Mac OS X Server
Apple Computer, Inc Apple Computer, Inc. All rights reserved
Contents
Locating Computers for Installation
Installing Server Software
Specifying the Target Computer Volume
Preparing the Target Volume for a Clean Installation
Configuring Network Interfaces
Setting Network Preferences
Viewing or Changing Media Settings
Managing Network Port Configurations
Mounting and Unmounting Volumes
Working with Disks and Volumes
Mounting Volumes
Unmounting Volumes
141 Listing Connected Users 142
163
171
214 Apache Tomcat JBoss Server 215 MySQL Database
Contents
265 Configuring the Active Directory Plug-In
Glossary
Appendix
Index
Contents
About This Guide
Commands and Other Terminal Text
Using This Guide
Command Parameters and Options
Understanding Notation Conventions
Commands Requiring Root Privileges
Default Settings
Create and manage users, groups, and computer lists. Set up
Install Mac OS X Server and set it up for the first time
This guide Tells you how to
Earlier versions of the server
Set up and manage QuickTime streaming services
Manage directory and authentication services
This guide Tells you how to
Opening Terminal
Executing Commands
Path string Description
Specifying Files and Folders
Test.c file in the current folder
Folder
Redirecting Input and Output
Modifying Flow Control
Redirect Description
Following command in a Terminal window
Using Environment Variables
Executing Commands and Running Tools
Repeating Commands
Correcting Typing Errors
Including Paths Using Drag and Drop
Searching for Text Within a File
An example of a configured crontab file
Terminating Commands
Scheduling Tasks
Viewing Command Information
Sending Commands to a Remote Computer
To access a man
$ hdiutil help $ dig -h $ diff --help
Executing Commands
How SSH Works
Understanding Secure Shell
Password-Less Logins Using SSH Keys
Updating SSH Key Fingerprints
Controlling Access to SSH Service
What is an SSH Man-in-the-Middle Attack?
Using SSH
Connecting to a Remote Computer
To access a remote computer using ssh
You’re prompted for the user’s password
To enable Telnet access
Using Telnet
To disable Telnet access
To access a remote computer using telnet
To use installer to install Mac OS X Server software
Installing Server Software
Locating Computers for Installation
Preparing the Target Volume for a Clean Installation
Specifying the Target Computer Volume
To list volumes available for server software
To list computers on the local network
Installing from Multiple CDs
Automating Server Setup
Restarting After Installation
To save a configuration file during server setup
Creating a Configuration File
Installing Server Software and Finishing Basic Setup
Customizing a Configuration File
Working with an Encrypted Configuration File
To provide a passphrase in a file
To provide a passphrase interactively
Sample Configuration File
Installing Server Software and Finishing Basic Setup
Installing Server Software and Finishing Basic Setup
Storing a Configuration File in an Accessible Location
Configuring the Server Remotely from the Command Line
Using the serversetup Tool
Changing Server Settings
Using the serveradmin Tool
General and Network Preferences
Viewing, Validating, and Setting the Software Serial Number
To display the server’s software serial number
To set the server software serial number
To install an update
To check for available updates
Updating Server Software
To validate a server software serial number
Moving a Server
Installing Server Software and Finishing Basic Setup
Automatic Restart
Restarting a Computer
To restart the local computer
To restart a remote computer immediately
Shutting Down a Computer
Changing a Remote Computer’s Startup Disk
Manipulating Open Firmware Nvram Variables
Folder Usage
Monitoring and Restarting Critical Services
Restarting or Shutting Down a Computer
Viewing or Changing the Date and Time
Viewing or Changing the Computer Name
To display the computer name
To change the computer name
Viewing or Changing the System Time
Viewing or Changing the System Date
Viewing or Changing the System Time Zone
Viewing or Changing Network Time Server Usage
Viewing or Changing Sleep Settings
Viewing or Changing the Energy Saver Settings
