| Apple Training Series books emphasize hands-on training. The lessons contained within this book are designed to prepare system administrators for the tasks demanded of them by managing, merging, and editing directories, securing the network and systems, and troubleshooting networks and file services. To become truly proficient, you need to learn the theory behind each of these topics. Lesson Structure This reference guide is broken down into three parts, each bringing you into a world of configuration files, mechanisms, best practices, and integration: Part 1, Directory Services Administration, instructs you on configuring Mac OS X computers to use directory services and configuring Mac OS X Server to provide directory services in a mixed-platform environment. This section begins with a basic explanation of directory services and moves into more advanced topics, such as Active Directory integration, Workgroup Manager, Password Server management, Lightweight Directory Access Protocol (LDAP), single sign-on, Kerberos, and Open Directory replication. Part 2, Security Administration, deals with the implementation of security on your computers and your network to comply with standards. This section teaches you to configure your computersboth portable and desktopand your network to conform to security standards. You'll benchmark security changes using common criteria tests and tools agreed upon by several nations throughout the world, explaining how Mac OS X can be further secured against attacks and snooping. Though this topic could fill several volumes, these lessons cover compliance and best practices, serving as an excellent starting point for those interested in securing their systems. Part 3, Networking and File Services, discusses routing tables, DNS fundamentals, and various file-sharing protocols and file systems. The lessons will help you streamline and head off issues before they escalate into something more serious. This section is critical for anyone preparing Mac OS X for use as a file server and covers a host of networking topics, from unmanaged networking to troubleshooting network issues, as well as understanding and managing file servicesboth local and remote connections. Part 4, Appenixes, Finally, two appendixes are included in this book: One serves as a reference guide to vi, the UNIX text-editing tool, and the other gives a short command-line refresher.
Note The exercises in this book are nondestructive if followed correctly. However, a few exercises are disruptive, in that they may turn certain network services off or on suddenly. Some exercises, if performed incorrectly, could result in data loss to some basic services, and even erase a disk or volume of a computer connected to the network on which the Mac OS X and/or Mac OS X Server resides. As such, it is recommended that you run through the exercises on Mac OS X computers that are not critical to your productivity or connected to a production network. Instructions are given for restoring your services back to their initial state, but reasonable caution is recommended. Apple Computer, Inc. and Peachpit Press are not responsible for any data loss or any damage to any equipment that occurs as a direct or indirect result of following procedures in this book.
Prerequisites Because Mac OS X and Mac OS X Server contain several open-source initiatives, it is impossible to include all the possibilities and permutations here. First-time users of Mac OS X and Mac OS X Server may find the concepts in this book a bit unfamiliar, but that should not dissuade them from learning an integral part of Mac OS X. Seasoned administrators of Mac OS X, Windows, and UNIX will find this book extremely helpful in integrating their various systems to work in tandem. Before undertaking the lessons in this book, you should have experience in the following areas: Apple Certified Technical Coordinator (ACTC) certification or equivalent knowledge Network and Internet topical knowledge Understanding of the purpose, function, and use of basic IP networking, including IP addresses, subnet masks, ports, and protocols Familiarity with the command line and Secure Shell Protocol (SSH)
Hardware Requirements It is not necessary to have computers set up for this reference guide, although basic configuration requirements are listed below for readers who want to locate files, attempt commands, and adjust settings based on the lessons in this book. In order to follow along, you are expected to network your computers and provide basic services without prior instruction. To complete the lessons in this book, you will need two Macintosh computersone with Mac OS X version 10.4 installed and one with Mac OS X Server v10.4and network cables and a switch to keep them connected via a small private local network. Although it is not required, a Microsoft Windows 2003 Advanced Server with the latest Service Packs installed will be helpful for completing certain exercises. Before you set up Mac OS X and Mac OS X Server, you'll want to keep in mind that you should have temporary Internet access to download and install all necessary software updates using the Software Update mechanism in Mac OS X. You will also need the following items, freely downloadable from Apple or on the Mac OS X/Mac OS X Server CD or DVD: Set up your client computer In this exercise, you will ensure that your Mac OS X computer is properly configured. 1. | Do a custom erase and install of Mac OS X, and add the X11 package if this is a computer that can have all of the data on it erased. Do not erase a disk with data you want to keep!
| 2. | If this is a portable computer, ensure that the power cable is connected.
| 3. | In the Welcome window, select your country of choice and click Continue.
| 4. | In the Do You Already Own a Mac? window, select "Do not transfer my information" and click Continue.
| 5. | In the Select Your Keyboard window, select your choice and click Continue.
| 6. | In the Enter Your Apple ID window, leave the Apple ID and Password fields blank and click Continue.
| 7. | In the Registration Information window, press Command-Q and skip the registration process.
| 8. | In the "You have not finished setting up Mac OS X" dialog, click Skip.
You do not need to register with Apple for this book.
| 9. | In the Create Your Account window, enter the following information:
Name: Apple Admin
Short Name: apple
Password: apple
Using the same word for the user name and password does not follow best practices. Because you will be using many different accounts and passwords throughout the book, the exercises use simple, easy-to-recall passwords.
| 10. | Click Continue.
| 11. | In the Select Time Zone window, click your time zone on the map, and then click Continue.
| 12. | In the Set the Date and Time window, reset the time and date if either one is incorrect, and then click Save.
| 13. | Click Continue.
| 14. | In the Don't Forget to Register window, click Done.
The Setup Assistant will quit and the Finder will open.
At this point, your computer should be configured only with an administrator's name and password and basic settings such as date, time, and keyboard settings. Do not configure any network settings.
|
Configure preference settings and update software Because you will be using multiple user accounts, you need to disable automatic login. 1. | Open the Accounts pane of System Preferences.
| 2. | Click the Lock button and authenticate as Apple Admin.
| 3. | Click Login Options.
| 4. | Deselect the "Automatically log in as" checkbox.
