Apple Training Series Mac OS X Directory Services v10.6 Arek Dreyer and Ben Greisler Apple Training Series: Mac OS X Directory Services v10.6 A Guide to Configuring Directory Services on Mac OS X and Mac OS X Server v10.6 Snow Leopard Arek Dreyer and Ben Greisler Copyright © 2010 by Apple Inc. Published by Peachpit Press. For information on Peachpit Press books, contact: Peachpit Press 1249 Eighth Street Berkeley, CA 94710 510/524-2178 510/524-2221 (fax) www.peachpit.com To report errors, please send a note to [email protected]. Peachpit Press is a division of Pearson Education. Apple Training Series Editor: Rebecca Freed Production Editor: Danielle Foster Project Editor: Kim Saccio-Kent Copyeditors: Darren Meiss and Elizabeth Welch Instructional Designer: Shane Ross Proofreader: Suzie Nasol Compositor: Danielle Foster Indexer: Valerie Haynes Perry Cover Illustration: Kent Oberheu Cover Production: Happenstance Type-O-Rama Notice of Rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. For infor- mation on getting permission for reprints and excerpts, contact [email protected]. Notice of Liability The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the authors nor Peachpit shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the computer software and hardware products described in it. Trademarks Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Peachpit was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book. ISBN 13: 978-0-321-63532-7 ISBN 10: 0-321-63532-9 9 8 7 6 5 4 3 2 1 Printed and bound in the United States of America Acknowledgments Arek Dreyer I’d like to thank the love of my life, Heather Jagman, for her love, patience, and support while Ben Greisler, David Long, Gordon Davisson, and I worked on this version of the book and course. This book is one aspect of Apple’s four-day Mac OS X Directory Services v10.6 certification course, and there were many people involved. Thanks to Shane Ross, John Signa, and the rest of the training group at Apple, and Rebecca Freed, Rebecca Gulick, Kim Saccio-Kent, Danielle Foster and everyone else at Peachpit Press who got this project into your hands. Thanks to David Colville, Michael Dhaliwal, Jason Deraleau, Kevin Dunn, Charles Edge, Nicole Jacque, Adam Karneboge, Nigel Kersten, André LaBranche, Tip Lovingood, Jussi-Pekka Mantere, Timo Perfitt, Mike Reed, Schoun Regan, Joel Rennich Randy Saeks, Dan Sinema, Tycho Sjögren, Julien vander Straeten, and Kevin White for encouragement and technical help. Ben Greisler Without the support and patience of my wife Ronit Greisler I would have never been able to get through this project. My daughter Galee spent time with me in the office with construction paper writing her own book while my son Noam teethed on USB cables he found on the office floor. Thanks to them for keeping me humble. Thanks to all the people from Apple, Peachpit and elsewhere that Arek has already thanked, for they have been a tremendous help. Thanks to Ståle Bjørdal, Josh Perlman, and Ken Holden for reality checks. Thanks to Sam Bergin, Gerard Hickey, Jay Boltz, and Doug Hanley for keeping me on my toes and making my life easier during the project. We both thank our clients, students, and colleagues, who encourage us to become better consultants, trainers, and members of the Mac OS X ecosystem. Without them, this would be an empty effort iii This page intentionally left blank Contents at a Glance Getting Started .....................................xiii Chapter 1 Accessing the Local Directory Service ...................... 1 Chapter 2 Accessing an Open Directory Server ...................... 63 Chapter 3 Accessing a Third-Party LDAP Service ................... 115 Chapter 4 Accessing an Active Directory Service. . . . . . . . . . . . . . . . . . . . 161 Chapter 5 Configuring Open Directory Server ..................... 203 Chapter 6 Configuring Open Directory Replicas ................... 257 Chapter 7 Connecting Mac OS X Server to Open Directory ...................................... 291 Chapter 8 Integrating Mac OS X Server with Other Systems ....................................... 349 Index .............................................397 v This page intentionally left blank Contents Getting Started .............................xiii Accessing the Local Directory Service ........... 1 Chapter 1 Exploring Directory Services ............................. 2 Creating and Editing Local Users ........................ 17 Creating a Local User Record with dsimport ............... 29 Creating and Editing Local Groups. . . . . . . . . . . . . . . . . . . . . . . 42 Troubleshooting Directory Services ...................... 54 What You’ve Learned .................................. 58 References ........................................... 60 Chapter Review ....................................... 60 Accessing an Open Directory Server ........... 63 Chapter 2 Configuring Open Directory Clients ..................... 64 Configuring Directory Services Search Paths .............. 79 Troubleshooting Binding Issues ......................... 84 Troubleshooting Login Issues ........................... 94 What You’ve Learned ................................. 111 References .......................................... 112 Chapter Review ...................................... 112 Accessing a Third-Party LDAP Service ........ 115 Chapter 3 Populating an LDAP Server for Network Login ........... 116 Configuring Mac OS X to Log In Using a Standard LDAP Server ........................................ 128 vii viii Contents Troubleshooting Binding Issues ........................ 147 Troubleshooting Login Issues .......................... 150 What You’ve Learned ................................. 156 Mac OS X Server References ........................... 157 Chapter Review ...................................... 158 Accessing an Active Directory Service ......... 161 Chapter 4 Configuring Mac OS X to Log In Using Active Directory ..................................... 162 Troubleshooting Binding Issues ........................ 185 What You’ve Learned ................................. 196 References .......................................... 197 Chapter Review ...................................... 200 Configuring Open Directory Server .......... 203 Chapter 5 Configuring Mac OS X Server as an Open Directory Master ............................... 204 Managing Data Stored in an Open Directory Master ....... 226 Troubleshooting Issues Configuring Mac OS X Server as an Open Directory Master ........................... 244 What You’ve Learned ................................. 253 References .......................................... 254 Chapter Review ...................................... 255 Configuring Open Directory Replicas ......... 257 Chapter 6 Configuring Mac OS X Server as an Open Directory Replica ............................... 258 Troubleshooting Open Directory Replication ............. 273 What You’ve Learned ................................. 286 Contents ix References .......................................... 287 Chapter Review ...................................... 288 Connecting Mac OS X Server to Chapter 7 Open Directory ........................... 291 Configuring Mac OS X Server to Connect to an Existing Open Directory Master ..................... 292 Configuring a Service to Use an Open Directory Network User or Group Record ........................ 301 Troubleshooting Binding Issues ........................ 312 Troubleshooting Authentication Issues .................. 320 What You’ve Learned ................................. 343 References .......................................... 345 Chapter Review ...................................... 346 Integrating Mac OS X Server with Chapter 8 Other Systems ............................ 349 Configuring Mac OS X Server to Supplement a Third-Party Directory Service .......................... 350 Configuring Mac OS X Server Services to Authenticate in a Third-Party Kerberos Realm ............ 382 Configuring a Third-Party Server to Use an Open Directory KDC ................................. 388 What You’ve Learned ................................. 391 References .......................................... 392 Chapter Review ...................................... 394 Index .................................... 397