| Once Mac OS X Server software is installed, it must be initially configured. This is the job of the Server Assistant tool, one of the server tools installed with Mac OS X Server. Before you proceed with the configuration, have a few things handy: Your server's software serial number. Your server's hardware serial number (needed for remote installations). Your server's Ethernet (MAC) address (needed for remote installations). If you didn't receive a separate Administration Tools CD (Figure 2.1), use your server's second CD, which contains the Server Administration Software package; or download it from Apple's Web site. Figure 2.1. The Administration Tools CD window. 
If you're setting up the server remotely, install the Administration Tools on any Mac OS X Client from which you wish to administer the setup and management of Mac OS X Server. Now that you have the appropriate information, consider what information is required for initial setup: Server language and keyboard layout options. The initial administrator's account. Name of the computer, in three variations: Host name Computer name Rendezvous name
Network information such as primary interface, IP address, subnet mask, router, DNS server, and search domain. Server type and subsequent information: Services you wish to start. Date, time, and time zone information. Whether to save server settings and, if so, how. Optional entries for the server you are about to set up, entered into the DNS zone files of your organization's existing DNS server (these may be out of your control; consult your network administrator about adding zone entries for your server). Although this information has no window or dialog associated with it, DNS is a critical piece of Mac OS X Server. See Chapter 6, "Network Configuration Options."
Let's examine each of these items in detail. Understanding what is asked of you in the Server Assistant can affect the future operation and performance of your Mac OS X Server. The screen snapshots you will see in the subsequent sections are from the Server Assistant. Server language and keyboard layout options Server Assistant allows you to choose the language (Figure 2.2) and keyboard layout (Figure 2.3) of your Mac OS X Server. You have several languages to choose from; multiple keyboard layouts are available for some languages. Figure 2.2. Server Assistant allows you to choose the language... 
Figure 2.3. ...and keyboard layout of your Mac OS X Server. 
Initial administrator's account Any time you install software on an empty disk, you're required to create an initial user account. On a Mac OS X client, the initial user account, called the local account, is also an administrator, meaning it can manage files that others can't (nonadministrators, aka regular users). Mac OS X Server works the same way (Figure 2.4). One difference is that Mac OS X Server initially enables root and gives root the same password as the initial administrator (see the sidebar "Who Is Root?"). Figure 2.4. The initial user account is also an administrator. 
The short name of your initial user should be four to eight characters. (Don't use the short name admin.) Mac OS X and Mac OS X Server create a group for every user, and the group name for each user is the user's short name. Since you're dealing with Unix, there is already a group called admin.  Tip
Password Practices You should pick a password that's difficult to guess. (Having an easy password on Mac OS X Server is like dangling your data out there for anyone to grab.) You can choose a password that's extremely long, but doing so may cause problems when you log in (you're likely to forget a 48-character password). You might want to choose an 8- to 12-character password that includes letters (both lowercase and uppercase), numbers, and possibly additional characters like an exclamation point or ampersand. |
Who Is Root? Whereas regular administrators have read and write access to most areas of the file system, root (the short name for System Administrator) has full read and write access anywhere on the disk. Root can see all files, change any files, and delete anything, regardless of the owner. Root can also change ownership of any folder or file from anyone to anyone else. Obviously, root privileges are very powerful and, in the hands of a novice, very dangerous. Many a Mac OS X administrator has logged in as root and inadvertently deleted folders; or created files for others to use, only to find out later that because they created the files and folders as root, others couldn't use them. To be on the safe side, use your root login sparingly. Logged in as a regular administrator, you can generally place files and remove files from locations other users can't access, by authenticating (entering your user name and password) via a dialog that appears when you attempt such a change. Similarly, when you launch the Terminal application while logged in as a regular administrator, you can temporarily get root powers by preceding any command with the word sudo (Super User Do). You have this power for a period of five minutes, after which you're required to enter your password again for another five minutes. You can disable root at any time after the initial setup by opening /Applications/Utilities/NetInfo Manager and choosing Disable Root User from the Security menu (Figure 2.5), although doing so may prevent the LDAP database and the Kerberos KDC from being created later. Figure 2.5. Disabling the root user with NetInfo Manager. 
|
Computer naming Naming your computer involves three names: the host name, the computer name, and the rendezvous name (Figure 2.6). Each name is used differently. They can all be different, but this can lead to confusion, especially for first-time administrators of Mac OS X Server. Figure 2.6. Naming your computer involves configuring three names. 