Disabling automatic login is a basic security measure. If your computer logs in automatically, any person who starts the computer can access your files.
| 5. | Select "Name and password" for "Display Login Window as."
| 6. | Select the "Enable fast user switching" checkbox.
| 7. | Click OK in the Warning sheet.
During certain exercises, you will need to quickly switch between different user accounts. With Fast User Switching enabled, you will be able to log in a new user without having to log out the current user.
| 8. | Click the Show All button to return to all System Preferences.
| 9. | Open the Date & Time pane of System Preferences.
| 10. | Deselect the checkbox for "Set date & time automatically" if it's selected.
| 11. | Click the Show All button to return to all System Preferences.
| 12. | Open the Network pane of System Preferences.
| 13. | From the Show pop-up menu, choose Network Port Configurations.
| 14. | Turn off all Port Configurations except Built-in Ethernet.
This will ensure that you are not inadvertently connecting to a network other than the private network you are creating.
| 15. | Click Apply Now.
| 16. | Click the Show All button to return to all System Preferences.
| 17. | Open the Sharing pane of System Preferences.
| 18. | In the Computer Name field, enter DS Client and press the Tab key.
| 19. | Quit System Preferences.
| 20. | Temporarily connect to the Internet and run Software Update repeatedly to obtain all current software updates.
| 21. | Download and install Server Admin Tools, if you do not already have them, from the Apple support site (www.apple.com/support).
| 22. | Insert the Mac OS X v10.4 DVD and install the Developer Tools.
| 23. | Install Remote Desktop Admin software if you have purchased it from Apple. (It is not necessary for this book but may help manage your remote server.)
| 24. | Run Software Update repeatedly to update any final tools.
| 25. | Disconnect from the Internet and connect to your local private switch to ensure that you are on a private network.
|
Configure Workgroup Manager You can use Workgroup Manager in its default configuration to modify user and group records. However, in this course you will also use it to directly view and modify directory data. In order to do so, you need to enable the Inspector. 1. | Open /Applications/Server/Workgroup Manager.
Typically, Workgroup Manager is used to administer a Mac OS X Server computer. However, you can skip connecting to a server and just manage the accounts in the local NetInfo database.
| 2. | Choose Server > View Directories.
This command dismisses the Connect dialog and opens a Workgroup Manager window for the local directory.
| 3. | In the "This is not a server directory node" warning sheet, select the "Do not show this warning again" checkbox and click OK.
The purpose of this warning is to remind you that you are editing directory data on a nonMac OS X Server computer.
| 4. | Choose Workgroup Manager > Preferences.
| 5. | Select the "Show 'All Records' tab and Inspector" checkbox.
This option allows you to use Workgroup Manager to directly view and manipulate directory service data.
| 6. | Click OK.
Notice that an Inspector button (a target) has been added next to the Users, Groups, and Computers buttons on the left. The Inspector is used to modify data directly.
| 7. | Click OK in the warning sheet.
| 8. | Quit Workgroup Manager.
Workgroup Manager is now configured to allow you to view native directory data.
|
Perform the initial server configuration Later on in the directory services section, you will configure Mac OS X Server to provide directory services. 1. | Do a custom erase and install of Mac OS X Server, and add the X11 package if this is a computer that can have all of the data on it erased. Do not erase a disk with data you want to keep!
| 2. | If this is a portable computer, ensure that the power cable is connected.
| 3. | In the Welcome window, select your country of choice and click Continue.
| 4. | In the Select Your Keyboard Keyboard window, make your choice and click Continue.
| 5. | In the Serial Number window, enter the serial number that came with your server software.
| 6. | In the Administrator Account pane, create an administrator account with these settings:
Name: First Administrator
Short Name: fadmin
Password: fadmin
Using the same word for the user name and password does not follow best practices. Because you will be using many different accounts and passwords throughout the book, the exercises use simple, easy-to-recall passwords.
| 7. | Click Continue.
| 8. | In the Network Names pane, enter the following:
Computer Name: C-serverbook
Local Hostname: C-serverbook
| 9. | Click Continue.
In the Network Interfaces list, make sure TCP/IP is selected for the Built-in Ethernet port and that all other checkboxes are deselected, and then click Continue.
| 10. | In the TCP/IP Connection pane for Built-in Ethernet, configure your connection as follows:
Configure IPv4: Manually
IP Address: 10.1.10.1
Subnet Mask: 255.255.0.0
Router Address: 10.1.10.1
DNS: 10.1.10.1
Search Domains: pretendco.com
| 11. | Click Continue.
| 12. | In the Directory Usage pane, choose Standalone Server from the "Set directory usage to" pop-up menu and click Continue.
| 13. | In the Services pane, leave all services off except Apple Remote Desktop and click Continue.
| 14. | In the Time Zone pane, select your time zone and click Continue.
| 15. | In the Network Time pane, make sure to deselect the "Use a network time server" checkbox if it's selected.
| 16. | Click Continue.
| 17. | Review your settings, make corrections if necessary, and then click Apply.
Server Assistant configures the server according to your instructions and then reboots the server.
| 18. | After the server reboots, log in as First Administrator (password: fadmin).
| 19. | Obtain the latest Mac OS X Server Combo update and install that update.
| 20. | Install Developer Tools from the Mac OS X Server CD or DVD.
| 21. | Open the Server Admin application located in /Applications/Server and authenticate as First Administrator.
| 22. | Select your server from the list on the left, click the Settings button, and then choose Date & Time.
| 23. | Double-check your time zone, changing it if necessary, and click Save.
| 24. | Quit Server Admin.
|
|
