Mac OS X Server Getting Started Version 10.
KKApple Inc. © 2009 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Inc.
Contents 7 8 18 24 26 27 Chapter 1: Introducing Mac OS X Server 29 30 31 39 42 46 49 51 Chapter 2: Getting Ready for Mac OS X Server What’s New in Snow Leopard Server Snow Leopard Server in Small Business Snow Leopard Server in a Workgroup Basic Applications and Utilities Advanced Tools and Applications What You Need to Install Snow Leopard Server Preparing Your Network and Internet Connection Deciding How to Manage Users and Groups Deciding Which Basic Services to Provide Providing More Services Pr
63 63 65 69 Chapter 4: Setting Up Mac OS X Server Setting Up a Server Locally Setting Up a Server Remotely After Setting Up a Server 73 Chapter 5: Managing Your Server 4 74 75 77 78 79 Using Server Preferences Using the Server Status Widget Connecting Server Preferences to a Remote Server Backing Up and Restoring the Server Keeping Snow Leopard Server Up to Date 81 82 84 88 89 91 93 95 96 97 98 99 Chapter 6: Managing Users About User Accounts About Administrator Accounts Setting Up Users and Group
100 Customizing the Welcome Email 101 Customizing the Server Invitation Email 102 Customizing the Group Invitation Email 105 Chapter 7: Managing Users’ Computers 105 Setting Up Users’ Macs Automatically 113 Setting Up Users’ Computers Manually 119 Chapter 8: Managing Groups 120 Creating a New Group 122 Adding or Removing Members of a Group 123 Adding or Removing External Members of a Group 125 125 127 130 132 134 138 145 152 Chapter 9: Customizing Services Managing Address Book Service Managing File Sha
158 162 163 167 169 Using an SSL Certificate Managing Users’ Backup Storage Changing Security Settings Checking Server Logs Monitoring Server Graphs 171 Chapter 11: Learning More 171 Using Onscreen Help 172 Getting Documentation Updates 173 Getting Additional Information 175 Appendix: Services and Ports 179 Index 6 Contents
Introducing Mac OS X Server 1 Mac OS X Server has everything you need to provide standards-based workgroup and Internet services, making it ideal for education, small businesses, and large enterprises. Mac OS X Server version 10.6 Snow Leopard combines intuitively simple Macintosh ease of use with a mature, stable UNIX foundation. It provides an extensive array of services that support Macintosh, Windows, and UNIX client computers over a network.
What’s New in Snow Leopard Server Mac OS X Server v10.6 Snow Leopard offers major enhancements in several key areas: ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ ÂÂ 64-bit computing OpenCL Podcast Producer 2 Wiki Server iCal Server 2 Address Book Server Mail Server Mobile Access Server 64-Bit Operating System To accommodate the enormous amounts of memory being added to today’s servers, Snow Leopard Server has a 64-bit operating system to support up to a theoretical 16 TB of RAM.
OpenCL OpenCL (Open Computing Language), allows developers to efficiently tap the vast gigaflops of computing power in the graphics processing unit (GPU). With GPUs approaching processing speeds of a trillion operations a second, they’re capable of considerably more than just drawing pictures. Unlike other server operating systems, Mac OS X Server is specifically designed to use the GPU for graphics rendering, podcast effects and transitions, and drawing the user interface for Mac OS X Server itself.
Chapter 1 Introducing Mac OS X Server
The graphical workflow editor, Podcast Composer, leads you through the steps of defining video-based Podcast Producer workflows. You graphically choose the intro, title, and exit videos; specify different transitions and effects between videos; and view real-time titles and effects. You can add watermarks and overlays to your Podcast content. Your workflow also specifies encoding formats and targets distribution via wiki, iTunes U, or Podcast Library for your finished podcast.
Snow Leopard Server provides each wiki user with a convenient wiki portal, called My Page, for viewing and creating wikis and blogs, using web calendars, tracking wiki updates, and accessing webmail. Mac OS X Server’s single sign-on authentication means a user only needs to enter a name and password once to access all private wikis. Users don’t need administrator passwords to create public and private wikis, and the creator of a private wiki controls access to it.
Users can search across multiple wikis. They can also see Quick Look previews of wiki attachments in the browser window, even if they don’t have applications that open the attachments.
Snow Leopard Server also has new wiki and blog templates optimized for iPhone. Besides being better able to view wiki and blog pages, iPhone users can now track wiki page changes and add comments and tags. When users create events in personal and group web calendars, Snow Leopard Server lets them invite other users and assists by looking up invitees and showing their availability. Snow Leopard Server also allows multiple calendars per user and per group.
iCal Server 2 iCal Server makes it easy to share calendars, schedule meetings, and coordinate events within a workgroup, a small business, or a large organization. Colleagues can check each other’s availability, propose and accept meetings, book conference rooms, reserve projectors, and more. iCal Server sends meeting invitations with agendas or to-do lists, and tabulates replies.
Snow Leopard Server adds push notifications, the ability to email event invitations to non–iCal Server users, integration with Calendar on iPhone, and a web application that lets users access their calendars from any computer with a web browser. iCal Server also integrates with the iCal application in Mac OS X and third-party calendar applications that support the standard CalDAV protocol.
Users can view and add contact information in a server-based address book by using the Address Book application on any Mac with Snow Leopard. Address Book Server can also allow Snow Leopard users to find public contact information in directory servers that your server is connected to. Users of other computers can access address books on your server using third-party applications that are compatible with the CardDAV open standard.
Snow Leopard Server in Small Business A single server with Mac OS X Server can provide all the services needed by computer users in a small business. The server and users’ computers are all connected to a private local network that shares a DSL or cable Internet connection. The Internet connection can be shared through an AirPort Extreme Base Station (802.11n) or a Time Capsule, through a router from the Internet service provider (ISP) or computer retailer, or through the server.
The server provides user and group accounts, shared folders, server-based address books, shared calendars, instant messaging, and wikis with user portals, web calendars, and blogs. The ISP doesn’t provide enough email addresses for everyone in the organization, so the server provides email addresses and mail service.
Users with Mac OS X Snow Leopard or Leopard use Time Machine to back up their Macs to an external hard drive (not shown) attached to the server. Some users have their portable computers and home computers set up to connect to the server’s VPN via the Internet. This gives them secure remote access, while traveling or working at home, to all the services that the server provides on the local network. iPhone users check wikis and blogs while they’re roaming.
Mac OS X Server provides services to all the wired and wireless computers on the local network. The server provides user and group accounts, shared folders, server-based address books, shared calendars, instant messaging, mail, and wikis with user portals, web calendars, and blogs. Users with Mac OS X Snow Leopard or Leopard use storage space on the server for Time Machine backups.
While away from the local network, users with mobile devices can check email, web calendars, wikis, and blogs via Wi-Fi hotspots in libraries, cafes, and airports. Single Server as an Internet gateway The next illustration shows Mac OS X Server configured as an Internet gateway to provide Internet access to computers and mobile devices on the local network. The server’s primary Ethernet port connects through a DSL or cable modem to the Internet, and its other Ethernet port connects to the local network.
Users with Mac OS X Snow Leopard or Leopard use storage space on the server for Time Machine backups.
