Mac OS X Server
Apple Computer, Inc Apple Computer, Inc. All rights reserved
Contents
Specifying the Target Computer Volume
Installing Server Software
Locating Computers for Installation
Preparing the Target Volume for a Clean Installation
Viewing or Changing Media Settings
Setting Network Preferences
Configuring Network Interfaces
Managing Network Port Configurations
Mounting Volumes
Working with Disks and Volumes
Mounting and Unmounting Volumes
Unmounting Volumes
141 Listing Connected Users 142
163
171
214 Apache Tomcat JBoss Server 215 MySQL Database
Contents
265 Configuring the Active Directory Plug-In
Glossary
Appendix
Index
Contents
About This Guide
Command Parameters and Options
Using This Guide
Commands and Other Terminal Text
Understanding Notation Conventions
Default Settings
Commands Requiring Root Privileges
This guide Tells you how to
Install Mac OS X Server and set it up for the first time
Create and manage users, groups, and computer lists. Set up
Earlier versions of the server
Manage directory and authentication services
Set up and manage QuickTime streaming services
This guide Tells you how to
Executing Commands
Opening Terminal
Test.c file in the current folder
Specifying Files and Folders
Path string Description
Folder
Redirecting Input and Output
Modifying Flow Control
Redirect Description
Using Environment Variables
Following command in a Terminal window
Executing Commands and Running Tools
Including Paths Using Drag and Drop
Correcting Typing Errors
Repeating Commands
Searching for Text Within a File
An example of a configured crontab file
Terminating Commands
Scheduling Tasks
Viewing Command Information
Sending Commands to a Remote Computer
To access a man
$ hdiutil help $ dig -h $ diff --help
Executing Commands
Understanding Secure Shell
How SSH Works
Password-Less Logins Using SSH Keys
Updating SSH Key Fingerprints
What is an SSH Man-in-the-Middle Attack?
Controlling Access to SSH Service
To access a remote computer using ssh
Connecting to a Remote Computer
Using SSH
You’re prompted for the user’s password
To disable Telnet access
Using Telnet
To enable Telnet access
To access a remote computer using telnet
Installing Server Software
To use installer to install Mac OS X Server software
Locating Computers for Installation
To list volumes available for server software
Specifying the Target Computer Volume
Preparing the Target Volume for a Clean Installation
To list computers on the local network
Installing from Multiple CDs
Automating Server Setup
Restarting After Installation
Creating a Configuration File
To save a configuration file during server setup
Installing Server Software and Finishing Basic Setup
To provide a passphrase in a file
Working with an Encrypted Configuration File
Customizing a Configuration File
To provide a passphrase interactively
Sample Configuration File
Installing Server Software and Finishing Basic Setup
Installing Server Software and Finishing Basic Setup
Configuring the Server Remotely from the Command Line
Storing a Configuration File in an Accessible Location
Using the serversetup Tool
Changing Server Settings
Using the serveradmin Tool
To display the server’s software serial number
Viewing, Validating, and Setting the Software Serial Number
General and Network Preferences
To set the server software serial number
Updating Server Software
To check for available updates
To install an update
To validate a server software serial number
Moving a Server
Installing Server Software and Finishing Basic Setup
To restart the local computer
Restarting a Computer
Automatic Restart
To restart a remote computer immediately
Shutting Down a Computer
Changing a Remote Computer’s Startup Disk
Manipulating Open Firmware Nvram Variables
Monitoring and Restarting Critical Services
Folder Usage
Restarting or Shutting Down a Computer
To display the computer name
Viewing or Changing the Computer Name
Viewing or Changing the Date and Time
To change the computer name
Viewing or Changing the System Time Zone
Viewing or Changing the System Date
Viewing or Changing the System Time
Viewing or Changing Network Time Server Usage
Viewing or Changing Sleep Settings
Viewing or Changing the Energy Saver Settings
