034-2346_Cvr 9/12/03 10:24 AM Page 1 Mac OS X Server File Services Administration For Version 10.
LL2346.Book Page 2 Friday, August 22, 2003 2:38 PM Apple Computer, Inc. © 2003 Apple Computer, Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. The Apple logo is a trademark of Apple Computer, Inc.
LL2346.
LL2346.
LL2346.
LL2346.
LL2346.
LL2346.
LL2346.Book Page 9 Friday, August 22, 2003 2:38 PM 1 About File Services 1 This chapter gives an overview of Mac OS X Server file services, important concepts, and related security issues. Overview File services let clients of the Mac OS X Server access shared files, applications, and other resources over a network.
LL2346.Book Page 10 Friday, August 22, 2003 2:38 PM Privileges Privileges specify the type of access users have to shared items. There are four types of access privileges you can assign to a share point, folder, or file: Read & Write, Read Only, Write Only, and None. The table below shows how the privileges affect user access to different types of shared items (files, folders, and share points).
LL2346.Book Page 11 Friday, August 22, 2003 2:38 PM Explicit Privileges Share points and the shared items they contain (including both folders and files) have separate privileges. If you move an item to a different folder, it retains its own privileges and doesn’t automatically adopt the privileges of the folder where you moved it.
LL2346.Book Page 12 Friday, August 22, 2003 2:38 PM Hierarchy of Privileges If a user is included in more than one category of users, each of which has different privileges, these rules apply: • Group privileges override Everyone privileges. • Owner privileges override Group privileges. For example, when a user is both the owner of a shared item and a member of the group assigned to it, the user has the privileges assigned to the owner.
LL2346.Book Page 13 Friday, August 22, 2003 2:38 PM Customizing the Mac OS X Network Globe The Network globe you find at the top level of a Mac OS X Finder window contains shared network resources. You can customize the contents of the Network globe to suit your clients by setting up automatically-mounting share points. You can provide automatic access to system resources such as fonts and preferences by automatically mounting share points containing them in specific directory locations.
LL2346.Book Page 14 Friday, August 22, 2003 2:38 PM Security Considerations Security of your data and your network is critical. The most effective method of securing your network is to assign appropriate privileges for each file, folder, and share point as you create it. Be careful when creating and granting access to share points, especially if you’re connected to the Internet. Granting access to Everyone, or to World (in NFS service), could potentially expose your data to anyone on the Internet.
LL2346.Book Page 15 Friday, August 22, 2003 2:38 PM For More Information About File Services For more information about the protocols used by file services, see these resources: • Apple Filing Protocol (AFP) www.apple.com/developer/ • Server Message Block (SMB) protocol (for Windows file services) www.samba.org • FTP You can find a Request for Comments (RFC) document about FTP at www.faqs.org/rfcs/rfc959.html. To obtain the UNIX manual pages for FTP, open the Terminal application in Mac OS X.
LL2346.
LL2346.Book Page 17 Friday, August 22, 2003 2:38 PM 2 Setting Up Share Points 2 This chapter shows how to share specific volumes and directories via the AFP, SMB, FTP, and NFS protocols. Overview You use the Sharing module of Workgroup Manager to share information with clients of the Mac OS X Server and control access to shared information by assigning access privileges. To share individual folders or entire volumes that reside on the server, you set up share points.
LL2346.Book Page 18 Friday, August 22, 2003 2:38 PM Decide on Which Protocols to Use You also need to know which protocols clients will use to access the share points.
LL2346.Book Page 19 Friday, August 22, 2003 2:38 PM Opportunistic Locking (oplocks) SMB share points in Mac OS X Server support the improved performance offered by opportunistic locking (“oplocks”). In general, file locking prevents multiple clients from modifying the same information at the same time; a client locks the file or part of the file to gain exclusive access.
LL2346.Book Page 20 Friday, August 22, 2003 2:38 PM Setup Overview You use the Sharing module of Workgroup Manager to create share points and set privileges for them. Here is an overview of the basic steps for setting up share points: Step 1: Read “Before You Begin” Read “Before You Begin” on page 17 for issues you should consider before sharing information on your network. Step 2: Locate or create the information you want to share Decide which volumes, partitions, or folders you want to share.
