Running Server Assistant


Once Mac OS X Server software is installed on a freshly formatted disk or volume, it must be initially configured. This is the job of the Server Assistant tool, one of the server tools installed with Mac OS X Server.

Before you proceed with the configuration, have a few things handy:

  • Your server's software serial number

  • Your server's hardware serial number (needed only for remote installations)

  • Your server's Ethernet (MAC) addresses (needed only for remote installations)

  • If you didn't receive a separate Administration Tools CD, the server DVD, which contains the Server Administration Software package (or download it from Apple's Web site)

If you're setting up the server remotely, install the Administration Tools on any Mac OS X computer from which you wish to administer the setup and management of Mac OS X Server.

Now that you have the appropriate information, consider what information is required for initial setup:

  • Server language and keyboard layout options.

  • The initial administrator's account.

  • Name of the computer, in three variations:

    • Hostname (now set automatically)

    • Computer name

    • Bonjour name

  • Network information such as primary interface, IP address, subnet mask, router, DNS server, and search domain.

  • Server type and subsequent information:

    • Stand-alone server

    • Open Directory master

    • Connected to a directory system

  • Services you wish to start.

  • Date, time, and time zone information.

  • Whether to save server settings and, if so, how.

  • Optional entries for the server you are about to set up, entered into the DNS zone files of your organization's existing DNS server (these may be out of your control; consult your network administrator about adding zone entries for your server). Although this information has no window or dialog associated with it, DNS is a critical piece of Mac OS X Server. See Chapter 6, "Network Services Options."

Let's examine each of these items in detail. Understanding what is asked of you in the Server Assistant can affect the future operation and performance of your Mac OS X Server. The screen snapshots you will see in the subsequent sections are from the Server Assistant.

About server language and keyboard layout options

After the Mac OS X Server software is installed, the initial Welcome screen (Figure 2.1) is displayed. Once you select the destination computer and authenticating (Figure 2.2), Server Assistant allows you to choose the language (remote install only) (Figure 2.3) and keyboard layout (Figure 2.4) of your Mac OS X Server. You have several languages to choose from, and multiple keyboard layouts are available for some languages. Next you are asked to enter the software serial number and associated information (Figure 2.5).

Figure 2.1. Server Assistant is used to do the initial setup of Mac OS X Server.


Figure 2.2. More than one server can be set up in the Destination dialog of Server Assistant.


Figure 2.3. Server Assistant allows you to choose the language…


Figure 2.4. ...and keyboard layout of your Mac OS X Server.


Figure 2.5. The serial number must be entered correctly before continuing.


Creating an initial administrator's account

Any time you install software on an empty disk, you're required to create an initial user account. On a Mac OS X computer, the initial user account, called the local account, is also an administrator; it can manage files that regular users can't. Mac OS X Server works the same way, but it initially enables root and gives root the same password as the initial administrator (see the sidebar "Who Is Root?").

Mac OS X and Mac OS X Server create a group for every user, and the group name for each user is the user's short name (Figure 2.6). Since you're dealing with Unix, there is already a group called admin. The short name of your initial user should be at least five characters. (Don't use the short name admin.) It's also a bad idea to use "admin" as a name as that's usually the first name picked when attacking a system with a brute-force attack.

Figure 2.6. The initial user account is also a NetInfo database administrator.


Password Practices

You should pick a password that's difficult to guess. (Having an easy password on Mac OS X Server is like dangling your data out there for anyone to grab.) You can choose a password that's extremely long, but doing so may cause problems when you log in (you're likely to forget a 48-character password). Choose an 8- to 12-character password that includes letters (both lower-case and uppercase), numbers, and possibly additional characters like an exclamation point or ampersand.


Who Is Root?

Whereas regular administrators have read and write access to some areas of the file system, root (the short name for System Administrator) has full read and write access anywhere on the disk. Root can see all files, change any files, and delete anything, regardless of the owner. Root can also change ownership of any folder or file from anyone to anyone else. Obviously, root privileges are very powerful and, in the hands of a novice, very dangerous.

Many a Mac OS X administrator has logged in as root and inadvertently deleted folders, or created files for others to use, only to find out later that because they created the files and folders as root, others couldn't use them. To be on the safe side, use your root login sparingly.

Logged in as a regular administrator, you can generally place and remove files from locations other users can't access by authenticating (entering your username and password) via a dialog that appears when you attempt such a change. Similarly, when you launch the Terminal application while logged in as a regular administrator, you can temporarily get root powers by preceding any command with the word sudo (Super User Do). You have this power for five minutes, after which you're required to enter your password again for another five minutes. If you want full root privileges all the time in the terminal, you can type sudo s, which will not limit you to five minutes.