Snow Leopard Server in a Workgroup The next illustration shows a configuration of Mac OS X Server that serves a department in a large organization. This organization has an IT department that provides DHCP service for assigning network addresses, DNS name service, mail service, Internet access, and a VPN. Everyone in the department already has a user account provided by the organization’s Open Directory server, so these user accounts have been imported to the department’s server.
Organization The Internet ISP File sharing, address book, iCal, mail, Open Directory, and web Firewall, VPN, push, and mobile access Local network Department AirPort Extreme Mac OS X Server Windows computers Mac OS X administrator computer Mac OS X computers iPhones Chapter 1 Introducing Mac OS X Server 25
Basic Applications and Utilities After setting up Snow Leopard Server, you can manage users and groups, change essential service settings, and perform other basic server administration tasks using the applications and utilities described below. For information about using them, see the other chapters in this book. Important: If you have versions of these applications and utilities from Mac OS X Server v10.5 Leopard or earlier, do not use them with Snow Leopard Server.
Advanced Tools and Applications Besides Server Preferences and the other basic administration applications, Snow Leopard Server includes the advanced administration applications and tools described in the following table. For more information about these tools and applications, open Server Admin and then use the Help menu, or see the Mac OS X Server Resources website at www.apple.com/server/macosx/resources/. Important: If you have administration applications and tools from Mac OS X Server v10.
Advanced applications and tools for server administrators Server Admin (in /Applications/Server/) Change advanced service settings, configure advanced services, and manage file share points. Monitor server activity and view detailed service logs. Server Assistant Set up multiple servers automatically, using saved auto setup profiles. Open Server Assistant by using the Server menu in Server Admin. Server Monitor (in /Applications/Server/) Remotely monitor and manage one or more Xserve systems.
Getting Ready for Mac OS X Server 2 Check the server hardware, set up your network, decide how to manage users and groups, decide which services to provide, and prepare server disks.
What You Need to Install Snow Leopard Server To install Snow Leopard Server, you need a Macintosh desktop computer or server with: ÂÂ An Intel processor ÂÂ At least 2 gigabytes (GB) of random access memory (RAM) ÂÂ At least 10 gigabytes (GB) of disk space available Your server needs significantly more disk space—such as a high capacity external hard drive—if you want to allow Snow Leopard and Leopard users to back up their Macs on the server.
A built-in DVD drive is convenient for installing Mac OS X Server, but you can also attach an external FireWire DVD drive or a Mac that has a DVD drive and is operating in target disk mode. A display is optional. You can use an administrator computer to install and administer Mac OS X Server on a computer that has no display. For information, see “Preparing an Administrator Computer” on page 51. Your server doesn’t need to be located where someone has constant access to it.
Conditions that affect DNS setup If users will only access your server from your local network Your server can provide DNS service for your local network (IP subnet). This local DNS service is configured automatically during initial server setup if no existing DNS service can be found for your server. The local DNS service has an entry for the DNS name and IP address you specify for your server during initial setup.
Conditions that affect DNS setup If you’re setting up a server for a small organization Ask your ISP or the public registrar for your domain to add a DNS entry for your server’s DNS name that resolves to your server’s public IP address. Also ask for a reverse lookup entry that resolves the public IP address to the DNS name. Your ISP provides a public IP address as part of your Internet service.
Conditions that affect DNS setup If your server will provide mail or web services If your server will provide mail service or web services, you can provide easier access to them by requesting DNS entries for names like mail.example.com and www.example.com. If your server will provide mail service, request an MX (mail exchanger) entry for your server. An MX entry (or record) allows users to have an email address like mchen@example.com.
Setting Up DHCP for Your Server Most users’ computers are configured by default to get network addresses from a DHCP server on the local network. The DHCP server for your network needs to be configured to provide network addresses, including an IP address for each computer, the IP address of the router or gateway for your network, and IP addresses of one or two DNS servers for your network.
Protecting Your Network with AirPort Extreme If you have an AirPort Extreme Base Station (802.11n) or a Time Capsule, Mac OS X Server can automatically manage it to protect your local network while allowing access to selected services from the Internet. After initial setup, you can use Server Preferences to specify individual services that you want to be accessible from outside your local network.
You can manually configure port mapping on most Internet routers by using their configuration software. Usually the configuration software consists of several webpages. Using a web browser on any computer connected to your local network, you go to the webpage with settings for port mapping or port forwarding. In some cases, you can select standard services such as web or VPN and specify that each be mapped to your server’s IP address.
If this port has an IP address assigned by a DHCP server, you won’t be able to make the server a gateway during initial Mac OS X Server setup. This is because, as a gateway, the server would provide DHCP service that might conflict with an existing DHCP server on the same network. Other computers connected to this local network will share the server’s Internet connection.
ÂÂ Sets up the server’s firewall to block incoming connections that originate from computers on the Internet. The firewall allows outgoing connections from computers on the local network. It also allows incoming connections that are responding to the local computers’ outgoing connections. After setup, you can use the Security pane of Server Preferences to allow incoming requests through the firewall for specific services.
After setup, you’ll manage users and groups, configure basic service settings, and monitor server status with the easy-to-use Server Preferences application. You can also use the Server Admin and Workgroup Manager applications if you need to change advanced settings or set up advanced services. Importing Users and Groups for a Workgroup If you’re setting up a server for a department or workgroup in an organization with an existing directory server, you can choose to import users from that directory server.
Your server will also provide its own directory service as an Open Directory master, and thus can have its own user and group accounts. After setup, you can create groups for teams or projects within the workgroup, and you can create a user account for anyone who doesn’t have one from the organization’s directory server. After setup, you’ll manage users and groups, configure basic service settings, and monitor server status with the easy-to-use Server Preferences application.
Deciding Which Basic Services to Provide During the initial setup of Mac OS X Server, you can select which basic services your server will initially provide to users: address book, iCal, file sharing, iChat, mail, and web. For information to help you decide which of these services to provide, see the next six topics.
File Sharing Service Overview Mac OS X Server file sharing service lets your group members access shared folders and store personal files on the server. They can use Macintosh, Windows, or UNIX computers to access their files and shared folders without special software, using native file protocols including AFP and SMB. Windows users see Mac OS X Server file servers in their Network Places, just like Windows file servers.
iChat service works with the iChat application in Mac OS X, Google Talk, and other instant messaging software that uses the XMPP protocol, called Jabber. Mail Service Overview Mail service lets users send and receive email on your local network and the Internet, using any email application. Mail service includes filters that protect users from junk mail and viruses.
Web calendars let people keep track of appointments, meetings, and other events using any web browser. Users can send and receive invitations to events. When inviting people to an event, users can see each person’s availability on a timeline. Each user’s My Page portal includes a personal web calendar, and each wiki can also have a calendar that everyone who has access to the wiki can use.
Providing More Services Whether you set up basic services during initial server setup or not, you can configure them and many others after setup. You can change basic service and system settings and add users and groups with Server Preferences. You can change advanced settings and configure advanced services with Server Admin. You can use Workgroup Manager to change advanced user and group settings, control user preferences, and manage computer records.
