator on the administrator computer to use Server Assistant. 4 In the Welcome pane, select Save setup information in a file or directory record to work in offline mode, which doesnt require a server connection. 5 In the Language pane, specify the language you want to use to administer the target server or servers. 6 If you want to create a new setup, use step 7. If you want to work with a setup that already exists, use step 8. If youre creating generic setup data, dont specify network names (computer name and local hostname) and make sure that each network interface (port) is set to be configured Using DHCP or Using BootP . 7 Click Continue and enter the setup data as you move through the Assistants panes, following the onscreen instructions. 8 In the Language pane, choose File > Open Configuration File or File > Open Directory Record to load the saved setup data you want to work with. If the saved setup data is encrypted, type the passphrase when prompted. Optionally choose View > Jump to Review to review the setup data, then use Go Back as necessary to change it. 9 In the Network Interfaces pane, click Add to specify network interfaces.

106

Chapter 4 Initial Server Setup

10 After all the setup data has been specified, review the summary displayed by Server Assistant and optionally click Go Back to change data. 11 Click Save As, then select Directory Record. 12 To encrypt the file, select Save in Encrypted Format then enter and verify a passphrase. You must supply the passphrase before an encrypted directory record can be used by a target server. 13 Specify the directory where you want to save the setup, name the setup record, and click OK. When prompted, enter information required to authenticate yourself as a directory domain administrator. Settings are saved in the directory in AutoServerSetup. Target servers search for record names in the following order: <MAC-address-of-server> (include any leading zeros but omit colons). For example, 0030654dbcef. <IP-address-of-server>. For example, 10.0.0.4. <partial-DNS-name-of-server>. For example, myserver. <built-in-hardware-serial-number-of-server> (first 8 characters only). For example, ABCD1234. <fully-qualified-DNS-name-of-server>. For example, myserver.example.com. <partial-IP-address-of-server>. For example, 10.0 (matches 10.0.0.4 and 10.0.1.2). generic (a record that any server will recognize, used to set up servers that need the same setup values). 14 Make sure the proper infrastructure is in place so that servers you want to use the stored setup record can find it.

Chapter 4 Initial Server Setup

107

The directory server storing the setup record needs to be running. DHCP needs to be configured to identify the directory server to the target servers using Option 95. In addition, you may need to have DNS configured if your directory data includes DNS names. See Defining Server Setup Infrastructure Requirements on page 46 for some additional infrastructure information. The Open Directory and network services administration guides provide instructions for setting up directories and DHCP. 15 If the setup data is encrypted, make the passphrase available to the target server or servers. You can supply the passphrase interactively, using Server Assistant, or you provide it in a text file. To provide the passphrase in a file, use step 16. To provide it interactively, use step 17. 16 To provide a passphrase in a file, create a new text file and type the passphrase for the saved setup file on the first line. Save the file using one of the following names; target servers search for names in the order listed: <MAC-address-of-server>.pass (include any leading zeros but omit colons). For example, 0030654dbcef.pass. <IP-address-of-server>.pass. For example, 10.0.0.4.pass. <partial-DNS-name-of-server>.pass. For example, myserver.pass. <built-in-hardware-serial-number-of-server>.pass (first 8 characters only). For example, ABCD1234.pass. <fully-qualified-DNS-name-of-server>.pass. For example, myserver.example.com.pass. <partial-IP-address-of-server>.pass. For example, 10.0.pass (matches 10.0.0.4 and 10.0.1.2). generic.pass (a file that any server will recognize).
108 Chapter 4 Initial Server Setup

Put the passphrase file on a volume mounted locally on the target server in /Volumes/ */Auto Server Setup/<pass-phrase-file>, where * is any device that is mounted under the directory /Volumes. 17 To provide a passphrase interactively, use Server Assistant on an administrator computer that can connect with the target server. In the Welcome or Destination pane, choose File > Supply Passphrase. In the dialog box, enter the target servers IP address, password, and the passphrase. Click Send. 18 If youre using a generic setup record and the server serial number isnt site licensed, you must specify the servers serial number by using Server Admin or the command line after setup. In Server Admin, select the server, click Settings, and click General. To use the command line, in the Terminal application use ssh to connect with the server and type the serversetup -setServerSerialNumber command. See the Open Directory administration guide for a description of the schema of setup data saved in a directory. See the command-line administration guide for information about serversetup.

Determining the Status of Setups

If setup isnt successful, there are several methods by which youre notified.

Using the Destination Pane for Setup Status Information

Server Assistant displays error information in its Destination pane. To access this pane, on the Welcome pane select Set up a remote server and click Continue.

Chapter 4 Initial Server Setup

109

If the server of interest isnt listed, click Add to list it. Select the server and review the information displayed. You can save a list of servers youre interested in monitoring in the Destination pane using File > Save Server List. When you want to monitor the status of those servers, choose File > Load Server List.

