Mac OS X Server
Apple Computer, Inc Apple Computer, Inc. All rights reserved
Contents
Installing Server Software
Locating Computers for Installation
Specifying the Target Computer Volume
Preparing the Target Volume for a Clean Installation
Setting Network Preferences
Configuring Network Interfaces
Viewing or Changing Media Settings
Managing Network Port Configurations
Working with Disks and Volumes
Mounting and Unmounting Volumes
Mounting Volumes
Unmounting Volumes
141 Listing Connected Users 142
163
171
214 Apache Tomcat JBoss Server 215 MySQL Database
Contents
265 Configuring the Active Directory Plug-In
Glossary
Appendix
Index
Contents
About This Guide
Using This Guide
Commands and Other Terminal Text
Command Parameters and Options
Understanding Notation Conventions
Default Settings
Commands Requiring Root Privileges
Install Mac OS X Server and set it up for the first time
Create and manage users, groups, and computer lists. Set up
This guide Tells you how to
Earlier versions of the server
Manage directory and authentication services
Set up and manage QuickTime streaming services
This guide Tells you how to
Executing Commands
Opening Terminal
Specifying Files and Folders
Path string Description
Test.c file in the current folder
Folder
Redirecting Input and Output
Modifying Flow Control
Redirect Description
Using Environment Variables
Following command in a Terminal window
Executing Commands and Running Tools
Correcting Typing Errors
Repeating Commands
Including Paths Using Drag and Drop
Searching for Text Within a File
An example of a configured crontab file
Terminating Commands
Scheduling Tasks
Viewing Command Information
Sending Commands to a Remote Computer
To access a man
$ hdiutil help $ dig -h $ diff --help
Executing Commands
Understanding Secure Shell
How SSH Works
Password-Less Logins Using SSH Keys
Updating SSH Key Fingerprints
What is an SSH Man-in-the-Middle Attack?
Controlling Access to SSH Service
Connecting to a Remote Computer
Using SSH
To access a remote computer using ssh
You’re prompted for the user’s password
Using Telnet
To enable Telnet access
To disable Telnet access
To access a remote computer using telnet
Installing Server Software
To use installer to install Mac OS X Server software
Locating Computers for Installation
Specifying the Target Computer Volume
Preparing the Target Volume for a Clean Installation
To list volumes available for server software
To list computers on the local network
Installing from Multiple CDs
Automating Server Setup
Restarting After Installation
Creating a Configuration File
To save a configuration file during server setup
Installing Server Software and Finishing Basic Setup
Working with an Encrypted Configuration File
Customizing a Configuration File
To provide a passphrase in a file
To provide a passphrase interactively
Sample Configuration File
Installing Server Software and Finishing Basic Setup
Installing Server Software and Finishing Basic Setup
Configuring the Server Remotely from the Command Line
Storing a Configuration File in an Accessible Location
Using the serversetup Tool
Changing Server Settings
Using the serveradmin Tool
Viewing, Validating, and Setting the Software Serial Number
General and Network Preferences
To display the server’s software serial number
To set the server software serial number
To check for available updates
To install an update
Updating Server Software
To validate a server software serial number
Moving a Server
Installing Server Software and Finishing Basic Setup
Restarting a Computer
Automatic Restart
To restart the local computer
To restart a remote computer immediately
Shutting Down a Computer
Changing a Remote Computer’s Startup Disk
Manipulating Open Firmware Nvram Variables
Monitoring and Restarting Critical Services
Folder Usage
Restarting or Shutting Down a Computer
Viewing or Changing the Computer Name
Viewing or Changing the Date and Time
To display the computer name
To change the computer name
Viewing or Changing the System Date
Viewing or Changing the System Time
Viewing or Changing the System Time Zone
Viewing or Changing Network Time Server Usage
Viewing or Changing Sleep Settings
Viewing or Changing the Energy Saver Settings
