Apple macOS Server User Manual
macOS Server
Service Migration Guide v1.3
March 2021
Contents
Page 5 Introduction
Page 6 DNS
Overview
Before you begin
Post-migration result
Switch from macOS Server to open source
Page 8 DHCP
Overview
Before you begin
Post-migration result
Switch from macOS Server to macOS for DHCP service
Page 10 VPN
Overview
Before you begin
Post-migration result
Switch from macOS Server to macOS for VPN service
Page 12 RADIUS
Overview
Before you begin
Post-migration result
Switch from macOS Server to open source
Page 18 NetInstall
Overview
Before you begin
Post-migration result
Switch from macOS Server to open source
Page 22 Web si tes
Overview
Before you begin
Post-migration result
Migrate websites
Diff file examples for the Websites service
Convert the httpd_server_app.conf file
Example diff file for httpd_server_app.conf
Page 33 Wiki
Overview
Before you begin
Post-migration result
Manually migrate wikis to WordPress
Export a browsable wiki HTML snapshot to file system
After you finish
macOS Server— Service Migration Guide | March 2021 2
Page 36 Calendar and Contacts
Overview
Before you begin
Post-migration result
Open source replacement options
Switch from macOS Server to open source
Moving macOS Server Calendar or Contacts service data to Open
Source
Moving macOS Server Calendar or Contacts service data to some
other service
Page 42 FTP
Overview
Before you begin
Post-migration result
Switch from FTP on macOS Server to SFTP/SSH on macOS for
file transfer service
Page 43 Software Update
Overview
macOS Server— Service Migration Guide | March 2021 3
Introduction
macOS Server is changing to focus more on management of computers,
devices, and storage on your network. As a result, some changes are coming in
how Server works. Beginning in the spring of 2018, several services will be
hidden on new installations of an update to macOS Server. Then in the fall of
2018, new installations and upgrades of macOS Server will require you to
migrate most services to other software.
This guide is designed to assist those administrators comfortable with installing
and maintaining open source projects to migrate their service data to the
underlying open source project that was previously bundled with macOS Server.
Others may want to migrate to cloud-based solutions from third-party vendors.
For more information, see the Apple Support article, Prepare for changes to
macOS Server at: https://support.apple.com/HT208312.
NOTE: This document will be updated with additional service migration tasks.
For updates to this document, see the macOS Server Overview page in Server
Help at: https://help.apple.com/serverapp/mac/5.6/#/
apdAC95F5C4-27AA-4378-8BB9-95A79A64AB5D
Before you begin
Back up your Mac
You should back up the Mac on which macOS Server is installed. This includes
the /Library/Server/ folder and its contents.
Migration prerequisite
The tasks in each chapter are designed for services that are already configured
and turned on. If you haven’t turned on a specific service, for example, VPN, the
VPN migration tasks won’t work.
Password types
The following services require users whose password type is RECOVERABLE:
• VPN
• RADIUS
If macOS Server is installed and configured, you can use it to create additional
users whose password type can be set to RECOVERABLE.
NOTE: If Server app is removed, you will no longer be able to create users
whose password type is RECOVERABLE.
Xcode
Depending on the service you are migrating, you should probably have Xcode
and the Xcode command-line tools installed. To install the Xcode command-line
tools, open /Applications/Utilities/Terminal, type xcode-select -—install,
then press Return.
macOS Server— Service Migration Guide | March 2021 4
Property lists
Each service should have a launchd property list (.plist) file so that the service
starts up after the computer restarts. Some services, such as the Mail service,
have more than one .plist file.
Open source software
As you migrate services, you’ll install open source software and third-party tools
designed to make this process easier. It is important that you read all terms and
conditions before you accept any license agreements.
IMPORTANT: Please note that information provided in this document about
open source projects, third-party vendors, products not manufactured by Apple,
or independent websites not controlled or tested by Apple, is provided without
recommendation or endorsement. Apple assumes no responsibility with regard
to the selection, performance, or use of such open source projects, third-party
vendors, non-Apple products or third-party websites that may be mentioned in
this document. Apple makes no representations or warranties regarding the
foregoing or with respect to product accuracy or reliability or compatibility with
macOS Server. Risks are inherent in the use of the Internet as well as in such
projects, vendors, products or websites. Contact the project owner or vendor for
additional information. Other company and product names may be trademarks
of their respective owners.
macOS Server— Service Migration Guide | March 2021 5
DNS
Overview
DNS is implemented via BIND, which is an open source product. The DNS server
implementation shipped with macOS Server is BIND 9.9.7-P3 from ISC. This
version of named (the nameserver daemon in BIND) performs the following
tasks:
• Looks for its configuration files in /Library/Server/named/
• Logs to a file in /Library/Logs/named.log by default
Before you begin
Turn off the DNS service in the Server app.