Handling Setup Failures

When a servers setup fails, an error log is created as /System/Library/ServerSetup/ Configured/POR.err on the target server. The contents of this log can be displayed and the log file deleted on a remote administrator computer. Double-click the error icon for a server on Server Assistants Destination pane. If prompted, supply the preset password and click Send. The log contents are displayed, and you can click Delete to delete the log file. Setup cant be reinitiated until this file has been deleted. If setup fails because a passphrase file cant be found when using setup data saved in a file or directory record, you can: Use Server Assistant to supply a passphrase interactively. On the Destination pane, choose File > Supply Passphrase. Supply the passphrase in a text file. Place the passphrase file on a volume mounted locally on the target server in /Volumes/*/Auto Server Setup/<pass-phrase-file>, where * is any device mounted under /Volumes/. A target server searches through volumes alphabetically by device name. If a remote server setup fails for any other reason, you should reinstall the server software and repeat initial setup.

110

Chapter 4 Initial Server Setup

If a local server setup fails, you can restart the computer, rerun Server Assistant, and reinitiate setup, or you can reinstall the server software.

Handling Setup Warnings

When setup completes but a condition that warrants your attention exists, a warning log is created as /Library/Logs/ServerAssistant.POR.status on the target server. Click the target servers desktop link named ServerAssistant.status to open this file. Here are some messages you may encounter in the log: The server software serial number is invalid. Open Server Admin, select the server in the Computers & Services list, click Settings, and click General. Enter the correct serial number, and click Save. Because this server was set up using a generic file or directory record and the serial number isnt site licensed, you must enter the server software serial number using Server Admin. Open Server Admin, select the server in the Computers & Services list, click Settings, and click General. Enter the correct serial number, and click Save. The server administrator user defined in the setup data already exists on the server youve upgraded.

Getting Upgrade Installation Status Information

When you perform an upgrade installation, log files may be placed on the target server. See the information on upgrading in the upgrading and migrating guide for information about upgrade logs.

Chapter 4 Initial Server Setup

111

Setting Up Services
The following sections survey initial setup of individual services and tell you where to find complete instructions for tailoring services to support your needs.

Setting Up Open Directory

Unless your server needs to be integrated with another vendors directory system or the directory architecture of a server youre upgrading needs changing immediately, you can start using the directories you configured during server setup right away. The Open Directory administration guide provides instructions for all aspects of Open Directory domain and authentication setup, including: Setting up client computer access to shared directory data Replicating LDAP directories and authentication information of Open Directory masters Integrating with Active Directory and other non-Apple directories Configuring single sign-on Using Kerberos and other authentication techniques

Setting Up User Management

Unless youre using a server exclusively to host Internet content (such as webpages) or perform computational clustering, you probably want to set up user accounts in addition to the administrator account(s) created during server setup. To set up a user account: 1 Open Workgroup Manager. 2 Click the small globe near the top of the application window to select the directory you want to add users to.
112 Chapter 4 Initial Server Setup

3 Click the New User button. 4 Specify user settings in the panes that appear. You can set up user accounts by using Workgroup Manager to import settings from a file. The user management guide tells you how to define user settings, set up group accounts and computer lists, define managed preferences, and import accounts.

Setting Up File Services

When you turn on file sharing services, users can share items in selected folders. If you turned on Apple file service during server setup, users who have existing accounts can already share items by putting them in the Public folders in their home directories or by copying the items into the Drop Box folder inside another users Public folder. If you didnt turn on Apple file service or other available file services already, you can turn them on now. To set up file sharing: 1 Open Server Admin. 2 In the list beneath the server of interest, click each file service you want to turn on, then click the Start Service button in the toolbar. To share with Macintosh computers, turn on Apple file service (AFP service). To share with Windows computers, turn on Windows service. To provide File Transfer Protocol (FTP) access, turn on FTP service. To share with UNIX computers, turn on NFS service. 3 Open Workgroup Manager and click Sharing to set up a share point.
Chapter 4 Initial Server Setup 113

4 Select a volume or folder you want to share from the All list. 5 Click General, then select Share this item and its contents. 6 Click the other tabs to specify attributes for the share point. The file services administration guide provides instructions for managing share points and for configuring file sharing using all the protocols.

Setting Up Print Service

When you turn on print service, server users can share network PostScript printers or Postscript and non-Postscript printers connected directly to the server. A queue is set up automatically for any USB printer connected to the server. No printer queues are set up automatically for network printers, but theyre easy to add. To set up a shared printer queue: 1 Open Server Admin. 2 In the list beneath the server of interest, click the button for print service. 3 Click the Settings button at the bottom of the application window, then click Queues. 4 Click the Add (+) button. 5 Choose a connection protocol, identify a printer, then click OK. 6 If it isnt running, click the Start Service button in the toolbar. Users of Mac OS X computers can now add the printer using Printer Setup Utility. For more information about setting up print services, see the print service administration guide.

