Beginning Mac OS X Snow Leopard Server From Solo Install to Enterprise Integration

■ ■ ■

Charles S. Edge, Jr Chris Barker Ehren Schwiebert

Beginning Mac OS X Snow Leopard Server: From Solo Install to Enterprise Integration Copyright © 2010 by Charles Edge, Chris Barker, Ehren Schwiebert All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2772-4 ISBN-13 (electronic): 978-1-4302-2773-1 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

Publisher and President: Paul Manning Lead Editor: Clay Andres Developmental Editor: Douglas Pundick Technical Reviewers: David A. Coyle, Joe Kissel and Brad Lees Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Duncan Parkes, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Coordinating Editor: Kelly Moritz Copy Editors: Kim Wimpsett and Heather Lang Compositor: MacPS, LLC. Indexer: John Collin Artist: April Milne Cover Designer: Anna Ishchenko

Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders- [email protected], or visit www.springeronline.com. For information on translations, please e-mail [email protected], or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/info/bulksales. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work.

ii To Lisa & Emerald With Love – Charles Edge

To my loved ones – Chris Barker

To Caroline, Luke, and Mayah – Ehren Schwiebert

Contents at a Glance

■Contents at a Glance...... iv ■Contents...... v ■About the Authors...... xiii ■About the Technical Reviewers ...... xiv ■Acknowledgments ...... xv ■Chapter 1: Welcome to OS X Server...... 1 ■Chapter 2: Setting Up a Server in 30 Minutes or Less ...... 11 ■Chapter 3: Getting Deeper into File Sharing...... 45 ■Chapter 4: Managing Directory Services ...... 101 ■Chapter 5: Controlling Network Traffic...... 149 ■Chapter 6: Centralizing Network Services...... 173 ■Chapter 7: Configuring Network Services for Security...... 203 ■Chapter 8: Managing Client Computers with NetBoot, NetInstall, and NetRestore ...... 227 ■Chapter 9: Configuring Address Book Server ...... 259 ■Chapter 10: Working with iCal Server ...... 277 ■Chapter 11: iChat Server...... 303 ■Chapter 12: Setting Up Mail Services ...... 317 ■Chapter 13: Setting Up Services for Mobile Devices...... 339 ■Chapter 14: Web Servers ...... 357 ■Chapter 15: Managing MySQL...... 397 ■Chapter 16: Using Podcast Producer...... 417 ■Chapter 17: Streaming QuickTime Video ...... 453 ■Chapter 18: Sharing Files ...... 473 ■Chapter 19: Setting Up Printing Services ...... 505 ■Chapter 20: Backing Up Your Data...... 533 ■Chapter 21: Configuring Update Server...... 557 ■Appendix A: DHCP Option ...... 569 ■Appendix B: Taking It to the Next Level...... 575 ■Index ...... 577 iv

Contents

■Contents at a Glance...... iv ■Contents ...... v ■About the Authors ...... xiii ■About the Technical Reviewers ...... xiv ■Acknowledgments...... xv

■Chapter 1: Welcome to OS X Server ...... 1 What Is a Server Anyway? ...... 2 What This Book Is ...... 2 How This Book Is Organized ...... 3 Before You Begin ...... 6 Hardware ...... 6 Get Ready! ...... 7 Summary ...... 9 ■Chapter 2: Setting Up a Server in 30 Minutes or Less...... 11 Before You Begin ...... 11 Network Considerations...... 12 Installing Mac OS X Server 10.6 ...... 13 Welcome to Mac OS X Server 10.6 ...... 17 Creating the Administrator Account...... 20 Configuring the Network Interface...... 22 What to Do After Server Setup Completes...... 24 Building the Fileserver...... 29 Summary ...... 43 ■Chapter 3: Getting Deeper into File Sharing ...... 45 Installing the Server Administration Tools...... 45 Adding a Server to Server Admin...... 46 Server Admin Basics...... 49 (AFP)...... 55 AFP’s Main Settings...... 56 

