Cyan yelloW SpoT MaTTe MaGenTa BlaCk panTone 123 C BookS for profeSSIonalS By profeSSIonalS® Companion eBook Available S e l tit Beginning Mac oS X Snow leopard Server is intended for those who need B Server intelligence for individuals d to quickly and efficiently get things done with Mac oS X Server 10.6. This e ate book is intended to be used in one of two ways. for those new to Mac oS X gi and small-to-medium businesses l n e Server, you can read straight through the entire book, and by the end should r n feel competent to administer most any Mac oS X Server environment that is i n thrown at you. g for those with some knowledge of Mac oS X Server, or perhaps a thorough knowl- M edge of other Unix-based servers, the book is arranged by tasks so that you can either start reading at any point, skipping material you already know, or pick and a choose the chapters you’ll find most helpful to your own work or system needs. c This task-oriented approach also makes the book useful as a general reference for any aspect of Mac oS X Server. O S Throughout, special emphasis is given to the new features of the latest release, Mac oS X Server 10.6, aka Snow leopard Server. for instance, you’ll find out how X to integrate an iphone with Mac oS X Server using the new Mobile access fea- tures, or how to install an SSl certificate in the web service, apache. S • task-oriented approach to server administration makes it easy to find n and accomplish what needs to get done o • thorough subject coverage including workflows for mac oS X Snow w leopard Server gUi-level features, command-line features, and alternative • features introductory material for new administrators, with emphasis L on new features for upgrading to Snow leopard Server, and more e advanced material for experienced it and enterprise administrators o This book is for administrators interested in a complete course on Mac oS X Snow p Beginning leopard Server, including first-time Mac oS X Server admins, admins upgrading from older versions, and experienced Unix or Mac admins who want to master all a aspects of apple’s newest Server software. r d Mac OS X S e r v Snow Leopard Server e r S c h w B i ebarEd Charles Edge | Chris Barker | Ehren Schwiebert Companion eBook See laSt page for detailS on $10 eBook verSion ISBN 978-1-4302-2772-4 erkeg 54999 tre US $49.99 Shelve in Mac User level: www.apress.com Beginner-Intermediate 9 781430 227724 this print for content only—size & color not accurate Trim: 7.5 x 9.25 spine = 0.000" 000 page count Beginning Mac OS X Snow Leopard Server From Solo Install to Enterprise Integration ■ ■ ■ Charles S. Edge, Jr Chris Barker Ehren Schwiebert i Beginning Mac OS X Snow Leopard Server: From Solo Install to Enterprise Integration Copyright © 2010 by Charles Edge, Chris Barker, Ehren Schwiebert All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2772-4 ISBN-13 (electronic): 978-1-4302-2773-1 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Publisher and President: Paul Manning Lead Editor: Clay Andres Developmental Editor: Douglas Pundick Technical Reviewers: David A. Coyle, Joe Kissel and Brad Lees Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Duncan Parkes, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Coordinating Editor: Kelly Moritz Copy Editors: Kim Wimpsett and Heather Lang Compositor: MacPS, LLC. Indexer: John Collin Artist: April Milne Cover Designer: Anna Ishchenko Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders- [email protected], or visit www.springeronline.com. For information on translations, please e-mail [email protected], or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/info/bulksales. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. ii To Lisa & Emerald With Love – Charles Edge To my loved ones – Chris Barker To Caroline, Luke, and Mayah – Ehren Schwiebert iii Contents at a Glance ■Contents at a Glance...................................................................................................iv ■Contents.......................................................................................................................v ■About the Authors.....................................................................................................xiii ■About the Technical Reviewers................................................................................xiv ■Acknowledgments.....................................................................................................xv ■Chapter 1: Welcome to OS X Server............................................................................1 ■Chapter 2: Setting Up a Server in 30 Minutes or Less..............................................11 ■Chapter 3: Getting Deeper into File Sharing..............................................................45 ■Chapter 4: Managing Directory Services................................................................101 ■Chapter 5: Controlling Network Traffic...................................................................149 ■Chapter 6: Centralizing Network Services..............................................................173 ■Chapter 7: Configuring Network Services for Security...........................................203 ■Chapter 8: Managing Client Computers with NetBoot, NetInstall, and NetRestore................................................................................227 ■Chapter 9: Configuring Address Book Server.........................................................259 ■Chapter 10: Working with iCal Server....................................................................277 ■Chapter 11: iChat Server.........................................................................................303 ■Chapter 12: Setting Up Mail Services.....................................................................317 ■Chapter 13: Setting Up Services for Mobile Devices...............................................339 ■Chapter 14: Web Servers........................................................................................357 ■Chapter 15: Managing MySQL.................................................................................397 ■Chapter 16: Using Podcast Producer......................................................................417 ■Chapter 17: Streaming QuickTime Video................................................................453 ■Chapter 18: Sharing Files.......................................................................................473 ■Chapter 19: Setting Up Printing Services...............................................................505 ■Chapter 20: Backing Up Your Data..........................................................................533 ■Chapter 21: Configuring Software Update Server...................................................557 ■Appendix A: DHCP Option Numbers........................................................................569 ■Appendix B: Taking It to the Next Level..................................................................575 ■Index.......................................................................................................................577 iv Contents ■Contents at a Glance.......................................................................................iv(cid:1) ■Contents..........................................................................................................v(cid:1) ■About the Authors ........................................................................................xiii(cid:1) ■About the Technical Reviewers.....................................................................xiv(cid:1) ■Acknowledgments..........................................................................................xv(cid:1) ■Chapter 1: Welcome to OS X Server................................................................1(cid:1) What Is a Server Anyway?......................................................................................................................................2(cid:1) What This Book Is...................................................................................................................................................2(cid:1) How This Book Is Organized...................................................................................................................................3(cid:1) Before You Begin....................................................................................................................................................6(cid:1) Hardware...........................................................................................................................................................6(cid:1) Get Ready!..............................................................................................................................................................7(cid:1) Summary................................................................................................................................................................9(cid:1) ■Chapter 