Table Of ContentMac OS X Server
Advanced Server Administration
Version 10.6 Snow Leopard
K Apple Inc. Finder, QuickTime Broadcaster are trademarks of
© 2009 Apple Inc. All rights reserved. Apple Inc.
The owner or authorized user of a valid copy of This product includes BSD (4.4 Lite) developed by
Mac OS X Server software may reproduce this the University of California, Berkeley, FreeBSD, Inc.,
publication for the purpose of learning to use such The NetBSD Foundation, Inc., and their respective
software. No part of this publication may be reproduced contributors.
or transmitted for commercial purposes, such as selling
Intel, Intel Core, and Xeon are trademarks of Intel Corp.
copies of this publication or for providing paid-for
in the U.S. and other countries.
support services.
OpenSSL is software developed by the OpenSSL
Every effort has been made to ensure that the
Project for use in the OpenSSL Toolkit
information in this manual is accurate. Apple is not
(http://www.openssl.org/).
responsible for printing or clerical errors.
UNIX® is a registered trademark of The Open Group.
Apple
1 Infinite Loop X Window System is a trademark of the Massachusetts
Cupertino, CA 95014-2084 Institute of Technology.
www.apple.com
Other company and product names mentioned herein
The Apple logo is a trademark of Apple Inc., registered are trademarks of their respective companies. Mention
in the U.S. and other countries. Use of the “keyboard” of third-party products is for informational purposes
Apple logo (Option-Shift-K) for commercial purposes only and constitutes neither an endorsement nor a
without the prior written consent of Apple may recommendation. Apple assumes no responsibility with
constitute trademark infringement and unfair regard to the performance or use of these products.
competition in violation of federal and state laws.
019-1410/2009-08-15
Apple, the Apple logo, AirPort, AirPort Express, AirPort
Extreme, Apple Remote Desktop, AppleScript, Bonjour,
the Bonjour logo, iCal, iPod, iPhone, Mac, Macintosh,
Mac OS, QuickTime, Safari, Snow Leopard, Tiger,
Time Capsule, Time Machine, Xcode, Xgrid, Xsan,
and Xserve are trademarks of Apple Inc., registered in
the U.S. and other countries.
Contents
11 Preface:� About This Guide
11 What’s in This Guide
12 Using Onscreen Help
13 Document Road Map
14 Viewing PDF Guides Onscreen
14 Printing PDF Guides
15 Getting Documentation Updates
15 Getting Additional Information
16 Chapter 1:� System Overview and Supported Standards
16 System Requirements for Installing Mac OS X Server v10.6
17 What’s New in Mac OS X Server v10.6
18 What’s New in Server Admin
18 Understanding Server Configuration Methods
20 Supported Standards
23 Mac OS X Server’s UNIX Heritage
24 Chapter 2:� Planning Server Usage
24 Determining Your Server Needs
25 Determining Whether to Upgrade or Migrate
25 Setting Up a Planning Team
26 Identifying Servers to Set Up
26 Determining Services to Host on Each Server
28 Defining a Migration Strategy
28 Upgrading and Migrating from an Earlier Version of Mac OS X Server
28 Migrating from Windows
28 Defining an Integration Strategy
29 Defining Physical Infrastructure Requirements
29 Defining Server Setup Infrastructure Requirements
31 Making Sure Required Server Hardware Is Available
31 Minimizing the Need to Relocate Servers After Setup
31 Defining Backup and Restore Policies
32 Understanding Backup and Restore Policies
3
33 Understanding Backup Types
34 Understanding Backup Scheduling
34 Understanding Restores
35 Other Backup Policy Considerations
36 Command-Line Backup and Restoration Tools
36 Understanding Time Machine as a Server Backup Tool
38 Chapter 3:� Administration Tools
38 Server Admin
38 Opening and Authenticating in Server Admin
39 Server Admin Interface
40 Customizing the Server Admin Environment
41 Server Assistant
42 Server Preferences
42 Workgroup Manager
43 Workgroup Manager Interface