114

Chapter 4 Initial Server Setup

Setting Up Web Service

You can use the Apache HTTP Server that comes with Mac OS X Server to host server and individual user websites. If you turned on web service in Server Assistant, your server is ready to serve HTML pages from the general server and individual user sites folders. To view the main server site, open a web browser on any computer with access to the server and type the servers IP address or domain name. To view a user site, add a slash (/), a tilde (~), and the users short name after the server address. For example, type
http://192.268.2.1/~someuser

To turn on web service if its not running: 1 If you already have the HTML files for your main site, copy them into the Documents folder in the /Library/WebServer/ directory. If the files that make up your site are organized in folders, copy the entire folder structure to the Documents folder. For a user site, the files go into the Sites folder in the users home directory. Make sure the files and folders you want web service to present are readable by user www. If you plan to enable WebDAV, make sure the appropriate files and folders are writable by user www. If you dont have your own HTML files yet, you can still turn on web service to see how it works using the default start pages provided with Mac OS X Server. 2 Open Server Admin. 3 In the list beneath the server of interest, click the button for web service. 4 If it isnt running, click the Start Service button in the toolbar.

Chapter 4 Initial Server Setup

115

The web technologies administration guide describes the many features of web service, including how to set up SSL for a site, enable WebMail, and use WebDAV for file sharing.

Setting Up Mail Service

If you didnt turn on email service in Server Assistant, you can start it by using Server Admin, in the same fashion described above for other services. Providing full mail service for your users requires additional configuration. The mail service administration guide provides detailed instructions for setting up and managing a mail server.

Setting Up Network Services

If you want a server to host any of the following network services, refer to the network services administration guide for setup instructions: DHCP service DNS Firewall service NAT (Network Address Translation) VPN Network time service

116

Chapter 4 Initial Server Setup

Setting Up System Image and Software Update Services

For details on using NetBoot and Network Install to simplify the management and installation of client operating systems and other software, see the system imaging and software update administration guide. It tells you how to create disk images and set up Mac OS X Server so other Macintosh computers can start up from, or install, those images over the network. The same guide describes how to set up software update service, which lets you customize updates of Apple software on client computers.

Setting Up Media Streaming and Broadcasting

For information about how to manage a streaming server that delivers media streams live or on demand to client computers, see the QuickTime Streaming Server administration guide.

Setting Up an Application Server

If you want to set up a Java application server, see the Java application server guide. It tells you how to develop and deploy servlets, enterprise beans, and enterprise applications and how to configure and administer a Java application server. Use Server Admin to administer JBoss and Tomcat. To turn on JBoss if its not running: 1 Open Server Admin. 2 In the list beneath the server of interest, click Application Server. 3 Click Start Service.

Chapter 4 Initial Server Setup

117

Setting Up a WebObjects Server

If you want to develop WebObjects applications, see the WebObjects Reference Library, available at developer.apple.com/referencelibrary/WebObjects/. If you want to set up a WebObjects application server, see the Deployment section of the WebObjects Reference Library. To turn on WebObjects if its not running: 1 Open Server Admin. 2 In the list beneath the server of interest, click WebObjects. 3 Click Start Service.

Setting Up Collaboration Service

In addition to services already discussed that help users stay in touch (for example, mail and file services and group accounts and preferences), you can set up an iChat server and a Weblog server. How you use Server Admin to set up iChat and Weblog services is described in the collaboration services administration guide.

118

Chapter 4 Initial Server Setup

Server Administration

Manage Mac OS X Server using graphical applications or command-line tools.

These tools offer a diversity of approaches to server administration: You can administer servers locally (directly on the server youre using) or remotely, from another server, a Mac OS X computer, or a UNIX workstation. Graphical applications, such as Server Admin and Workgroup Manager, offer easy-touse server administration and secure communications for remote server management. You can use these applications on Mac OS X Server (theyre in /Applications/Server/) or on a Mac OS X computer onto which youve installed them as described in Setting Up an Administrator Computer on page 122. Command-line tools are available for administrators who prefer to use commanddriven server administration. For remote server management, you can submit commands in a Secure Shell (SSH) session. You can type commands on Mac OS X Server computers and Mac OS X computers using the Terminal application, located in /Applications/Utilities/. You can also submit commands from a non-Macintosh computer thats been set up as described in Using a Non-Mac OS X Computer for Administration on page 123.