You can disable root at any time after the initial setup by opening /Applications/_Utilities/NetInfo Manager and choosing Disable Root User from the Security menu (Figure 2.7), although doing so may prevent the LDAP database and the Kerberos KDC from being created later.

Figure 2.7. Disabling the root user with NetInfo Manager.



Naming your computer

Naming your computer involves three names: the hostname, the computer name, and the Bonjour name (Figure 2.8). Each name is used differently. They can all be different, but this can lead to confusion, especially for first-time administrators of Mac OS X Server.

Figure 2.8. Naming your computer involves configuring two names.


The hostname cannot be set in the Server Assistant in Mac OS X Server 10.4. Instead, it follows a set of rules to determine what the hostname should be. These rules are, in order:

  • The name associated with the HOSTNAME attribute inside the hostconfig file, which resides in the /private/etc directory

  • The name pushed down from a DHCP server for the topmost (primary) network interface's IP address

  • The mapped name inside the DNS server associated with the topmost (primary) network interface's IP address

  • The machine's link-local or Bonjour name

  • localhost, if nothing else is defined

The computer name can include letters, numbers, spaces, and special characters and will be seen when users browse the network for your server from Macintosh operating systems, such as Mac OS X and Mac OS 9.

The Bonjour name can include letters, numbers, and dashes and is seen by Mac OS X computers and servers when they browse the network using the Network icon under the Local subnet.

Tips

  • You can see a more detailed explanation of the hostname by clicking Learn More in the Network Names window.

  • It's a good idea to spell all names exactly the same, especially if you aren't yet sure how you want to implement Mac OS X Server.


Network Interfaces

A network interface is a way that your computer connects to other devices and computers on the network. It's often the built-in Ethernet interface, but it can be FireWire, AirPort, or a third-party interface card. In System Preferences, these interfaces are called Network Ports. This naming can lead to confusion, since the word ports has a different technical meaning when speaking about networking.


About network interfaces and information

Depending on your hardware, you may have more than one network interface that connects to other networks. Xserves come with one or two Ethernet interfaces and a serial port, depending on the revision and options chosen. FireWire interfaces can also be used for networking. And, of course, some computers running Mac OS X Server have AirPort cards.

On initial setup, you can choose which interfaces will run the TCP/IP protocol and which interface (only one) will use the older AppleTalk protocol (Figure 2.9). Mac OS X Server's interface won't let you enable AppleTalk on more than one interface at a time.

Figure 2.9. Choose which interfaces will run TCP/IP and which interface will run AppleTalk.


Should you decide to run TCP/IP on more than one interface, the subsequent dialogs require you to set up each interface with TCP/IP information (Figure 2.10), such as the IP address, subnet mask, router, DNS addresses, and search domains. Another option at this point is whether to manually configure or turn off IPv6.

Figure 2.10. Provide the required information for each interface that will run TCP/IP.


As IPv6 is still an emerging protocol inside the United States, it's not common to find it in use. It is also not something that you would be using without knowing it, so some administrators disable IPv6 in order to simplify network configuration. Typically, outgoing network connections will try IPv6 first, and then default back to IPv4 when necessary. However, there is no current security reason to turn off IPv6, so many administrators just leave it on.

An Ethernet tab for each checked network interface allows the reconfiguration of that particular interface's connection to another device. You can force a connection to full or half duplex (if the switch your server is connecting to requires a given setting), set the transmission speed, and specify frame size (Figure 2.11).

Figure 2.11. The speed of the Ethernet interface(s) can be set.


You can assign more than one static IP address to your Mac OS X Server if, say, you have one IP address on one Ethernet interface that connects to the Internet. You might use a second IP address for your internal network, and that IP address is associated with a second Ethernet interface (as would be the case with an Xserve). If you don't know which IP address you'll need, or you have a Dynamic Host Configuration Protocol (DHCP) server present, set your Mac OS X Server to use DHCP for the time being. (This is a last resort. The initial IP address should never be an address that may change frequently, like one obtained from a DHCP server.) Under most circumstances, Mac OS X Server should have a static IP address. A server that has the opportunity to change IP addresses would, for the most part, be useless.

Tips

  • Mac OS X Server won't cooperate if you lack a physical Ethernet cable connection from an active switch or hub to your server. Be sure, at the bare minimum, that you have an active connection via an Ethernet interface.

  • Having more than one physical interface active or having more than one IP address on any one physical interface or a combination of both of these is called multihoming. A description of multihoming can be found at http://rfc.net/rfc4116.txt.


DHCP Options

DHCP servers need to forward the LDAP information to the clients. They do so via an option in the DHCP specifications. If you're working with a nonMac OS X Server DHCP server, you should tell the administrator of that server to use Option 95 to pass the LDAP information down to the clients.


