Essential Mac OS X Panther Server Administration By Michael Bartosh, Ryan Faas Publisher: O'Reilly Pub Date: May 2005 ISBN: 0-596-00635-7 Pages: 848 Table of Contents | Index From the command line to Apple's graphical tools, this book uses a thorough, fundamental approach that leads readers to mastery of every aspect of the server Full of much-needed insight, clear explanations, troubleshooting tips, and security information in every chapter, the book shows system administrators how to utilize the software's capabilities and features for their individual needs Some of the topics covered in detail include: Installation Deployment Server management Directory services Web application services System interaction Data gathering Stress planning This comprehensive guide also takes the time to carefully highlight and analyze the differences between Mac OS X and the other server platforms Whether you're a seasoned Unix or Windows administrator or a long-time Mac professional, Essential Mac OS X Panther Server Administration provides you with the depth you're seeking to maximize the potential of your Mac OS X Panther Server Essential Mac OS X Panther Server Administration By Michael Bartosh, Ryan Faas Publisher: O'Reilly Pub Date: May 2005 ISBN: 0-596-00635-7 Pages: 848 Table of Contents | Index Copyright Preface Audience for This Book How This Book Is Organized Conventions Used in This Book Using Code Examples Safari® Enabled We'd Like to Hear from You Acknowledgments Part I: Server Installation and Management Chapter 1 Designing Your Server Environment Section 1.1 Planning Chapter 2 Installing and Configuring Mac OS X Server Section 2.1 Mac OS X Server Installation Architecture Section 2.2 Graphical Installation and Configuration Section 2.3 Command-Line Installation and Configuration Section 2.4 Automatic Server Configuration Section 2.5 Other Installation and Configuration Options Section 2.6 Putting It All Together Chapter 3 Server Management Tools Section 3.1 Graphical Tools Section 3.2 Command-Line Tools Section 3.3 Server Management Daemons Chapter 4 System Administration Section 4.1 Philosophies Section 4.2 System Management Chapter 5 Troubleshooting Section 5.1 Strategies Section 5.2 Tools Part II: Directory Services Chapter 6 Open Directory Server Section 6.1 Managing Open Directory Server Section 6.2 Accessing an Open Directory Domain Chapter 7 Identification and Authorization in Open Directory Server Section 7.1 LDAP: A Communication Protocol Section 7.2 LDAP Basics Section 7.3 OpenLDAP Section 7.4 LDAP Data and Open Directory Server Chapter 8 Authentication in Open Directory Server Section 8.1 PasswordService (SASL) Section 8.2 Kerberos: MIT KDC Section 8.3 Putting It All Together Chapter 9 Replication in Open Directory Server Section 9.1 Creating an Open Directory Replica Section 9.2 The Replication Process Section 9.3 Client-Side Replica Discovery Section 9.4 Replication Best Practices Part III: IP Services Chapter 10 xinetd Section 10.1 Configuration Section 10.2 Architecture Chapter 11 DNS Section 11.1 Graphical Interface Section 11.2 Configuration Storage Section 11.3 Troubleshooting Section 11.4 Advanced Configuration Chapter 12 DHCP Section 12.1 Graphical Configuration Section 12.2 Advanced Configuration Section 12.3 ISC's dhcpd Chapter 13 NAT Section 13.1 Managing NAT Section 13.2 Architecture Section 13.3 Advanced Configuration Part IV: File Services Chapter 14 File Services Overview Section 14.1 Share Points Section 14.2 Managing Share Points Section 14.3 The sharing Command Section 14.4 Automounts Section 14.5 Automount Schema Section 14.6 Guest Access and Automounts Section 14.7 Troubleshooting Automounts Section 14.8 Supporting Home Directories Chapter 15 Apple Filing Protocol Section 15.1 AFP Management: Server Admin Section 15.2 AFP Management: Workgroup Manager Section 15.3 Architecture Section 15.4 Permissions Mapping Section 15.5 Integration Section 15.6 Troubleshooting Chapter 16 Windows File Services Section 16.1 Managing Windows Services: Server Admin Section 16.2 Managing Windows Services Using Workgroup Manager Section 16.3 Architecture Section 16.4 Apple's Changes to Samba Section 16.5 Useful Utilities Section 16.6 Troubleshooting Chapter 17 FTP Section 17.1 Managing FTP with Server Admin Section 17.2 Managing FTP Using Workgroup Manager Section 17.3 Architecture Section 17.4 Securing FTP Chapter 18 Network File System Section 18.1 The NFS (In)security Model Section 18.2 Managing NFS with Server Admin Section 18.3 Managing NFS with Workgroup Manager Chapter 19 Print Services Section 19.1 Managing Print Services Section 19.2 PrintServiceAccess Section 19.3 Managing Print Services with Workgroup Manager Section 19.4 Making Queues Available in Open Directory Section 19.5 Quotas and Authentication Section 19.6 Print Services Architecture Part V: Security Services Chapter 20 The Mac OS X Server Firewall Section 20.1 A Firewall's Place in Network Communication Section 20.2 Reporting and Monitoring Section 20.3 Managing the Firewall Service Chapter 21 Virtual Private Networks Section 21.1 VPN Protocols Section 21.2 Server Configuration Section 21.3 racoon.confracoon.conf Section 21.4 anonymous.conf Section 21.5 Configuring PPTP Section 21.6 Logging Section 21.7 Client Information Section 21.8 Internet Connect Section 21.9 Other Considerations Part VI: Internet Services Chapter 22 Mail Services Section 22.1 Mail Protocols Section 22.2 Graphical Management Section 22.3 Mail Architecture Section 22.4 Migration Section 22.5 Advanced Configuration Chapter 23 Web Services Section 23.1 Web Services Section 23.2 