119

Using the Administration Tools

Information about individual administration tools can be found on the pages indicated in the following table.
Use this application or tool Installer Server Assistant Directory Access To Install server software or upgrade it from version 10.2 or 10.3 Set up a version 10.4 server Configure access to data in directories, define a search policy, and enable service discovery protocols Administer accounts and their managed preferences, configure share points, and set up managed network views. Configure and monitor services Set up and manage QuickTime media streaming Configure a simple gateway between two networks Manage NetBoot and Network Install disk images Monitor Xserve hardware For more information, see page 123 page 124 page 124

Workgroup Manager

page 124

Server Admin

page 134 page 146 page 142 page 143 page 144

Gateway Setup Assistant System image tools Server Monitor

120

Chapter 5 Server Administration

Use this application or tool QTSS Publisher

To Manage media and prepare it for streaming or progressive download Monitor and control other Macintosh computers Administer a server using a UNIX command shell Monitor local or remote Xgrid controllers, grids, and jobs

For more information, see page 146

Apple Remote Desktop (optional) Command-line tools Xgrid Admin

page 147 page 148 page 149

The next section describes how to set up a computer on which you can use these applications and tools.

Computers You Can Use to Administer a Server

When you want to administer a server locally using the graphical administration applications (theyre in /Applications/Server/), log in to the server as a server administrator and open them. To administer a remote server, open the applications on an administrator computer. An administrator computer is any Mac OS X Server or Mac OS X version 10.4 or later computer onto which the administration tools have been installed from the Mac OS X Server Admin Tools CD. See Setting Up an Administrator Computer on page 122. You can run command-line tools from the Terminal Application (in /Applications/ Utilities/) on any Mac OS X Server or Mac OS X computer. You can also run commandline tools from a UNIX workstation.
Chapter 5 Server Administration 121

Setting Up an Administrator Computer

An administrator computer is a computer with Mac OS X or Mac OS X Server version 10.4 or later that you use to manage remote servers. In the picture below, the arrows originate from administrator computers and point to servers the administrator computers might be used to manage.
Mac OS X administrator computer

Mac OS X Servers

Once youve installed and set up a Mac OS X Server that has a display, keyboard, and optical drive, its already an administrator computer. To make a computer with Mac OS X into an administrator computer, you need to install additional software. To enable remote administration of Mac OS X Server from a Mac OS X computer: 1 Make sure the Mac OS X computer has Mac OS X version 10.4 or later installed.
122 Chapter 5 Server Administration

In addition, make sure the computer has at least 128 MB of RAM and 1 GB of unused disk space. 2 Insert the Mac OS X Server Admin Tools CD. 3 Open the Installer folder. 4 Start the installer (ServerAdministrationSoftware.mpkg) and follow the onscreen instructions.

Using a Non-Mac OS X Computer for Administration

You can use a non-Mac OS X computer that offers SSH support, such as a UNIX workstation, to administer Mac OS X Server using command-line tools. See the command-line administration guide for more information.

Installer
Use the Installer to install server software on a local server from the Mac OS X Server installation disc. The Installer lets you perform: A clean installation of Mac OS X Server, which installs version 10.4 after erasing and formatting a target disk. An upgrade installation, which upgrades Mac OS X Server version 10.3.9 or 10.2.8 to version 10.4 without erasing any data. A new installation of Mac OS X Server on a volume that has no Mac OS X system files on it. See Chapter 3, Installing Server Software, for information about how to use the Installer.

Chapter 5 Server Administration

123

Server Assistant
Server Assistant (located in /Applications/Server/) is used for: Remote server installations Initial setup of a local server Initial setup of one or more remote servers Preparing data for automated server setups See Chapter 4, Initial Server Setup, for information about how to use Server Assistant. You can also click the Learn More button in Server Assistant for usage information.

Directory Access
Directory Access is the primary application for setting up a Mac OS X computers connections to Open Directory, Active Directory, and other directory domains as well as defining the computers search policy and service discovery protocols. Directory Access is installed on both Mac OS X Server computers and Mac OS X computers in /Applications/Utilities/. For information about how to use Directory Access, see the Open Directory administration guide or Directory Access help.

Workgroup Manager
You use Workgroup Manager to administer accounts: user accounts, group accounts, and computer lists. You also use it to set preferences for Mac OS X users, manage sharing, set up managed network views, and access the Inspector, an advanced feature that lets you do raw editing of Open Directory entries.
124 Chapter 5 Server Administration

Information about using Workgroup Manager appears in several documents: The user management guide explains how to use Workgroup Manager for account and preference management. This guide also explains how to configure managed network views and how to import and export accounts. The file service administration guide explains how to use Sharing in Workgroup Manager to manage share points. The Open Directory administration guide describes how to use the Inspector. The Windows services administration guide describes how to use Workgroup Manager to manage users of Windows workstations. The print administration guide describes how to use Workgroup Manager to define print quotas for individual users. To retrieve online information, use the Help menu. It provides help for administration tasks you accomplish using Workgroup Manager as well as other Mac OS X Server topics.