Viewing or Changing Automatic Restart Settings
Changing the Power Management Settings
Viewing or Changing the Startup Disk Settings
Viewing or Changing the Sharing Settings
Viewing or Changing the International Settings
Viewing or Changing Remote Login Settings
Viewing or Changing Apple Event Response
Disables the buttons and 1 enables the buttons
Viewing and Changing the Login Settings
To view the current setting
Setting Network Preferences
Configuring Network Interfaces
Viewing Port Names and Hardware Addresses
Managing Network Interface Information
Viewing or Changing MTU Values
Managing Network Port Configurations
Viewing or Changing Media Settings
Creating or Deleting Port Configurations
Activating Port Configurations
To change the order of the port configurations
Managing TCP/IP Settings
Changing a Server’s IP Address
Run the changeip tool
To change a server’s IP address
To change the IP address of a standalone server
To list TCP/IP settings for a configuration
To view TCP/IP settings for port en0
To view TCP/IP settings for a particular port or device
To change TCP/IP settings for a particular port or device
Viewing or Changing DNS Servers
Working with VLANs
Enabling TCP/IP
Ieee 802.3ad Ethernet Link Aggregation
Configuring a Network Interface
Configuring Ethernet Link Aggregation
Managing AppleTalk Settings
Managing Snmp Settings
Installing Snmp
Open the /etc/hostconfig file Locate the line
Starting Snmp
Immediately above it, add this line
Configuring Snmp
To start the snmp agent manually
To identify the process id
To stop snmpd
Collecting Snmp Information from the Host
To view the snmp.conf file
To start snmpd, execute this as root
Other options in the menu you were working in are
Managing Proxy Settings
Viewing or Changing FTP Proxy Settings
Viewing or Changing Web Proxy Settings
Viewing or Changing Secure Web Proxy Settings
Viewing or Changing Streaming Proxy Settings
Viewing or Changing Gopher Proxy Settings
Viewing or Changing Socks Firewall Proxy Settings
Managing AirPort Settings
Viewing or Changing Proxy Bypass Domains
Computer Name
Managing the Computer, Host, and Bonjour Names
Hostname
Managing Preference Files and the Configuration Daemon
Command displays 0 if the name was changed
Bonjour Name
To display the server’s Bonjour name
To set the hostname of a system
Changing Network Locations
To get the hostname of a system
To view the current locations
This example, the network location will switch to AirPort
Computer will respond with output similar to the following
Mounting and Unmounting Volumes
Understanding Disks, Partitions, and the File System
Mounting Volumes
Unmounting Volumes
To unmount a volume
To view a list of currently mounted file systems
To enable diskspacemonitor
Displaying Disk Information
Monitoring Disk Space
To display disk information
Reclaiming Disk Space Using Log-Rolling Scripts
Erasing, Modifying, Verifying, and Repairing Disks
To mount a drive
To get mount info about a partition
To erase and repartition a disk
To format a Mac OS Extended volume as case-sensitive HFS+
Command Description
Partitioning and Formatting Disks
Partitioning a Disk
Checking for Disk Problems
Labeling a Disk
Formatting a Disk
To fomat a disk
Checking to See If Journaling is Enabled
Enabling Journaling for an Existing Volume
To see if journaling is enabled
To enable journaling
Enabling Journaling When You Erase a Disk
Understanding Spotlight Technology
Disabling Journaling
Enabling and Disabling Spotlight
To enable Spotlight on your server
Performing Spotlight Searches
Restart your server
To view the metadata of a file
Managing RAID Volumes
Controlling Spotlight Indexing
To image a boot volume
Imaging and Cloning Volumes Using ASR
To repair a failed mirror
To restore a volume from an image
Working with Users and Groups
Understanding Accounts
Administering and Creating Accounts
Creating a Local Administrator User Account for a Server
To create a local administrator user account
To create an local administrator user with a specific UID
Creating a Domain Administrator User Account
To create a domain administrator user account
Checking a User’s Administrator Privileges
Creating a Nonadministrator User Account
To find the Guid of the administrator user