Web Service Configuration: The Settings Tab Section 23.3 Architecture Section 23.4 Useful Utilities Section 23.5 Troubleshooting Chapter 24 Application Servers Section 24.1 Running the Server Section 24.2 Installing Applications Section 24.3 Server Layout Section 24.4 Building Java Web Applications Section 24.5 Complex Applications Section 24.6 Apple Proprietary Tools Section 24.7 Next Steps Part VII: Client Management Chapter 25 Managing Preferences for Mac OS X Clients Section 25.1 Applying Managed Preferences Section 25.2 Configuring Individual Preferences Chapter 26 Managing Classic Mac OS Workstations Using Mac Manager Section 26.1 Mac Manager and Open Directory Section 26.2 Mac Manager Environment Types Section 26.3 Mac Manager Share Points and Folders Section 26.4 The Mac Manager Client Software Section 26.5 Mac Manager Preference Management Section 26.6 Mac Manager Administration Section 26.7 Troubleshooting Mac Manager Chapter 27 Managing Windows Clients Using Mac OS X Server Section 27.1 Hosting a Windows Domain Section 27.2 Configuring Member and Standalone Servers Section 27.3 Integrating Windows Member Servers in a Mac OS X ServerHosted Domain Chapter 28 Workstation Deployment and Maintenance Section 28.1 Disk Images Section 28.2 NetBoot Section 28.3 NetInstallNetInstall Section 28.4 Apple Software Restore Section 28.5 Deploying New Software and Software Updates Chapter 29 Apple Remote Desktop Section 29.1 Administrator Computers Section 29.2 Remote Desktop Users Section 29.3 Installing and Configuring the ARD Client Software Section 29.4 Working with Computer Lists Section 29.5 Remote Management Tasks Section 29.6 Generating Client Reports Section 29.7 Automating Remote Desktop Using the Saved Tasks List Section 29.8 Working with VNC Introduction to Directory Services Identification, Authentication, and Authorization Open Directory: The Ever-Expanding Marketecture The lookupd Daemon Colophon About the Authors Colophon Index Essential Mac OS X Panther Server Administration by Michael Bartosh and Ryan Faas Copyright © 2005 O'Reilly Media, Inc All rights reserved Printed in the United States of America Published by O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472 O'Reilly books may be purchased for educational, business, or sales promotional use Online editions are also available for most titles (safari.oreilly.com) For more information, contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com Editor: Chuck Toporek Production Editor: Adam Witwer Cover Designer: Emma Colby Interior Designer: David Futato Printing History: May 2005: First Edition Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc Essential Mac OS X Panther Server Administration, the image of the Senegalese lioness, and related trade dress are trademarks of O'Reilly Media, Inc Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and O'Reilly Media, Inc was aware of a trademark claim, the designations have been printed in caps or initial caps Apple, the Apple logo, Mac, Finder, FireWire, iBook, iDisk, iMac, iPod, Mac, Mac logo, Macintosh, PowerBook, QuickTime, QuickTime logo, Rendezvous, and Sherlock are trademarks of Apple Computer, Inc., registered in the U.S and other countries The "keyboard" Apple logo (Shift-Command-K) is used with permission of Apple Computer, Inc While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of theinformation contained herein Preface As Apple's place in institutional and enterprise marketplaces has grown, so has Mac OS X Server, Apple's server software product Mac OS X Server seeks to provide centralized services to a variety of cross-platform clients, and has only grown in scope since its introduction in 2000 That tremendously expanding scope gave birth to this book Little or no in-depth documentation exists for Mac OS X Server Sure, Apple provides about 1,200 pages worth of PDF documentation, but you have to wade through fields of Apple marketing jargon to get to the tasty bits, and even then, you're left holding crumbs and scratching your head A lot Essential Mac OS X Panther Server Administration seeks to fill that void, approaching Apple's server systems in a thorough and fundamental way, from the command line to Apple's graphical tools Essential Mac OS X Panther Server Administration is for the IT professional who wants to push Mac OS X Server to its limits Server administration all too typically is a complex task, requiring integration with not one but several disparate systems, often run by different administrators, and this book is written with that in mind If you've ever wondered how to safely manipulate Mac OS X Server's many underlying configuration files or needed to explain AFP permission mappingthis book's for you Audience for This Book This book is written for Macintosh system administrators responsible for running Mac OS X Server While the focus is oriented towards IT professionals, this book should also be of interest to anyone pursuing an accumulated knowledge of server products and their evolution Whether you're a seasoned Unix or Windows administrator or a long-time Mac professional, Essential Mac OS X Panther Server Administration provides you with the depth you're seeking to maximize the potential of your Mac OS X Server deployment This is not a book for beginners If you are a graphic artist looking to install a web server, you should probably look for another book, such as Foundation Mac OS X Web Development by Phil Sherry (Apress, 2004) Schoun Regan's Mac OS X Server 10.3 Panther: Visual QuickPro Guide(Peachpit, 2005) provides a basic introduction to Mac OS X Server This book