Service Initial server setup Server Preferences Workgroup Manager Computer account and computer group management No No Yes Managed preferences No No Yes Service Initial server setup Server Preferences Server Admin Address book Optional Yes Yes DHCP, DNS, NAT Automatic No Yes File sharing (AFP and SMB protocols) Optional Yes Yes File sharing (FTP and NFS protocols) No No Yes Firewall (application firewall) Automatic Use System Preferences Use System Preferences Firewall (I
Service Initial server setup Server Preferences Server Admin MySQL No No Yes NetBoot and NetInstall (system imaging) No No Yes Network time Automatic No Yes Network management (SNMP) No No Yes NFS No No Yes Open Directory master (user accounts and other data) Optional Optional Yes Podcast Producer No No Yes Print No No Yes Push notification Automatic Automatic Yes QuickTime Streaming No No Yes RADIUS No No Yes Remote login (SSH) Optional Use System Prefe
Service Initial server setup Server Preferences Server Admin VPN (secure remote access) No Yes Yes Web (wikis, blogs, webmail) Optional Yes Yes Xgrid (computational clustering) No No Yes Preparing Disks for Mac OS X Server If you’re going to install Mac OS X Server on an existing computer and want a clean installation, you need to erase the disk you’ll install on. You can use the Disk Utility application before installing locally or use Server Assistant while installing remotely.
Mac OS Extended (Journaled): This is recommended and is the most common format for a Mac OS X Server startup volume. Mac OS Extended (Case-sensitive, Journaled): This is worth considering if you are planning to have your server host a custom website with static web content instead of or in addition to wikis. A case-sensitive disk can host static web content with a more direct mapping between files and URLs.
Creating a RAID Set If you’re installing Snow Leopard Server on a computer with multiple internal hard disk drives, you can create a RAID (Redundant Array of Independent Disks) set to optimize storage capacity, improve performance, and increase reliability in case of a disk failure. For example, a mirrored RAID set increases reliability by writing your data to two or more disks at once. If one disk fails, your server automatically continues using other disks in the RAID set.
As illustrated below, you start up the server using the Mac OS X Server Install Disc and then use Server Assistant on the administrator computer to perform a remote installation and setup. Server Assistant Administrator computer Target server with DVD drive You can also use an administrator computer to manage the server remotely after setup. You make a computer with Mac OS X v10.6 into an administrator computer by installing server administration software on it.
Installing Mac OS X Server 3 Use the Installer to install Snow Leopard locally, or use Server Admin to install remotely. Before installing Mac OS X Server, be sure to prepare the computer you’re going to use as a server and get your network and Internet connection ready. Also, use the Installation & Setup Worksheet to collect information you’ll need. (It’s in the Documentation folder on the Mac OS X Server Install Disc.) For more information about these preparations, see the previous chapter.
Installing Mac OS X Server Securely When you start up a computer from the Mac OS X Server Install Disc, SSH remote login service and VNC screen sharing service start automatically in order to make remote installation possible. Important: Make sure the network is secure before you install or reinstall Mac OS X Server, because SSH and VNC give others access to the computer over the network. For example, set up your local network so that only users you trust can access it.
Installing Locally You can install Mac OS X Server directly onto a computer by starting up the computer from the Mac OS X Server Install Disc. The Installer application guides you through the interactive installation process. The computer must have a display attached so you can interact with the Installer. When you install locally, you can use Disk Utility and other applications in the Installer’s Utilities menu, and you can customize the installation by selecting items to be installed.
To install Mac OS X Server locally: 1 If you’re planning to erase or partition the target disk, make sure you have a backup of the disk. 2 Start up the computer, log in if necessary, and insert the Mac OS X Server Install Disc into the DVD drive. 3 Open the Install Mac OS X Server application and click the Restart button. The application is in the Mac OS X Server Install Disc window.
6 Read and agree to the software license agreement. 7 Select the disk or volume (partition) you want to install on, and make sure it’s in the expected state before clicking Install to begin installing. If you want to select the language translations, printer drivers, and other optional items that will be installed, click Customize. You can quit installation before it begins by using the Mac OS X Installer menu.
ÂÂ An upgrade of a server with an Intel processor and Mac OS X Server v10.5 Leopard or Mac OS X Server v10.4.11 Tiger (for information about other upgrading and migrating options, open Server Admin and then use the Help menu, or see the Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ To install Mac OS X Server remotely: 1 If you’re planning to erase the target disk or partition, make sure you have a backup of it, and optionally use Disk Utility to prepare the target disk.
If Server Admin asks for a password to connect to a server that’s already set up on your network, you can click Cancel. You don’t need an administrator account to install Mac OS X Server remotely. 4 Select the target server on the right, and then click Install. If the server you want isn’t listed, you can click the Refresh (curved arrow) button to have Server Admin look again for servers that are ready for installation on your local network.
6 Select the language you want Mac OS X Server to use and click Continue. The language you select doesn’t affect the language on users’ computers. 7 Select a destination disk or volume (partition) and click Install. 8 If the volume you selected already has Mac OS X Server or Mac OS X installed, select an available option and then click OK. The options may include: Erase: Completely erases the destination volume before installing a new copy of Mac OS X Server.
Prepare and save information for automatic setup: Lets you go through the setup process, selecting setup options and entering setup data, and then instead of using the setup information to configure a server right now, save the setup information as an auto setup profile on a removable drive or disc. Later you can use the saved auto setup profile to automate the setup of one or more servers. For more information, see the Installation & Setup Worksheet.
Setting Up Mac OS X Server 4 Server Assistant leads you through setting up your server for the first time. Server Assistant opens automatically when you: ÂÂ Finish installing Mac OS X Server v10.
To set up a server locally: 1 Prepare for setup by filling out a printed copy of the Installation & Setup Worksheet. The Installation & Setup Worksheet is located in the Documentation folder on the Mac OS X Server Install Disc. For more information, see Chapter 2, “Getting Ready for Mac OS X Server,” on page 29. 2 If you have DHCP or DNS service provided by your ISP, Internet router, or other servers on your network, make sure they are set up for your new server and are running.
ÂÂ Another Ethernet port connects to your local network. During setup, Server Assistant automatically identifies which port connects to the Internet. For more information, see “Protecting Your Network by Making Your Server a Gateway” on page 37. 5 If the server is off, turn it on. When the server starts up, Server Assistant opens automatically. 6 Proceed through the Server Assistant panes, following the onscreen instructions and entering the information you’ve recorded on the Installation & Setup Worksheet.
To set up a remote server: 1 Prepare for setup by filling out a printed copy of the Installation & Setup Worksheet. The Installation & Setup Worksheet is located in the Documentation folder on the Mac OS X Server Install Disc. 2 If you have DHCP or DNS service provided by your ISP, Internet router, or other servers on your network, make sure they are set up for your new server and are running.
When the server starts up, Server Assistant opens automatically and waits for remote setup to begin. 6 On an administrator computer, open Server Admin and select “Ready for Setup” in the list on the left. Server Admin is located in /Applications/Server/. If Server Admin asks for a password to connect to a server that’s already set up on your network, you can click Cancel. You don’t need an administrator account to set up Mac OS X Server remotely.
The password for a new installation of Mac OS X Server is the first 8 characters of the server’s built-in hardware serial number. To find the serial number, look for a label on the server. Match the capitalization of the serial number when you type it. For an Intelbased Xserve that has had its main logic board replaced and has no hardware serial number, enter “System S” (don’t enter the quotation marks) as the password.
After server setup is complete, you can take some additional steps to enhance the security, accessibility, and overall usefulness of your new server. For information, see “After Setting Up a Server”, next. After Setting Up a Server After setting up a server, you can: ÂÂ Enhance the security, accessibility, and usefulness of your new server by following the advice in the Mac OS X Server Next Steps document that’s generated and placed on the server’s desktop after initial setup.
