Mac OS X Server Administrator's Guide
Total Page:16
File Type:pdf, Size:1020Kb
034-9285.S4AdminPDF 6/27/02 2:07 PM Page 1 Mac OS X Server Administrator’s Guide K Apple Computer, Inc. © 2002 Apple Computer, Inc. All rights reserved. Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of Apple Computer, Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Netscape Navigator is a trademark of Netscape Communications Corporation. RealAudio is a trademark of Progressive Networks, Inc. © 1995–2001 The Apache Group. All rights reserved. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. 062-9285/7-26-02 LL9285.Book Page 3 Tuesday, June 25, 2002 3:59 PM Contents Preface How to Use This Guide 39 What’s Included in This Guide 39 Using This Guide 40 Setting Up Mac OS X Server for the First Time 41 Getting Help for Everyday Management Tasks 41 Getting Additional Information 41 1 Administering Your Server 43 Highlighting Key Features 43 Ease of Setup and Administration 43 Networking and Security 44 File and Printer Sharing 44 Open Directory Services 45 Comprehensive Management of Macintosh Workgroups 45 High Availability 46 Extensive Internet and Web Services 46 Highlighting Individual Services 46 Directory Services 47 Open Directory 47 Password Validation 47 Search Policies 48 File Services 48 Sharing 48 Apple File Service 49 Windows Services 49 3 LL9285.Book Page 4 Tuesday, June 25, 2002 3:59 PM Network File System (NFS) Service 49 File Transfer Protocol (FTP) 50 Print Service 50 Web Service 51 Mail Service 51 Macintosh Workgroup Management 52 Client Management 52 NetBoot 52 Network Install 53 Network Services 53 DHCP 54 DNS 54 IP Firewall 54 SLP DA 54 QuickTime Streaming Service 55 Highlighting Server Applications 56 Administering a Server From Different Computers 58 Server Assistant 58 Open Directory Assistant 58 Directory Access 59 Workgroup Manager 59 Opening and Authenticating in Workgroup Manager 59 Major Workgroup Manager Tasks 60 Server Settings 60 Server Status 61 Macintosh Manager 62 NetBoot Administration Tools 62 Network Install Administration Application 62 Server Monitor 62 Streaming Server Admin 63 Where to Find More Information 64 If You’re New to Server and Network Management 64 If You’re an Experienced Server Administrator 64 4 Contents LL9285.Book Page 5 Tuesday, June 25, 2002 3:59 PM 2Directory Services 65 Storage for Data Needed by Mac OS X 66 A Historical Perspective 67 Data Consolidation 68 Data Distribution 69 Uses of Directory Data 70 Inside a Directory Domain 71 Discovery of Network Services 72 Directory Domain Protocols 73 Local and Shared Directory Domains 74 Local Data 74 Shared Data 75 Shared Data in Existing Directory Domains 78 Directory Domain Hierarchies 78 Two-Level Hierarchies 79 More Complex Hierarchies 81 Search Policies for Directory Domain Hierarchies 82 The Automatic Search Policy 83 Custom Search Policies 84 Directory Domain Planning 85 General Planning Guidelines 85 Controlling Data Accessibility 86 Simplifying Changes to Data in Directory Domains 86 Identifying Computers for Hosting Shared Domains 87 Open Directory Password Server 87 Authentication With a Password Server 88 Network Authentication Protocols 88 Password Server Database 88 Password Server Security 89 Overview of Directory Services Tools 89 Setup Overview 90 Before You Begin 91 Setting Up an Open Directory Domain and Password Server 92 Deleting a Shared Open Directory Domain 93 Contents 5 LL9285.Book Page 6 Tuesday, June 25, 2002 3:59 PM Configuring Open Directory Service Protocols 93 Setting Up Search Policies 94 Using the Automatic Search Policy 95 Defining a Custom Search Policy 95 Using a Local Directory Search Policy 96 Changing Basic LDAPv3 Settings 97 Enabling or Disabling Use of DHCP-Supplied LDAPv3 Servers 97 Showing or Hiding Available LDAPv3 Configurations 97 Configuring Access to Existing LDAPv3 Servers 98 Creating an LDAPv3 Configuration 98 Editing an LDAPv3 Configuration 99 Duplicating an LDAPv3 Configuration 99 Deleting an LDAPv3 Configuration 100 Changing an LDAPv3 Configuration’s Connection Settings 100 Configuring LDAPv3 Search Bases and Mappings 101 Populating LDAPv3 Domains With Data for Mac OS X 103 Using an Active Directory Server 104 Creating an Active Directory Server Configuration 104 Setting Up an Active Directory Server 105 Populating Active Directory Domains With Data for Mac OS X 105 