2: Setting Up a Server in 30 Minutes or Less...................................11(cid:1) Before You Begin..................................................................................................................................................11(cid:1) Network Considerations...................................................................................................................................12(cid:1) Installing Mac OS X Server 10.6...........................................................................................................................13(cid:1) Welcome to Mac OS X Server 10.6.......................................................................................................................17(cid:1) Creating the Administrator Account.................................................................................................................20(cid:1) Configuring the Network Interface...................................................................................................................22(cid:1) What to Do After Server Setup Completes.......................................................................................................24(cid:1) Building the Fileserver.....................................................................................................................................29(cid:1) Summary..............................................................................................................................................................43(cid:1) ■Chapter 3: Getting Deeper into File Sharing..................................................45(cid:1) Installing the Server Administration Tools............................................................................................................45(cid:1) Adding a Server to Server Admin..........................................................................................................................46(cid:1) Server Admin Basics.............................................................................................................................................49(cid:1) Apple Filing Protocol (AFP)....................................................................................................................................55(cid:1) AFP’s Main Settings.........................................................................................................................................56(cid:1) (cid:1) v ■ CONTENTS Server Message Block (SMB)................................................................................................................................84(cid:1) SMB’s Main Settings........................................................................................................................................84(cid:1) File Transfer Protocol (FTP)...................................................................................................................................91(cid:1) FTP’s Main Settings.........................................................................................................................................91(cid:1) Network File System (NFS)...................................................................................................................................98(cid:1) NFS’s Main Settings.........................................................................................................................................98(cid:1) Summary............................................................................................................................................................100(cid:1) ■Chapter 4: Managing Directory Services.....................................................101(cid:1) Understanding the Components of a Directory Service......................................................................................101(cid:1) LDAP..............................................................................................................................................................102(cid:1) Kerberos........................................................................................................................................................103(cid:1) Password Server............................................................................................................................................104(cid:1) Preparing to Set Up Open Directory....................................................................................................................104(cid:1) Understanding Open Directory Roles..................................................................................................................105(cid:1) Setting Up an Open Directory Master............................................................................................................105(cid:1) Configuring an Open Directory Replica..........................................................................................................107(cid:1) Managing Open Directory...................................................................................................................................109(cid:1) Securing Open Directory................................................................................................................................109(cid:1) Backing Up Open Directory............................................................................................................................114(cid:1) Managing Objects with Workgroup Manager.....................................................................................................116(cid:1) Using Server Preferences..............................................................................................................................116(cid:1) Using Workgroup Manager............................................................................................................................123(cid:1) Configuring Policies.......................................................................................................................................132(cid:1) Inspecting Records........................................................................................................................................140(cid:1) Binding Clients....................................................................................................................................................142(cid:1) Implementing Trusted Binding from the Accounts System Preference Pane................................................143(cid:1) Binding with Directory Utility.........................................................................................................................143(cid:1) Using the Kerberos Realm.............................................................................................................................147(cid:1) Search Policies..............................................................................................................................................147(cid:1) Summary............................................................................................................................................................148(cid:1) ■Chapter 5: Controlling Network Traffic........................................................149(cid:1) Using Mac OS X Server as a Router....................................................................................................................149(cid:1) How Network Address Translation Works.....................................................................................................150(cid:1) Using the Gateway Setup Assistant...............................................................................................................151(cid:1) Manually Enabling NAT..................................................................................................................................156(cid:1) Testing NAT from a Client..............................................................................................................................157(cid:1) Setting Up Forwarding Ports..........................................................................................................................159(cid:1) Setting the Advanced Options........................................................................................................................161(cid:1) Using the Firewall to Control Access to the Server.............................................................................................162(cid:1) Setting Up the Firewall..................................................................................................................................163(cid:1) Defining Address