LL2346.Book Page 21 Friday, August 22, 2003 2:38 PM Setting Up a Share Point This section describes: • How to create share points • How to set share point access privileges • How to share using specific protocols (AFP, SMB, FTP, or NFS) • How to automatically mount share points on clients’ desktops You use Workgroup Manager to accomplish these tasks. See “Managing Share Points” on page 30 for additional tasks that you might perform after you have set up sharing on your server.
LL2346.Book Page 22 Friday, August 22, 2003 2:38 PM Creating a Share Point and Setting Privileges You use the Sharing module of Workgroup Manager to share volumes (including disks, CDs and DVDs), partitions, and individual folders by setting up share points. Note: Don’t use a slash (/) in the name of a folder or volume you plan to share. Users trying to access the share point might have trouble seeing it. To create a share point and set privileges: 1 Open Workgroup Manager and click Sharing.
LL2346.Book Page 23 Friday, August 22, 2003 2:38 PM Changing Apple File Settings for a Share Point You can use Workgroup Manager to choose whether a share point is available via AFP and to change settings such as the share point name that AFP clients see, whether guest access is allowed, or the permissions model for new items. The default settings for a new share point should make it readily accessible to Mac OS 8, Mac OS 9, and Mac OS X clients.
LL2346.Book Page 24 Friday, August 22, 2003 2:38 PM Changing Windows (SMB) Settings for a Share Point You can use Workgroup Manager to set whether a share point is available via SMB and to change settings such as the share point name that SMB clients see, whether guest access is allowed, whether opportunistic locking is allowed, and the default privileges for new items. To change the settings of an SMB share point: 1 Open Workgroup Manager and click Sharing. 2 Click Share Points and select the share point.
LL2346.Book Page 25 Friday, August 22, 2003 2:38 PM Changing FTP Settings for a Share Point You can use Workgroup Manager to set whether a share point is available via FTP and to change settings such as whether guest access is allowed and the share point name that FTP clients see. To change the settings of an FTP share point: 1 Open Workgroup Manager and click Sharing. 2 Click Share Points and select the share point. 3 Click Protocols and choose FTP Settings from the pop-up menu.
LL2346.Book Page 26 Friday, August 22, 2003 2:38 PM Setting Up an NFS Share Point You can use NFS to export share points to UNIX clients. (Export is the NFS term for sharing.) Note: Don’t use spaces or slashes (/) in the name of a share point you plan to export using NFS. Spaces and slashes in volume names can cause access problems for NFS clients.
LL2346.Book Page 27 Friday, August 22, 2003 2:38 PM 5 Select “Map Root user to nobody” if you want the root user on a remote client to have only minimal privileges to read, write, and execute commands. 6 Select “Map All users to nobody” if you want all users to have minimal privileges to read, write, and execute. 7 Select “Read-only” if you don’t want client users to be able to modify the contents of the shared item in any way. 8 Click Save.
LL2346.Book Page 28 Friday, August 22, 2003 2:38 PM 4 On the AFP server, create a mount record that mounts the reshared volume in the /nfs_reshares directory. a Open NetInfo Manager, select mounts in the directory browser window, click the lock at the lower left corner of the window and enter your administrator password. Note: To authenticate in NetInfo Manager, you must use an administrator account with a basic password.
LL2346.Book Page 29 Friday, August 22, 2003 2:38 PM Automatically Mounting Share Points for Clients You can mount share points automatically on client computers using network mounts. You can automatically mount AFP or NFS share points. When you set a share point to automatically mount, a mount record is created in the Open Directory database. Be sure you create these records in the same shared domain in which the user and computer records exist.
LL2346.Book Page 30 Friday, August 22, 2003 2:38 PM Managing Share Points This section describes typical day-to-day tasks you might perform after you have set up share points on your server. Initial setup information appears in “Setting Up a Share Point” on page 21. Disabling a Share Point To stop sharing a particular share point, you use the Sharing module of Workgroup Manager to remove it from the Share Points list.