ÂÂ If you set up a single server for a small organization or a server for a workgroup in a medium or large organization, use Server Preferences to set up users and groups, customize services and system information, and monitor server activity. For information about these tasks, see Chapter 5, “Managing Your Server,” through Chapter 10, “Managing Server Information,” or open Server Preferences and then use the Help menu. You can also use the Server Status widget with Dashboard to monitor your server.
Protecting the System Administrator (root) Account The administrator password you enter during setup is also used for the server’s System Administrator user account, whose short name is root. The System Administrator (root) account can be used to move or delete any file in the system, including system files not available to a server administrator account or any other user account. You don’t need root user privileges to administer your server.
If you don’t import some user accounts from the connected directory server, you can make them external members of groups. You can also give them access to your server’s private wikis. For more information, see “Importing Users” on page 91, “Adding or Removing External Members of a Group” on page 123, and “Setting Up Web Services” on page 140. To connect to a directory server: 1 Open the Accounts pane of System Preferences on your server. 2 Click Login Options and then click Edit.
Managing Your Server 5 Use the Server Status widget, Server Preferences, Time Machine, and Software Update to check status, change settings, back up and restore, and update server software. Check status with Server Preferences or the Server Status widget. Find and change server settings with Server Preferences. Use Server Preferences and the Server Status widget on the server itself or over the network from any Mac with Snow Leopard.
Using Server Preferences With Server Preferences, you can check the status of services and change essential settings. You can use Server Preferences to manage various aspects of Snow Leopard Server, such as who can use its services, how its services are configured, or what its status is. Find the setting you need without knowing its exact location To manage a server with Server Preferences: 1 Open Server Preferences. Server Preferences is located in /Applications/Server/.
Using the Server Status Widget You can use the Server Status widget to monitor the status of Mac OS X Server either on the server itself or from another computer with Mac OS X Server or Mac OS X. To use the Server Status widget: 1 Open Dashboard and look for the Server Status widget. You can open Dashboard by clicking its icon in the Dock, or by pressing its keyboard shortcut, which is usually the F4 key or the F12 key.
ÂÂ Change the processor or network graph’s time period to one hour, day, or week by clicking the graph. ÂÂ If your server has more than one disk, view the status of each disk in turn by clicking the disk usage graph. ÂÂ Check the status indicator and activity statistics for the listed services. A green indicator means the service is running. ÂÂ Connect to a different server by moving the mouse to the upper left corner of the widget and clicking the small Info (i) button.
Connecting Server Preferences to a Remote Server You can connect Server Preferences to a server over the network and manage users, groups, services, and system information remotely. Mac OS X administrator computer Mac OS X Server To manage a server remotely: 1 Open Server Preferences on an administrator computer and choose Connection > New Connection. For information about administrator computers, see “Preparing an Administrator Computer” on page 51.
To reconnect to a server you have connected to recently, choose Connection > Open Recent Connection, and then choose the server you want. You can connect Server Preferences to any server with Mac OS X Server v10.6 or later. Backing Up and Restoring the Server You can back up server files automatically using Time Machine. It’s a comprehensive backup solution for the system.
For information about backing up users’ computers on the server, see “Managing Users’ Backup Storage” on page 162. Keeping Snow Leopard Server Up to Date When your server is connected to the Internet, Software Update can automatically get the latest free Snow Leopard Server version, security updates, and other enhancements from Apple. You can have your server check for updates daily, weekly, or monthly. You can also check now.
To check for updates or adjust automatic updating: 1 Open System Preferences on the server. 2 Click the Software Update Icon and follow the onscreen instructions. If your organization has another server with Mac OS X Server, your server may get software updates from it rather than from Apple. An expert administrator can set up Mac OS X Server to provide software update service by using Server Admin. You can also download software updates directly from the Apple Downloads website: www.apple.
6 Managing Users Create or import user accounts, change their settings, or delete them in the Users pane of Server Preferences. In the Users pane, you set up accounts for people who use the services that this server provides, and you control which services they can access. You can update their contact information and change their group memberships. You can also manage email welcome messages that go to new users.
About User Accounts User accounts on your server allow users to gain access to services provided by the server. A user account contains the information needed to prove the user’s identity for all services that require authentication. A user account also provides a centralized place to store a user’s contact information and other data. Each user account has an email address, an iChat instant messaging address, a personal calendar, and a My Page wiki portal.
Imported User Accounts Imported user accounts remain in your organization’s directory server. You can supplement imported accounts with contact information, group membership information, and so forth. The supplemental information is stored in your server’s directory. When someone uses an imported user account, your server automatically combines the account information stored in the directory server with supplemental account information stored in your server’s directory.
Account type Stored in Created by Used for Server account Your server’s directory You (a server administrator), using Server Preferences Group membership, contact information, authenticating for services Imported account Your organization’s directory server, with supplements in your server’s directory The directory server’s administrator Group membership, contact information, authenticating for services Local account Each Mac OS X computer A user with an administrator account on the computer,
Primary Administrator Account The server always has a primary administrator account, whose name and password you entered while setting up the server. The primary administrator account is stored on the server along with any user accounts you might create using the Accounts pane of System Preferences. You can use this administrator account on the server itself, and you can use it to manage your server over the network from another Mac.
Feature Primary administrator Directory administrator Name and short name Specified during setup Directory Administrator and diradmin (or specified during setup) Password Specified during setup Same as primary administrator Stored in the server’s directory No Yes Can be used from an administrator computer Yes Yes Administrators on an Upgraded Server If your server was upgraded or migrated from a standard or workgroup configuration of Mac OS X Server v10.
Administrator Account Security To keep your server secure: ÂÂ Don’t share an administrator name and password with anyone. ÂÂ Log out when you leave your server, or set up a locked screen saver using the Screen Saver pane and Security pane of System Preferences. If you leave your server while you’re logged in and the screen is unlocked, someone could sit down at your server while you’re away and make changes using your administrator privileges.
Setting Up Users and Groups Management If your server wasn’t initially set up to manage its own users and groups, you see a “Set Up” button when you view the Users pane or the Groups pane in Server Preferences. You don’t see this window if your server is already configured to manage users and groups. You can configure your server to have its own directory by clicking this Set Up button. This creates an Open Directory domain on your server and makes your server an Open Directory master.
Adding a User Account You can add an individual user account for each person who uses the services provided by your server. Your server gives each user account its own email address, iChat address, personal calendar, and My Page wiki portal. User accounts can also have access to wikis, blogs, web calendars, a server-based address book, the server’s shared files, and Time Machine backup storage, and they can use VPN to access the server remotely.
4 If you don’t want to use the generated short name, enter a different short name. After the account is created, you can’t change this short name. The short name typically is eight or fewer characters, but can be up to 255 Roman characters. Use only the characters a through z, A through Z, 0 through 9, . (period), _ (underscore), or - (hyphen). Note: If a user already has a short name on a Mac, try to use the same short name for the user’s account on the server.
Importing Users If your server is connected to your organization’s directory server, you can import users’ existing accounts Your server gives each imported user account its own iChat address, personal calendar, and My Page wiki portal. Imported user accounts can also have access to wikis, blogs, web calendars, a server-based address book, the server’s shared files, and Time Machine backup storage.
