| The Server Admin tool is where you start and stop, configure, and monitor most of the services Mac OS X Server has to offer. You can also change the serial number, computer name, and Bonjour name; run Software Update; set the date, time, and time zone; and enable a few advanced options (discussed in later chapters). Since Server Admin is part of the Server Administration Software package, it can be installed on any Mac OS X computer (running version 10.4). As a result, multiple servers can be administered from virtually anywhere, provided the server has a public IP address. The first time you launch Server Admin, you'll need to connect to your server. A Connect dialog will appear within the Server Admin window. Depending on where you're physically located, you have three options: - A direct connection to the server.
If you're doing this on the server, the Address field contains the Bonjour name of the server and the logged-in administrator's long name (Figure 2.45).
Figure 2.45. Enter your administrator name and password, choose whether you wish to add the password to your keychain, and click Connect. 
- A connection from another Mac OS X Server or Mac OS X computer running the Server Admin tool on your local network/subnet.
You can click Browse  in the Server Admin Connect dialog and search for your server on your local network, or type in the known IP address or fully qualified domain name.
- A remote connection from anywhere around the globe, provided your server has a public IP address or fully qualified domain name.
You'll need to have the IP address or fully qualified domain name handy for entry into the Address field.
You'll enter your administrator name and password, choose whether you want to add the password to your keychain so you don't have to type it in later, and click Connect. Once you're connected, you'll see your server in the left frame of Server Admin (Figure 2.46). Clicking the disclosure triangle expands or contracts your server, showing or hiding all the services available on that server. Clicking the server address will display some of the advanced server settings. Alternately, clicking any service shows you that service's settings and options in the right frame of the window. Figure 2.46. The main view of Server Admin showing all connected servers on the left. 
Across the top is the Toolbar, which lets you add, remove, disconnect from, and refresh your server information (Figure 2.47). You can also create a new Server Admin window from the Toolbar, as well as launch the other main server management tool, Workgroup Manager. If you've selected a service, you may also see a Start Service button in the Toolbar  . To customize your Toolbar, choose View > Customize Toolbar. Figure 2.47. The Server Admin Toolbar lets you add, remove, disconnect from, and refresh your server information. 
The Search bar permits you to just show services that have whatever letter is typed into the window. For example, typing "we" would only show Web and WebObjects (Figure 2.48). Figure 2.48. Using the Search function displays only those services with the searched character string. 
In addition, you have two view options. You can view all your services and their respective status by choosing View > Show Summary, and you can quickly see your users and groups by choosing View > Show User Records (Figure 2.49). The former option displays the services and their status horizontally (Figure 2.50), and the latter opens a drawer on the left or right of the Server Admin tool that lets you see all the users and groups (Figure 2.51). Figure 2.49. Choosing the View menu displays options such as Show Summary and Show User Records. 
Figure 2.50. Choosing View > Show Summary displays services and their status horizontally. 
Figure 2.51. Choosing View > Show User Records opens a drawer on the left or right of the Server Admin tool that lets you see all the users and groups. 
You'll probably access the Server Admin tool frequently, so you may benefit from adding your server(s) to a Favorites list that gives you menu and keyboard shortcuts to the server(s). To do this, launch the Server Admin tool, choose Favorites > Add To Favorites, and select your server. You can now access your server when launching Server Admin by heading to the Favorites menu and choosing your server or using the Command key and the number associated with your server in the Favorites menu. Setting Server Admin preferences To customize Server Admin to further suit your needs, choose Preferences from the Server Admin menu. Some of the major options available to you are as follows (Figure 2.52): - You can change the list display from Simple to Advanced, which will provide you with more information about how services are operating.
- You can (although not recommended) disable secure connections, or (better) provide a specific (yours) SSL certificate to be used when creating the SSL connection to your server. The digital signature option is discussed in Chapter 10.
This option is especially important when you're administering a server from halfway around the world.
- The "Resolve DNS names when possible" option is used when servers have a properly configured DNS (discussed in Chapter 6).
Figure 2.52. You can customize Server Admin in the Server Admin Preferences dialog. 
Server Admin can also be used for the following via the tabs located at the bottom of the window (Figure 2.53): - View various log files such as the system.log
- Check server network status
- Check volume usage information and user/group quotas
- Graph CPU usage and network utilization over time
- Run Software Update
- Change serial number
- Enable additional services such as permitting Mac OS X Server to become a network time server and allow the examination of the server via the Simple Network Management Protocol (SNMP)
- Change the computer name, Bonjour (localhost) name, date, time, and time zone
- Create and manage certificates to be used for various services (certificates will be covered in Chapter 10, "Security")
- Use service access controls to restrict access to various services based on user and/or group affiliation
Figure 2.53. Clicking on the server on the left displays the Settings tab for various options when dealing with your server. 
 Tips
When setting up Mac OS X Server for the first time, the time zone you chose using Server Assistant may not be respected after the reboot and sometimes defaults back to Cupertino. You should use Server Admin to check the time zone and correct it before proceeding to set up other services. If you're working directly on the server, you'll notice that the Server Admin tool is already in the Dock. If you're working remotely, you may wish to add the Server Admin tool to the Dock.
To restrict access to the ssh service 1. | Launch the Server Admin tool, located in /Applications/Server, and select your server from the Computers and Services list.
If you have not already added your server to the keychain, you must authenticate now as well.
| 2. | Click Settings and then click Access in the pane to the right of the Computers and Services list (Figure 2.54).
Figure 2.54. Choose Settings and then the Access tab to reveal the service access controls. 
| 3. | Deselect the "Use same access for all services" check box and select the ssh service from the Service list.
| 4. | Click the "Allow only user and groups below" radio button and then the plus button below to add yourself and any other users to Name list (Figure 2.55).
Figure 2.55. Using Service access controls to limit the users who can log in via ssh. 
| 5. | Click Save to permit only the selected users to log in via ssh.
| 6. | Restart the ssh service by deselecting and selecting the box named ssh under the General tab to enable the access controls (Figure 2.56).
Figure 2.56. You must restart the ssh daemon to take advantage of the access controls. 
|
Tips Do not restrict access to services that others may need when using home folders, such as AFP (and if secure connections are being used, ssh). A good way to restrict access to all services is to deny all users access except the server administrator. In this fashion you can ensure all services cannot be accessed unless permission is granted via the services access control mechanism. Restricting ssh, while increasing security, can prevent Mac OS X Server from working within an Open Directory Master/Replica scenario. If you want your Mac OS X Server to participate in this process, keep an eye on the system log for ssh attempts and adjust your user's ssh access accordingly. If you restrict access to the Login window, you may inadvertently lock yourself out of your own server via the Login window, and not be able to log in to the server at all via the GUI.
Server Admin and Unix Server Admin has a counterpart in the command line called serveradmin. You can run this tool from the server directly or, when you're connected to the server, from a remote machine via ssh. serveradmin has many options and can be used just like its GUI counterpart. Consult the man page for serveradmin to learn about all the features. |
Address Name Differences In certain cases, you may see another name in the Address field. This may be due to the TCP/IP information you entered. If you entered a DNS address, you may have a domain name for your server assigned by another Domain Name Server. A fully qualified domain name is another name that is related to the IP address you have for your server. This name may be out of your control if you aren't the administrator of that Domain Name Server. The basics of DNS and Domain Name Server are covered in Chapter 6. |
|