LL2346.Book Page 31 Friday, August 22, 2003 2:38 PM Viewing Share Points You can use the Sharing module of Workgroup Manager to view share points and their contents. To view share points on a server: 1 Open Workgroup Manager and click Sharing. 2 Click Share Points. Select an item in the list to see its contents. Use the scroll bar at the bottom to move up or down in the directory hierarchy.
LL2346.Book Page 32 Friday, August 22, 2003 2:38 PM Changing Share Point Owner and Privilege Settings You use the Workgroup Manager to view and change the owner and privileges for a share point. To change privileges for a share point: 1 Open Workgroup Manager and click Sharing. 2 Click Share Points and select the share point you want to update. 3 Click General. Change the owner and group of the shared item by typing names into those fields or by dragging names from the Users & Groups drawer.
LL2346.Book Page 33 Friday, August 22, 2003 2:38 PM Changing NFS Share Point Client Scope You can use the Protocols pane of Workgroup Manager to restrict the clients that can access an NFS export. To change authorized NFS clients: 1 Open Workgroup Manager and click Sharing. 2 Click Share Points and select the NFS share point. 3 Click Protocols and choose NFS Export Settings from the pop-up menu.
LL2346.Book Page 34 Friday, August 22, 2003 2:38 PM Setting Up a Drop Box A drop box is a shared folder with permissions set so that anyone can copy files into the folder, but only the owner can read them. Note: Create drop boxes only within AFP share points. AFP is the only protocol that automatically changes the owner of any file put into the drop box to be the same as the owner of the drop box.
LL2346.Book Page 35 Friday, August 22, 2003 2:38 PM Using Workgroup Manager With Mac OS X Server Version 10.1.5 Workgroup Manager is available only on Mac OS X Server version 10.2 or later. If you want to use Workgroup Manager to edit account information on a Mac OS X Server version 10.1.5, you must access that server remotely from a computer running Mac OS X Server version 10.2 and log in as a root user.
LL2346.
LL2346.Book Page 37 Friday, August 22, 2003 2:38 PM 3 AFP Service 3 This chapter shows how to set up and manage AFP service in Mac OS X Server. General Information AFP (Apple Filing Protocol) service allows Macintosh clients to connect to your server and access folders and files as if they were located on their own computers. AFP service uses version 3.1 of AFP, which supports new features such as Unicode file names and 64-bit file sizes.
LL2346.Book Page 38 Friday, August 22, 2003 2:38 PM Automatic Reconnect Mac OS X Server provides the ability to automatically reconnect Mac OS X clients that have become idle or gone to sleep. When clients become idle or go to sleep, the Mac OS X Server disconnects those clients to free up server resources. Mac OS X Server can save Mac OS X client sessions, however, allowing these clients to resume work on open files without loss of data.
LL2346.Book Page 39 Friday, August 22, 2003 2:38 PM Setting Up AFP Service If you allowed the Server Assistant to start AFP service when you installed Mac OS X Server, you don’t have to do anything else. However, you should check to see if the default service settings meet your needs. The following section steps you through each of the Apple file service settings.
LL2346.Book Page 40 Friday, August 22, 2003 2:38 PM Changing General Settings You use the General pane of AFP service settings to enable automatic startup, enable browsing with Network Service Location or AppleTalk, and create a login greeting for your users. To configure AFP service General settings: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Settings, then click General.
LL2346.Book Page 41 Friday, August 22, 2003 2:38 PM Changing Access Settings The Access pane of AFP Settings in Server Admin lets you control client connections and guest access. To configure AFP service Access settings: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Settings, then click Access. 3 Choose the authentication method you want to use: Standard, Kerberos, or Any Method. 4 To allow unregistered users to access AFP share points, select “Enable Guest access.
LL2346.Book Page 42 Friday, August 22, 2003 2:38 PM Changing Logging Settings You use the Logging pane of the Apple File Service settings in Server Admin to configure and manage service logs. To configure Apple file service Logging settings: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Settings, then click Logging. 3 To keep a record of users who connect to the server using AFP, select “Enable Access log.