To import a user account: 1 If you’re going to have the server send an invitation email to imported users, make sure the custom introduction and the sender’s name and email address suit your needs. For information, see “Customizing the Server Invitation Email” on page 101. 2 In the Users pane of Server Preferences, click the Add (+) button and choose “Import User From Directory” from the pop-up menu.
Importing Groups of Users Automatically If your server is connected to your organization’s directory server, you can import groups of existing user accounts. If you import a group, your server automatically imports user accounts for all group members. Your server periodically checks with your organization’s directory server for changes in each imported group’s membership, and automatically adds and removes imported user accounts as users are added to or removed from an imported group.
To import user accounts automatically from groups: 1 If you’re going to have the server send an invitation email to imported users, make sure the custom introduction and the sender’s name and email address suit your needs. For information, see “Customizing the Server Invitation Email” on page 101. 2 In the Users pane of Server Preferences, click the Action (gear) button and choose Import Users From Groups from the pop-up menu.
Deleting a User Account You can use Server Preferences to delete user accounts that are no longer needed for your server. To delete a user account: 1 In the Users pane of Server Preferences, select the user account you want to delete in the list on the left. 2 Click the Delete (–) button. Deleting a user account cancels its group memberships and stops its access to group services and private wikis. Deleting a user account also deletes the user’s mail stored on the server.
Changing a User’s Account Settings You can change a user’s name, password, picture, or administrator privilege by clicking Account in the Users pane of Server Preferences.
Changing a User’s Contact Information You can change a user’s first and last names, address, email and chat addresses, website address, and blog address by clicking Contact Info in the Users pane of Server Preferences. Add or delete an email address, chat address, or phone number Personal website address and blog address If some settings in the Contact Info pane are dimmed, you can’t change them because they’re stored in the directory server that your server is connected to.
Controlling a User’s Access to Services You can control a user’s access to individual services by clicking Services in the Users pane of Server Preferences.
Changing a User’s Group Membership You can add a user to a group or remove a user from a group by clicking Groups in the Users pane. Select the checkbox of each group you want the user to belong to Click to begin editing membership, and then click to finish editing Group members can access the group’s file sharing folder, and they can be added to each other’s iChat buddy lists automatically. Group members can also be given access to private wikis by the wiki owners.
Customizing the Welcome Email You can use Server Preferences to add your name, email address, and a personal introduction to the standard email message that your server sends to tell new users about its services. The standard message specifies the server’s DNS name and explains the services that the server provides. The server sends the email automatically when you add a new user account. However, your server doesn’t send the email if its mail service is stopped when you add new user accounts.
Customizing the Server Invitation Email You can use Server Preferences to add your name, email address, and a personal introduction to the standard email message that your server can send to tell users how to get its services. The standard message specifies the server’s DNS name and explains the services that the server provides. Recipients who have Mac OS X v10.6 Snow Leopard can click a button in the email to automatically set up their Macs to get services from your server.
You can use the message to introduce yourself, so recipients know the email is genuine. For example: Hi, I’m the administrator for our server. If you need help getting services from it, please don’t hesitate to send me an email or call me at 310-555-4357. —Bill Recipients see your introduction in a boxed section set apart from the standard message text that the server generates.
To customize the email sent to new external members of a group: 1 In the Users pane of Server Preferences, click the Action (gear) button and choose Email Message Settings from the pop-up menu. 2 Enter the sender’s name and email address in the Administrator Full Name field and the Administrator Email field. 3 Optionally enter a personal message in the Group Invitation field. If you don’t see the Group Invitation field, your server isn’t connected to a directory server.
Managing Users’ Computers 7 Learn how to help users set up their computers to use the services your server provides. Users need to set up their computers to get services from your server. Users with Mac OS X v10.6 Snow Leopard can have their computers set up automatically. Users with an earlier Mac OS X version or with Windows need to set up their computers manually. Setting Up Users’ Macs Automatically Users who have Mac OS X v10.
Automatic setup for Begins when For information, see Users who have a new Mac or Snow Leopard newly installed and have an account on your server Users complete the “Connect to Mac OS X Server” pane during Mac OS X setup “Setting Up New Macs” on page 108 Current users of Snow Leopard who have accounts on your server Users connect their computers to your server’s network “Setting Up Macs That Join Your Network” on page 110 Current users of Snow Leopard whose accounts you import using Server Preferenc
User Access to Services After finishing automatic setup, the user is ready to access services as shown in the following table. Of course, the user can only access services that are turned on. You can control each user’s access to services individually, as described in “Controlling a User’s Access to Services” on page 98. Mac OS X application Is ready to access Address Book Server-based contact information Finder Shared folders at afp://myserver.example.com and smb://myserver.example.
Setting Up New Macs During initial setup of a new Mac or a Mac with Mac OS X v10.6 Snow Leopard newly installed, the “Connect to Mac OS X Server” pane lets the user choose your server if the user has an account on it. User chooses your server User specifies an account on your server The “Connect to Mac OS X Server” pane appears only if the Mac detects a server with Snow Leopard Server on the network.
If the user completes this pane: ÂÂ A local user account is created on the user’s Mac, based on the user’s account on the server. Both accounts have the same long name, short name, and password. ÂÂ A home folder is set up on the user’s computer. ÂÂ The user’s computer is automatically connected to your server and configured to get services from it. For information, see “User Access to Services” on page 107. The user may be unable to complete the “Connect to Mac OS X Server” pane for several reasons.
Setting Up Macs That Join Your Network If a Mac with Mac OS X v10.6 Snow Leopard isn’t connected to a server yet, and the Mac ascertains that the user currently logged in matches a user account created on your server, the Mac displays an invitation, offering to set up connections to your server. The user can accept the invitation, decline it, or postpone action until the next login. If the Mac discovers more than one server that the user can connect to, the invitation offers the user a choice of servers.
Then Accounts preferences sets up the user’s Mac and displays information about what it did. For more information, see “User Account Changes” on page 106 and “User Access to Services” on page 107. Setting Up Newly Imported Users’ Macs If some users already have Mac OS X v10.6 Snow Leopard set up, and you import their user accounts from a directory server, your server can send an email inviting them to join the server.
If a Snow Leopard user doesn’t have the invitation email, you can send one manually by using the Action button in the Users pane. For instructions, open Server Preferences and then use the Help menu. For information about adding your name, email address, and a personal introduction to the standard message text that the server generates for the invitation email, see “Customizing the Server Invitation Email” on page 101.
4 If a dialog appears offering to set up services, choose whether to have the user’s applications set up to get services from your server. ÂÂ If you want applications set up to get services from your server, click Set Up Services. Then enter the name and password of the user’s account on the server. For information about how the Mac is set up, see “User Account Changes” on page 106 and “User Access to Services” on page 107.
Settings for applications Finder or other SMB or AFP file sharing client afp://myserver.example.com smb://myserver.example.com Address Book (with Mac OS X v10.6 Snow Leopard) or other CardDAV contacts application Server address: myserver.example.com User name: the name of the user account on the server Password: the password of the user account on the server iCal (with Mac OS X v10.6 Snow Leopard) Account type: automatic (CalDAV) Email address: usershortname@myserver.example.
