Mac OS X Server Server Administration For Version 10.5 Leopard K Apple Inc. © 2007 Apple Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the "keyboard" Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino, CA 95014-2084 408-996-1010 www.apple.com Apple, the Apple logo, AirPort, AppleTalk, Final Cut Pro, FireWire, iCal, iDVD, iMovie, iPhoto, iPod, iTunes, Mac, Macintosh, the Mac logo, Mac OS, PowerBook, QuickTime and SuperDrive are trademarks of Apple Inc., registered in the U.S. and other countries. Finder, the FireWire logo and Safari are trademarks of Apple Inc. AppleCare and Apple Store are service marks of Apple Inc., registered in the U.S. and other countries. .Mac is a service mark of Apple Inc. PowerPC is a trademark of International Business Machines Corporation, used under license therefrom. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. The product described in this manual incorporates copyright protection technology that is protected by method claims of certain U.S. patents and other intellectual property rights owned by Macrovision Corporation and other rights owners. Use of this copyright protection technology must be authorized by Macrovision Corporation and is intended for home and other limited viewing uses only unless otherwise authorized by Macrovision Corporation. Reverse engineering or disassembly is prohibited. Apparatus Claims of U.S. Patent Nos. 4,631,603, 4,577,216, 4,819,098 and 4,907,093 licensed for limited viewing uses only. Simultaneously published in the United States and Canada. 019-0932/2007-09-01 1 Contents Preface 11 11 12 12 13 14 14 15 15 17 17 18 19 20 21 23 25 25 26 26 27 27 28 28 29 29 30 30 31 31 32 About This Guide What's New in Server Admin What's in This Guide Using Onscreen Help Mac OS X Server Administration Guides Viewing PDF Guides Onscreen Printing PDF Guides Getting Documentation Updates Getting Additional Information System Overview and Supported Standards System Requirements for Installing Mac OS X Server Understanding Server Configurations Advanced Configuration in Action Mac OS X Server Leopard Enhancements Supported Standards Mac OS X Server's UNIX Heritage Planning Planning Planning for Upgrading or Migrating to Mac OS X Server v10.5 Setting Up a Planning Team Identifying the Servers You'll Need to Set Up Determining Services to Host on Each Server Defining a Migration Strategy Upgrading and Migrating from an Earlier Version of Mac OS X Server Migrating from Windows NT Defining an Integration Strategy Defining Physical Infrastructure Requirements Defining Server Setup Infrastructure Requirements Making Sure Required Server Hardware Is Available Minimizing the Need to Relocate Servers After Setup Defining Backup and Restore Policies Chapter 1 Chapter 2 3 32 34 34 35 36 37 Chapter 3 39 39 40 40 41 42 42 43 44 44 45 46 46 48 49 49 50 51 53 53 54 54 54 55 55 56 56 57 57 57 58 58 60 60 61 Understanding Backup and Restore Policies Understanding Backup Types Understanding Backup Scheduling Understanding Restores Other Backup Policy Considerations Command-Line Backup and Restoration Tools Administration Tools Server Admin Opening and Authenticating in Server Admin Server Admin Interface Customizing the Server Admin Environment Server Assistant Workgroup Manager Workgroup Manager Interface Customizing the Workgroup Manager Environment Directory Directory Interface Directory Utility Server Monitor System Image Management Media Streaming Management Command-Line Tools Xgrid Admin Apple Remote Desktop Security About Physical Security About Network Security Firewalls and Packet Filters Network DMZ VLANs MAC Filtering Transport Encryption Payload Encryption About File Security File and Folder Permissions About File Encryption Secure Delete About Authentication and Authorization Single Sign-On About Certificates, SSL, and Public Key Infrastructure Public and Private Keys Chapter 4 4 Contents 61 62 62 62 62 64 64 65 65 67 68 68 68 69 69 70 70 70 71 71 73 73 73 74 74 76 76 Chapter 5 77 77 79 79 79 80 80 81 81 81 81 82 82 84 84 Certificates Certificate Authorities (CAs) Identities Self-Signed Certificates Certificate Manager in Server Admin Readying Certificates Requesting a Certificate From a Certificate Authority Creating a Self-Signed Certificate Creating a Certificate Authority Using a CA to Create a Certificate for Someone Else Importing a Certificate Managing Certificates Editing a Certificate Distributing a CA Public Certificate to Clients Deleting a Certificate Renewing an Expired Certificate Using Certificates SSH and SSH Keys Key-Based SSH Login Generating a Key Pair for SSH Administration Level Security Setting Administration Level Privileges Service Level Security Setting SACL Permissions Security Best Practices Password Guidelines Creating Complex Passwords Installation and Deployment Installation Overview System Requirements for Installing Mac OS X Server Hardware-Specific Instructions for Installing Mac OS X Server Gathering the Information You Need Preparing an Administrator Computer About The Server Installation Disc Setting Up Network Services Connecting to the Directory During Installation Installing Server Software on a Networked Computer About Starting Up for Installation Before Starting Up Remotely Accessing the Install DVD Starting Up from the Install DVD Starting Up from an Alternate Partition Contents 5 88 89 96 97 97 99 100 101 103 104 104 Chapter 6 105 105 105 106 106 107 107 109 109 109 110 111 112 113 115 116 117 118 119 120 121 122 125 128 128 128 128 129 129 129 130 Starting Up from a NetBoot Environment Preparing Disks for Installing Mac OS X Server Identifying Remote Servers When Installing Mac OS X Server Installing Server Software Interactively Installing Locally from the Installation Disc Installing Remotely with Server Assistant Installing Remotely with VNC Using the installer Command-Line Tool to Install Server Software Installing Multiple Servers Upgrading a Computer from Mac OS X to Mac OS X Server How to Keep Current Initial Server Setup Information You Need Postponing Server