44 Customizing the Workgroup Manager Environment
44 Server Monitor
46 iCal Service Utility
46 iCal Service Utility Interface
47 System Image Management
47 Media Streaming Management
48 Command-Line Tools
48 Server Status Widget
48 RAID Admin
49 Podcast Capture, Composer, and Producer
49 Xgrid Admin
50 Apple Remote Desktop
51 Chapter 4:� Enhancing Security
51 About Physical Security
52 About Network Security
52 Firewalls and Packet Filters
52 Network DMZ
53 VLANs
53 MAC Filtering
54 Transport Encryption
54 Payload Encryption
55 About File Security
55 File and Folder Permissions
55 About File Encryption
56 Secure Delete
56 About Authentication and Authorization
4 Contents
58 Single Sign-On
59 About Certificates, SSL, and Public Key Infrastructure
59 Public and Private Keys
60 Certificates
60 About Certificate Authorities (CAs)
61 About Identities
61 About Self-Signed Certificates
61 About Intermediate Trust
62 Certificate Manager in Server Admin
64 Readying Certificates
65 Creating a Self-Signed Certificate
65 Requesting a Certificate from a Certificate Authority
66 Creating a Certificate Authority
68 Using a CA to Create a Certificate for Someone Else
68 Importing a Certificate Identity
69 Managing Certificates
69 Editing a Certificate
70 Distributing a CA Public Certificate to Clients
70 Deleting a Certificate
71 Renewing an Expiring Certificate
71 Replacing an Existing Certificate
71 Using Certificates
72 SSH and SSH Keys
72 Key-Based SSH Login
72 Generating a Key Pair for SSH
74 Administration Level Security
74 Setting Administration Level Privileges
75 Service Level Security
75 Setting SACL Permissions
76 Security Best Practices
77 Password Guidelines
78 Creating Complex Passwords
79 Chapter 5:� Installation and Deployment
79 Installation Overview
81 System Requirements for Installing Mac OS X Server
81 Hardware-Specific Instructions for Installing Mac OS X Server
81 Gathering the Information You Need
82 Setting Up Network Services
82 Connecting to the Directory During Installation
82 SSH During Installation
82 About the Server Install Disc
83 Preparing an Administrator Computer
Contents 5
84 About Starting Up for Installation
84 Before Starting Up
85 Starting Up from the Install DVD
85 Starting Up from an Alternate Partition
88 Remotely Accessing the Install DVD
90 About Server Serial Numbers for Default Installation Passwords
90 Identifying Remote Servers When Installing Mac OS X Server
91 Starting Up from a NetBoot Environment
92 Preparing Disks for Installing Mac OS X Server
93 Choosing a File System
99 Installing Server Software Interactively
100 Installing Locally from the Installation Disc
101 Installing Remotely with Server Assistant
102 Installing Remotely with Screen Sharing and VNC
103 Changing a Remote Computer’s Startup Disk
104 Using the installer Command-Line Tool to Install Server Software
106 Installing Multiple Servers
107 Upgrading a Computer from Mac OS X to Mac OS X Server
107 How to Keep Current
108 Chapter 6:� Initial Server Setup
108 Information You Need
108 Postponing Server Setup Following Installation
109 Connecting to the Network During Initial Server Setup
109 Configuring Servers with Multiple Ethernet Ports
109 About Settings Established During Initial Server Setup
110 Specifying Initial Open Directory Usage
111 Not Changing Directory Usage When Upgrading
112 Setting Up a Server as a Standalone Server
112 Binding a Server to Multiple Directory Servers
113 Setting up Servers Interactively
115 Using Automatic Server Setup
116 Creating and Saving Setup Data
118 Using Encryption with Setup Data Files
118 How a Server Searches for Saved Setup Data Files
119 Setting Up Servers Automatically Using Data Saved in a File
120 Setting a Mac OS X Server Serial Number from the Command Line
121 Handling Setup Errors
122 Setting Up Services
122 Adding Services to the Server View
123 Setting Up Open Directory