Settings for applications Mail or other email application Account type: IMAP or POP Incoming mail server: myserver.example.com Outgoing mail server: myserver.example.com Email address: usershortname@myserver.example.com Authentication: Kerberos v5 preferred (other standard methods supported) Safari or other web browser Server website: http://myserver.example.com Click links to see My Page, wikis, blogs, calendars, and webmail.
Using a VPN Configuration File If you got a VPN configuration file from the person who manages your server, and you have Mac OS X v10.3 or later, you can use the file to set up your computer for making VPN connections to the server. The configuration file contains all the information necessary to make a VPN connection to the server, except the name and password of your user account on the server.
Setting Up a User’s VPN Connection Manually Users may be unable to import VPN settings from a configuration file because they don’t have the file, or because they have Windows computers, which can’t use the file. These users can manually set up their computers for a VPN connection to your server.
8 Managing Groups Use the Groups pane to add or delete groups, see and change group membership, or configure group services. In the Groups pane, you create groups, turn group services on or off, add or remove group members, and delete unneeded groups.
Creating a New Group You can create a new group whenever some server users need their own shared group folder, or when you need to control access to shared folders and files. To create a new group: 1 Click the Add (+) button in the Groups pane of Server Preferences. 2 Enter a name for the group, and optionally change the short name. The group name can be up to 255 characters (which can be as few as 85 Japanese characters). It can include spaces. After you create the account, you can’t change the short name.
Create group wiki: Opens your web browser and starts the process of creating a wiki using this group’s name. While creating the wiki, you select a visual theme and set access permissions. The wiki initially includes a web calendar, blog, and mailing list. You can customize the wiki after creating it. For more information, click the Help link on any wiki page.
Adding or Removing Members of a Group In the Groups pane, you can add or remove group members who are users you’ve created or imported in the Users pane. (To have imported users, your server must be connected to a directory server.) Select the checkbox of each user you want to be a group member Click to begin editing membership, and then click to finish editing For information about adding, deleting, or configuring user accounts, see Chapter 6, “Managing Users.
Adding or Removing External Members of a Group If your server is connected to a directory server, your group members can include users and groups from the directory server. External members don’t have user accounts on your server, but they can access the group’s shared folder and wikis that the group has permission to view. If you don’t see an External Members tab, your server isn’t connected to a directory server in your organization. If your organization has a directory server, you can connect to it.
To add or remove external group members: 1 Before adding external group members, be sure the group invitation email is worded to suit your needs. For information, see “Customizing the Group Invitation Email” on page 102. 2 In the Groups pane of Server Preferences, select the group you want to change in the list on the left, and click External Members. 3 To remove an external group member, select the member in the list on the right, and then click the Delete (–) button below the list of members.
Customizing Services 9 Use Server Preferences to change settings for file sharing, address book, iCal, iChat, mail, web, and VPN services. The Services section of Server Preferences includes the File Sharing, Address Book, iCal, iChat, Mail, Web, and VPN panes. Managing Address Book Service Use the Address Book pane to turn address book service on or off, or to limit each user’s disk space for contact information stored on the server.
About Address Book Service The address book service for Mac OS X Server, Address Book Server, allows users to keep contact information on the server. Users can view and add contact information in a server-based address book by using the Address Book application on any Mac with Snow Leopard on the network. A Mac with Snow Leopard can have its Address Book application automatically set up to use a server-based address book. See “Setting Up Users’ Macs Automatically” on page 105.
Managing File Sharing Service Use the File Sharing pane to turn file sharing service on or off, and to control access to the Groups, Public, and Users shared folders. You can also add or remove your own shared folders, also known as share points.
If you want to allow access to file sharing on the Internet and you have a cable router, DSL router, or other network router, your router must have port forwarding (port mapping) configured for file sharing. For more information, see “Protecting a Small Network” on page 35. If you want to allow access to file sharing outside your local network and your local network has a separate firewall device, ask the firewall administrator to open the firewall for the ports that file sharing uses.
4 To restrict read and write access to the shared folder and its contents, click Edit Permissions, select “Only these registered users and groups,” and select the checkbox next to each user and group you want to give read and write access to. If you give a group read and write access, all users who are members have read and write access even if their individual checkboxes are deselected.
Managing iCal Service Use the iCal pane to turn iCal calendar service on or off, limit the size of file attachments, or limit each user’s total calendar data.
About iCal Service The calendar service for Mac OS X Server, iCal Server, makes it easy for users to share calendars, schedule meetings, and coordinate events within a workgroup, a small business, or a large organization. Colleagues can quickly and easily check each other’s availability, set up and propose meetings, book conference rooms, reserve projectors, and more. iCal Server sends the invitations, which can include information such as an agenda or to-do list, and tabulates replies.
Managing iChat Service Use the iChat pane to turn iChat instant messaging service on or off, enable chatting with other instant messaging systems, or set up logging and archiving of all chats. Save a transcript of all chats, and archive it once a week in a compressed file Let users chat with users on other XMPP instant messaging systems such as Google Talk About iChat Service iChat service provides instant messaging (IM) for Macintosh, Windows, and Linux users.
A computer with Mac OS X v10.6 Snow Leopard can have its iChat application automatically set up to use your server’s iChat service. See “Setting Up Users’ Macs Automatically” on page 105. iChat service also works with the iChat application in earlier Mac OS X versions, Google Talk, and other instant messaging software that uses the XMPP protocol, called Jabber, which is available for Windows and Linux computers.
Managing Mail Service Use the Mail pane to turn mail service on or off, specify a relay server for outgoing mail, or adjust junk mail and virus filtering. About Mail Service Mail service lets users send and receive email on your local network and the Internet, using any email application. Mail service includes filters that protect users from junk mail and viruses. Everyone with a user account on your server gets an email address. A computer with Mac OS X v10.
If you want to allow access to mail service on the Internet and you have a cable router, DSL router, or other network router, your router must have port forwarding (port mapping) configured for mail service. For more information, see “Protecting a Small Network” on page 35. If you want to allow access to mail service outside your local network and your local network has a separate firewall device, ask the firewall administrator to open the firewall for the ports that mail service uses.
To relay outgoing mail through another server: 1 In the Mail pane of Server Preferences, select “Relay outgoing mail through ISP.” If this option is already selected, click the Edit button next to it. A dialog appears for entering the relay server connection details. 2 Enter the relay server’s DNS name or IP address supplied by your ISP or organization.
Scanning for Incoming Junk Mail and Viruses You can have mail service scan incoming messages for junk mail and viruses. To have mail service scan for junk mail and viruses: 1 In the Mail pane of Server Preferences, select “Enable junk mail and virus filtering.” 2 Adjust the slider to set how tolerant the filter is of indications that an incoming message is junk mail. Aggressive: The junk mail filter tolerates few signs of being junk mail.
Managing Web Services Use the Web pane of Server Preferences to turn the Web Server on or off, change the location of your server’s web homepage, publish custom websites, or turn standard web services—wikis, web calendars, blogs, and webmail—on or off.
All users can easily create wikis and control who can view, search, and edit their wiki content. By using included templates or creating their own, users can add, delete, edit, and format content naturally—without knowing markup codes or special syntax. With a few clicks, or by dragging and dropping, they can attach files and images, publish podcasts, assign keywords, and link to other wiki pages or other websites.
Web services also let you publish custom websites that you have created (or someone has created for you) using website development software. You can restrict access to each website to a particular group, or restrict parts of the website to particular groups. You can also specify each website’s IP address, an access port, and the folder where website files are stored on the server. A custom website is also called a virtual host.