Post-migration result
After migration you’ll have:
• BIND as your DNS service
• The identical configuration as the macOS Server DNS service
• A launchd job that starts the service after computer restarts
Switch from macOS Server to open source
You can manually install and configure the open source BIND9 so that it can run
on a server that has macOS Server installed with existing DNS service data. The
steps follow here.
Download and build BIND9
1. Install Xcode. For more information, see the Introduction.
2. Go to https://www.isc.org/downloads/, and select the desired version of
BIND.
NOTE: The steps below use bind-9.9.9-P6. Your version may be different.
3. Download the selected version and one or more signature (.asc) files.
Run the following commands:
A. tar xzf bind-9.9.9-P6.tar.gz
B. cd ./bind-9.9.9-P6
C. ./configure --infodir="/usr/share/info" --sysconfdir="/etc" --
localstatedir="/var" --enable-atomic="no" --with-openssl=no --withgssapi=yes --enable-symtable=none --with-libxml2=no
D. make
4. To test the build, run the following commands:
A. sudo ./bin/tests/system/ifconfig.sh up
B. make test
C. sudo ./bin/tests/system/ifconfig.sh down
macOS Server— Service Migration Guide | March 2021 6
Install BIND9
1. Run the following command:
sudo make install
2. Verify that man named finds the man page properly.
Create a launchd .plist file for the BIND9 service
1. Create a text file in /Library/LaunchDaemons/, and name it
org.isc.named.plist.
2. Add the following content and save the file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//
EN" “http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>EnableTransactions</key>
<true/>
<key>Label</key>
<string>org.isc.named</string>
<key>KeepAlive</key>
<true/>
<key>ProcessType</key>
<string>Standard</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/named</string>
<string>-f</string>
<string>-c</string>
<string>/Library/Server/named/named.conf</string>
</array>
</dict>
</plist>
3. Set file ownership to root:wheel.
sudo chown root:wheel /Library/LaunchDaemons/
org.isc.named.plist
4. Load and verify the job.
sudo launchctl load -w /Library/LaunchDaemons/
org.isc.named.plist
launchctl print system/org.isc.named
Ongoing management
Settings can be changed after BIND is configured by editing the
/Library/Server/named/named.conf file. After changes are made, you can have
the service reread the configuration file by executing the command
sudo killall -HUP named.
macOS Server— Service Migration Guide | March 2021 7
DHCP
Overview
The macOS Server DHCP service uses the bootpd daemon to provide DHCP
services. The bootpd daemon is also one of the daemons required to provide
NetInstall services. The configuration for DHCP and NetInstall reside in the
same configuration file, /etc/bootpd.plist. Refer to the bootpd(8) man page for
more information on the full capabilities of the bootpd daemon as well as
information on how to update your DHCP configuration in /etc/bootpd.plist to
add or remove network interfaces and associated network address ranges.
Before you begin
Turn off the DHCP service in the Server app.
Post-migration result
After migration you’ll have:
• bootpd as your DHCP service
• The identical configuration as the macOS Server DHCP service
• A launchd job that starts the service after computer restarts
Switch from macOS Server to macOS for DHCP service
1. List all network interfaces on your system and identify the potential
network interfaces on which you want to support DHCP. List the
network interfaces by executing the command:
ifconfig -a
2. Take note of each interface name, such as en1, associated with the IPv4
address of each network interface on which you want to support DHCP.
Typically, you will only support DHCP on a single network interface.
3. Edit /etc/bootpd.plist to add entries to enable DHCP on your desired
network interfaces.