Opening and Authenticating in Workgroup Manager

Workgroup Manager is installed in /Applications/Server/, from which you can open it in the Finder. Or you can open Workgroup Manager by clicking the Workgroup Manager icon in the Dock or in the toolbar of Server Admin: To open Workgroup Manager on the server youre using without authenticating, choose View Directories from the Server menu when you see the Workgroup Manager login dialog box. You have read-only access to information displayed in Workgroup Manager. To make changes, click the lock icon to authenticate as a server administrator. This approach is most useful when youre administering various servers and working with several directory domains.

Chapter 5 Server Administration

125

 To authenticate as an administrator for a particular server, local or remote, enter the servers IP address or DNS name in the login dialog box, or click Browse to choose from a list of servers. Specify the user name and password for an administrator of the server, then click Connect. Use this approach when youll be working most of the time with a particular server. After opening Workgroup Manager, you can open a Workgroup Manager window for a different computer by clicking Connect in the toolbar or choosing Server > Connect. Important: When you connect to a server in Workgroup Manager, make sure the long or short user name you specify matches the capitalization in the user account.

Administering Accounts
After you log in to Workgroup Manager, the account window appears, showing a list of user accounts. Initially, accounts listed are those stored in the last directory node of the servers search path. When you use other Workgroup Manager windows, such as Preferences or Sharing, click Accounts in the toolbar to return to the account window. To specify the directory or directories that store accounts you want to work with, click the small globe icon. To work with different accounts in different Workgroup Manager windows, click New Window in the toolbar. To administer the accounts listed, click the Users, Groups, or Computer Lists button on the left side of the window. You can filter the accounts listed by using the pop-up search list above the accounts list. To refresh the accounts list, click the Refresh button in the toolbar.

126

Chapter 5 Server Administration

To simplify defining an accounts initial attributes when you create the account, you can use presets. A preset is an account template. To create a preset, select an account, set up all the values the way you want them, then choose Save Preset from the Presets pop-up menu at the bottom of the window. If you want to work with only accounts that satisfy very specific criteria, click Search in the toolbar. The Search features include the option for batch editing selected accounts. To import or export accounts, select the accounts of interest, then choose Server > Import or Server > Export, respectively.

Chapter 5 Server Administration

127

Defining Managed Preferences

To work with managed preferences for user accounts, group accounts, or computer lists, click the Preferences icon in the Workgroup Manager toolbar.

128

Chapter 5 Server Administration

Click Details to use the preference editor to work with preference manifests.

Chapter 5 Server Administration

129

Working With Directory Data

If you want to work with raw directory data, use Workgroup Managers Inspector. To display the Inspector, choose Workgroup Manager > Preferences. Enable Show All Records tab and inspector and click OK. Select the All records button (which looks like a bulls-eye) to access the Inspector.

Use the pop-up menu above the Name list to select the records of interest. For example, you can work with users, groups, computers, share points, and many other directory objects.

130

Chapter 5 Server Administration

Managing Sharing
To work with share points and access control lists, click the Sharing icon in the Workgroup Manager toolbar.

Chapter 5 Server Administration

131

Configuring Managed Network Views

To configure how resources are listed when a user selects the Network icon in the sidebar of a Finder window, define a managed network view. Click Network in the Workgroup Manager toolbar, then click Layout to specify the objects in the view hierarchy.

132

Chapter 5 Server Administration

Click Settings to specify which computers should use a particular view.

Customizing the Workgroup Manager Environment

There are several ways to tailor the Workgroup Manager environment: You can control the way Workgroup Manager lists accounts, whether it should use SSL transactions for Sharing, and other behaviors by choosing Workgroup Manager > Preferences. To customize the toolbar, choose View > Customize Toolbar.

Chapter 5 Server Administration

133

 To include predefined users and groups in the user and group lists, choose View > Show System Users and Groups. To open Server Admin so you can monitor and work with services on particular servers, click the Admin icon in the toolbar.

Server Admin
You use Server Admin to administer services on one or more Mac OS X Server computers. Server Admin also lets you specify settings that support multiple services, such as creating and managing SSL certificates and specifying which users and groups can access services. Information about using Server Admin to manage services appears in the individual administration guides and in onscreen information accessible by using the Help menu in Server Admin.

Opening and Authenticating in Server Admin

Server Admin is installed in /Applications/Server/, from which you can open it in the Finder. Or you can open Server Admin by clicking the Server Admin icon in the Dock or clicking the Admin button on the Workgroup Manager toolbar. To select a server to work with, enter its IP address or DNS name in the login dialog box, or click Browse to choose from a list of servers. Specify the user name and password for an administrator, then click Connect.