123 Setting Up User Management
123 Setting Up All Other Services
6 Contents
124 Chapter 7:� Ongoing System Management
124 Computers You Can Use to Administer a Server
124 Setting Up an Administrator Computer
125 Using a Non-Mac OS X Computer for Administration
126 Using the Administration Tools
126 Working with Pre-v10.6 Computers from v10.6 Servers
127 Ports Used for Administration
127 Ports Open By Default
128 Server Admin Basics
128 Adding and Removing Servers in Server Admin
129 Grouping Servers Manually
129 Grouping Servers Using Smart Groups
130 Working with Settings for a Specific Server
132 Understanding Changes to the Server IP Address or Network Identity
133 Understanding Mac OS X Server Names
133 Understanding IP Address or Network Identity Changes on Infrastructure Services
136 Understanding IP Address or Network Identity Changes on Web and Wiki Services
137 Understanding IP Address or Network Identity Changes on File Services
138 Understanding IP Address or Network Identity Changes on Mail Services
139 Understanding IP Address or Network Identity Changes on Collaboration Services
141 Understanding IP Address or Network Identity Changes on Podcast Producer
142 Understanding IP Address or Network Identity Changes on Other Services
144 Changing the IP Address of a Server
144 Changing the Server’s DNS Name After Setup
144 Changing the Server’s Computer Name and the Local Hostname
145 Administering Services
146 Adding and Removing Services in Server Admin
146 Importing and Exporting Service Settings
147 Controlling Access to Services
148 Using SSL for Remote Server Administration
148 Managing Sharing
149 Tiered Administration Permissions
150 Defining Administrative Permissions
150 Workgroup Manager Basics
151 Opening and Authenticating in Workgroup Manager
151 Administering Accounts
151 Working with Users and Groups
153 Defining Managed Preferences
154 Working with Directory Data
154 Customizing the Workgroup Manager Environment
155 Service Configuration Assistants
155 Critical Configuration and Data Files
159 Improving Service Availability
Contents 7
159 Eliminating Single Points of Failure
160 Using Xserve for High Availability
161 Using Backup Power
161 Setting Up Your Server for Automatic Restart
162 Ensuring Proper Operational Conditions
162 Providing Open Directory Replication
163 Link Aggregation
164 About the Link Aggregation Control Protocol (LACP)
164 Link Aggregation Scenarios
166 Setting Up Link Aggregation in Mac OS X Server
167 Monitoring Link Aggregation Status
168 Load Balancing
169 Daemon Overview
169 Viewing Running Daemons
169 Using launchd for Daemon Control
171 Chapter 8:� Monitoring Your System
171 Planning a Monitoring Policy
171 Planning Monitoring Response
172 Using with Server Status Widget
172 Using Server Monitor
173 Using RAID Admin for Server Monitoring
173 Using Console for Server Monitoring
173 Using Disk Monitoring Tools
174 Using Network Monitoring Tools
175 Using Server Status Notification in Server Admin
175 Monitoring Server Status Overviews Using Server Admin
176 Using Remote Kernel Core Dumps
178 Setting Up a Core Dump Server
179 Setting Up a Core Dump Client
180 Configuring Common Core Dump Options
180 About Simple Network Management Protocol (SNMP)
181 Enabling SNMP reporting
181 Configuring snmpd
183 Additional Information about SNMP
183 Tools to Use with SNMP
183 About Notification and Event Monitoring Daemons
185 Logging
185 Syslog
186 Directory Service Debug Logging
186 Open Directory Logging
187 AFP Logging
187 Additional Monitoring Aids
8 Contents
188 Chapter 9:� Push Notification Server
188 About Push Notification Server
189 Starting and Stopping Push Notification
190 Changing a Service’s Push Notification Server
191 Index
Contents 9
10 Contents
Description:X Window System is a trademark of the Massachusetts . 128 Server Admin
Basics. 128 175 Monitoring Server Status Overviews Using Server Admin.