Viewing or Changing Automatic Restart Settings
Viewing or Changing the Startup Disk Settings
Changing the Power Management Settings
Viewing or Changing the International Settings
Viewing or Changing the Sharing Settings
Viewing or Changing Remote Login Settings
Viewing or Changing Apple Event Response
Disables the buttons and 1 enables the buttons
Viewing and Changing the Login Settings
To view the current setting
Configuring Network Interfaces
Setting Network Preferences
Viewing Port Names and Hardware Addresses
Managing Network Interface Information
Viewing or Changing MTU Values
Viewing or Changing Media Settings
Managing Network Port Configurations
Creating or Deleting Port Configurations
Activating Port Configurations
To change the order of the port configurations
Managing TCP/IP Settings
Changing a Server’s IP Address
Run the changeip tool
To change a server’s IP address
To change the IP address of a standalone server
To view TCP/IP settings for port en0
To list TCP/IP settings for a configuration
To view TCP/IP settings for a particular port or device
To change TCP/IP settings for a particular port or device
Viewing or Changing DNS Servers
Working with VLANs
Enabling TCP/IP
Ieee 802.3ad Ethernet Link Aggregation
Configuring Ethernet Link Aggregation
Configuring a Network Interface
Managing Snmp Settings
Managing AppleTalk Settings
Open the /etc/hostconfig file Locate the line
Installing Snmp
Starting Snmp
Immediately above it, add this line
To start the snmp agent manually
Configuring Snmp
To identify the process id
To stop snmpd
To view the snmp.conf file
Collecting Snmp Information from the Host
To start snmpd, execute this as root
Other options in the menu you were working in are
Viewing or Changing FTP Proxy Settings
Managing Proxy Settings
Viewing or Changing Secure Web Proxy Settings
Viewing or Changing Web Proxy Settings
Viewing or Changing Streaming Proxy Settings
Viewing or Changing Gopher Proxy Settings
Viewing or Changing Socks Firewall Proxy Settings
Managing AirPort Settings
Viewing or Changing Proxy Bypass Domains
Computer Name
Managing the Computer, Host, and Bonjour Names
Hostname
Command displays 0 if the name was changed
Managing Preference Files and the Configuration Daemon
Bonjour Name
To display the server’s Bonjour name
To set the hostname of a system
Changing Network Locations
To get the hostname of a system
To view the current locations
This example, the network location will switch to AirPort
Computer will respond with output similar to the following
Understanding Disks, Partitions, and the File System
Mounting and Unmounting Volumes
Unmounting Volumes
Mounting Volumes
To unmount a volume
To view a list of currently mounted file systems
Displaying Disk Information
To enable diskspacemonitor
Monitoring Disk Space
To display disk information
Reclaiming Disk Space Using Log-Rolling Scripts
Erasing, Modifying, Verifying, and Repairing Disks
To mount a drive
To get mount info about a partition
To erase and repartition a disk
Command Description
To format a Mac OS Extended volume as case-sensitive HFS+
Partitioning and Formatting Disks
Partitioning a Disk
Labeling a Disk
Checking for Disk Problems
Formatting a Disk
To fomat a disk
Enabling Journaling for an Existing Volume
Checking to See If Journaling is Enabled
To see if journaling is enabled
To enable journaling
Understanding Spotlight Technology
Enabling Journaling When You Erase a Disk
Disabling Journaling
Enabling and Disabling Spotlight
Performing Spotlight Searches
To enable Spotlight on your server
Restart your server
To view the metadata of a file
Controlling Spotlight Indexing
Managing RAID Volumes
To image a boot volume
Imaging and Cloning Volumes Using ASR
To repair a failed mirror
To restore a volume from an image
Understanding Accounts
Working with Users and Groups
Creating a Local Administrator User Account for a Server
Administering and Creating Accounts
To create a local administrator user account
To create an local administrator user with a specific UID
To create a domain administrator user account
Creating a Domain Administrator User Account
Creating a Nonadministrator User Account
Checking a User’s Administrator Privileges
To find the Guid of the administrator user