LL2346.Book Page 43 Friday, August 22, 2003 2:38 PM Changing Idle User Settings You use the Idle Users pane of Apple File Service settings to specify how your server handles idle users. An idle user is someone who is connected to the server but whose connection has been inactive a predefined period of time. If a client is idle or asleep for longer than the specified idle time, open files are closed, they are disconnected, and any unsaved work is lost.
LL2346.Book Page 44 Friday, August 22, 2003 2:38 PM Starting AFP Service You start the AFP service to make AFP share points available to your client users. To start Apple file service: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Start Service (near the top of the window). The service will run until you stop it and will restart automatically if your server is restarted for any reason.
LL2346.Book Page 45 Friday, August 22, 2003 2:38 PM Viewing Service Logs You use Server Status to view the error and access logs for AFP service (if you have enabled them). To view logs: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Logs and use the Show pop-up menu to choose between the access and error logs. To enable logging, click Settings (near the bottom of the window), then click Logging.
LL2346.Book Page 46 Friday, August 22, 2003 2:38 PM Enabling NSL and Rendezvous Browsing You can register the service with Network Service Locator (NSL) and Rendezvous to allow users to find the server by browsing through available servers. Otherwise, users must type the server’s host name or IP address when connecting. To register with NSL and Rendezvous: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click General, select “Enable Rendezvous registration,” and click Save.
LL2346.Book Page 47 Friday, August 22, 2003 2:38 PM Limiting Connections If your server provides a variety of services, you can prevent a flood of users from affecting the performance of those services by limiting the number of clients and guests who can connect at the same time. To set the maximum number of connections: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Settings, then click Access and look under “Maximum Connections.
LL2346.Book Page 48 Friday, August 22, 2003 2:38 PM Archiving AFP Service Logs You can periodically save the active logs and open new logs. To set how often logs are archived: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Settings (near the bottom of the window), then click Logging. 3 Select “Archive every __ days” and type the number of days to specify how often the log file contents are saved to an archive.
LL2346.Book Page 49 Friday, August 22, 2003 2:38 PM Disconnecting Idle Users Automatically You can set AFP service to automatically disconnect users who have not used the server for a period of time. To set how the server handles idle users: 1 Open Server Admin and select AFP in the Computers & Services list. 2 Click Settings (near the bottom of the window), then click Idle Users.
LL2346.Book Page 50 Friday, August 22, 2003 2:38 PM Allowing Guest Access Guests are users who can see information on your server without using a name or password to log in. For better security, don’t allow guest access. After enabling guest access for the service, you’ll need to enable guest access for specific share points. See “Allowing Guest Access to a Share Point” on page 33. To enable guest access: 1 Open Server Admin and select AFP in the Computers & Services list.
LL2346.Book Page 51 Friday, August 22, 2003 2:38 PM Supporting AFP Clients This section describes how client computer can access Mac OS X Server AFP share points. Mac OS X Clients AFP service requires the following Mac OS X system software: • TCP/IP connectivity • AppleShare 3.7 or later Go to the Apple support website at www.apple/support/ to find out the latest version of AppleShare client software supported by Mac OS X.
LL2346.Book Page 52 Friday, August 22, 2003 2:38 PM Setting Up a Mac OS X Client to Mount a Share Point Automatically As an alternative to using the network mount feature of AFP or NFS, Mac OS X clients can set their computers to mount server volumes automatically. To set a Mac OS X version 10.2.6 or earlier client computer to mount a server volume automatically: 1 Log in to the client computer as the user and mount the volume. 2 Open System Preferences and click Login Items.
LL2346.Book Page 53 Friday, August 22, 2003 2:38 PM Mac OS 8 and Mac OS 9 Clients Apple file service requires the following Mac OS 8 or 9 system software: • Mac OS 8 (version 8.6) or Mac OS 9 (version 9.2.2) • TCP/IP • AppleShare Client 3.83 or later Go to the Apple support website at www.apple/support/ to find out the latest version of AppleShare client software supported by Mac OS 8 and Mac OS 9.
LL2346.