First is the host name. By default, this name is localhost. Setting this field properly is critical when Mac OS X Server is utilized as an LDAP Master, a DNS server, or a Kerberos Key Distribution Center, among others. You can change the host name via a command-line tool after initial setup, but take care to pick the right name now. For example, say your Mac OS X Server will have a public IP address and be connected live to the Internet. You may want this computer to be a Web server with the name www.example.com. DNS records from your ISP and DNS records on your server must point to the server. The machine could have the host name xserver, in which case you would type in xserver.example.com for the host name and get this machine to respond with an IP address (this is called a name lookup, and you can do it by opening /Applications/Utility/Network Utility and using the Lookup tab). DNS records mask the name so that www.example.com also resolves to this server. This is a standard setup, so pick your host name carefully: If you aren't sure what the name should be, use a name like xserver or myfileserver or something that you'll remember. You'll need the whatevername.com or .edu or .gov now, too. (In the book's figures, it was necessary to know in advance that the server is either part of example.com or will be example.com; hence the name xserver.example.com.) Don't use any characters except letters, numbers, and dashes (). The second name is the computer name, which others will see when they browse the network for your server from Macintosh operating systems. The name can include letters, numbers, spaces, and special characters. Last is the rendezvous name. Mac OS X clients and servers see this name when they browse the network using the Network icon  with a protocol other than AFP. You can use letters, numbers, and dashes. Tips It's a good idea to spell all three names exactly the same, especially if you aren't sure how you wish to implement Mac OS X Server at this time. By convention, the computer and rendezvous names should only be the host name.
Network interfaces and information Depending on the hardware on which you're installing Mac OS X Server, you may have more than one network interface with which to connect to other networks. Xserves come with one or two Ethernet cards, depending on the revision and options chosen; FireWire interfaces can be used for networking; and, of course, some computers have AirPort cards. On initial setup, you can choose which interfaces will run the TCP/IP protocol and which interface (only one) will run the older AppleTalk protocol (Figure 2.7). Mac OS X Server's interface won't let you enable AppleTalk on more than one interface at a time. Should you decide to run TCP/IP on more than one interface, the subsequent dialogs require you to set up each interface with TCP/IP information (Figure 2.8) such as the IP address, subnet mask, router, DNS addresses, and search domains. Having more than one interface active is called multihoming. Figure 2.7. Choose which interfaces will run TCP/IP and which interface will run AppleTalk. 
Figure 2.8. Provide the required information for each interface that will run TCP/IP. 
You can assign more than one static IP address to your Mac OS X Server. You might do this because you have one IP address that connects to the Internet, and that IP address is on one Ethernet interface. You might use a second IP address for your internal network, and that IP address is associated with a second Ethernet interface (as would be the case with an Xserve). If you don't know which IP address you'll need, or you have a Dynamic Host Configuration Protocol (DHCP) server present, set your Mac OS X Server to use DHCP for the time being. (This is a last resort. The initial IP address should never be an address that may change frequently, like one obtained from a DHCP server.) You should understand that under almost all circumstances, Mac OS X Server should have a static IP address. A server that has the opportunity to change IP addresses would, for the most part, be useless. Tip Mac OS X Server won't cooperate if you lack a physical Ethernet cable connection from an active hub or switch to your server. Be sure, at the bare minimum, that you have an active connection via an Ethernet interface.
Initial directory usage setup options Setting up Mac OS X Server's directory service options can seem daunting, because some of the options require an in-depth knowledge of the existing directory service infrastructure on your network. However, the options aren't difficult to understand, and this section explains the basics. Your options for initial directory usage are as follows (Figures 2.9 and 2.10): Standalone Server The best option for first-time administrators. It doesn't create a secondary database. If you aren't sure what your needs are with respect to adding users and groups, choose this option; you can always change it later. Figure 2.9. Choose your options for initial directory setup. 
Figure 2.10. The options when installing Mac OS X Server on an empty disk. 