Viewing or Changing Automatic Restart Settings
Changing the Power Management Settings
Viewing or Changing the Startup Disk Settings
Viewing or Changing Remote Login Settings
Viewing or Changing the Sharing Settings
Viewing or Changing the International Settings
Viewing or Changing Apple Event Response
Disables the buttons and 1 enables the buttons
Viewing and Changing the Login Settings
To view the current setting
Setting Network Preferences
Configuring Network Interfaces
Viewing Port Names and Hardware Addresses
Managing Network Interface Information
Viewing or Changing MTU Values
Creating or Deleting Port Configurations
Managing Network Port Configurations
Viewing or Changing Media Settings
Activating Port Configurations
To change the order of the port configurations
Managing TCP/IP Settings
Changing a Server’s IP Address
Run the changeip tool
To change a server’s IP address
To change the IP address of a standalone server
To view TCP/IP settings for a particular port or device
To list TCP/IP settings for a configuration
To view TCP/IP settings for port en0
To change TCP/IP settings for a particular port or device
Viewing or Changing DNS Servers
Working with VLANs
Enabling TCP/IP
Ieee 802.3ad Ethernet Link Aggregation
Configuring a Network Interface
Configuring Ethernet Link Aggregation
Managing AppleTalk Settings
Managing Snmp Settings
Starting Snmp
Installing Snmp
Open the /etc/hostconfig file Locate the line
Immediately above it, add this line
To identify the process id
Configuring Snmp
To start the snmp agent manually
To stop snmpd
To start snmpd, execute this as root
Collecting Snmp Information from the Host
To view the snmp.conf file
Other options in the menu you were working in are
Managing Proxy Settings
Viewing or Changing FTP Proxy Settings
Viewing or Changing Streaming Proxy Settings
Viewing or Changing Web Proxy Settings
Viewing or Changing Secure Web Proxy Settings
Viewing or Changing Gopher Proxy Settings
Viewing or Changing Socks Firewall Proxy Settings
Managing AirPort Settings
Viewing or Changing Proxy Bypass Domains
Computer Name
Managing the Computer, Host, and Bonjour Names
Hostname
Bonjour Name
Managing Preference Files and the Configuration Daemon
Command displays 0 if the name was changed
To display the server’s Bonjour name
To set the hostname of a system
Changing Network Locations
To get the hostname of a system
To view the current locations
This example, the network location will switch to AirPort
Computer will respond with output similar to the following
Mounting and Unmounting Volumes
Understanding Disks, Partitions, and the File System
To unmount a volume
Mounting Volumes
Unmounting Volumes
To view a list of currently mounted file systems
Monitoring Disk Space
To enable diskspacemonitor
Displaying Disk Information
To display disk information
Reclaiming Disk Space Using Log-Rolling Scripts
Erasing, Modifying, Verifying, and Repairing Disks
To mount a drive
To get mount info about a partition
To erase and repartition a disk
Partitioning and Formatting Disks
To format a Mac OS Extended volume as case-sensitive HFS+
Command Description
Partitioning a Disk
Formatting a Disk
Checking for Disk Problems
Labeling a Disk
To fomat a disk
To see if journaling is enabled
Checking to See If Journaling is Enabled
Enabling Journaling for an Existing Volume
To enable journaling
Disabling Journaling
Enabling Journaling When You Erase a Disk
Understanding Spotlight Technology
Enabling and Disabling Spotlight
Restart your server
To enable Spotlight on your server
Performing Spotlight Searches
To view the metadata of a file
Managing RAID Volumes
Controlling Spotlight Indexing
To image a boot volume
Imaging and Cloning Volumes Using ASR
To repair a failed mirror
To restore a volume from an image
Working with Users and Groups
Understanding Accounts
To create a local administrator user account
Administering and Creating Accounts
Creating a Local Administrator User Account for a Server
To create an local administrator user with a specific UID
Creating a Domain Administrator User Account
To create a domain administrator user account
To find the Guid of the administrator user
Checking a User’s Administrator Privileges
Creating a Nonadministrator User Account