To see if a user is a server administrator
Specify the user ID, replacing 1234 with the new user’s ID
102
Removing a User Account
Retreiving a User’s Guid
To retrieve a user’s Guid
Review the Guid for a particular user
Disable the user account by entering the following command
Revoking a User’s Right to Access His or Her Account
To prevent a user from logging
To terminate all of a user’s processes
To reenable a user account that is disabled
Checking a Server User’s Name, UID, or Password
To change a user account attribute to a new value
Modifying a User Account
Attribute Description
To create a mobile account
Creating a Mobile User Account
To flush the cache
Managing Home Folders
Creating a User’s Home Folder
To create a home folder for a particular user
To create a home folder for users in the local domain
Administering Group Accounts
Mounting a User’s Home Folder
To mount a user’s shared home directory on an AFP server
To add a group account
Creating a Group Account
Removing a Group Account
You can remove group accounts by using the dscl tool
To remove a group account
Adding a User to a Group
You can add users to a group using the dscl tool
To add a user to a group
Removing a User from a Group
You can remove users from a group by using the dscl tool
To remove a user from a group
Review the new settings of the group
To create a nested group
Creating and Deleting Nested Group
To verify a nested group
To unnest a group
Editing Group Records
To display the information about a particular group
To delete a group
Creating a Group Folder
Viewing the Workgroup a User Selects at Login
To create a group folder
See the CreateGroupFolder man page for more information
To import users and groups
Importing Users and Groups
Writing a Record Description
Creating a Character-Delimited User Import File
Number of attributes in each account record
121
Using the StandardGroupRecord Shorthand
Using the StandardUserRecord Shorthand
An example user account looks like this
Some examples of permission settings
Setting Permissions
Viewing Permissions
Use one of the following values to set the permission level
Setting the umask for Individual Users
Use the chmod tool to change permissions for an item
Changing Permissions
See the chmod man page for more information
Changing the Owner
Securing System Accounts
Changing the Group
Securing Initial System Accounts
Enter the root password when prompted
To disable root login
Securing the Root Account
Restricting Use of the sudo Tool
Securing Single-User Boot
To set the Open Firmware password for increased security
Setting Password Policy
Computer should restart and display the login window
To view the global password policy
To change a user’s password
To set the minimum password length to 5 characters
To set a more secure global password policy
Finding User Account Information
Access the help prompt and enter the command name
See the pwpolicy man page for more information
To query for a user by name
132
Managing Share Points
Working with File Services
Creating a Share Point
Listing Share Points
To list existing share points
To create a share point
Modifying a Share Point
To change share point settings
Starting and Stopping AFP Service
Managing the AFP Service
Checking AFP Service Status
Viewing AFP Settings
List of AFP Settings
Changing AFP Settings
To change a setting
To change several settings
Authentication mode. Can be
Allow an administrator user to masquerade as another user
Whether the AFP service should restart automatically when
Location of the error log
Login greeting message
Record user logins in the activity log
Last time the login greeting was set or updated
Default = -1unlimited
List of AFP serveradmin Commands
To list connected users
Listing Connected Users
Value returned by getConnectedUsers
Sending a Message to AFP Users
Disconnecting AFP Users
To send a message
To disconnect users
To cancel a user disconnect
Canceling a User Disconnect
Computer will repond with the following output
Value Description
To list service statistic samples
Listing AFP Service Statistics
Computer will respond with the following output
To view the latest entries in a log
Viewing AFP Log Files
To display the log paths
Value displayed by