Jaguar Upgrades If you're upgrading from Mac OS X Server 10.2 (Jaguar), you'll see one additional option: "Set Directory Usage to no change." This option keeps the NetInfo shared directory domain intact. |
Network Interfaces A network interface is a way that your computer connects to other devices and computers on the network. It's often the built-in Ethernet interface, but it can be FireWire, AirPort, or a third-party interface card. In System Preferences, these interfaces are called Network Ports. This naming can lead to confusion, since the word ports has a different technical meaning when speaking about computers. |
DHCP Options DHCP servers need to forward the LDAP information to the clients. They do so via an option in the DHCP specifications. If you're working with a nonMac OS X Server DHCP server, you should tell the administrator of that server to use Option 95 to pass the LDAP information down to the clients. |
Connected to a Directory System Places your Mac OS X Server as a secondary server to another, generally larger, directory server. When you choose this option, you have four options for connecting to the directory system (Figures 2.11 and 2.12): As Specified by DHCP Server means your Mac OS X Server's directory information will be passed down from a DHCP server on your network, provided the DHCP server is configured to send down that information (Figure 2.13). In Chapter 6, "Network Configuration Options," this book discusses how to set this option if you happen to be that DHCP server. This option is rarely used, because your server still gets an IP address from another server; therefore it's possible that this IP address could change, rendering your server inaccessible to others outside your local network. Figure 2.11. When you choose the Connected to a Directory System option... 
Figure 2.12. ...you have four choices for connecting to the directory system. 
Figure 2.13. Choosing the As Specified by DHCP Server option. 
Apple LDAP Directory tells your Mac OS X Server to obtain its directory information from another Apple LDAP Server (Figure 2.14). Again, you must configure that server at the top of the food chain, so to speak, before you can tell your server to get information from another server. Figure 2.14. Choosing to connect to an Apple LDAP directory and the resulting options. 
NetInfo Directory tells your Mac OS X Server to receive its directory information from an older Mac OS X Server running a NetInfo shared/parent database (Figure 2.15). Figure 2.15. Choosing to connect to a NetInfo parent database and the three options for connecting to such a database. 
Other Directory System enables your Mac OS X Server to retrieve directory information from another directory service, such as OpenLDAP on another Unix computer (Figure 2.16). Figure 2.16. Selecting Other Directory System to connect your Mac OS X Server to another directory service. 
Keep in mind that these four options under the Connected to a Directory System option aren't used by a single Mac OS X Server on a small network that has no other directory servers. Open Directory Master Should not be chosen during the initial setup of your server (Figure 2.17). You can promote your Mac OS X Server from a stand-alone server to a master any time after setup is completed. You should delay this promotion, because you want to make sure your Mac OS X Server can do both forward and reverse lookups on itself to ensure that the DNS structure on your network functions properly. This topic is discussed in Chapter 3, "Open Directory." Figure 2.17. Choosing an Open Directory Master as your directory type isn't recommended at startup. 
Tip When you go through the initial setup, unless you're connecting your Mac OS X Server to another, larger directory server, the best option is to make it a standalone server.
Service startup options Mac OS X Server can run many services: file sharing, Web, QuickTime streaming, NetBoot, and so on. You can decide on initial setup which services you want to start immediately upon the completion of the Server Assistant. Choosing to start any service will result in that service always being started when Mac OS X Server starts up or restarts (Figure 2.18). If you don't select any services, you can start them later with the Server Admin tool. Figure 2.18. Choosing a service will result in that service always being started when Mac OS X Server starts up or restarts. 
Time setup Standard settings for time zone and whether to choose a network time server round out the initial setup. Choosing a network time server is an excellent way to ensure that Mac OS X Server always has the correct time. Of course, you must be connected to the Internet to take advantage of using Apple's time server. You can use other time servers if you don't want to use Apple's (Figures 2.19 and 2.20). Figure 2.19. Choose from among the server time zone options. 
Figure 2.20. Choosing a network time server ensures that Mac OS X Server always has the correct time. 
To configure Mac OS X Server using Server Assistant: 1. | If you're installing from a remote Mac OS X client, launch Server Assistant, located in /Applications/Server/Server Assistant.
If you're in front of the Mac OS X Server, you'll see the Welcome screen (Figure 2.21). Skip to step 5.
Figure 2.21. The initial welcome screen for remote installations. 
| 2. | Select the "Set up a remote server" option (Figure 2.22), and click the Continue button  .
Figure 2.22. Select the "Set up a remote server" option. 
The Continue button appears at the bottom of all the Server Assistant windows. Clicking Continue in each window forwards you to the next window.
| 3. | Choose your server from the list of available servers in the Destination window by clicking the check box.