134

Chapter 5 Server Administration

Working With Specific Servers

The servers you can administer using Server Admin appear in the Computers & Services list on the left side of the application window.

To add a server to the Computers & Services list, click Add Server in the toolbar and log in to the server; the next time you open Server Admin, any server youve added is displayed in the list. To remove a server from the Computers & Services list, select the server, choose Server > Disconnect, and choose Server > Remove Server. To limit the items that appear in the list, use the pop-up menu above the list to select the items you want listed. To change the order of servers in the list, drag a server to the new location in the list.
Chapter 5 Server Administration 135

If a server in the Computers & Services list appears gray, double-click the server or click the Connect button in the toolbar to log in again. Check the Add to Keychain option while you log in to enable autoreconnect the next time you open Server Admin. To work with general server settings, select a server in the Computers & Services list. Click Overview to view information about the server. Click Logs to view the system log and software update log. Click System to view information about ports and volumes the server uses. Click Graphs to view a pictorial history of server activity. Click Update to use Software Update to update the servers software. Click Settings to view or change the servers network settings, server software serial number, SSL certificates, service access controls, and other information. When you click Settings, you have access to several panes: Click General to work with the server serial number or to enable SNMP, NTP, Macintosh Manager, or SSH. SNMP is the abbreviation for Simple Network Management Protocol, a standard that facilitates computer monitoring and management. The server uses the open source net-snmp project for its SNMP implementation. While none of the server administration tools use or require SNMP, enabling it lets the server be monitored and managed from third-party software such as HP OpenView. Use the NTP (Network Time Protocol) checkbox to enable NTP service. For information about NTP, see the network services administration guide.

136

Chapter 5 Server Administration

Macintosh Manager is enabled only if an upgrade installation was used to upgrade a version 10.2 or 10.3 server to version 10.4. See Upgrading and Migrating From an Earlier Version of Mac OS X Server on page 43 for more information about upgrade installations. SSH is the abbreviation for Secure Shell. The server uses the open source OpenSSH project for its SSH implementation. When you enable SSH, you can use commandline tools to remotely administer the server. SSH is also used for other remote server administration tasks, such as initial server setup, Sharing management, and displaying file system paths and the contents of folders in the server administration tools. SSH must be enabled while creating an Open Directory replica, but can be disabled afterwards. Click Network to view or change the servers computer name or local hostname. The computer name is what a user sees when browsing the network (/Network). The local hostname name is usually derived from the computer name, but can be changed. Click Date & Time to set the servers date and time. Click Certificates to manage the servers SSL certificates. See Using SSL for Remote Server Administration on page 141 for more information. Click Access to control user access to some services. You can set up the same access to all services, or you can select a service and customize its access settings. Access controls are simple. Choose between letting all users and groups use services or letting only selected users and groups use services.

Chapter 5 Server Administration

137

Administering Services
To work with a particular service on a server selected in the Computers & Services list of Server Admin, click the service in the list under the server. You can view information about a service (logs, graphs, and so forth) and manage its settings. To start or stop a service, select it then click Start Service or Stop Service in the toolbar. To copy service settings from one server to another or to save service settings in a property-list file for reuse later, use the drag-and-drop icon when its visible in the lower right of the Server Admin window. Select the service whose settings you want to copy, and click Settings to display the settings. Then click the drag-and-drop icon; this action changes the icon to a miniature version of the Settings window.

To save the settings in a property-list file, drag the miniature window to your desktop or to a folder. To apply the settings on a different server, open another Server Admin window, then drag the miniature settings window to the service you want to inherit its values.

138

Chapter 5 Server Administration

You can disable changes to service settings by unauthorized individuals by using Server Admins view locking options. To disable changes to service settings following a period of inactivity, choose Server Admin > Preferences. Select Auto-lock view after and specify the period, which is 60 minutes by default. To disable changes on demand, choose View > Lock View. To reenable changes, choose View > Unlock View and reauthenticate using the name and password used to log in to the system. Important: To make sure that view locking persists after stopping then restarting Server Admin, dont store a password in the keychain. If you do, be sure to lock the keychain using the Keychain Access application.

Chapter 5 Server Administration

139

Controlling Access to Services

You can use Server Admin to configure which users and groups can use services hosted by a server. Select a server in the Computers & Services list, click Settings, then click Access.

You can separately specify access controls for individual services, or you can define one set of controls that applies for all services that the server hosts.