To see if a user is a server administrator
Specify the user ID, replacing 1234 with the new user’s ID
102
To retrieve a user’s Guid
Retreiving a User’s Guid
Removing a User Account
Review the Guid for a particular user
Disable the user account by entering the following command
Revoking a User’s Right to Access His or Her Account
To prevent a user from logging
To reenable a user account that is disabled
To terminate all of a user’s processes
Checking a Server User’s Name, UID, or Password
To change a user account attribute to a new value
Modifying a User Account
Attribute Description
Creating a Mobile User Account
To create a mobile account
Creating a User’s Home Folder
Managing Home Folders
To flush the cache
To create a home folder for a particular user
Mounting a User’s Home Folder
Administering Group Accounts
To create a home folder for users in the local domain
To mount a user’s shared home directory on an AFP server
Creating a Group Account
To add a group account
Removing a Group Account
You can remove group accounts by using the dscl tool
To remove a group account
Adding a User to a Group
You can add users to a group using the dscl tool
To add a user to a group
Removing a User from a Group
You can remove users from a group by using the dscl tool
To remove a user from a group
Review the new settings of the group
To create a nested group
Creating and Deleting Nested Group
To verify a nested group
To display the information about a particular group
Editing Group Records
To unnest a group
To delete a group
To create a group folder
Viewing the Workgroup a User Selects at Login
Creating a Group Folder
See the CreateGroupFolder man page for more information
Importing Users and Groups
To import users and groups
Writing a Record Description
Creating a Character-Delimited User Import File
Number of attributes in each account record
121
Using the StandardGroupRecord Shorthand
Using the StandardUserRecord Shorthand
An example user account looks like this
Some examples of permission settings
Setting Permissions
Viewing Permissions
Setting the umask for Individual Users
Use one of the following values to set the permission level
Use the chmod tool to change permissions for an item
Changing Permissions
See the chmod man page for more information
Changing the Group
Securing System Accounts
Changing the Owner
Securing Initial System Accounts
Securing the Root Account
To disable root login
Enter the root password when prompted
Restricting Use of the sudo Tool
Securing Single-User Boot
To set the Open Firmware password for increased security
Setting Password Policy
Computer should restart and display the login window
To set the minimum password length to 5 characters
To change a user’s password
To view the global password policy
To set a more secure global password policy
See the pwpolicy man page for more information
Access the help prompt and enter the command name
Finding User Account Information
To query for a user by name
132
Working with File Services
Managing Share Points
To list existing share points
Listing Share Points
Creating a Share Point
To create a share point
To change share point settings
Modifying a Share Point
Checking AFP Service Status
Managing the AFP Service
Starting and Stopping AFP Service
Viewing AFP Settings
To change a setting
Changing AFP Settings
List of AFP Settings
To change several settings
Whether the AFP service should restart automatically when
Allow an administrator user to masquerade as another user
Authentication mode. Can be
Location of the error log
Last time the login greeting was set or updated
Record user logins in the activity log
Login greeting message
Default = -1unlimited
List of AFP serveradmin Commands
To list connected users
Listing Connected Users
Value returned by getConnectedUsers
To send a message
Disconnecting AFP Users
Sending a Message to AFP Users
To disconnect users
Computer will repond with the following output
Canceling a User Disconnect
To cancel a user disconnect
Value Description
To list service statistic samples
Listing AFP Service Statistics
Computer will respond with the following output
To display the log paths
Viewing AFP Log Files
To view the latest entries in a log
Value displayed by