Accessing an Existing LDAPv2 Directory 106 Setting Up an LDAPv2 Server 106 Creating an LDAPv2 Server Configuration 106 Changing LDAPv2 Server Access Settings 107 Editing LDAPv2 Search Bases and Data Mappings 108 Using NetInfo Domains 110 Creating a Shared NetInfo Domain 110 Configuring NetInfo Binding 111 Adding a Machine Record to a Parent NetInfo Domain 113 Configuring Static Ports for Shared NetInfo Domains 113 Viewing and Changing NetInfo Data 114 Using UNIX Utilities for NetInfo 114 Using Berkeley Software Distribution (BSD) Configuration Files 115 Mapping BSD Configuration Files 115 6 Contents LL9285.Book Page 7 Tuesday, June 25, 2002 3:59 PM Setting Up Data in BSD Configuration Files 118 Configuring Directory Access on a Remote Computer 118 Monitoring Directory Services 119 Backing Up and Restoring Directory Services Files 119 3 Users and Groups 121 How User Accounts Are Used 122 Authentication 122 Password Validation 123 Information Access Control 124 Directory and File Owner Access 125 Directory and File Access by Other Users 125 Administration Privileges 125 Server Administration 125 Local Mac OS X Computer Administration 126 Directory Domain Administration 126 Home Directories 126 Mail Settings 127 Resource Usage 127 User Preferences 127 How Group Accounts Are Used 127 Information Access Control 127 Group Directories 128 Workgroups 128 Computer Access 128 Kinds of Users and Groups 128 Users and Managed Users 128 Groups, Primary Groups, and Workgroups 129 Administrators 129 Guest Users 129 Predefined Accounts 130 Setup Overview 132 Before You Begin 135 Administering User Accounts 137 Where User Accounts Are Stored 137 Contents 7 LL9285.Book Page 8 Tuesday, June 25, 2002 3:59 PM Creating User Accounts in Directory Domains on Mac OS X Server 137 Creating Read-Write LDAPv3 User Accounts 138 Changing User Accounts 138 Working With Read-Only User Accounts 139 Working With Basic Settings for Users 139 Defining User Names 139 Defining Short Names 140 Choosing Stable Short Names 141 Avoiding Duplicate Names 141 Avoiding Duplicate Short Names 143 Defining User IDs 144 Defining Passwords 145 Assigning Administrator Rights for a Server 145 Assigning Administrator Rights for a Directory Domain 145 Working With Advanced Settings for Users 146 Defining Login Settings 146 Defining a Password Validation Strategy 147 Editing Comments 147 Working With Group Settings for Users 147 Defining a User’s Primary Group 148 Adding a User to Groups 148 Removing a User From a Group 149 Reviewing a User’s Group Memberships 149 Working With Home Settings for Users 149 Working With Mail Settings for Users 150 Disabling a User’s Mail Service 150 Enabling Mail Service Account Options 150 Forwarding a User’s Mail 151 Working With Print Settings for Users 151 Disabling a User’s Access to Print Queues Enforcing Quotas 152 Enabling a User’s Access to Print Queues Enforcing Quotas 152 Deleting a User’s Print Quota for a Specific Queue 153 Restarting a User’s Print Quota 153 Working With Managed Users 154 8 Contents LL9285.Book Page 9 Tuesday, June 25, 2002 3:59 PM Defining a Guest User 154 Deleting a User Account 154 Disabling a User Account 155 Administering Home Directories 155 Distributing Home Directories Across Multiple Servers 156 Setting Up Home Directories for Users Defined in Existing Directory Servers 157 Choosing a Protocol for Home Directories 160 Setting Up AFP Home Directory Share Points 160 Setting Up NFS Home Directory Share Points 160 Creating Home Directory Folders 161 Defining a User’s Home Directory 161 Defining No Home Directory 162 Defining a Home Directory for Local Users 162 Defining a Network Home Directory 163 Defining an Advanced Home Directory 163 Setting Disk Quotas 164 Defining Default Home Directories for New Users 165 Using Import Files to Create AFP Home Directories 165 Moving Home Directories 165 Deleting Home Directories 165 Administering Group Accounts 165 Where Group Accounts Are Stored 165 Creating Group Accounts in a Directory Domain on Mac OS X Server 165 Creating Read-Write LDAPv3 Group Accounts 166 Changing Group Accounts 167 Working With Read-Only Group Accounts 167 Working With Member Settings for Groups 167 Adding Users to a Group 168 Removing Users From a Group 168 Naming a Group 169 Defining a Group ID 170 Working With Volume Settings for Groups 170 Creating Group Directories 171 Automatically