v ■ CONTENTS

Server Message Block (SMB)...... 84 SMB’s Main Settings...... 84 File Transfer Protocol (FTP)...... 91 FTP’s Main Settings ...... 91 Network (NFS) ...... 98 NFS’s Main Settings...... 98 Summary ...... 100 ■Chapter 4: Managing Directory Services...... 101 Understanding the Components of a Directory Service ...... 101 LDAP ...... 102 ...... 103 Password Server...... 104 Preparing to Set Up Open Directory...... 104 Understanding Open Directory Roles...... 105 Setting Up an Open Directory Master ...... 105 Configuring an Open Directory Replica...... 107 Managing Open Directory ...... 109 Securing Open Directory...... 109 Backing Up Open Directory...... 114 Managing Objects with ...... 116 Using Server Preferences ...... 116 Using Workgroup Manager ...... 123 Configuring Policies ...... 132 Inspecting Records ...... 140 Binding Clients...... 142 Implementing Trusted Binding from the Accounts System ...... 143 Binding with ...... 143 Using the Kerberos Realm ...... 147 Search Policies ...... 147 Summary ...... 148 ■Chapter 5: Controlling Network Traffic...... 149 Using Mac OS X Server as a Router...... 149 How Network Address Translation Works ...... 150 Using the Gateway Setup Assistant ...... 151 Manually Enabling NAT ...... 156 Testing NAT from a Client ...... 157 Setting Up Forwarding Ports...... 159 Setting the Advanced Options...... 161 Using the Firewall to Control Access to the Server...... 162 Setting Up the Firewall ...... 163 Defining Address Groups ...... 163 Defining Services...... 165 Creating Rules...... 167 Preventing Intrusions...... 169 Setting the Global Firewall Options...... 169 Configuring the Firewall from the Command Line ...... 169 Testing the Firewall ...... 170 Summary ...... 171 ■Chapter 6: Centralizing Network Services ...... 173 DHCP...... 173 Creating a Subnet ...... 177 vi ■ CONTENTS

Reserving IP Addresses ...... 184 DHCP Options...... 186 Enabling DHCP Relay ...... 187 DNS...... 188 Zones and Records ...... 189 Setting Up DNS ...... 189 Adding a Zone...... 192 Creating Records ...... 193 Setting Up Wide-Area ...... 194 Configuring Secondary Zones...... 197 Editing Configuration Files...... 198 Editing Zone Files...... 199 OpenDNS Web Content Filtering ...... 200 Summary ...... 201 ■Chapter 7: Configuring Network Services for Security ...... 203 Virtual Private Networking...... 204 Setting Up a PPTP Server...... 206 L2TP Servers...... 208 VPN Clients ...... 210 Configuring the VPN from the Command Line ...... 219 S2SVPN...... 219 RADIUS...... 220 Setting Up the RADIUS Service ...... 220 Setting Up the Apple AirPort ...... 222 Connecting to Cisco ...... 223 From the Command Line...... 224 Limiting Access to the VPN and RADIUS Services ...... 225 ■Chapter 8: Managing Client Computers with NetBoot, NetInstall, and NetRestore...... 227 Developing an Imaging Strategy...... 229 Activating the NetBoot Service ...... 230 Using ...... 231 Creating a NetBoot Image...... 231 Creating a NetInstall Image ...... 235 Creating a NetRestore Image...... 238 Configuring the NetBoot Service...... 242 and Multicast Imaging: a NetRestore Alternative...... 247 Creating an Image for asr ...... 248 Configuring asr for Multicast Imaging ...... 250 Imaging a Client over asr...... 253 Automations...... 254 NetBooting Client Systems ...... 257 Summary ...... 258 ■Chapter 9: Configuring Address Book Server...... 259 Address Book Services ...... 260 Setting Up Address Book Server...... 260 Configuring with Server Preferences...... 260 Configuring with Server Admin...... 262 Connecting to the Address Book Server ...... 266 Using the Client...... 269 Controlling Access ...... 271 vii ■ CONTENTS