Checking NFS Service Status
Managing the NFS Service
Starting and Stopping NFS Service
Viewing NFS Service Settings
Stopping FTP Service
Managing the FTP Service
Starting FTP Service
Checking FTP Service Status
List of FTP Service Settings
Changing FTP Service Settings
Parameter ftp Description
Prompted to log in to the FTP. Customize to your
Directory in which the FTP content is stored
Displays a banner message that appears when
Own preferences
Viewing the FTP Transfer Log
List of FTP serveradmin Commands
Checking for Connected FTP Users
Checking SMB/CIFS Service Status
Managing the SMB/CIFS Service
Starting and Stopping SMB/CIFS Service
Viewing SMB/CIFS Service Settings
List of SMB/CIFS Service Settings
Changing SMB/CIFS Service Settings
Parameter smb Description
Low errors and warnings only
Browser service. Can be set to
Advanced pane of Windows service settings in the Server
Medium service start and stop, authentication failures
Windows service settings in the Server Admin
Server’s NetBIOS name. Can be set to a maximum
Pane of the Windows service settings in the Server Admin
This corresponds to the Wins Registration Off and Enable
List of SMB/CIFS serveradmin Commands
Listing SMB/CIFS Users
To list SMB/CIFS connections
Disconnecting SMB/CIFS Users
Listing SMB/CIFS Service Statistics
Computer responds with the following output
Location of the name service log
Viewing SMB/CIFS Service Logs
Location of the SMB service log
Managing ACLs
To grant a user write permission for a file
Using chmod to Modify ACLs
Following are the permissions applicable to folders
To deny a guest read permission for a file
To view the ACL of a file
Output should look like the following
160
Working with the Print Service
Understanding the Print Process
To start print service
Performing Print Service Tasks
Starting and Stopping Print Service
To stop print service
Viewing Print Service Settings
Checking the Status of Print Service
Changing Print Service Settings
Print Service Settings
Parameter print Description
Queue Data Array
Parameter printDescription
Command printcommand= Description
Managing the Print Service
Following is an example of a queue array parameter block
Listing Jobs and Job Information
Pausing a Queue
Listing Queues
To pause a queue
To hold a job
Holding a Job
To release the job
Viewing Cover Pages
Viewing Print Service Log Files
To obtain a list of available cover pages
170
To start NetBoot service
Understanding the NetBoot Service
Starting and Stopping NetBoot Service
To stop NetBoot service
Viewing NetBoot Settings
Checking NetBoot Service Status
Changing NetBoot Settings
Parameter netboot Description
Changing General Netboot Service Settings
Volume parameter array
Storage Record Array
Filters Record Array
Image Record Array
To enable NetBoot
Enabling NetBoot 1.0 for Older NetBoot Clients
Port Record Array
Working with System Images
Booting from an Image
Using hdiutil to Work with System Images
Updating an Image
Using asr to Restore System Images
Imaging Multiple Clients Using Multicast asr
Choosing a Boot Device Using systemsetup
To configure a client to receive a multicast stream
Understanding the Mail Service
Postfix Agent
Cyrus
Mailman
Checking the Status of Mail Service
Managing the Mail Service
Starting and Stopping Mail Service
Viewing Mail Service Settings
Mail Service Settings
Parameter mail Description
Default = domain
Default = 500s
Default = 1s
Default = +=
Default = 1000s
Default = 0s
Default = postfix
Default = -=+
Default = 60s
Default = flock
Default = flush
Default = postdrop
Default = mail
Default = 10s
Default = /usr/bin
Default = none
Default = qmgr
Default = smtp
Default = 7d
Default = fcntl
Default = 5d
Default = error
Default = showq
Default = host
Default = deferred
Default = incoming
Default = active
Default = bounce
Default = rewrite
Default = virtual
Default = $home
Default = 600s
Default = Default
Default = 30s
Default = hash
Default = c
Default = cyrus
Default = auxprop
193
Listing Mail Service Statistics
Mail serveradmin Commands
To list samples
To display the log locations
Viewing the Mail Service Logs
Default = srvr.log
Location of the server log
Backing Up the Mail Files
Reconstructing the Mail Database
Generating a CSR and Creating a Keychain
