Mac OS X Server File Services Administration For Version 10.5 Leopard K Apple Inc. © 2007 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Inc. is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the "keyboard" Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleShare, AppleTalk, Bonjour, ColorSync, Mac, Macintosh, QuickTime, Xgrid, Xsan, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Finder and Spotlight are trademarks of Apple Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. 019-0933/2007-09-01 1 Contents Preface 9 9 9 10 11 12 12 13 13 15 15 16 16 17 17 17 17 19 19 20 20 22 24 24 24 25 25 28 29 30 31 About This Guide What's New in File Services What's in This Guide Using Onscreen Help Mac OS X Server Administration Guides Viewing PDF Guides on Screen Printing PDF Guides Getting Documentation Updates Getting Additional Information Understanding File Services Protocol Overview Protocol Comparison Protocol Security Comparison Deployment Planning Determining the Best Protocol for Your Needs Determining Hardware Requirements for Your Needs Planning for Outages and Failovers Setting Up File Service Permissions Permissions in the Mac OS X Environment Kinds of Permissions Standard Permissions ACLs Supported Volume Formats and Protocols Access Control Entries (ACEs) What's Stored in an ACE Explicit and Inherited ACEs Understanding Inheritance Rules of Precedence Tips and Advice Common Folder Configurations File Services Access Control Chapter 1 Chapter 2 3 32 32 32 32 32 32 33 33 Chapter 3 35 35 36 36 36 37 37 37 38 38 38 39 39 39 40 41 42 43 44 46 47 48 48 48 49 49 50 50 55 56 56 57 58 58 Customizing Shared Network Resources Share Points in the Network Folder Adding System Resources to the Network Library Folder Security Considerations Restricting Access to File Services Restricting Access to Everyone Restricting Access to NFS Share Points Restricting Guest Access Setting Up Share Points Share Points and the Mac OS X Network Folder Automounting Share Points and Network Home Folders Setup Overview Before Setting Up a Share Point Client Privileges File Sharing Protocols Shared Information Organization Security Network Home Folders Disk Quotas Setting Up a Share Point Creating a Share Point Setting Privileges Changing AFP Settings for a Share Point Changing SMB Settings for a Share Point Changing FTP Settings for a Share Point Exporting an NFS Share Point Resharing NFS Mounts as AFP Share Points Automatically Mounting Share Points for Clients Managing Share Points Checking File Sharing Status Disabling a Share Point Disabling a Protocol for a Share Point Viewing Share Point Configuration and Protocol Settings Viewing Share Point Content and Privileges Managing Share Point Access Privileges Changing the Protocols Used by a Share Point Changing NFS Share Point Client Access Enabling Guest Access to a Share Point Setting Up a Drop Box Setting Up a Network Library Using Mac OS X Server for Network Attached Storage 4 Contents 60 61 61 62 62 62 Chapter 4 65 65 66 66 66 66 67 67 68 68 69 70 71 72 72 72 73 73 74 74 75 75 76 77 77 78 78 79 79 80 80 80 81 82 83 83 Configuring Spotlight for Share Points Configuring Time Machine Backup Destination Monitoring Share Point Quotas Setting SACL Permissions Setting SACL Permissions for Users and Groups Setting SACL Permissions for Administrators Working with AFP Service Kerberos Authentication Automatic Reconnect Find Content AppleTalk Support AFP Service Specifications Setup Overview Turning AFP Service On Setting Up AFP Service Configuring General Settings Configuring Access Settings Configuring Logging Settings Configuring Idle Users Settings Starting AFP Service Managing AFP Service Checking AFP Service Status Viewing AFP Service Logs Viewing AFP Graphs Viewing AFP Connections Stopping AFP Service Enabling Bonjour Browsing Limiting Connections Keeping an Access Log Disconnecting a User Automatically Disconnecting Idle Users Sending a Message to a User Enabling Guest Access Creating a Login Greeting Integrating Active Directory and AFP Services Supporting AFP Clients Mac OS X Clients Connecting to the AFP Server in Mac OS X Changing the Default User Name for AFP Connections Setting Up a Mac OS X Client to Automatically Mount a Share Point Connecting to the AFP Server from Mac OS 8 and Mac OS 9 Clients Setting up a Mac OS 8 or Mac OS 9 Client to Automatically Mount a Share Point Contents 5 83 84 86 87 88 88 89 89 90 90 91 Chapter 5 93 93 94 95 95 96 97 98 98 99 100 100 100 101 101 102 102 103 103 104 104 105 105 106 106 106 107 107 108 Configuring IP Failover IP Failover Overview Acquiring Master Address--Chain of Events Releasing Master Address--Chain of Events IP Failover Setup Connecting the Master and Backup Servers to the Same Network Connecting the Master and Backup Servers Together Configuring the Master Server for IP Failover Configuring the Backup Server for IP Failover Configuring the AFP Reconnect Server Key Viewing the IP Failover Log Working with SMB Service File Locking with SMB Share Points Setup Overview Turning On SMB Service Setting Up SMB Service Configuring General Settings Configuring Access Settings Configuring Logging Settings Configuring Advanced Settings Starting SMB Service Managing SMB Service Viewing SMB Service Status Viewing SMB Service Logs Viewing SMB Graphs Viewing SMB Connections Stopping SMB Service Enabling or Disabling Virtual Share Points Working with NFS Service Setup Overview Before Setting Up NFS Service Turning On NFS Service Setting Up NFS Service Configuring NFS Settings Starting NFS Service Managing NFS Service Checking NFS Service Status Viewing NFS Connections Stopping NFS Service Viewing Current NFS Exports Chapter 6 6 Contents Chapter 7 109 109 110 110 110 113 114 114 114 115 116 116 116 116 117 118 119 119 119 120 120 120 121 121 122 122 122 123 123 124 124 125 125 125 125 126 126 126 