Starting and Stopping NFS Service
Managing the NFS Service
Checking NFS Service Status
Viewing NFS Service Settings
Starting FTP Service
Managing the FTP Service
Stopping FTP Service
Checking FTP Service Status
List of FTP Service Settings
Changing FTP Service Settings
Parameter ftp Description
Displays a banner message that appears when
Directory in which the FTP content is stored
Prompted to log in to the FTP. Customize to your
Own preferences
Viewing the FTP Transfer Log
List of FTP serveradmin Commands
Checking for Connected FTP Users
Starting and Stopping SMB/CIFS Service
Managing the SMB/CIFS Service
Checking SMB/CIFS Service Status
Viewing SMB/CIFS Service Settings
List of SMB/CIFS Service Settings
Changing SMB/CIFS Service Settings
Parameter smb Description
Advanced pane of Windows service settings in the Server
Browser service. Can be set to
Low errors and warnings only
Medium service start and stop, authentication failures
Pane of the Windows service settings in the Server Admin
Server’s NetBIOS name. Can be set to a maximum
Windows service settings in the Server Admin
This corresponds to the Wins Registration Off and Enable
Listing SMB/CIFS Users
List of SMB/CIFS serveradmin Commands
Listing SMB/CIFS Service Statistics
Disconnecting SMB/CIFS Users
To list SMB/CIFS connections
Computer responds with the following output
Location of the SMB service log
Viewing SMB/CIFS Service Logs
Location of the name service log
Managing ACLs
Following are the permissions applicable to folders
Using chmod to Modify ACLs
To grant a user write permission for a file
To deny a guest read permission for a file
Output should look like the following
To view the ACL of a file
160
Understanding the Print Process
Working with the Print Service
Starting and Stopping Print Service
Performing Print Service Tasks
To start print service
To stop print service
Viewing Print Service Settings
Checking the Status of Print Service
Changing Print Service Settings
Parameter print Description
Print Service Settings
Parameter printDescription
Queue Data Array
Command printcommand= Description
Managing the Print Service
Following is an example of a queue array parameter block
Listing Queues
Pausing a Queue
Listing Jobs and Job Information
To pause a queue
To hold a job
Holding a Job
To release the job
Viewing Cover Pages
Viewing Print Service Log Files
To obtain a list of available cover pages
170
Starting and Stopping NetBoot Service
Understanding the NetBoot Service
To start NetBoot service
To stop NetBoot service
Viewing NetBoot Settings
Checking NetBoot Service Status
Changing NetBoot Settings
Volume parameter array
Changing General Netboot Service Settings
Parameter netboot Description
Storage Record Array
Image Record Array
Filters Record Array
To enable NetBoot
Enabling NetBoot 1.0 for Older NetBoot Clients
Port Record Array
Using hdiutil to Work with System Images
Booting from an Image
Working with System Images
Updating an Image
Imaging Multiple Clients Using Multicast asr
Using asr to Restore System Images
To configure a client to receive a multicast stream
Choosing a Boot Device Using systemsetup
Postfix Agent
Understanding the Mail Service
Mailman
Cyrus
Starting and Stopping Mail Service
Managing the Mail Service
Checking the Status of Mail Service
Viewing Mail Service Settings
Parameter mail Description
Mail Service Settings
Default = 1s
Default = 500s
Default = domain
Default = +=
Default = postfix
Default = 0s
Default = 1000s
Default = -=+
Default = flush
Default = flock
Default = 60s
Default = postdrop
Default = /usr/bin
Default = 10s
Default = mail
Default = none
Default = 7d
Default = smtp
Default = qmgr
Default = fcntl
Default = showq
Default = error
Default = 5d
Default = host
Default = active
Default = incoming
Default = deferred
Default = bounce
Default = $home
Default = virtual
Default = rewrite
Default = 600s
Default = hash
Default = 30s
Default = Default
Default = c
Default = auxprop
Default = cyrus
193
Listing Mail Service Statistics
Mail serveradmin Commands
To list samples
Default = srvr.log
Viewing the Mail Service Logs
To display the log locations
Location of the server log
Backing Up the Mail Files
Reconstructing the Mail Database
Generating a CSR and Creating a Keychain