Setting Up SSL for Mail Service
Enter a key size at the next prompt, and then press Return
199
Importing an SSL Certificate into the Keychain
Accessing the Server Certificates
Obtaining an SSL Certificate
To import an SSL certificate into the keychain
To create a password file
Creating a Password File
See the certadmin man page for more information
To list the certificates stored in the System keychain
Configuring Mailboxes
Enabling Sieve Scripting
Enabling Sieve Support
To enable Sieve support
Reload the mail service
Sample Sieve Scripts
Self-Defined Forwarding Script
Basic Sort and Anti-Junk Mail Filter Script
Sieve Scripting Resources
206
Understanding Web Technology
Files Location
Checking Web Service Status
Managing the Web Service
Starting and Stopping Web Service
Viewing Web Settings
Serveradmin and Apache Settings
Changing Web Settings
Changing Settings Using serveradmin
Viewing Service Statistics
Web serveradmin Commands
Viewing Service Logs
Listing Hosted Sites
V2-Throughput bytes/sec
Value you want to display. Valid values
V1-Number of requests per second
V3-Cache requests per second
Addsite File
Example Script for Adding a Website
Addsite.in File
Tuning the Server Performance
To run the script
JBoss Server
Working with Application Servers and Java
Apache Tomcat
To start Apache Tomcat
To start JBoss, enter the following
To install the default database
MySQL Database
To stop JBoss, enter the following
To set the network option
To set the root password
To create a database
To start mysqld
Working with Network Services
Managing Network Services
Checking the Status of Dhcp Service
Managing the Dhcp Service
Starting and Stopping Dhcp Service
Viewing Dhcp Service Settings
To see a list of available service settings
Changing Dhcp Service Settings
Dhcp Service Settings
To change a single Dhcp setting
About Subnet IDs
Dhcp Subnet Settings Array
Subnet Parameter
Wins pane of the subnet settings in the Server
General pane of the subnet settings in the Server
Not set default
Lease time in seconds
To add a subnet
Corresponds to the NetBIOS Scope ID field in the Wins
Adding a Dhcp Subnet
Domain name such as apple.com
To add a static map
Adding a Dhcp Static Map
About Static Map IDs
Command Dhcpcommand=Description
List of Dhcp serveradmin Commands
Viewing the Dhcp Service Log
Determine the location of the Dhcp service logs
Checking the Status of DNS Service
Managing the DNS Service
Starting and Stopping the DNS Service
Viewing DNS Service Settings
List of DNS serveradmin Commands
Changing DNS Service Settings
DNS Service Settings
Viewing the DNS Service Log
Configuring IP Forwarding
Managing the Firewall Service
Viewing Firewall Service Settings
Starting and Stopping Firewall Service
Checking the Status of Firewall Service
Firewall Startup
Firewall Service Settings
Changing Firewall Service Settings
Parameter ipfilter Description
Ipfilter Groups with Rules Array
Defining Firewall Rules
Adding Rules by Modifying ipfw.conf
Unmodified ipfw.conf file
To add a rule
Adding Rules Using serveradmin
Ping cracker.evil.org to determine its IP address
An example of this would be similar to the following
Firewall serveradmin Commands
Ipfilter Rules Array
Using Firewall Service to Simulate Network Activity
Managing the NAT Service
Viewing Firewall Service Log
Location of the ipfilter service log
Viewing NAT Service Settings
Starting and Stopping NAT Service
Checking the Status of NAT Service
Changing NAT Service Settings
NAT serveradmin Commands
NAT Service Settings
Parameter nat Description
Viewing the NAT Service Log
Port Mapping
Checking the Status of VPN Service
Managing the VPN Service
Starting and Stopping VPN Service
Viewing VPN Service Settings
Default = Keychain
Changing VPN Service Settings
List of VPN Service Settings
Default = IPSec
Default = PPP
Default = Manual
Default = L2TP
Default = Dsacl
Default = Mppe
Default = Pptp
Default = EAP-RSA
VPN Service Log on this
List of VPN serveradmin Commands
Viewing the VPN Service Log
Restarted. See Using the serveradmin Tool on
Location of the VPN service log
Configuring Site-to-Site VPN
Site-to-Site VPN
Adding a VPN Keyagent User
IP Failover Operation
Setting Up IP Failover
IP Failover Prerequisites