Backing Up Address Books...... 272 Leveraging the Command Line ...... 273 Alternatives to Apple’s Address Book Server...... 275 Summary ...... 276 ■Chapter 10: Working with iCal Server ...... 277 Getting Ready to Install iCal Server ...... 277 Configuring iCal Server...... 278 Managing the iCal Server...... 283 Backing Up Calendars...... 284 Clustering CalDAV ...... 284 Integrating with a Wiki...... 285 Integrating with Mail...... 286 Enabling Calendars for Users...... 288 Configuring iCal Clients...... 289 Setting Up iCal Clients for Windows ...... 296 Using the Command Line for iCal Services...... 296 Configuring Services with serveradmin...... 296 Troubleshooting iCal Server...... 299 Summary ...... 300 ■Chapter 11: iChat Server ...... 303 Setting Up iChat Server...... 304 Setting Up iChat Server Using Server Preferences ...... 304 Setting Up iChat Server Using Server Admin ...... 305 Configuring Advanced Features...... 306 Setting Up Users ...... 308 Connecting Remotely...... 309 Prepopulating Buddy Lists ...... 310 Customizing the Welcome Message...... 310 Federating iChat...... 311 Configuring the Mac OS X Client...... 312 Setting Up Clients ...... 312 Saving iChat Transcripts...... 313 Using the Command Line...... 314 Using serveradmin...... 315 Storing Jabber Configuration Files ...... 315 Summary ...... 316 ■Chapter 12: Setting Up Mail Services...... 317 Understanding Mac OS X Server’s Mail Components ...... 317 Protocols...... 318 Dovecot...... 318 Preparing for a Mail Server...... 319 DNS...... 319 Firewalls ...... 320 Enabling Mail Services...... 320 Server Preferences ...... 320 Server Admin ...... 321 Basic Message Hygiene...... 322 Choosing Security Protocols ...... 324 Storage ...... 324 Configuring SMTP ...... 325 Securing Mail Services ...... 326 viii ■ CONTENTS

Configuring a Mail Client...... 327 Webmail and Mail Rules ...... 328 Creating Accounts...... 330 Setting Up Mailing Lists ...... 331 Troubleshooting ...... 332 Disabling Graylisting ...... 332 Troubleshooting Connectivity ...... 333 Identifying and Recovering from Blacklisting ...... 335 Summary ...... 336 ■Chapter 13: Setting Up Services for Mobile Devices ...... 339 Installing Mobile Access and Push Notification ...... 339 Setting Up Mobile Access ...... 340 Design Considerations ...... 341 Configuring Mobile Access ...... 342 Starting the Service and Checking the Status ...... 347 Controlling Access ...... 348 Connecting Clients...... 350 Setting Up Push Notification for the iPhone...... 350 Using the Command Line to Manage Mobile Access and Push Notification...... 354 Summary ...... 355 ■Chapter 14: Web Servers...... 357 Your Company Site...... 357 Setting Up Your First Site...... 359 The Easy Way to Set Up a Web Server...... 360 Configuring Web Services from Server Admin...... 363 Global Configuration Options ...... 365 Managing Modules ...... 366 MIME Types ...... 367 Proxy Services ...... 368 Creating a Site ...... 371 Configuring Site-Specific Options...... 371 Securing Sites for Transactions...... 376 Password Protecting Sites...... 377 Providing Access to Directories Outside the Site...... 378 Wikis and Blogs ...... 379 Using Wikis ...... 381 Using Blogs...... 389 Accessing Content ...... 393 Summary ...... 395 ■Chapter 15: Managing MySQL ...... 397 What Is MySQL?...... 397 Setting Up MySQL ...... 398 Tuning MySQL...... 400 Managing MySQL Databases ...... 402 Connecting to a Database Server ...... 403 Setting Up a Database ...... 404 Creating a Table...... 406 Working with Fields ...... 407 Writing a Query ...... 409 Inspecting Existing Elements...... 411 Database Maintenance ...... 412

ix ■ CONTENTS

Backing Up MySQL...... 413 More on the Command Line...... 414 Summary ...... 415 ■Chapter 16: Using Podcast Producer...... 417 Preparing for Podcast Producer...... 418 Preparing Directory Services ...... 418 Preparing Mail Services...... 419 Preparing Web Services...... 419 Preparing Video Assets...... 419 Wizardly Podcasting...... 420 Exploring Server Admin ...... 424 Setting Up Workflows ...... 427 Podcast Composer...... 428 Setting a Poster Frame ...... 433 Exporting Workflows...... 435 Controlling Access to Workflows ...... 435 Using Workflows...... 436 Configuring Camera and Audio Settings...... 442 Binding Cameras...... 443 Running Workflows from the Web ...... 446 Using Podcast Producer from the Command Line ...... 447 Podcasting ...... 447 Automations...... 450 Authentication Types ...... 451 Summary ...... 451 ■Chapter 17: Streaming QuickTime Video...... 453 Supported Protocols ...... 454 Implementation Strategies...... 454 Bandwidth Considerations...... 454 Installing QuickTime Streaming Server ...... 456 Configuring QuickTime Streaming Server...... 457 Playing the Sample Video ...... 462 Setting Up Home Directory Use...... 463 Restricting Access ...... 464 Creating Movies ...... 465 Adding a Hint Track to Movies...... 465 Accessing Video Through a Browser ...... 467 QuickTime Broadcaster...... 468 Streaming Playlists ...... 469 Using the Command Line...... 471 Summary ...... 472 ■Chapter 18: Sharing Files ...... 473 Configuration ...... 473 AFP...... 474 Configuring AFP ...... 475 Connecting to AFP from Mac OS X...... 478 SMB ...... 479 Configure SMB...... 479 The SMB Configuration File ...... 482 SMB as a Domain Controller for Windows...... 482 Samba Clients...... 483 x ■ CONTENTS