Setting Up SSL for Mail Service
Enter a key size at the next prompt, and then press Return
199
Obtaining an SSL Certificate
Accessing the Server Certificates
Importing an SSL Certificate into the Keychain
To import an SSL certificate into the keychain
See the certadmin man page for more information
Creating a Password File
To create a password file
To list the certificates stored in the System keychain
Enabling Sieve Scripting
Configuring Mailboxes
Reload the mail service
To enable Sieve support
Enabling Sieve Support
Sample Sieve Scripts
Basic Sort and Anti-Junk Mail Filter Script
Self-Defined Forwarding Script
Sieve Scripting Resources
206
Files Location
Understanding Web Technology
Starting and Stopping Web Service
Managing the Web Service
Checking Web Service Status
Viewing Web Settings
Serveradmin and Apache Settings
Changing Web Settings
Changing Settings Using serveradmin
Viewing Service Logs
Web serveradmin Commands
Viewing Service Statistics
Listing Hosted Sites
V1-Number of requests per second
Value you want to display. Valid values
V2-Throughput bytes/sec
V3-Cache requests per second
Addsite File
Example Script for Adding a Website
Addsite.in File
To run the script
Tuning the Server Performance
Apache Tomcat
Working with Application Servers and Java
JBoss Server
To start Apache Tomcat
MySQL Database
To install the default database
To start JBoss, enter the following
To stop JBoss, enter the following
To create a database
To set the root password
To set the network option
To start mysqld
Managing Network Services
Working with Network Services
Starting and Stopping Dhcp Service
Managing the Dhcp Service
Checking the Status of Dhcp Service
Viewing Dhcp Service Settings
Dhcp Service Settings
Changing Dhcp Service Settings
To see a list of available service settings
To change a single Dhcp setting
About Subnet IDs
Dhcp Subnet Settings Array
Subnet Parameter
Not set default
General pane of the subnet settings in the Server
Wins pane of the subnet settings in the Server
Lease time in seconds
Adding a Dhcp Subnet
Corresponds to the NetBIOS Scope ID field in the Wins
To add a subnet
Domain name such as apple.com
To add a static map
Adding a Dhcp Static Map
About Static Map IDs
Viewing the Dhcp Service Log
List of Dhcp serveradmin Commands
Command Dhcpcommand=Description
Determine the location of the Dhcp service logs
Starting and Stopping the DNS Service
Managing the DNS Service
Checking the Status of DNS Service
Viewing DNS Service Settings
DNS Service Settings
Changing DNS Service Settings
List of DNS serveradmin Commands
Viewing the DNS Service Log
Managing the Firewall Service
Configuring IP Forwarding
Checking the Status of Firewall Service
Starting and Stopping Firewall Service
Viewing Firewall Service Settings
Firewall Startup
Firewall Service Settings
Changing Firewall Service Settings
Parameter ipfilter Description
Ipfilter Groups with Rules Array
Defining Firewall Rules
Adding Rules by Modifying ipfw.conf
Unmodified ipfw.conf file
Ping cracker.evil.org to determine its IP address
Adding Rules Using serveradmin
To add a rule
An example of this would be similar to the following
Ipfilter Rules Array
Firewall serveradmin Commands
Viewing Firewall Service Log
Managing the NAT Service
Using Firewall Service to Simulate Network Activity
Location of the ipfilter service log
Checking the Status of NAT Service
Starting and Stopping NAT Service
Viewing NAT Service Settings
Changing NAT Service Settings
NAT serveradmin Commands
NAT Service Settings
Parameter nat Description
Port Mapping
Viewing the NAT Service Log
Starting and Stopping VPN Service
Managing the VPN Service
Checking the Status of VPN Service
Viewing VPN Service Settings
List of VPN Service Settings
Changing VPN Service Settings
Default = Keychain
Default = IPSec
Default = L2TP
Default = Manual
Default = PPP
Default = Dsacl
Default = Mppe
Default = Pptp
Default = EAP-RSA
Viewing the VPN Service Log
List of VPN serveradmin Commands
VPN Service Log on this
Restarted. See Using the serveradmin Tool on
Location of the VPN service log
Configuring Site-to-Site VPN
Site-to-Site VPN
Adding a VPN Keyagent User
IP Failover Prerequisites
Setting Up IP Failover
IP Failover Operation