Hardware Requirements
To enable IP failover
Enabling IP Failover
Notification Only
Configuring IP Failover
Pre and Post Scripts
To restore the NAT service to its default configuration
Restoring the Default Configuration for Server Services
Enabling PPP Dial-In
To restore the Qtss service to its default configuration
To restore the Dhcp service to its default configuration
Re-create the two default records
To restore the DNS service to its default configuration
To restore the VPN service to its default configuration
Testing Your Open Directory Configuration
Using General Directory Tools
Understanding Open Directory
Modifying a Directory Domain
Testing Open Directory Plug-ins
Changing Open Directory Service Settings
Registering URLs with SLP
LDAPTimeoutUnits Default = minutes LDAPServerBackend
Configuring Ldap
PasswordOptionsString
Managing OpenLDAP
Standard Distribution Tools
Configuring slapd and slurpd Daemons
Tool Used to
Idle Rebinding Options
Delay Rebind
Idle Timeout
Searching the Ldap Server
256
257
Using Ldif Files
Managing NetInfo
Configuring NetInfo
Additional Information About Ldap
Viewing or Changing Password Policies
Managing Open Directory Passwords
Open Directory Password Server
Enabling or Disabling Authentication Methods
To dump the KDC’s database
Kerberos and Apple Single Sign-On
Backing Up the Kerberos Database
To load KDC data from a dumped file
To add a principal
To add a service principal
Principal Management
To delete a principal
Using kadmin to kerberize a service
Using Directory Service Tools
Operating on Directory Service Directory Domains
To kerberize a service from a terminal running on that host
Finding Network Information
Manipulating a Single Named Group Record
To add an Ldap server
Adding or Removing Ldap Server Configurations
Configuring the Active Directory Plug-In
To remove an Ldap server
266
Performing Qtss Service Tasks
Understanding QuickTime Streaming Server
Viewing Qtss Settings
Starting and Stopping the Qtss Service
Checking Qtss Service Status
Changing Qtss Settings
Default = qtaccess
Qtss Settings
Descriptions of Settings
Look in the sample file for
Default = admin
Default = digest
Listing Current Connections
Default = qtss
Managing Qtss
Logs on
For connections v1, this is integer average number
Viewing Qtss Service Statistics
Connections
To force Qtss to reread its preferences
Send a HUP signal to this process
Forcing Qtss to Reread its Preferences
List the Qtss processes
To set up Sites/Streaming/ in older home folders
Configuring Streaming Security
Resetting the Streaming Server Admin User Name and Password
To reset the user name and password
Controlling Access to Streamed Media
Creating an Access File
Path and filename of the user file
Between terms, make sure you enclose the entire message
Quotation marks
Qtusers
Adding or Deleting Groups
Accessing Protected Media
Adding User Accounts and Passwords
Making Changes to the User or Group File
Create QuickTime Atom ref movie with extension .qtl
Manipulating QuickTime and MP4 Movies
Creating Reference Movies
Create XML text ref movie with extension .qtl
280
Configuring the Log File
Configuring Your System Logging
Local Logging
Configuring Remote Logging on a Server
Configuring Remote Logging on a Client Computer
To enable remote logging on a client computer
Remote Logging
Or match a single host like this
Open /etc/rc and locate the following line
PCI RAID Card Command Reference
286
287
288
Glossary
Computer account See computer list
Directory node See directory domain
Full name See long name
292
293
294
Relay point See open relay
Search path See search policy
297
298
136 Example Stopping service Naming 41
Access
Securing Chgrp tool ACL access control list
Restoring images Logs Lpr Backup Cyrus Mail files
Image Booting from 176 updating
Dynamic Host Configuration Protocol. See Dhcp
Error messages command not found Executing commands
Disk journaling
Kerberosautoconfig tool 261 keychain
Backing up Principal management 262 tools and utilities
302
QuickTime Streaming Server. See Qtss
Used by ldapsearch 255 scheduling tasks
AFP DNS
Viewing service logs
239 Terminating commands
Time, viewing or changing 57 Stopping service
Tools for remote configuration