FTP...... 484 Security Concerns with FTP...... 485 Welcome ...... 485 FTP Roots and Presenting Data to Users ...... 486 Configuring FTP ...... 488 Connecting to FTP Using Cyberduck...... 489 Connecting to FTP Using ftp...... 490 Configuring PASSV...... 491 NFS ...... 491 Shares...... 491 Configuring Share Points ...... 492 Share Point Options ...... 493 Automounting ...... 493 ...... 496 SMB Share Options...... 496 NFS Shares ...... 498 Server-Side File Tracking ...... 499 File Permissions...... 499 POSIX ...... 500 ACLs...... 501 Summary ...... 504 ■Chapter 19: Setting Up Printing Services ...... 505 Installing a Printer...... 506 Basic Printer Management ...... 506 USB or Bonjour Printing ...... 508 Network Printing...... 509 Setting Up the Print Service...... 512 Sharing a Printer...... 516 Creating a Printer Pool...... 517 Configuring Print Quotas...... 520 Deploying Printers...... 522 Deploying Printers to Large Groups of Users...... 524 Deploying Printers to Windows Clients...... 526 Managing Printing with Common Printing System ...... 529 Summary ...... 531 ■Chapter 20: Backing Up Your Data ...... 533 Managing Information En Masse ...... 533 Classifying Storage ...... 534 Classifying Data ...... 535 Understanding the Classification Methods ...... 535 Building Service Level Agreements ...... 536 Managing the Information Life Cycle ...... 537 Getting Redundant Before You Back Up...... 537 Using Backup Applications ...... 538 Backing Up with Time Machine ...... 539 Backing Up with Retrospect ...... 544 iSCSI ...... 554 Using iSCSI with Time Machine ...... 555 Summary ...... 556 ■Chapter 21: Configuring Software Update Server ...... 557 Configuring the Software Update Service...... 558

xi ■ CONTENTS

Managing Your Software Update Server...... 559 Configuring Updates for Clients ...... 560 Using Software Update Services...... 562 Using Software Update ...... 562 Using the Command Line...... 564 Working with the Repository...... 565 Using the Command Line...... 566 Running the serveradmin Command ...... 566 Multiple Software Update Servers ...... 567 Summary ...... 568 ■Appendix A: DHCP Option Numbers...... 569 ■Appendix B: Taking It to the Next Level...... 575 Books...... 575 Courses...... 575 Mailing Lists...... 576 Web Sites...... 576 ■Index...... 577

xii

About the Authors

Charles S. Edge, Jr is the Director of Technology at 318, the nation’s largest Mac consultancy. At 318, Charles leads a team of the finest gunslingers to have been assembled for the Mac platform, working on network architecture, security, storage and deployment for various vertical and horizontal markets. Charles maintains the 318 blog at http://www.318.com/techjournal as well as a personal site at http://www.krypted.com and is the author of a number of titles on Mac OS X Server and systems administration topics. He has spoken at conferences around the world, including DefCon, Black Hat, LinuxWorld, MacWorld, MacSysAdmin and the Apple WorldWide Developers Conference. Charles is the developer of the SANS course on Mac OS X Security and the author of its best practices guide to securing Mac OS X. Charles is also the author of a number of whitepapers, including a guide on mass deploying virtualization on the Mac platform for VMware. After 10 years in Los Angeles, Charles has hung up his surfboard and fled to Minneapolis, Minnesota with his wife, Lisa and sweet little bucket of a daughter, Emerald. Chris Barker has been helping people, schools, and businesses find better ways of accomplishing their goals for more than a decade. As an Apple Certified Systems Administrator, he currently spends his time discovering ways to best use Apple's hardware and software. When he is not at a computer, he finds ways of improving life for everybody by applying science to beer and cocktails; he writes about these and other adventures at angrydome.org. Ehren Schwiebert is a Solutions Architect and Senior Professional Services Manager at 318, where he has worked since 2003. Prior to joining 318, he worked at Apple's technical support call centers, where he provided phone support to businesses and end users. He also served as a software developer and project manager for the Wisconsin state legislature, helping to usher in their first computerized electronic voting system. He currently lives in Los Angeles, where among other things, he enjoys theater, soccer, camping, and just hanging out with his amazing family.

xiii

About the Technical Reviewers

Dave Coyle earned his PhD in thermochronology in 1992. Research in thermal modeling and crustal evolution at the Max-Planck Institute for Nuclear Physics (Heidelberg Germany) lead to a career in software development. David has been concentrating on Apple technologies since 1997 and is a certified Apple System Administrator.