Groups...............................................................................................................................163(cid:1) Defining Services...........................................................................................................................................165(cid:1) Creating Rules................................................................................................................................................167(cid:1) Preventing Intrusions.....................................................................................................................................169(cid:1) Setting the Global Firewall Options................................................................................................................169(cid:1) Configuring the Firewall from the Command Line.........................................................................................169(cid:1) Testing the Firewall.......................................................................................................................................170(cid:1) Summary............................................................................................................................................................171(cid:1) ■Chapter 6: Centralizing Network Services ..................................................173(cid:1) DHCP...................................................................................................................................................................173(cid:1) Creating a Subnet..........................................................................................................................................177(cid:1) vi ■ CONTENTS Reserving IP Addresses.................................................................................................................................184(cid:1) DHCP Options.................................................................................................................................................186(cid:1) Enabling DHCP Relay.....................................................................................................................................187(cid:1) DNS.....................................................................................................................................................................188(cid:1) Zones and Records........................................................................................................................................189(cid:1) Setting Up DNS..............................................................................................................................................189(cid:1) Adding a Zone................................................................................................................................................192(cid:1) Creating Records...........................................................................................................................................193(cid:1) Setting Up Wide-Area Bonjour.......................................................................................................................194(cid:1) Configuring Secondary Zones........................................................................................................................197(cid:1) Editing Configuration Files.............................................................................................................................198(cid:1) Editing Zone Files...........................................................................................................................................199(cid:1) OpenDNS Web Content Filtering....................................................................................................................200(cid:1) Summary............................................................................................................................................................201(cid:1) ■Chapter 7: Configuring Network Services for Security ...............................203(cid:1) Virtual Private Networking..................................................................................................................................204(cid:1) Setting Up a PPTP Server...............................................................................................................................206(cid:1) L2TP Servers..................................................................................................................................................208(cid:1) VPN Clients....................................................................................................................................................210(cid:1) Configuring the VPN from the Command Line...............................................................................................219(cid:1) S2SVPN..........................................................................................................................................................219(cid:1) RADIUS................................................................................................................................................................220(cid:1) Setting Up the RADIUS Service......................................................................................................................220(cid:1) Setting Up the Apple AirPort..........................................................................................................................222(cid:1) Connecting to Cisco.......................................................................................................................................223(cid:1) From the Command Line................................................................................................................................224(cid:1) Limiting Access to the VPN and RADIUS Services..............................................................................................225(cid:1) ■Chapter 8: Managing Client Computers with NetBoot, NetInstall, and NetRestore.....................................................................227(cid:1) Developing an Imaging Strategy.........................................................................................................................229(cid:1) Activating the NetBoot Service...........................................................................................................................230(cid:1) Using System Image Utility.................................................................................................................................231(cid:1) Creating a NetBoot Image..............................................................................................................................231(cid:1) Creating a NetInstall Image...........................................................................................................................235(cid:1) Creating a NetRestore Image.........................................................................................................................238(cid:1) Configuring the NetBoot Service.........................................................................................................................242(cid:1) Apple Software Restore and Multicast Imaging: a NetRestore Alternative.........................................................247(cid:1) Creating an Image for asr..............................................................................................................................248(cid:1) Configuring asr for Multicast Imaging...........................................................................................................250(cid:1) Imaging a Client over asr...............................................................................................................................253(cid:1) Automations...................................................................................................................................................254(cid:1) NetBooting Client Systems.................................................................................................................................257(cid:1) Summary............................................................................................................................................................258(cid:1) ■Chapter 9: Configuring Address Book Server..............................................259(cid:1) Address Book Services.......................................................................................................................................260(cid:1) Setting Up Address Book Server.........................................................................................................................260(cid:1) Configuring with