Setup Following Installation Connecting to the Network During Initial Server Setup Configuring Servers with Multiple Ethernet Ports About Settings Established During Initial Server Setup Specifying Initial Open Directory Usage Not Changing Directory Usage When Upgrading Setting Up a Server as a Standalone Server Setting Up a Server to Connect to a Directory System Using Interactive Server Setup Setting Up a Local Server Interactively Setting Up a Remote Server Interactively Setting Up Multiple Remote Servers Interactively in a Batch Using Automatic Server Setup Creating and Saving Setup Data Setup Data Saved in a File Setup Data Saved in a Directory Keeping Backup Copies of Saved Setup Data Providing Setup Data Files to Servers How a Server Searches for Saved Setup Data Setting Up Servers Automatically Using Data Saved in a File Setting Up Servers Automatically Using Data Saved in a Directory Determining the Status of Setups Using the Destination Pane for Setup Status Information Handling Setup Failures Handling Setup Warnings Getting Upgrade Installation Status Information Setting Up Services Adding Services to the Server View Setting Up Open Directory 6 Contents 130 130 131 132 132 133 133 133 133 134 134 134 Chapter 7 135 136 136 136 137 137 138 138 139 140 140 141 143 144 144 145 145 146 146 147 148 149 149 150 151 151 151 152 154 154 Setting Up User Management Setting Up File Services Setting Up Print Service Setting Up Web Service Setting Up Mail Service Setting Up Network Services Setting Up System Image and Software Update Services Setting Up Media Streaming and Broadcasting Setting Up Podcast Producer Setting Up WebObjects Service Setting Up iChat Service Setting Up iCal Service Management Ports Used for Administration Ports Open By Default Computers You Can Use to Administer a Server Setting Up an Administrator Computer Using a Non-Mac OS X Computer for Administration Using the Administration Tools Opening and Authenticating in Server Admin Adding and Removing Servers in Server Admin Grouping Servers Manually Grouping Servers Using Smart Groups Working With Settings for a Specific Server Changing the IP Address of a Server Changing the Server's Host Name After Setup Changing Server Configuration Type Administering Services Adding and Removing Services in Server Admin Importing and Exporting Service Settings Controlling Access to Services Using SSL for Remote Server Administration Managing Sharing Tiered Administration Permissions Defining Administrative Permissions Workgroup Manager Basics Opening and Authenticating in Workgroup Manager Administering Accounts Working with Users and Groups Defining Managed Preferences Working with Directory Data Customizing the Workgroup Manager Environment Contents 7 155 155 155 159 159 160 160 161 162 162 163 164 164 166 167 168 169 169 169 Chapter 8 171 171 172 172 172 173 173 173 174 175 176 177 178 178 180 182 182 183 183 184 184 Working With Pre-Version 10.5 Computers From Version 10.5 Servers Service Configuration Assistants Critical Configuration and Data Files Improving Service Availability Eliminating Single Points of Failure Using Xserve for High Availability Using Backup Power Setting Up Your Server for Automatic Reboot Ensuring Proper Operational Conditions Providing Open Directory Replication Link Aggregation The Link Aggregation Control Protocol (LACP) Link Aggregation Scenarios Setting Up Link Aggregation in Mac OS X Server Monitoring Link Aggregation Status Load Balancing Daemon Overview Viewing Running Daemons Daemon Control Monitoring Planning a Monitoring Policy Planning Monitoring Response Server Status Widget Server Monitor RAID Admin Console Disk Monitoring Tools Network Monitoring Tools Notification in Server Admin Monitoring Server Status Overviews Using Server Admin Simple Network Management Protocol (SNMP) Enabling SNMP reporting Configuring snmpd Notification and Event Monitoring Daemons Logging Syslog Directory Service Debug Logging Open Directory Logging AFP Logging Additional Monitoring Aids 8 Contents Chapter 9 185 185 186 195 207 225 Sample Setup A Single Mac OS X Server in a Small Business How to Set Up the Server Mac OS X Server Advanced Worksheet Appendix Glossary Index Contents 9 10 Contents This guide provides a starting point for administering Mac OS X Leopard Server in advanced configuration mode. It contains information about planning, practices, tools, installation, deployment, and more by using Server Admin. Server Administration is not the only guide you need when administering advanced mode server, but it gives you a basic overview of planning, installing, and maintaining Mac OS X Server using Server Admin. What's New in Server Admin Included with Mac OS X Server v10.5 is Server Admin, Apple's powerful, flexible, fullfeatured server administration tool. Server Admin is reinforced with improvements in standards support and reliability. Server Admin also delivers a number of enhancements:  Newly refined and streamlined interface  Share Point management (functionality moved from Workgroup Manager)  Event notification  Tiered administration (delegated administrative permissions)  Ability to hide and show services as needed  Easy and detailed server status overviews for one or many servers  Groups of servers  Smart Groups of servers  Ability to save and restore service configurations easily  Ability to save and restore Server Admin preferences easily Preface 11 About This Guide What's in This Guide This guide includes the following chapters:  Chapter 1, "System Overview and Supported Standards," provides a brief overview of Mac OS X Server systems and standards.  Chapter 2, "Planning," helps you plan for using Mac OS X Server.  Chapter 3, "Administration Tools," is a reference to the tools used to administer servers.  Chapter 4, "Security," is a brief guide to security policies and practices.  Chapter 5, "Installation and Deployment," is an installation guide for Mac OS X Server.  Chapter 6, "Initial Server Setup," provides a guide to setting up your server after installation.  Chapter ...