140

Chapter 5 Server Administration

Using SSL for Remote Server Administration

You can control the level of security of communications between Server Admin and remote servers by choosing Server Admin > Preferences. By default, Use secure connections (SSL) is enabled, and all communications with remote servers are encrypted using SSL. This option uses a self-signed 128-bit certificate installed in /etc/servermgrd/ssl.crt/ when you install the server. Communications use the HTTPS protocol (port 311). If this option isnt enabled, the HTTP protocol (port 687) is used and clear text is sent between Server Admin and the remote server. If you want a greater level of security, also select Require valid digital signature . This option uses an SSL certificate installed on a remote server to ensure that the remote server is a valid server. Before enabling this option, use the instructions in the mail administration guide for generating a Certificate Signing Request (CSR), obtaining an SSL certificate from an issuing authority, and installing the certificate on each remote server. Instead of placing files in /etc/httpd/, place them in /etc/servermgrd/. You can also generate a self-signed certificate and install it on the remote server. You can use Server Admin to set up and manage self-signed or issued SSL certificates used by mail, web, Open Directory, and other services that support them. The mail service administration guide provides instructions for using Server Admin to create, organize, and use security certificates for SSL-enabled services. Individual service administration guides describe how to configure specific services to use SSL. If youre interested in higher levels of SSL authentication, see the information at www.modssl.org.

Chapter 5 Server Administration

141

Customizing the Server Admin Environment

To control the Server Admin environment, you have several options. To control the appearance of the Server Admin lists, refresh rates, and other behaviors, choose Server Admin > Preferences. To customize the toolbar, choose View > Customize Toolbar. To add a button to the toolbar thats a shortcut to a particular Server Admin view, go to the pane you want then choose View > Add Shortcut to View. The information displayed in the Server Admin window at the time you add the shortcut is displayed whenever you click the view in the toolbar.

Gateway Setup Assistant

Gateway Setup Assistant automates the configuration of a simple gateway between a local network and the Internet. A gateway lets you share a servers Internet connection among computers on your local area network (LAN). Gateway Setup Assistant configures DHCP, NAT, firewall, DNS, and VPN automatically. Run Gateway Setup Assistant from /Applications/Server/. Alternatively, run it from within Server Admin by choosing View > Gateway Setup Assistant. See the network services administration guide for information about Gateway Setup Assistant.

142

Chapter 5 Server Administration

System Image Management

You can use the following Mac OS X Server applications to set up and manage NetBoot and Network Install images: System Image Utility creates Mac OS X disk images. Its installed with Mac OS X Server software in the /Applications/Server/ folder. Server Admin enables and configures NetBoot service and supporting services. Its installed with Mac OS X Server software in the /Applications/Server/ folder. PackageMaker creates package files that you use to add additional software to disk images. Access PackageMaker from Xcode Tools. An installer for Xcode Tools is on the server installation DVD in the Other Installs folder. Property List Editor edits property lists such as NBImageInfo.plist. Also access Property List Editor from Xcode Tools. The system imaging and software update administration guide provides instructions for using all these applications.

Chapter 5 Server Administration

143

Server Monitor
You use Server Monitor to monitor local or remote Xserve hardware and trigger email notifications when circumstances warrant attention. Server Monitor shows you information about the installed operating system, drives, power supply, enclosure and processor temperature, cooling blowers, security, and network.

Server Monitor is installed in /Applications/Server/ when you install your server or set up an administrator computer. To open Server Monitor, click the Server Monitor icon in the Dock or double-click the Server Monitor icon in /Applications/Server/. From within Server Admin, choose View > Server Monitor.

144

Chapter 5 Server Administration

To identify the Xserve server to monitor, click Add Server, identify the server of interest, and enter user name and password information for an administrator of the server. Use the Update every pop-up menu in the Info pane to specify how often you want to refresh data. Choose File > Export or File > Import to manage different lists of Xserve servers you want to monitor. Choose File > Merge to consolidate lists into one. The system identifier lights on the front and back of an Xserve server light when service is required. Use Server Monitor to understand why the lights are on. You can also turn the lights on to identify a particular Xserve server in a rack of servers by selecting the server and clicking System identifier light in the Info pane. Click Edit Notifications to set up Server Monitor to notify you by email when an Xserve servers status changes. For each server, you set up the conditions for which you want notification. The email message can come from Server Monitor or from the server. Server Monitor keeps logs of Server Monitor activity for each Xserve server. Click Show Log to view a log. The log shows, for example, Server Monitor attempts to contact the server and whether a connection was successful. The log also shows server status changes. (The logs dont include system activity on the server.) For additional information, see Server Monitor help.

Chapter 5 Server Administration

145

Media Streaming Management

The QuickTime Streaming Server 5.5 administration guide provides instructions for administering a QuickTime streaming server (QTSS) using Server Admin. The QuickTime Streaming Server 5.5 administration guide also describes QTSS Publisher, an easy-to-use application for managing media and preparing it for streaming or progressive download. QTSS Publisher is installed with Mac OS X Server in /Applications/Server/. For more information, open QTSS Publisher and choose Help > QTSS Publisher Help.