LL2346.Book Page 55 Friday, August 22, 2003 2:38 PM 4 Windows Service 4 This chapter shows how to set up and manage the Windows file service in Mac OS X Server.
LL2346.Book Page 56 Friday, August 22, 2003 2:38 PM Before You Set Up Windows Services If you plan to provide Windows services from Mac OS X Server, read the following sections for issues you should keep in mind. You should also check the Microsoft documentation for your version of Windows to find out more about the capabilities of the client software.
LL2346.Book Page 57 Friday, August 22, 2003 2:38 PM Setting Up Windows Services You set up Windows services by configuring four groups of settings: • General Specify your computer name and workgroup name, and choose the role of the server in associated Windows domains. • Access Limit the number of clients and control guest access. • Logging Choose how much information is recorded in the service log.
LL2346.Book Page 58 Friday, August 22, 2003 2:38 PM Changing General Settings You can use the General pane of the Windows service settings in Server Admin to provide a server description, name, and workgroup and specify the server’s role in its domain. To configure Windows service General settings: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Settings, then click General. 3 To specify how your server participates in the local domain, choose from the Role popup menu.
LL2346.Book Page 59 Friday, August 22, 2003 2:38 PM Changing Access Settings You can use the Access pane of the Windows service settings in Server Admin to allow guest users or limit the number of simultaneous client connections. To configure Windows service Access settings: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Settings (near the bottom of the window), then click Access (near the top).
LL2346.Book Page 60 Friday, August 22, 2003 2:38 PM Changing Advanced Settings You can use the Advanced pane of the Windows service settings in Server Admin to choose a client code page, set the server to be a workgroup or domain master browser, specify the server’s WINS registration, and enable virtual share points for user homes. To configure Windows services Advanced settings: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Settings, then click Advanced.
LL2346.Book Page 61 Friday, August 22, 2003 2:38 PM Starting Windows Service You can use Server Admin to start Windows service. To start Windows services: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Start Service. From the Command Line You can also start Windows service using the serveradmin command in Terminal. For more information, see the file services chapter of the command-line administration guide.
LL2346.Book Page 62 Friday, August 22, 2003 2:38 PM Changing the Windows Server Name The default server name is the NetBIOS name of the Windows file server. The name should contain no more than 15 characters and no special characters or punctuation. To change the file server name: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Settings, then click General. 3 In the Computer Name field, type the server name you want users to see when they connect.
LL2346.Book Page 63 Friday, August 22, 2003 2:38 PM Checking Service Status You can use Server Admin to check the status of Windows service. To view Windows services status: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Overview to see whether the service is running and how many users are connected. 3 Click Logs to see the Windows file service and name service logs. Use the Show pop-up menu to choose which log to view.
LL2346.Book Page 64 Friday, August 22, 2003 2:38 PM From the Command Line You can also change WINS settings using the serveradmin command in Terminal. For more information, see the file services chapter of the command-line administration guide. Enabling Domain Browsing If there are no Microsoft servers on your subnet or network to control domain browsing, you can use these options to restrict domain browsing to a single subnet or allow browsing across your network.
LL2346.Book Page 65 Friday, August 22, 2003 2:38 PM Allowing Guest Access Guests are users who can see information on your server without using a name or password to log in. For better security, do not allow guest access. To enable guest access to the server: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Settings, then click Advanced. 3 Under Access, select “Allow Guest access.” 4 Click Save.
LL2346.Book Page 66 Friday, August 22, 2003 2:38 PM Disconnecting a User You can use Server Admin to disconnect Windows users. Important: Users who are disconnected will lose unsaved work in open files. To disconnect a user: 1 Open Server Admin and select Windows in the Computers & Services list. 2 Click Connections. 3 Select the user and click Disconnect. From the Command Line You can also disconnect a Windows client using the serveradmin command in Terminal.
LL2346.Book Page 67 Friday, August 22, 2003 2:38 PM Connecting to the Server Using Network Neighborhood Before trying to connect to the server from a Windows client computer, find out the workgroup or domain of both the client computer and the file server. You can find the workgroup name of a Windows client computer in the computer’s Network Neighborhood window. To find the server’s workgroup name, open Server Admin, click Windows in the Computers & Services list, click Settings, then click General.