ÂÂ Choose Server Home Page to use the default Mac OS X Server website or a custom HTML website you’ve created (or someone has created for you) using website development software. ÂÂ Choose a wiki to make it your server’s main website. If the pop-up menu is dimmed, the Wikis service is off. If the pop-up menu doesn’t contain wikis, you or someone with a user account on the server needs to create a wiki.
If a service is turned on, clicking the link arrow next to it opens the website for it. 4 If web services are off, click the On/Off switch to turn them on. If web services are off, wikis, web calendars, blogs, and webmail are unavailable. Users can visit your server’s homepage at http://myserver.example.com (replacing the italicized placeholder with your server’s DNS name). There they can click links to see My Page, wikis, blogs, calendars, and webmail.
To publish a custom website: 1 In the Web pane of Server Preferences, click Custom Sites. 2 To add a new website, click the Add (+) button, and then enter the website’s fully qualified DNS name and optionally choose the folder where the website files are stored on the server. Server Preferences creates a website for the DNS name you enter if it isn’t already in use and your DNS service can resolve it to your server’s IP address.
The location of the website folder is shown below the website name in the Custom Sites pane of the Web pane. 4 Make sure the checkbox next to the website is selected and that web services are on. If a website’s checkbox is deselected, the website is unavailable. If web services are off, all custom websites are unavailable. After adding files and folders to the website folder, you can restrict access to all or part of a website. For instructions, see “Restricting Access to a Custom Website” on page 144.
Managing VPN Service Use the VPN pane to turn VPN remote access service on or off, inspect or change the VPN secret, set the IP address range for VPN users, or save a VPN configuration file for Mac OS X users. About VPN Service VPN (virtual private network) service lets users connect to your network from home or other remote locations over the Internet. Users make a secure VPN connection to access services such as file sharing, address book, mail, iChat, iCal, and web.
Both server and client computers must have the shared secret. A computer with Mac OS X v10.6 Snow Leopard can automatically get the shared secret and be set up to make connections to the server’s VPN service. See “Setting Up Users’ Macs Automatically” on page 105. Other Mac and Windows computers can be configured in different ways to connect to the VPN service. See “Setting Up a Mac User’s VPN Connection” on page 115 and “Setting Up a User’s VPN Connection Manually” on page 117.
If you want to allow access to VPN service outside your local network and your local network has a separate firewall device, ask the firewall administrator to open the firewall for the ports and protocols that VPN service uses. For a list of ports, see “Services and Ports” on page 175. Changing the VPN Shared Secret You can use Server Preferences to change the shared secret that the server and a client computer use for authentication when making a VPN connection.
After you change the secret here, all VPN users must make the same change in their VPN configurations. For information about making this change, see “Setting Up a User’s VPN Connection Manually” on page 117. Creating a VPN Configuration File You can use Server Preferences to generate a file that Mac users can open to create a VPN configuration automatically. After creating the VPN configuration, a user can make a VPN connection to the server and its network via the Internet.
When Network preferences or Internet Connect finishes importing the VPN configuration, the user must enter an account name and may enter a password, and whatever the user enters is saved as part of the VPN configuration upon quitting the application. If the user saves both the name and password as part of the VPN configuration, anyone using that computer will then be able to log in automatically for a VPN connection to your server.
To change the IP address range for VPN service: 1 In the VPN pane of Server Preferences, change the first IP address in the range, the last IP address in the range, or both. The range of addresses needs to be large enough for the maximum number of remote computers that will have concurrent VPN connections. VPN service assigns an IP address to a remote computer for the duration of a VPN connection, and reclaims the address when the remote computer disconnects.
By asking users to change their network addresses: mm You can ask VPN users to change the IP addresses on their home networks or other local networks to not begin with the same three numbers as the IP addresses on your local network. For example, if your local IP addresses begin with 192.168.1, ask VPN users to use IP addresses beginning with 192.168.2 on their home networks. Private networks can use addresses beginning with 192.168.0 through 192.168.254, 10.0.0 through 10.254.254, 172.16.0 through 172.31.
For information about changing your server’s IP address, see “Changing Your Server’s IP Address” on page 157. Customizing Services Using Advanced Applications It’s easy to customize basic service settings with Server Preferences, but you can also use Server Admin and the other advanced applications and tools listed in “Advanced Tools and Applications” on page 27. You can use the advanced applications and tools to customize many additional service settings.
Managing Server Information 10 Use Server Preferences to get general information, manage SSL certificates, check service logs, see graphs of server activity, set up storage for users’ Time Machine backups, and change security settings. The System section of Server Preferences includes the Information, Logs, Graphs, Time Machine, and Security panes.
Managing Server Information Use the Information pane of Server Preferences to get information about your server, including the hardware and software installed, network names and address, and serial number. You can also change the server’s computer name and serial number, manage email alerts, and manage SSL certificates. You can see and change other network information in the Network pane of System Preferences on the server.
Changing the Serial Number or Site License Details You can use Server Preferences to change the Mac OS X Server software serial number or site license information. To change the software serial number or site license information: 1 In the Information pane of Server Preferences, click the Edit button next to the Server License information. 2 Enter a different serial number or edit the site license details as needed, and then click Save.
Low disk space: Sends an email when a disk or partition has less than 5 percent free space available. Software updates available: Sends an email when new software updates become available for the server. Certificate expiration warnings: Sends an email when an SSL certificate is about to expire. Virus detected in incoming email: Sends an email when the email virus filter detects a virus. Changing Your Server’s Name You can use Server Preferences to change the server’s computer name.
To change the server’s local hostname, use the Sharing pane of System Preferences on the server. Other computers on the server’s local network (IP subnet) can use the server’s local hostname to contact the server. If you change your server’s local hostname, users of other computers might need to change their bookmarks or other settings to use the server’s new local hostname. For information about using System Preferences, open it and use the Help menu.
Changing your server’s IP address may disrupt the connections of users’ computers that have Mac OS X v10.6 Snow Leopard. If this happens, users need to remove the server from their list of directory servers and then add it back. For more information, see “Setting Up a Mac by Using Accounts Preferences” on page 112.
To use an SSL certificate: 1 In the Information pane of Server Preferences, click the Edit button to the right of SSL Certificate. 2 Select “Use SSL certificate” and then choose an available certificate from the top part of the pop-up menu. If the pop-up menu doesn’t contain any certificates, you can create a self-signed certificate. For instructions, search Server Preferences Help for “self-signed certificate.” If you want to use a previously generated SSL certificate, you can import it.
To obtain a valid signed certificate, you use a self-signed certificate to generate a certificate signing request (CSR) file, which you send to a certificate authority. If your request satisfies the authority, it makes a signed certificate and sends it to you. To obtain a signed certificate: 1 In the Information pane of Server Preferences, click the Edit button to the right of SSL Certificate. 2 Choose the self-signed certificate you want to use from the pop-up menu.
When you receive your SSL certificate from the certificate authority, you can use it to replace your self-signed certificate. For instructions, see “Replacing a Self-Signed Certificate,” next. Replacing a Self-Signed Certificate After you receive a signed certificate from a certificate authority, you can use it to replace your self-signed certificate.