Joe Kissell is Senior Editor of TidBITS, a Web site and weekly email newsletter about the and the Internet, and the author of numerous print and electronic books about Macintosh software, including the best-selling Take Control of Mac OS X Backups. He is also a Senior Contributor to Macworld. Joe has worked in the Mac software industry since the early 1990s, and previously managed software development for Nisus Software and Kensington Technology Group. He currently lives in Paris, France.

Brad Lees has more than 12 years of experience in application development and server management. He has specialized in creating and initiating software programs in real estate development systems and financial institutions. His professional career has been highlighted by his positions as Information Systems Manager at The Lyle Anderson Company; Product Development Manager for Smarsh; Vice President of Application Development for iNation; and Information Technology Manager at The Orcutt/Winslow Partnship, the largest architectural firm in Arizona. A graduate of Arizona State University, Brad and his wife, Natalie, reside in Phoenix with their five children.

xiv

Acknowledgments

Charles Edge I'd like to first and foremost thank the Mac OS X community. This includes everyone from the people that design the black box to the people that dissect it and the people that help others learn how to dissect it. We truly stand on the shoulders of giants. Of those at Apple that need to be thanked specifically: Schoun Regan, Joel Rennich, Greg Smith, JD Mankovsky, Drew Tucker, Stale Bjorndal, Cawan Starks, Eric Senf, Jennifer Jones and everyone on the Mac OS X Server, and Final Cut Server development team. And of course the one and only Josh "old school game console ninja" Wisenbaker! Outside of Apple, thanks to Arek Dreyer and the other Peachpit authors for paving the way to build another series of Mac systems administration books by producing such quality. And of course, a special thanks to the late Michael Bartosh for being such an inspiration to us all to strive to understand what is going on under the hood. The crew at 318 also deserves a lot of credit. It's their hard work that let to having the time to complete yet another book! Special thanks to JJ and to KK for holding everything together in such wild times! And finally, a special thanks to Apress for letting us continue to write books for them. They fine tune the dribble I provide into a well-oiled machine of mature prose. This especially includes Clay Andres for getting everything in not only for this book but for the entire series and, of course, to Kelly Moritz for pulling it all together in the end with her amazing crack of the whhhip (yes, that's a Family Guy reference). And I'll just include the co-authors in the Apress family: Ehren and Chris, thanks for the countless hours to make the deadlines and looking forward to the round! Chris Barker There is of course the community from which I learned, and my colleagues with whom I have worked, that I am much indebted for the specific knowledge and experiences I was able to convey in this book. Charles (besides creating a much more encompassing acknowledgement) has been a great help and guide in this entire writing process, and also thanks to Ehren for being a wonderful coauthor to work with, making it feel like I am not the only green thumb at this whole Author thing. I would not be writing this if it were not for the efforts of those who gave me the opportunities earlier in my life to thrive in situations where I would have otherwise faltered. “If I had not some strength of will I would make a first class drunkard” – Ernest Shackleton

xv ■ ACKNOWLEDGMENTS

Ehren Schwiebert I'd like to thank my collaborators, Chris and Charles, for their hard work and prodigious output, as well as for allowing me along for the ride on this journey with them. Thanks also go out to my family and friends for putting up with my hours of isolation as I assembled my chapters for this book. I'd also like to extend my thanks and gratitude to my amazingly talented colleagues at 318, who continue to raise the bar for excellence in their field. Thanks to Kevin Klein for giving me an opportunity to work with this stellar company, and to Jonathan Jedeikin for his constant encouragement and collaboration. Thanks to all of my current and past clients who have entrusted to me the responsibility of stewardship over their business' technology. And a special thank-you goes out to Peggy Gregory, my high school journalism teacher, who not only sat me down in front of my first Mac and showed me what an amazing tool it could be, but also guided and inspired my writing, and taught me to demand the highest quality of both my writing and myself.

xvi