LL2346.
LL2346.Book Page 69 Friday, August 22, 2003 2:38 PM 5 NFS Service 5 This chapter shows how to set up and manage the NFS file service in Mac OS X Server. Overview Network File System is the protocol used for file services on UNIX computers. Use NFS to provide file service for your UNIX clients (other than Mac OS X clients). You can export a shared item to a set of client computers or to “World.” Exporting an NFS volume to World means that anyone who can access your server can also access that volume.
LL2346.Book Page 70 Friday, August 22, 2003 2:38 PM Before You Set Up NFS Service Be sure to consider the security implications of exporting in NFS before you set up NFS service. Security Considerations NFS was created for a secure networking environment, in which you can trust the client computer users and the people who administer the clients.
LL2346.Book Page 71 Friday, August 22, 2003 2:38 PM Setup Overview Here is an overview of the major steps for setting up NFS service. Step 1: Before You Begin Read “Before You Set Up NFS Service” on page 70 for issues you should keep in mind when you set up NFS service. Step 2: Configure NFS settings The NFS settings let you set the maximum number of daemons and choose how you want to serve clients—via TCP, UDP, or both. See “Configuring NFS Settings” on page 72.
LL2346.Book Page 72 Friday, August 22, 2003 2:38 PM Setting Up NFS Service You can use Server Admin to change some NFS service settings. Configuring NFS Settings The NFS settings let you set the maximum number of daemons and choose how you want to serve clients—via TCP, UDP, or both. To configure NFS settings: 1 Open Server Admin and select NFS in the Computers & Services list. 2 Click Settings (near the bottom of the window).
LL2346.Book Page 73 Friday, August 22, 2003 2:38 PM Managing NFS Service This section tells you how to perform day-to-day management tasks for NFS service once you have it up and running. Starting and Stopping NFS Service When the server starts up, a startup script checks to see if any NFS exports are defined; if so, NFS starts automatically. If NFS is not running and you add exports, wait a few seconds for the service to launch. m To stop NFS service: Delete all exports.
LL2346.Book Page 74 Friday, August 22, 2003 2:38 PM Viewing Current NFS Exports You can use the Terminal application to view a list of the current NFS exports. m To view current NFS exports: In Terminal, type showmount -e. If this command does not return results within a few seconds, there are no exports and the process is blocked (hung). Press Control-C to exit the showmount command and return to an active command line in your Terminal window.
LL2346.Book Page 75 Friday, August 22, 2003 2:38 PM 6 FTP Service 6 This chapter shows how to set up and manage File Transfer Protocol (FTP) service in Mac OS X Server. Overview FTP (File Transfer Protocol) is a simple way for computers of any type to transfer files over the Internet. Someone using any computer that supports FTP or an FTP client application can connect to your FTP server and upload or download files (depending on the permissions you set).
LL2346.Book Page 76 Friday, August 22, 2003 2:38 PM FTP Users FTP supports two types of users: • Authenticated users have accounts on your server (and might even have their home directories stored on the server). Some FTP software refers to these as real users. An authenticated user must provide a user name and password to access server files using FTP. You use the Accounts module of Workgroup Manager to review or set up authenticated users. • Anonymous users do not have accounts on your server.
LL2346.Book Page 77 Friday, August 22, 2003 2:38 PM FTP Root and Share Points The “FTP Root and Share Points” option gives access—for both authenticated and anonymous users—to the FTP root and any FTP share points to which the users have access privileges, as shown in the following figure.
LL2346.Book Page 78 Friday, August 22, 2003 2:38 PM Home Directory With Share Points When the user environment option is set to “Home Directory with Share Points,” authenticated users log in to their home directories and have access to the FTP root by means of a symbolic link automatically created in their home directories. Users access other FTP share points through symbolic links in the FTP root. As always, access to the FTP share points is controlled by user access privileges.
LL2346.Book Page 79 Friday, August 22, 2003 2:38 PM Home Directory Only When you choose this option, authenticated users are confined to their home directories and do not have access to the FTP root or other FTP share points, as shown in the following illustration.