The name localhost appears in the Name column (Figure 2.23).
Figure 2.23. In the Destination window, choose your server by clicking the check box. 
If you have a server with another IP address and that server is not on your local network, click the Add button and add that server to the Destination list.
| 4. | Enter either the first eight digits of your server's hardware serial number (newer Macintosh computers) or 12345678 (older Macintosh hardware).
Click the Continue button to authenticate your setup (Figure 2.24).
Figure 2.24. Clicking Continue in the Destination window authenticates your setup. 
| 5. | Choose your optional language setup preference (local setup only) and the keyboard layout in their respective windows (Figures 2.25 and 2.26).
Figure 2.25. Select the language for setting up your server. 
Figure 2.26. Select the keyboard layout for setting up your server. 
| 6. | Enter your Mac OS X Server's software serial number (Figure 2.27).
Figure 2.27. Enter your server's serial number. 
| 7. | Enter the initial administrator information in the Administrator Account window (Figure 2.28). You'll need to enter the
Figure 2.28. Enter your administrator account information. 
Keep in mind that the initial administrator's password is also root's password.
| 8. | Enter the three computer names in the Network Names window (Figure 2.29):
Host Name Computer Name Rendezvous Name
Figure 2.29. Naming your computer involves configuring three names. 
Take care to not make any spelling errors in the host name, because changing it later involves command-line work. The other names can be changed later by using the Server Admin tool.
| 9. | Decide which interfaces you'll activate: TCP/IP and/or AppleTalk (Figure 2.30).
Figure 2.30. Choose which interfaces will run TCP/IP and which interface will run AppleTalk. 
| 10. | Choose a method for TCP/IP connectivity (Figures 2.31 and 2.32). Your choices are
Figure 2.31. Choose a method for TCP/IP connectivity. 
Figure 2.32. TCP/IP connection options. 
You'll choose a TCP/IP connection method for each selected interface.
| 11. | Choose a way to implement directory services in the Directory Usage window (Figure 2.33).
Figure 2.33. In the Directory Usage window, choose a way to implement directory services. 
If you're starting from scratch, you'll likely choose Standalone Server.
If you choose Connected to a Directory System and click Continue, a few options will be available in the Connect to Directory window. Refer to the Initial Directory usage and setup options section for an explanation of these options.
Don't choose Open Directory Master at this point, because it may not set up properly.
| 12. | Select the services you wish to start immediately after the Server Assistant finishes (Figure 2.34).
Figure 2.34. Decide which services to start. 
| 13. | Set the appropriate time zone from the Time Zone window (Figure 2.35).
Figure 2.35. Select the appropriate time zone. 
| 14. | Choose to enable a network time server from which to obtain time data (Figure 2.36).
Figure 2.36. Choose whether to connect to a time server. 
If you have a local time server, select it from the NTP Server list.
Before you complete the next step, you may wish to save your settings to a file (see the next section, "Saving Configuration Settings").
| 15. | Confirm your settings (Figure 2.37). When you're satisfied, click the Apply button.
Figure 2.37. The server setup Confirm Settings window displays all the options and parameters you've chosen during the initial setup. 
You'll see a configuration window as the settings are applied (Figure 2.38).
Figure 2.38. You'll see a configuration window as the settings are applied. 
| 16. | A window opens, indicating that the settings were applied successfully. Click the Continue Now button to reboot Mac OS X Server (Figure 2.39).
Figure 2.39. The settings were applied successfully. Click Continue Now to reboot Mac OS X Server. 
You can now log in and begin exploring Mac OS X Server. If you completed this process from a remote Mac OS X machine, you can begin trying the other server tools.
|
Tips Starting unnecessary services can slow down your server and present security risks. Only turn on the services you absolutely need. Mac OS X Server comes in two flavors: a 10-user license and an unlimited user license (defined as the number of simultaneous users that can connect to the server). The serial number controls this license. You can change the serial number any time on Mac OS X Server if you choose to upgrade your server from the 10-user license to the unlimited license. To change the IP address and host name of a stand-alone Mac OS X Server, you can use the changeip command from the Terminal. Log in and type sudo changeip - old-ip new-ip old-hostname new-hostname. Check and change your Network Preference pane as well. Reboot your server in order for the changes to propagate.
|