To see if a user is a server administrator
Specify the user ID, replacing 1234 with the new user’s ID
102
Retreiving a User’s Guid
Removing a User Account
To retrieve a user’s Guid
Review the Guid for a particular user
Disable the user account by entering the following command
Revoking a User’s Right to Access His or Her Account
To prevent a user from logging
To reenable a user account that is disabled
To terminate all of a user’s processes
Checking a Server User’s Name, UID, or Password
To change a user account attribute to a new value
Modifying a User Account
Attribute Description
Creating a Mobile User Account
To create a mobile account
Managing Home Folders
To flush the cache
Creating a User’s Home Folder
To create a home folder for a particular user
Administering Group Accounts
To create a home folder for users in the local domain
Mounting a User’s Home Folder
To mount a user’s shared home directory on an AFP server
Creating a Group Account
To add a group account
Removing a Group Account
You can remove group accounts by using the dscl tool
To remove a group account
Adding a User to a Group
You can add users to a group using the dscl tool
To add a user to a group
Removing a User from a Group
You can remove users from a group by using the dscl tool
To remove a user from a group
Review the new settings of the group
To create a nested group
Creating and Deleting Nested Group
To verify a nested group
Editing Group Records
To unnest a group
To display the information about a particular group
To delete a group
Viewing the Workgroup a User Selects at Login
Creating a Group Folder
To create a group folder
See the CreateGroupFolder man page for more information
Importing Users and Groups
To import users and groups
Writing a Record Description
Creating a Character-Delimited User Import File
Number of attributes in each account record
121
Using the StandardGroupRecord Shorthand
Using the StandardUserRecord Shorthand
An example user account looks like this
Some examples of permission settings
Setting Permissions
Viewing Permissions
Setting the umask for Individual Users
Use one of the following values to set the permission level
Use the chmod tool to change permissions for an item
Changing Permissions
See the chmod man page for more information
Securing System Accounts
Changing the Owner
Changing the Group
Securing Initial System Accounts
To disable root login
Enter the root password when prompted
Securing the Root Account
Restricting Use of the sudo Tool
Securing Single-User Boot
To set the Open Firmware password for increased security
Setting Password Policy
Computer should restart and display the login window
To change a user’s password
To view the global password policy
To set the minimum password length to 5 characters
To set a more secure global password policy
Access the help prompt and enter the command name
Finding User Account Information
See the pwpolicy man page for more information
To query for a user by name
132
Working with File Services
Managing Share Points
Listing Share Points
Creating a Share Point
To list existing share points
To create a share point
To change share point settings
Modifying a Share Point
Managing the AFP Service
Starting and Stopping AFP Service
Checking AFP Service Status
Viewing AFP Settings
Changing AFP Settings
List of AFP Settings
To change a setting
To change several settings
Allow an administrator user to masquerade as another user
Authentication mode. Can be
Whether the AFP service should restart automatically when
Location of the error log
Record user logins in the activity log
Login greeting message
Last time the login greeting was set or updated
Default = -1unlimited
List of AFP serveradmin Commands
To list connected users
Listing Connected Users
Value returned by getConnectedUsers
Disconnecting AFP Users
Sending a Message to AFP Users
To send a message
To disconnect users
Canceling a User Disconnect
To cancel a user disconnect
Computer will repond with the following output
Value Description
To list service statistic samples
Listing AFP Service Statistics
Computer will respond with the following output
Viewing AFP Log Files
To view the latest entries in a log
To display the log paths
Value displayed by