is also an analysis of Mac OS X Server including the infrastructures and tools used to manage Apple's Server services As mentioned earlier, Mac OS X Server is an extremely broad product providing a variety of services This book is not meant as a complete, protocol-level discussion of HTTP, DNS, or any other of the well-documented technologies implemented in Mac OS X Server It is instead concerned primarily with Applespecific changes, management techniques and configuration architectures Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] tar, backup alternatives TCP (Transmission Control Protocol) tcpdump, network troubleshooting templates, Mac Manager Terminal services (Windows) testing system administration and troubleshooting, scientific method and third-party tools for software management tickets, Kerberos Tomcat locations tools command-line serveradmin sharing OpenLDAP tools Password Server troubleshooting tools filters forensic tools joiners network tools transmission, latency troubleshooting abstraction AFP Apache Application Server automounts | (pipe) symbol troubleshooting (continued) bootpd Cyrus debugging and DNS, BIND logs and Mac Manager name resolution network connectivity NFS OpenLDAP Postfix quick fixes Samba scientific method slapd daemon strategies tools for filters forensic tools joiners network tools verbosity and Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] UID, Mac Manager and underprivileged users, BIND UniqueID, NFS Universal Access preferences pane, managed preferences updates Mac Manager client software ARD deployment major updates methods minor updates security updates Software Update tool USB Devices report, Remote Desktop user experience, graphical tools and users ARD-enabled user accounts BIND, underprivileged users Mac Manager importing settings configuration managed preferences messages, Remote Desktop Windows user profile setup Workgroup Manager creating Groups tab utilities Network Image Utility 2nd NFS utilities OpenLDAP utilities Samba service Web Services Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] verification, troubleshooting and scientific method View Directories option, Workgroup Manager Views tab, Finder preferences pane virtual domains, Mail Services virtual home directory, shares VNC (Virtual Network Computing) ARD and ARD client as server Remote Desktop as viewer volumes description swap space VPNs (Virtual Private Networks) authentication configuration Internet Connection application Keychain Access utility protocols L2TP over IPSec PPTP 2nd Rendezvous services Server Admin Client Information pane Connections tab General tab Log viewer Logging tab Settings section subnets System keychain Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] WAR (web application resource) WAR files watchdog web applications complex installation Java, building Web Services architecture configuration MIME types modules proxy server Server Admin Apache 2.0 General tab Graphs pane Logs pane Modules tab Overview pane performance cache Proxy tab Sites pane utilities Webalzyer WebMail security WebObjects framework proprietary tools Windows Application services domain hosting domains access configuration controllers controllers, OS X server as limitations migrating users requirements file services login scripts master browsers Member servers mixed-server platforms print servers servers, need Terminal services user profiles workstations, Home directory Windows Computers list, Workgroup Manager Windows Services architecture computer name domain hosting Server Admin Access tab Advanced pane Code Page Logs interface Settings section SMB connections Workgroup Manager SMB workgroups WINS (Windows Internet Name Service) Workgroup Manager account management 2nd Advanced tab AFP share points back end Comments and Keywords Computer Lists computer lists access limits creating Guest Computers list MCX cache file import format FTP services group accounts Group Folder groups creating system group Groups tab Home tab Inspector Mail Services Cyrus configuration managed preferences Network Mount option NFS permissions, copying and preference panes preferences 2nd Print Services authentication print quota quotas Protocols tab searches Workgroup Manager (continued) share points AFP automounts sharing command Sharing section sharing/unsharing SSL and users creating Groups tab system users View Directories option Windows computers list Windows Services SMB workgroups Finder workgroup Privileges tab Mac Manager shared folders Options tab Panels, privileges printers Restricted Finder workgroup privileges volumes workstations administrator, Mac Manager deployment disk images and NetBoot Windows, Home directory Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] xinetd architecture configuration options Mac OS X-specific security related Xserve Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] zones, DNS transfers, limiting ... fundamental way, from the command line to Apple's graphical tools Essential Mac OS X Panther Server Administration is for the IT professional who wants to push Mac OS X Server to its limits Server administration all too typically is a complex task,... Foundation Mac OS X Web Development by Phil Sherry (Apress, 2004) Schoun Regan's Mac OS X Server 10.3 Panther: Visual QuickPro Guide(Peachpit, 2005) provides a basic introduction to Mac OS X Server This book is also an analysis of Mac OS X Server including the.. .Essential Mac OS X Panther Server Administration By Michael Bartosh, Ryan Faas Publisher: O'Reilly Pub Date: May 2005 ISBN: 0-596-00635-7 Pages: 848 Table of Contents | Index