Hardware Requirements
Enabling IP Failover
To enable IP failover
Notification Only
Configuring IP Failover
Pre and Post Scripts
To restore the NAT service to its default configuration
Restoring the Default Configuration for Server Services
Enabling PPP Dial-In
Re-create the two default records
To restore the Dhcp service to its default configuration
To restore the Qtss service to its default configuration
To restore the DNS service to its default configuration
To restore the VPN service to its default configuration
Testing Your Open Directory Configuration
Using General Directory Tools
Understanding Open Directory
Changing Open Directory Service Settings
Testing Open Directory Plug-ins
Modifying a Directory Domain
Registering URLs with SLP
PasswordOptionsString
Configuring Ldap
LDAPTimeoutUnits Default = minutes LDAPServerBackend
Managing OpenLDAP
Standard Distribution Tools
Configuring slapd and slurpd Daemons
Tool Used to
Idle Timeout
Delay Rebind
Idle Rebinding Options
Searching the Ldap Server
256
257
Using Ldif Files
Managing NetInfo
Configuring NetInfo
Additional Information About Ldap
Open Directory Password Server
Managing Open Directory Passwords
Viewing or Changing Password Policies
Enabling or Disabling Authentication Methods
Backing Up the Kerberos Database
Kerberos and Apple Single Sign-On
To dump the KDC’s database
To load KDC data from a dumped file
Principal Management
To add a service principal
To add a principal
To delete a principal
Operating on Directory Service Directory Domains
Using Directory Service Tools
Using kadmin to kerberize a service
To kerberize a service from a terminal running on that host
Manipulating a Single Named Group Record
Finding Network Information
Configuring the Active Directory Plug-In
Adding or Removing Ldap Server Configurations
To add an Ldap server
To remove an Ldap server
266
Understanding QuickTime Streaming Server
Performing Qtss Service Tasks
Checking Qtss Service Status
Starting and Stopping the Qtss Service
Viewing Qtss Settings
Changing Qtss Settings
Descriptions of Settings
Qtss Settings
Default = qtaccess
Look in the sample file for
Default = admin
Default = digest
Managing Qtss
Default = qtss
Listing Current Connections
Logs on
For connections v1, this is integer average number
Viewing Qtss Service Statistics
Connections
Forcing Qtss to Reread its Preferences
Send a HUP signal to this process
To force Qtss to reread its preferences
List the Qtss processes
Resetting the Streaming Server Admin User Name and Password
Configuring Streaming Security
To set up Sites/Streaming/ in older home folders
To reset the user name and password
Creating an Access File
Controlling Access to Streamed Media
Quotation marks
Between terms, make sure you enclose the entire message
Path and filename of the user file
Qtusers
Adding User Accounts and Passwords
Accessing Protected Media
Adding or Deleting Groups
Making Changes to the User or Group File
Creating Reference Movies
Manipulating QuickTime and MP4 Movies
Create QuickTime Atom ref movie with extension .qtl
Create XML text ref movie with extension .qtl
280
Configuring Your System Logging
Configuring the Log File
Local Logging
To enable remote logging on a client computer
Configuring Remote Logging on a Client Computer
Configuring Remote Logging on a Server
Remote Logging
Open /etc/rc and locate the following line
Or match a single host like this
PCI RAID Card Command Reference
286
287
288
Computer account See computer list
Glossary
Directory node See directory domain
Full name See long name
292
293
294
Relay point See open relay
Search path See search policy
297
298
Securing Chgrp tool ACL access control list
Access
136 Example Stopping service Naming 41
Restoring images Logs Lpr Backup Cyrus Mail files
Error messages command not found Executing commands
Dynamic Host Configuration Protocol. See Dhcp
Image Booting from 176 updating
Disk journaling
Backing up Principal management 262 tools and utilities
Kerberosautoconfig tool 261 keychain
QuickTime Streaming Server. See Qtss
302
AFP DNS
Used by ldapsearch 255 scheduling tasks
Time, viewing or changing 57 Stopping service
239 Terminating commands
Viewing service logs
Tools for remote configuration