Managing the NFS Service
Starting and Stopping NFS Service
Checking NFS Service Status
Viewing NFS Service Settings
Managing the FTP Service
Starting FTP Service
Stopping FTP Service
Checking FTP Service Status
List of FTP Service Settings
Changing FTP Service Settings
Parameter ftp Description
Directory in which the FTP content is stored
Displays a banner message that appears when
Prompted to log in to the FTP. Customize to your
Own preferences
Viewing the FTP Transfer Log
List of FTP serveradmin Commands
Checking for Connected FTP Users
Managing the SMB/CIFS Service
Starting and Stopping SMB/CIFS Service
Checking SMB/CIFS Service Status
Viewing SMB/CIFS Service Settings
List of SMB/CIFS Service Settings
Changing SMB/CIFS Service Settings
Parameter smb Description
Browser service. Can be set to
Advanced pane of Windows service settings in the Server
Low errors and warnings only
Medium service start and stop, authentication failures
Server’s NetBIOS name. Can be set to a maximum
Pane of the Windows service settings in the Server Admin
Windows service settings in the Server Admin
This corresponds to the Wins Registration Off and Enable
List of SMB/CIFS serveradmin Commands
Listing SMB/CIFS Users
Disconnecting SMB/CIFS Users
Listing SMB/CIFS Service Statistics
To list SMB/CIFS connections
Computer responds with the following output
Viewing SMB/CIFS Service Logs
Location of the SMB service log
Location of the name service log
Managing ACLs
Using chmod to Modify ACLs
Following are the permissions applicable to folders
To grant a user write permission for a file
To deny a guest read permission for a file
To view the ACL of a file
Output should look like the following
160
Working with the Print Service
Understanding the Print Process
Performing Print Service Tasks
Starting and Stopping Print Service
To start print service
To stop print service
Viewing Print Service Settings
Checking the Status of Print Service
Changing Print Service Settings
Print Service Settings
Parameter print Description
Queue Data Array
Parameter printDescription
Command printcommand= Description
Managing the Print Service
Following is an example of a queue array parameter block
Pausing a Queue
Listing Queues
Listing Jobs and Job Information
To pause a queue
To hold a job
Holding a Job
To release the job
Viewing Cover Pages
Viewing Print Service Log Files
To obtain a list of available cover pages
170
Understanding the NetBoot Service
Starting and Stopping NetBoot Service
To start NetBoot service
To stop NetBoot service
Viewing NetBoot Settings
Checking NetBoot Service Status
Changing NetBoot Settings
Changing General Netboot Service Settings
Volume parameter array
Parameter netboot Description
Storage Record Array
Filters Record Array
Image Record Array
To enable NetBoot
Enabling NetBoot 1.0 for Older NetBoot Clients
Port Record Array
Booting from an Image
Using hdiutil to Work with System Images
Working with System Images
Updating an Image
Using asr to Restore System Images
Imaging Multiple Clients Using Multicast asr
Choosing a Boot Device Using systemsetup
To configure a client to receive a multicast stream
Understanding the Mail Service
Postfix Agent
Cyrus
Mailman
Managing the Mail Service
Starting and Stopping Mail Service
Checking the Status of Mail Service
Viewing Mail Service Settings
Mail Service Settings
Parameter mail Description
Default = 500s
Default = 1s
Default = domain
Default = +=
Default = 0s
Default = postfix
Default = 1000s
Default = -=+
Default = flock
Default = flush
Default = 60s
Default = postdrop
Default = 10s
Default = /usr/bin
Default = mail
Default = none
Default = smtp
Default = 7d
Default = qmgr
Default = fcntl
Default = error
Default = showq
Default = 5d
Default = host
Default = incoming
Default = active
Default = deferred
Default = bounce
Default = virtual
Default = $home
Default = rewrite
Default = 600s
Default = 30s
Default = hash
Default = Default
Default = c
Default = cyrus
Default = auxprop
193
Listing Mail Service Statistics
Mail serveradmin Commands
To list samples
Viewing the Mail Service Logs
Default = srvr.log
To display the log locations
Location of the server log
Backing Up the Mail Files
Reconstructing the Mail Database
Generating a CSR and Creating a Keychain