LL2346.Book Page 80 Friday, August 22, 2003 2:38 PM On-the-Fly File Conversion FTP service in Mac OS X Server allows users to request compressed or decompressed versions of information on the server. A file-name suffix such as “.Z” or “.gz” indicates that the file is compressed. If a user requests a file called “Hamlet.txt” and the server only has a file named “Hamlet.txt.Z,” it knows that the user wants the decompressed version, and delivers it to the user in that format.
LL2346.Book Page 81 Friday, August 22, 2003 2:38 PM Before You Set Up FTP Service Consider the type of information you need to share and who your clients are when determining whether or not to offer FTP service. FTP works well when you want to transfer large files such as applications and databases. In addition, if you want to allow guest (anonymous) users to download files, FTP is a secure way to provide this service.
LL2346.Book Page 82 Friday, August 22, 2003 2:38 PM Setup Overview Here is an overview of the basic steps for setting up FTP service. Step 1: Before You Begin Read “Before You Set Up FTP Service” on page 81 for issues you should keep in mind when you set up FTP service. Step 2: Configure FTP General settings The General settings let you display banner and welcome messages, set the number of login attempts, and provide an administrator email address. See “Changing General Settings” on page 83.
LL2346.Book Page 83 Friday, August 22, 2003 2:38 PM Setting Up File Transfer Protocol (FTP) Service You use the Server Admin application to set up and enable FTP service. Changing General Settings You can use the General settings to limit the number of login attempts, provide an administrator email address, and limit the number and type of users. Changes you make to FTP service settings affect only new connections. Users who are currently connected will not see the changes.
LL2346.Book Page 84 Friday, August 22, 2003 2:38 PM Changing the Greeting Messages Users see the banner message when they first contact your server (before they log in) and the welcome message when they log in. To change the banner and welcome messages: 1 Open Server Admin and select FTP in the Computers & Services list. 2 Click Settings (near the bottom of the window), then click Messages. 3 Edit the message text. 4 Select “Show banner message” and “Show welcome message.” 5 Click Save.
LL2346.Book Page 85 Friday, August 22, 2003 2:38 PM Changing Advanced Settings The Advanced settings let you specify the directories that FTP users can access. You can change the FTP root directory and choose whether users see the FTP root and share points, home directories and share points, or home directories only. To configure the FTP Advanced settings: 1 Open Server Admin and select FTP in the Computers & Services list. 2 Click Settings (near the bottom of the window), then click Advanced.
LL2346.Book Page 86 Friday, August 22, 2003 2:38 PM Starting FTP Service Start FTP file service to make the service available to your client users. To start FTP service: 1 Open Server Admin and select FTP in the Computers & Services list. 2 Click Start Service (near the top of the window). From the Command Line You can also start the FTP service using the serveradmin command in Terminal. For more information, see the file services chapter of the command-line administration guide.
LL2346.Book Page 87 Friday, August 22, 2003 2:38 PM Allowing Anonymous User Access You can allow guests to log in to your FTP server with the user name “ftp” or “anonymous.” They don’t need a password to log in, but they will be prompted to enter an email address. For better security, do not enable anonymous access. To allow anonymous FTP service: 1 Open Server Admin and select FTP in the Computers & Services list. 2 Click Settings (near the bottom of the window), then click General.
LL2346.Book Page 88 Friday, August 22, 2003 2:38 PM Changing the FTP Root Directory The Advanced settings allow you to change the path to the FTP root directory. To specify a different FTP root: 1 If it doesn’t already exist, create the directory you want to use and configure it as an FTP share point. 2 Open Server Admin and select FTP in the Computers & Services list. 3 Click Settings (near the bottom of the window), then click Advanced.
LL2346.Book Page 89 Friday, August 22, 2003 2:38 PM Displaying Banner and Welcome Messages FTP service in Mac OS X Server lets you greet users who contact or log in to your server. Note: Some FTP clients may not display the message in an obvious place, or they may not display it at all. For example, in recent releases of the FTP client Fetch, you set a preference to display server messages. The banner message is displayed when a user first contacts the server, before they log in.