5 Drag the file containing the signed certificate to the middle of the dialog in Server Preferences, and then click Replace Certificate. Managing Users’ Backup Storage Snow Leopard Server offers the security and convenience of Time Machine backup to users with Mac OS X v10.6 Snow Leopard or Mac OS X v10.5 Leopard who need backup storage.
If you change the backup disk, users’ Time Machine preferences that were set to use the server for backup storage will automatically begin using the Backups folder in its new location. However, Mac OS X Server doesn’t copy users’ backup data from the old Backups folder to the new Backups folder. After selecting a different backup disk, you should advise users that their first backup will take longer because it’s a full backup.
You can set up a firewall to protect your local network (IP subnet), or you can manage an AirPort Extreme Base Station (802.11n) or a Time Capsule to protect your local network. Either way, you can individually specify which services will accept incoming connections from computers outside your server’s local network (IP subnet). If you use firewall security (not AirPort management), you can allow incoming connections to all services from outside your server’s local network.
If you’ve changed the NAT options on your AirPort Extreme Base Station or Time Capsule to use your server as the “default host,” you need to use the server’s firewall to control security, not the AirPort management. In this case, do not click “Switch to AirPort management” in the Security pane. By default, an AirPort Extreme Base Station or Time Capsule has the default host option turned off.
If you turn on firewall security and your server gets its Internet connection through a network router, you should configure your router to send all incoming requests for services to your server. For instructions, open Server Preferences Help and search for “making your server the router default host.” To allow all incoming requests for services with firewall security: mm In the Security pane, click the On/Off switch to turn off firewall security.
If you upgraded your server from Mac OS X Server v10.5 Leopard, the application firewall may be active. You need to turn it off in the Security pane of System Preferences before you can manage the IP firewall with the Security pane of Server Preferences. Your server’s firewall and VPN service can both allow access to services from outside your local network. The difference is that VPN service requires authentication for access, but access allowed through the firewall doesn’t require authentication.
Log messages are rather technical and not very meaningful to the average user, but they can help support technicians solve problems. Here are ways you can use the Logs pane: mm Choose a log from the View pop-up menu. The log’s filename and its location on the server are shown above the contents of the log. mm Show only log entries that contain a word or phrase, by typing it in the Filter field at the top of the window.
You can also view Mac OS X Server logs and other logs using the Console application (located in /Applications/Utilities/) on the server. For example, you can use Console to view the console.log file, which contains important messages from applications that are open on the server. For information about using Console, open it and then use the Help menu. Monitoring Server Graphs Use the Graphs pane of Server Preferences to get a picture of server activity over time.
Here are ways you can use the Graphs pane: mm Choose a type of activity and a time period from the pop-up menus. Processor Usage: Monitor the workload of the server’s processor or processors (also called the central processing unit, or CPU). Network Traffic: Track how much incoming and outgoing data the server transfers over the network. Disk Space: See how much space is used and how much is available on each mounted disk or volume (partition).
Learning More 11 More information about using Mac OS X Server is available from onscreen help and the web. Using Onscreen Help You can get task instructions in the onscreen help system while you’re managing Mac OS X Server. You can view help on a server or an administrator computer. (An administrator computer is a Mac OS X computer with Mac OS X Server administration software installed on it. For information, see “Preparing an Administrator Computer” on page 51.
ÂÂ To search for a task you want to perform, use the search field at the top of the Help menu. Server Preferences Help contains all the instructions from this book for managing a server that has its own users and groups or is configured to import users. Server Preferences Help contains additional topics that focus more narrowly than the book on specialized tasks.
ÂÂ To download the latest edition of Getting Started in PDF format, go to the Mac OS X Server Resources website: www.apple.com/server/macosx/resources/ ÂÂ To view an RSS feed listing the latest updates to Getting Started and Mac OS X Server onscreen help, use an RSS reader application such as Safari or Mail and go to: feed://helposx.apple.com/rss/snowleopard/serverdocupdates.
Appendix Services and Ports If your server connects to the Internet through a cable router, DSL router, or other network router, you can configure port forwarding (port mapping) to allow access to some services from the Internet while protecting other services and other computers on your network. Use the following table to determine the port numbers for the services that you want to expose on the Internet. Configure your router to forward only those ports to your server’s IP address.
Service Port TCP or UDP Address Book Server 8800 TCP Address Book Server SSL 8843 TCP iCal Server 8008 TCP iCal Server SSL 8443 TCP iChat Server 5222 TCP iChat Server SSL 5223 TCP iChat server-to-server 5269 TCP iChat Server file transfer 7777 TCP iChat local 5678 UDP iChat audio/video RTP and RTCP 16384–16403 UDP File sharing SMB 139 TCP File sharing AFP 548 TCP Mail service SMTP standard 25 TCP Mail service POP3 110 TCP Mail service IMAP 143 TCP Mail se
Service Port TCP or UDP Web service HTTP 80 TCP Web service HTTPS 443 TCP Web service custom website YourPortNumber TCP VPN L2TP ISAKMP/IKE 500 UDP VPN L2TP 1701 UDP VPN L2TP IKE NAT Traversal 4500 UDP VPN L2TP ESP (firewall only) IP protocol 50 n/a VPN PPTP 1723 TCP Appendix Services and Ports 177
64-bit computing 8 A access folder 128 group 121 LDAP 16 Mobile Access service 17 root permissions 71 user 98, 107 website 144 accounts administrator 70, 71, 84 importing 83, 91, 93, 101 mobile 20 server 84 See also group accounts, user accounts Active Directory 40, 71 Activity Monitor 170 Address Book Server management of 125 overview 16, 42, 126 port mapping 176 setup 114 Index Index addresses.
client computers management of 105 setup 105, 108, 110, 111, 112, 113 shared secret 145, 147 See also users computer name 156 configuration administrator 71, 84 advanced 7, 27, 78, 152 automated 46, 61, 63 DHCP 35 DNS 31 Internet sharing 35, 37, 64, 66 network information 110, 111, 112, 113 overview 31, 35, 36, 39, 42, 46, 49 server software 63, 65, 69, 167 services 42, 46 users 82, 88, 105, 108, 110, 111, 112, 113 contact info, user 97 CSR (Certificate Signing Request) 160, 161 D decrypt
groups access control 121 iChat settings 120 importing 40, 93 management of 39, 40, 41, 119 membership 99, 122, 123 server invitation 102 settings 120 setup 88 shared folder 120 wikis 121 Groups folder 127 H hard disk. See disks hardware requirements 30 help, using 171, 172 home folders 83, 109 homepage 142 hostname, local 157 hosts.
backup storage 162 client management 113 installation considerations 55, 57 IP address changes 158 Mac OS X Server client setup 105, 110, 111, 112, 113 installation 53, 55, 57 introduction 7, 8 overview 8 small business support 18 updating 79 See also servers mail service email addresses 19, 155 junk mail screening 134, 137 management of 134 overview 17, 44 port mapping 176 relay server 135 setup 115 user notifications 101 virus screening 134, 137 webmail 139, 141 welcome messages 100,
remote servers installation 57, 65 monitoring 75 Server Preferences 77 See also VPN requirements, system 30 root user 71 routers, network 36, 150, 175 S Safari 115 secure SHell host. See SSH Secure Sockets Layer.
system requirements 30 T Time Capsule. See AirPort Extreme Base Station Time Machine 20, 78, 95, 162 U UCE (unsolicited commercial email).