146

Chapter 5 Server Administration

Apple Remote Desktop

Apple Remote Desktop (ARD), which you can optionally purchase, is an easy-to-use network-computer management application. It simplifies the setup, monitoring, and maintenance of remote computers and lets you interact with users.

You can use ARD to control and observe computer screens. You can configure computers and install software. You can conduct one-on-one or one-to-many user interactions to provide help or tutoring. You can perform basic network troubleshooting. And you can generate reports that audit computer hardware characteristics and installed software.

Chapter 5 Server Administration

147

You can also use ARD to control installation on a computer that you have started up from an installation disc for Mac OS X Server version 10.4.7 or later, because ARD includes VNC viewer capability. For more information on Apple Remote Desktop, go to: www.apple.com/remotedesktop/

Command-Line Tools
If youre an administrator who prefers to work in a command-line environment, you can do so with Mac OS X Server. From the Terminal application in Mac OS X, you can use the built-in UNIX shells (sh, csh, tsh, zsh, bash) to use tools for installing and setting up server software and for configuring and monitoring services. You can also submit commands from a nonMac OS X computer. When managing remote servers, you conduct secure administration by working in a Secure Shell (SSH) session. The command-line administration guide describes Terminal, SSH, server administration commands, and configuration files.

148

Chapter 5 Server Administration

Xgrid Admin
You can use Xgrid Admin to monitor local or remote Xgrid controllers, grids, and jobs. You can add controllers and agents to monitor and specify agents that have not yet joined a grid. You also use Xgrid Admin to pause, stop, or restart jobs. Xgrid Admin is installed in /Applications/Server/ when you install your server or set up an administrator computer. To open Xgrid Admin, double-click the Xgrid Admin icon in /Applications/Server/. For additional information, see Xgrid Admin help.

Working With Pre-Version 10.4 Computers From Version 10.4 Servers

Version 10.3 and 10.2 servers can be administered using version 10.4 server administration tools. Workgroup Manager on a version 10.4 server can be used to manage Mac OS X clients running Mac OS X version 10.2.4 or later. Once youve edited a user record using Workgroup Manager on version 10.4, it can be accessed only by using Workgroup Manager on version 10.4. Preferences of Mac OS 9 clients can be managed from a version 10.4 server using Macintosh Manager only when you perform an upgrade installation of version 10.4; you can use an upgrade installation to install version 10.4 on a version 10.3.9 or 10.2.8 server.

Chapter 5 Server Administration

149

A
administrator computer setup 122 Apple Remote Desktop (ARD) 147 automating server setup 101 automating server software installation 72

C
command-line tools 148

D
Directory Access 124 documentation 17

E
exporting users and groups 127

G
Gateway Setup Assistant 142

I
importing accounts 127 installation 21

installation planning changing the servers host name after setup 50 collecting and organizing information 51 defining a migration strategy 43, 56 defining an integration strategy 45 defining physical requirements 45 determining a strategy 51 determining server setup infrastructure requirements 46 determining services to host 41 goals 39 identifying servers youll set up 41 making sure hardware is available 48 minimizing the need to relocate servers after setup 48

setting up a team 40 Installer 123 installing server software automating installation 72 hardware-specific tasks 59 information you need 55 interactive remote installation 65 on Mac OS X version 10.4 computers 71 preset password 59 system requirements 54 using Installer locally 63 using the installer tool 73

M
migration 43, 56

N
non-Mac OS X workstation setup 123

P
PackageMaker 143 POR.err 110 POR.status 111

151

Index

Index

preset 127 Property List Editor 143

S
Server Admin 134 administering services 138 controlling access to services 140 customizing the Server Admin environment 142 opening and authenticating 134 using SSL for remote server administration 141 working with servers 135 server administration guides 17 Server Assistant 124 Server Monitor 144 server setup 21 automated setup using directory data 105 automatic setup using data in a file 101 basic settings that are established 30 information you need 80

keeping backup copies of saved setup data 86 local interactive setup 94 offline mode 101 Open Directory usage 87 remote interactive batch setup 97 remote interactive multiserver setup 98 remote interactive setup 95 saving setup data in a directory 84 saving setup data in a file 82 status monitoring 109 service setup 112 SSH 148 System Image Utility 143

V
version 10.3 server management 149

W
Windows migration from 44 Workgroup Manager 124 administering accounts 126 configuring managed network views 132 customizing the Workgroup Manager environment 133 defining managed preferences 128 managing sharing 131 opening and authenticating 125 working with directory data 130

T
Terminal 148

U
UNIX shells 148 upgrading from an earlier server version 43

X
Xgrid Admin 149

152

Index