Choosing initial directory usage setup options

Setting up Mac OS X Server's directory service options can seem daunting because some of the options require an in-depth knowledge of the existing directory service infrastructure on your network. However, the options aren't difficult to understand, and this section explains the basics. Your options for initial directory usage are as follows (Figures 2.12 and 2.13):

  • Standalone ServerThe best option for first-time administrators. It doesn't create a secondary database. If you aren't sure what your needs are with respect to adding users and groups, choose this option; you can always change it later.

    All of your user records and their passwords will be local to your system. This option will not create an LDAP or a Kerberos database.

  • Connected to a Directory SystemPlaces your Mac OS X Server as a secondary server to another, generally larger, directory server. When you choose this option, you have four options for connecting to the directory system (Figure 2.14):

    • As Specified by DHCP ServerMeans your Mac OS X Server's directory information will be passed down from a DHCP server on your network, provided the DHCP server is configured to send down that information. Chapter 6 discusses how to set this option if you happen to be that DHCP server. This option is rarely used, because your server still gets an IP address from another server; therefore, it's possible that this IP address could change, rendering your server inaccessible to others outside your local network.

    • Open Directory ServerTells your Mac OS X Server to obtain its directory information from another Open Directory Server (Figure 2.15). Again, you must configure that server at the top of the food chain, so to speak, before you can tell your server to get information from another server. You have two options when attempting to obtain this information: First is to get the LDAP information from an Open Directory DHCP server, and second is to statically define the LDAP server.

    • NetInfo DirectoryTells your Mac OS X Server to receive its directory information from an older Mac OS X Server running a NetInfo shared/parent database (Figure 2.16).

    • Other Directory ServerEnables your Mac OS X Server to retrieve directory information from another directory service, such as OpenLDAP on another Unix computer (Figure 2.17). Choosing this option generally requires that you configure the Directory Access application to bind to the other directory server, such as Novell eDirectory or Microsoft's Active Directory.

    Keep in mind that the four options under the Connected to a Directory System option aren't used by a single Mac OS X Server on a small network without any other directory servers.

  • Open Directory MasterShould not be chosen during the initial setup of your server (Figure 2.18)use Standalone instead. You can promote your Mac OS X Server from a standalone server to a Master any time after setup is completed. You should delay this promotion, because you want to make sure your Mac OS X Server can do both forward and reverse lookups on itself, ensuring the DNS server on your network is set up properly. For more information, see Chapter 3, "Open Directory," and Chapter 6, "Network Services Options."

Figure 2.12. Choose your options for initial directory setup.


Figure 2.13. When you choose the Connected to a Directory System option...


Figure 2.14. ...you have four choices for connecting to the directory system.


Figure 2.15. Choosing to connect to an Apple Open Directory and the resulting options.


Figure 2.16. Choosing to connect to a NetInfo parent database and the three options for connecting to such a database.


Figure 2.17. Selecting Connected to a Directory System to connect your Mac OS X Server to another directory service.


Figure 2.18. Choosing an Open Directory Master as your directory type isn't recommended at startup.


Jaguar Upgrades

If you're upgrading from Mac OS X Server 10.2 (Jaguar), you'll see one additional option: "Set Directory Usage to no change." This option keeps the NetInfo shared directory domain intact.


Tip

  • When you go through the initial setup, unless you're connecting your Mac OS X Server to another, larger directory server or you are completely sure DNS is functioning properly on your network, the best option is to make it a standalone server.


Choosing service startup options

Mac OS X Server can run many services: file sharing, Web, QuickTime streaming, NetBoot, Software Update server, and so on. During the initial setup, you can decide which services should start whenever Mac OS X Server starts up or restarts (Figure 2.19). If you don't select any services, you can start them later with the Server Admin tool. This screen is purely a convenience for getting your server up and running as quickly as possible.

Figure 2.19. Choosing a service will result in that service always being started when Mac OS X Server starts up or restarts.


However, keep in mind that it is not always the best idea to enable services that have yet to be fully configured, especially with file sharing services.

Tip

  • It's a good idea to start up the Apple Remote Desktop service if you plan to use this method to control the GUI aspects of managing your server.


Setting time zones

Choosing a network time server is an excellent way to ensure that Mac OS X Server always has the correct time. Of course, you must be connected to the Internet to take advantage of Apple's time server, or you can use other time servers (Figures 2.20 and 2.21).

Figure 2.20. Choose from among the server time zone options.


Figure 2.21. Choosing a network time server ensures that Mac OS X Server always has the correct time.


Tip

  • Currently, Server Admin will change the time zone city back to Cupertino, CA, regardless of what you choose when setting up the server. Use the Server Admin tool to check this immediately after configuring the server to ensure the time zone is correct, and if not, change it.


To configure Mac OS X Server using Server Assistant

1.