Setting Up SSL for Mail Service
Enter a key size at the next prompt, and then press Return
199
Accessing the Server Certificates
Obtaining an SSL Certificate
Importing an SSL Certificate into the Keychain
To import an SSL certificate into the keychain
Creating a Password File
See the certadmin man page for more information
To create a password file
To list the certificates stored in the System keychain
Configuring Mailboxes
Enabling Sieve Scripting
To enable Sieve support
Reload the mail service
Enabling Sieve Support
Sample Sieve Scripts
Self-Defined Forwarding Script
Basic Sort and Anti-Junk Mail Filter Script
Sieve Scripting Resources
206
Understanding Web Technology
Files Location
Managing the Web Service
Starting and Stopping Web Service
Checking Web Service Status
Viewing Web Settings
Serveradmin and Apache Settings
Changing Web Settings
Changing Settings Using serveradmin
Web serveradmin Commands
Viewing Service Logs
Viewing Service Statistics
Listing Hosted Sites
Value you want to display. Valid values
V1-Number of requests per second
V2-Throughput bytes/sec
V3-Cache requests per second
Addsite File
Example Script for Adding a Website
Addsite.in File
Tuning the Server Performance
To run the script
Working with Application Servers and Java
Apache Tomcat
JBoss Server
To start Apache Tomcat
To install the default database
MySQL Database
To start JBoss, enter the following
To stop JBoss, enter the following
To set the root password
To create a database
To set the network option
To start mysqld
Working with Network Services
Managing Network Services
Managing the Dhcp Service
Starting and Stopping Dhcp Service
Checking the Status of Dhcp Service
Viewing Dhcp Service Settings
Changing Dhcp Service Settings
Dhcp Service Settings
To see a list of available service settings
To change a single Dhcp setting
About Subnet IDs
Dhcp Subnet Settings Array
Subnet Parameter
General pane of the subnet settings in the Server
Not set default
Wins pane of the subnet settings in the Server
Lease time in seconds
Corresponds to the NetBIOS Scope ID field in the Wins
Adding a Dhcp Subnet
To add a subnet
Domain name such as apple.com
To add a static map
Adding a Dhcp Static Map
About Static Map IDs
List of Dhcp serveradmin Commands
Viewing the Dhcp Service Log
Command Dhcpcommand=Description
Determine the location of the Dhcp service logs
Managing the DNS Service
Starting and Stopping the DNS Service
Checking the Status of DNS Service
Viewing DNS Service Settings
Changing DNS Service Settings
DNS Service Settings
List of DNS serveradmin Commands
Viewing the DNS Service Log
Configuring IP Forwarding
Managing the Firewall Service
Starting and Stopping Firewall Service
Checking the Status of Firewall Service
Viewing Firewall Service Settings
Firewall Startup
Firewall Service Settings
Changing Firewall Service Settings
Parameter ipfilter Description
Ipfilter Groups with Rules Array
Defining Firewall Rules
Adding Rules by Modifying ipfw.conf
Unmodified ipfw.conf file
Adding Rules Using serveradmin
Ping cracker.evil.org to determine its IP address
To add a rule
An example of this would be similar to the following
Firewall serveradmin Commands
Ipfilter Rules Array
Managing the NAT Service
Viewing Firewall Service Log
Using Firewall Service to Simulate Network Activity
Location of the ipfilter service log
Starting and Stopping NAT Service
Checking the Status of NAT Service
Viewing NAT Service Settings
Changing NAT Service Settings
NAT serveradmin Commands
NAT Service Settings
Parameter nat Description
Viewing the NAT Service Log
Port Mapping
Managing the VPN Service
Starting and Stopping VPN Service
Checking the Status of VPN Service
Viewing VPN Service Settings
Changing VPN Service Settings
List of VPN Service Settings
Default = Keychain
Default = IPSec
Default = Manual
Default = L2TP
Default = PPP
Default = Dsacl
Default = Mppe
Default = Pptp
Default = EAP-RSA
List of VPN serveradmin Commands
Viewing the VPN Service Log
VPN Service Log on this
Restarted. See Using the serveradmin Tool on
Location of the VPN service log
Configuring Site-to-Site VPN
Site-to-Site VPN
Adding a VPN Keyagent User
Setting Up IP Failover
IP Failover Prerequisites
IP Failover Operation