LL2346.
LL2346.Book Page 91 Friday, August 22, 2003 2:38 PM 7 Solving Problems 7 This chapter lists possible solutions to common problems you might encounter working with the file services in Mac OS X Server. General Problems Users Can’t Access a CD-ROM Disc • Make sure the CD-ROM disc is a share point. • If you share multiple CDs, make sure each CD is shared using a unique name in the Sharing pane. Users Can’t Find a Shared Item • If a user can’t find a shared item, check the access privileges for the item.
LL2346.Book Page 92 Friday, August 22, 2003 2:38 PM Solving Problems With Apple File Service User Can’t Find the Apple File Server • Make sure the network settings are correct on the user’s computer and on the computer that is running Apple file service. If you can’t connect to other network resources from the user’s computer, the network connection may not be working. • Make sure the file server is running. You can use a “pinging” utility to check whether the server is operating.
LL2346.Book Page 93 Friday, August 22, 2003 2:38 PM Solving Problems With Windows Services User Can’t See the Windows Server in the Network Neighborhood • Make sure users’ computers are properly configured for TCP/IP and have the appropriate Windows networking software installed. • Enable guest access for Windows users. • Go to the DOS prompt on the client computer and type ping , where is your server’s address. If the ping fails, then there is a TCP/IP problem.
LL2346.Book Page 94 Friday, August 22, 2003 2:38 PM Solving Problems With File Transfer Protocol (FTP) FTP Connections Are Refused • • • • • • • • • Verify that the user is entering the correct DNS name or IP address for the server. Make sure FTP service is turned on. Make sure the user has appropriate access privileges to the shared volume. See if the maximum number of connections has been reached. To do this, open Server Admin, select FTP in the Computers & Services list, and click Overview.
LL2346.Book Page 95 Friday, August 22, 2003 2:38 PM Solving Problems With Home Directories Users Can’t Open Their Home Directories • Make sure the share point used for home directories is set up as a network mount for home directories in Workgroup Manager. • Make sure the share point is created in the same Open Directory domain as your user accounts. • Make sure the client computer is set to use the correct Open Directory domain using Directory Access.
LL2346.
Glossary Glossary LL2346.Book Page 97 Friday, August 22, 2003 2:38 PM AFP (Apple Filing Protocol) A client/server protocol used by Apple file service on Macintosh-compatible computers to share files and network services. AFP uses TCP/IP and other protocols to communicate between computers on a network. drop box A shared folder with privileges that allow other users to write to, but not read, the folder’s contents. Only the owner has full access. Drop boxes should only be created using AFP.
LL2346.Book Page 98 Friday, August 22, 2003 2:38 PM owner The person who created a file or folder and who therefore has the ability to assign access privileges for other users. The owner of an item automatically has read/write privileges for that item. An owner can also transfer ownership of an item to another user. privileges Settings that define the kind of access users have to shared items.
LL2346.Book Page 99 Friday, August 22, 2003 2:38 PM .bin (MacBinary) format 80, 83 FTP auto-conversion 83 A access logs AFP service 42 access privileges.
LL2346.Book Page 100 Friday, August 22, 2003 2:38 PM E error logs AFP service 42, 48 everyone privileges 11 exporting NFS share point 26 extensions, filename 80 F file name extensions 80 files compressed 80 conversion in FTP 80 with resource forks (FTP) 80, 83 file services other information sources 15 overview 9 related applications 9 file sharing planning 14 security 14 File Transfer Protocol.
LL2346.Book Page 101 Friday, August 22, 2003 2:38 PM M P MacBinary (.bin) format 80, 83 FTP auto-conversion 83 Mac OS systems cross-platform guidelines 56 masquerading 41 mounting share points network (automatic) mounts 13, 29 passive mode FTP 94 passwords file servers 92 Password Server 93 recommended for Windows 56 password validation for Windows 56 permissions on AFP share points 23 port 548 used by AFP service 92 privileges administrator 11 copying 31 everyone 11 explicit 11 explicit vs.
LL2346.
LL2346.