If you're installing from a remote Mac OS X computer or another server, launch Server Assistant, located in /Applications/Server/Server Assistant.

or

If you're in front of the Mac OS X Server, Server Assistant is already running and is ready to set up your server, so skip to step 5.

2.

Select the "Set up a remote server" option at the Welcome window (Figure 2.22) and click Continue.

Figure 2.22. The initial welcome screen for remote installations.


The Continue button appears at the bottom of all the Server Assistant windows. Clicking Continue in each window forwards you to the next window.

3.

Select the check box next to your server in the Destination window (Figure 2.23).

Figure 2.23. In the Destination window, choose your server by clicking the check box.


The name localhost may appear in the Name column if no DNS name has been mapped to that IP address.

If you have a server with another IP address and that server is not on your local network, click Add and add that server to the Destination list.

4.

Double-click in the password field and enter the first eight digits of your server's hardware serial number (newer Macintosh computers) or 12345678 (older Macintosh hardware) and click Continue to show that you are being authenticated to continue your setup (Figure 2.24).

Figure 2.24. Clicking Continue in the Destination window authenticates your setup.


5.

In the next two windows, choose your language (remote setup only) (Figure 2.25) and keyboard layout preferences (Figure 2.26), clicking Continue after each screen.

Figure 2.25. Select the language for setting up your server.


Figure 2.26. Select the keyboard layout for setting up your server.


6.

In the Serial Number window, enter your Mac OS X Server's software serial number, site license, and organization (Figure 2.27).

Figure 2.27. Enter your server's serial number.


7.

In the Administrator Account window, enter the name, short name, and password of the initial administrator (Figure 2.28).

Figure 2.28. Enter your administrator account information.


Keep in mind that the initial administrator's password is also root's password.

8.

In the Network Names window, enter the two computer name and Bonjour name for your server (Figure 2.29).

Figure 2.29. Naming your computer involves configuring two names.


9.

In the Network Interfaces window, you'll need to decide whether to activate TCP/IP and/or AppleTalk (Figure 2.30).

Figure 2.30. Choose which interfaces will run TCP/IP and which interface will run AppleTalk.


10.

In the next two windows, choose whether you want your TCP/IP connection to be done manually, using DHCP with a manual IP address, using DHCP, or using BootP (Figures 2.31 and 2.32).

Figure 2.31. Choose a method for TCP/IP connectivity.


Figure 2.32. The speed of the Ethernet interface(s) can be set.


You'll choose a TCP/IP connection method for each selected interface.

11.

In the Directory Usage window, choose a way to implement directory services (Figure 2.33).

  • If you're starting from scratch, you'll likely choose Standalone Server.

  • If you choose Connected to a Directory System and click Continue, a few options will be available in the Connect to Directory window. Refer to the Initial Directory usage and setup options section for an explanation of these options.

  • Don't choose Open Directory Master at this point, because it may not set up properly.

Figure 2.33. In the Directory Usage window, choose a way to implement initial directory services.


12.

In the Services window, select the services you want to start immediately after the Server Assistant finishes and the server restarts (any checked services will also start up anytime the server is restarted after setup is finished) (Figure 2.34).

Figure 2.34. Decide which services to start.


Starting unnecessary services can slow down your server and present security risks. Turn on only the services you absolutely need.

13.

Set the appropriate time zone in the Time Zone window (Figure 2.35).

Figure 2.35. Select the appropriate time zone.


14.

In the Network Time window, select the "Use a network time server" check box to provide your system with updated time data and, if you have a local time server, select it from the NTP Server list (Figure 2.36).

Figure 2.36. Choose whether to connect to a time server.


Before you complete the next step, you may wish to save your settings to a file (see the next section, "Saving Configuration Settings").

15.

Finally, confirm your settings and if you are not interested in saving your settings for use later (see the next section), click Apply.

16.

In the next window, indicating that the settings were applied successfully, click Continue Now to reboot Mac OS X Server (Figure 2.37).

Figure 2.37. The settings were applied successfully. Click Continue Now to reboot Mac OS X Server.


You can now log in and begin exploring Mac OS X Server. If you completed this process from a remote Mac OS X computer, you can begin trying the other server tools.

Tips

  • Mac OS X Server comes in two flavors: a 10-user license and an unlimited user license (defined as the number of simultaneous users that can connect to the server). The serial number controls this license. You can change the serial number any time on Mac OS X Server if you choose to upgrade your server from the 10-user license to the unlimited one.

  • When doing remote installations and configuration, make sure you actually install the Admin Tools rather than copying them from another system, because some of the tools in the System folder are hard to find.





Mac OS X Server 10. 4 Tiger. Visual QuickPro Guide
Mac OS X Server 10.4 Tiger: Visual QuickPro Guide
ISBN: 0321362446
EAN: 2147483647
Year: 2006
Pages: 139
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net