Hardware Requirements
To enable IP failover
Enabling IP Failover
Notification Only
Configuring IP Failover
Pre and Post Scripts
To restore the NAT service to its default configuration
Restoring the Default Configuration for Server Services
Enabling PPP Dial-In
To restore the Dhcp service to its default configuration
Re-create the two default records
To restore the Qtss service to its default configuration
To restore the DNS service to its default configuration
To restore the VPN service to its default configuration
Testing Your Open Directory Configuration
Using General Directory Tools
Understanding Open Directory
Testing Open Directory Plug-ins
Changing Open Directory Service Settings
Modifying a Directory Domain
Registering URLs with SLP
Configuring Ldap
PasswordOptionsString
LDAPTimeoutUnits Default = minutes LDAPServerBackend
Managing OpenLDAP
Standard Distribution Tools
Configuring slapd and slurpd Daemons
Tool Used to
Delay Rebind
Idle Timeout
Idle Rebinding Options
Searching the Ldap Server
256
257
Using Ldif Files
Managing NetInfo
Configuring NetInfo
Additional Information About Ldap
Managing Open Directory Passwords
Open Directory Password Server
Viewing or Changing Password Policies
Enabling or Disabling Authentication Methods
Kerberos and Apple Single Sign-On
Backing Up the Kerberos Database
To dump the KDC’s database
To load KDC data from a dumped file
To add a service principal
Principal Management
To add a principal
To delete a principal
Using Directory Service Tools
Operating on Directory Service Directory Domains
Using kadmin to kerberize a service
To kerberize a service from a terminal running on that host
Finding Network Information
Manipulating a Single Named Group Record
Adding or Removing Ldap Server Configurations
Configuring the Active Directory Plug-In
To add an Ldap server
To remove an Ldap server
266
Performing Qtss Service Tasks
Understanding QuickTime Streaming Server
Starting and Stopping the Qtss Service
Checking Qtss Service Status
Viewing Qtss Settings
Changing Qtss Settings
Qtss Settings
Descriptions of Settings
Default = qtaccess
Look in the sample file for
Default = admin
Default = digest
Default = qtss
Managing Qtss
Listing Current Connections
Logs on
For connections v1, this is integer average number
Viewing Qtss Service Statistics
Connections
Send a HUP signal to this process
Forcing Qtss to Reread its Preferences
To force Qtss to reread its preferences
List the Qtss processes
Configuring Streaming Security
Resetting the Streaming Server Admin User Name and Password
To set up Sites/Streaming/ in older home folders
To reset the user name and password
Controlling Access to Streamed Media
Creating an Access File
Between terms, make sure you enclose the entire message
Quotation marks
Path and filename of the user file
Qtusers
Accessing Protected Media
Adding User Accounts and Passwords
Adding or Deleting Groups
Making Changes to the User or Group File
Manipulating QuickTime and MP4 Movies
Creating Reference Movies
Create QuickTime Atom ref movie with extension .qtl
Create XML text ref movie with extension .qtl
280
Configuring the Log File
Configuring Your System Logging
Local Logging
Configuring Remote Logging on a Client Computer
To enable remote logging on a client computer
Configuring Remote Logging on a Server
Remote Logging
Or match a single host like this
Open /etc/rc and locate the following line
PCI RAID Card Command Reference
286
287
288
Glossary
Computer account See computer list
Directory node See directory domain
Full name See long name
292
293
294
Relay point See open relay
Search path See search policy
297
298
Access
Securing Chgrp tool ACL access control list
136 Example Stopping service Naming 41
Restoring images Logs Lpr Backup Cyrus Mail files
Dynamic Host Configuration Protocol. See Dhcp
Error messages command not found Executing commands
Image Booting from 176 updating
Disk journaling
Kerberosautoconfig tool 261 keychain
Backing up Principal management 262 tools and utilities
302
QuickTime Streaming Server. See Qtss
Used by ldapsearch 255 scheduling tasks
AFP DNS
239 Terminating commands
Time, viewing or changing 57 Stopping service
Viewing service logs
Tools for remote configuration