Server Preferences.............................................................................................................260(cid:1) Configuring with Server Admin......................................................................................................................262(cid:1) Connecting to the Address Book Server........................................................................................................266(cid:1) Using the Client..............................................................................................................................................269(cid:1) Controlling Access.........................................................................................................................................271(cid:1) vii ■ CONTENTS Backing Up Address Books............................................................................................................................272(cid:1) Leveraging the Command Line...........................................................................................................................273(cid:1) Alternatives to Apple’s Address Book Server......................................................................................................275(cid:1) Summary............................................................................................................................................................276(cid:1) ■Chapter 10: Working with iCal Server.........................................................277(cid:1) Getting Ready to Install iCal Server....................................................................................................................277(cid:1) Configuring iCal Server..................................................................................................................................278(cid:1) Managing the iCal Server....................................................................................................................................283(cid:1) Backing Up Calendars....................................................................................................................................284(cid:1) Clustering CalDAV..........................................................................................................................................284(cid:1) Integrating with a Wiki...................................................................................................................................285(cid:1) Integrating with Mail......................................................................................................................................286(cid:1) Enabling Calendars for Users..............................................................................................................................288(cid:1) Configuring iCal Clients.......................................................................................................................................289(cid:1) Setting Up iCal Clients for Microsoft Windows...................................................................................................296(cid:1) Using the Command Line for iCal Services.........................................................................................................296(cid:1) Configuring Services with serveradmin.........................................................................................................296(cid:1) Troubleshooting iCal Server...........................................................................................................................299(cid:1) Summary............................................................................................................................................................300(cid:1) ■Chapter 11: iChat Server.............................................................................303(cid:1) Setting Up iChat Server.......................................................................................................................................304(cid:1) Setting Up iChat Server Using Server Preferences........................................................................................304(cid:1) Setting Up iChat Server Using Server Admin.................................................................................................305(cid:1) Configuring Advanced Features.....................................................................................................................306(cid:1) Setting Up Users............................................................................................................................................308(cid:1) Connecting Remotely.....................................................................................................................................309(cid:1) Prepopulating Buddy Lists.............................................................................................................................310(cid:1) Customizing the Welcome Message..............................................................................................................310(cid:1) Federating iChat..................................................................................................................................................311(cid:1) Configuring the Mac OS X Client.........................................................................................................................312(cid:1) Setting Up Clients..........................................................................................................................................312(cid:1) Saving iChat Transcripts................................................................................................................................313(cid:1) Using the Command Line....................................................................................................................................314(cid:1) Using serveradmin.........................................................................................................................................315(cid:1) Storing Jabber Configuration Files................................................................................................................315(cid:1) Summary............................................................................................................................................................316(cid:1) ■Chapter 12: Setting Up Mail Services..........................................................317(cid:1) Understanding Mac OS X Server’s Mail Components.........................................................................................317(cid:1) Protocols........................................................................................................................................................318(cid:1) Dovecot..........................................................................................................................................................318(cid:1) Preparing for a Mail Server.................................................................................................................................319(cid:1) DNS................................................................................................................................................................319(cid:1) Firewalls........................................................................................................................................................320(cid:1) Enabling Mail Services........................................................................................................................................320(cid:1) Server Preferences........................................................................................................................................320(cid:1) Server Admin.................................................................................................................................................321(cid:1) Basic Message Hygiene.................................................................................................................................322(cid:1) Choosing Security Protocols..........................................................................................................................324(cid:1) Storage..........................................................................................................................................................324(cid:1) Configuring SMTP..........................................................................................................................................325(cid:1) Securing Mail Services..................................................................................................................................326(cid:1) viii