126 126 127 127 Working with FTP Service A Secure FTP Environment FTP Users The FTP Root Folder FTP User Environments On-the-Fly File Conversion Kerberos Authentication FTP Service Specifications Setup Overview Before Setting Up FTP Service Server Security and Anonymous Users Turning On FTP Service Setting Up FTP Service Configuring General Settings Configuring Greeting Messages Displaying Banner and Welcome Messages Displaying Messages Using message.txt Files Using README Messages Configuring FTP Logging Settings Configuring FTP Advanced Settings Starting FTP Service Permitting Anonymous User Access Creating an Uploads Folder for Anonymous Users Changing the User Environment Changing the FTP Root Folder Managing FTP Service Checking FTP Service Status Viewing the FTP Service Log Viewing FTP Graphs Viewing FTP Connections Stopping FTP Service Solving Problems Problems with Share Points If Users Can't Access Shared Optical Media If Users Can't Access External Volumes Using Server Admin If Users Can't Find a Shared Item If Users Can't Open Their Home Folder If Users Can't Find a Volume or Folder to Use as a Share Point If Users Can't See the Contents of a Share Point Problems with AFP Service If Users Can't Find the AFP Server If Users Can't Connect to the AFP Server Chapter 8 Contents 7 127 127 127 128 128 128 128 129 129 129 130 130 130 Glossary Index 131 139 If Users Don't See the Login Greeting Problems with SMB Service If Windows Users Can't See the Windows Server in Network Neighborhood If Users Can't Log In to the Windows Server Problems with NFS Service Problems with FTP Service If FTP Connections Are Refused If Clients Can't Connect to the FTP Server If Anonymous FTP Users Can't Connect Problems with IP Failover If IP Failover Does Not Occur If IP Failover Mail Notifications Are Not Working If You Are Still Having Problems After Failover Occurs 8 Contents This guide describes how to configure and use file services with Mac OS X Server. File sharing requires file server administrators to manage user privileges for all shared folders and files. Configuring Mac OS X Server as a file server offers you reliable high-performance file sharing using native protocols for Mac, Windows, and Linux workgroups. The server fits seamlessly into any environment, including mixed-platform networks. Mac OS X Server v10.5 delivers expanded functions of current features and introduces enhancements to support heterogeneous networks, maximize user productivity, and make file services more secure and easier to manage. What's New in File Services File services contain several changes and enhancements that provide ease of use and greater functionality, such as:  Sharing functionality has been relocated to Server Admin. This combines the share point configuration with the configuration of the file service protocols in one tool.  Spotlight is now supported in AFP. Spotlight indexing allows you to do quick searches of network volumes. You can turn on Spotlight indexing for a share point in Server Admin.  NFS supports Kerberos authentication. Kerberos is a standard network authentication protocol used to provide secure authentication and communication over open networks. What's in This Guide This guide includes the following chapters:  Chapter 1, "Understanding File Services," provides an overview of Mac OS X Server file services. Preface 9 About This Guide  Chapter 2, "Setting Up File Service Permissions," explains standard permissions and ACLs and discusses related security issues.  Chapter 3, "Setting Up Share Points," describes how to share specific volumes and directories by using Apple Filing Protocol (AFP), Server Message Block (SMB)/ Common Internet File System (CIFS) protocol, File Transfer Protocol (FTP), and Network File System (NFS) protocol. It also describes how to set standard and ACL permissions.  Chapter 4, "Working with AFP Service," describes how to set up and manage AFP service in Mac OS X Server and also describes how you can set up IP Failover in Mac OS X Server.  Chapter 5, "Working with SMB Service," describes how to set up and manage SMB service in Mac OS X Server.  Chapter 6, "Working with NFS Service," describes how to set up and manage NFS service in Mac OS X Server.  Chapter 7, "Working with FTP Service," describes how to set up and manage FTP service in Mac OS X Server.  Chapter 8, "Solving Problems," lists potential solutions to common problems you might encounter while working with the file services in Mac OS X Server. In addition, the Glossary provides brief definitions of terms used in this guide. Note: Because Apple periodically releases new versions and updates to its software, images shown in this book may be different from what you see on your screen. Using Onscreen Help You can get task instructions onscreen in Help Viewer while you're managing Mac OS X Server. You can view help on a server or an administrator computer. (An administrator computer is a Mac OS X computer with Mac OS X Server administration software installed on it.) To get help for an advanced configuration of Mac OS X Server: m Open Server Admin or Workgroup Manager and then:  Use the Help menu to search for a task you want to perform.  Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse and search the help topics. The onscreen help contains instructions taken from Server Administration and other advanced administration guides described in "Mac OS X Server Administration Guides," next. 10 Preface About This Guide Mac OS X Server Administration Guides Getting Started covers basic installation and initial setup methods for a standard, workgroup, or covers installation and setup for standard and workgroup configurations of Mac OS X Server. For advanced configurations, Server Administration covers planning, installation, setup, and general server administration. A suite of additional guides, liste ...