A. In the top level <dict>, add “<key>dhcp_enabled</key>”
B. The value for this key should be an array of strings where each string
value is the interface name, such as en1, of an interface for which you
want to enable DHCP. For example, if you want to enable DHCP on a
single network interface, en1, then add the following to the top level
<dict>:
<key>dhcp_enabled</key>
<array>
<string>en1</string>
</array>
4. Save your changes to /etc/bootpd.plist
macOS Server— Service Migration Guide | March 2021 8
5. Load and verify the DHCP job:
sudo launchctl load -w /System/Library/LaunchDaemons/
bootps.plist
launchctl print system/com.apple.bootpd
Ongoing management
Additional changes to your DHCP configuration can be made by editing the
“Subnets” dictionary in /etc/bootpd.plist. See the bootpd(8) man page for more
information on what can be configured for DHCP. After changes are made, you
can have the service reread its configuration file by executing the command
sudo killall -HUP bootpd.
macOS Server— Service Migration Guide | March 2021 9
VPN
Overview
The macOS Server VPN service uses the vpnd daemon in macOS to provide
L2TP IPSEC VPN services. View the vpnd man page for more information. The
configuration file is /Library/Preferences/SystemConfiguration/
com.apple.RemoteAccessServers.plist, and its format is defined in
the vpnd man page.
Before you begin
Turn off the VPN service in the Server app.
Post-migration result
After migration you’ll have:
• vpnd as your VPN service
• The identical configuration as the macOS Server VPN service
• A launchd job that starts the service after computer restarts
Switch from macOS Server to macOS for VPN service
1. Create a text file in /Library/LaunchDaemons/ and name it
vpn.ppp.l2tp.plist.
2. Add the following content and save the file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//
EN" “http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>EnableTransactions</key>
<true/>
<key>Label</key>
<string>vpn.ppp.l2tp</string>
<key>KeepAlive</key>
<true/>
<key>Program</key>
<string>/usr/sbin/vpnd</string>
<key>ProgramArguments</key>
<array>
<string>vpnd</string>
<string>-x</string>
<string>-i</string>
<string>com.apple.ppp.l2tp</string>
</array>
<key>EnableTransactions</key>
<false/>
macOS Server— Service Migration Guide | March 2021 10
<key>EnablePressuredExit</key>
<false/>
</dict>
</plist>
3. Set file ownership to root:wheel.
sudo chown root:wheel /Library/LaunchDaemons/
vpn.ppp.l2tp.plist
4. Load and verify the job.
sudo launchctl load -w /Library/LaunchDaemons/
vpn.ppp.l2tp.plist
launchctl print system/vpn.ppp.l2tp
Ongoing management
Settings can be changed after vpnd is configured by editing the
/Library/Preferences/SystemConfiguration/
com.apple.RemoteAccessServers.plist file. Refer to the vpnd (5) man page for
details on the configuration format. After changes are made, you can have the
service reread the configuration file by executing the command
sudo killall -HUP vpnd.
macOS Server— Service Migration Guide | March 2021 11
RADIUS
Overview
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol
that provides AAA (authentication, authorization, and accounting) for network
services. The RADIUS service included in macOS Server is based on the open
source FreeRADIUS project version 2.2.9. It provides RADIUS services to Apple
AirPort products, allowing integration with Open Directory users and groups.
Converting to the open source version allows continued authentication for all
current users with password type RECOVERABLE. New users won’t be able to
use FreeRADIUS.
Before you begin
Turn off the RADIUS service in the Server app.
Post-migration result
After migration you’ll have:
• FreeRADIUS as your RADIUS service
• The identical configuration as the macOS Server RADIUS service
• A launchd job that starts the service after computer restarts
Switch from macOS Server to open source
Build FreeRADIUS
FreeRADIUS requires talloc, available from samba.org
NOTE: The steps below use talloc 2.1.0. Your version may be different.
1. Run the following commands:
A. curl -LO http://www.samba.org/ftp/talloc/
talloc-2.1.0.tar.gz
B. tar zxvf talloc-2.1.0.tar.gz
C. cd talloc-2.1.0
D. ./configure --without-gettext
E. make
F. sudo make install
macOS Server— Service Migration Guide | March 2021 12
FreeRADIUS requires OpenSSL, available from openssl.org
NOTE: The steps below use openssl 1.1.0e. Your version may be different.
1. Run the following commands:
A. curl -LO https://www.openssl.org/source/
openssl-1.1.0e.tar.gz
B. tar zxvf openssl-1.1.0e.tar.gz
C. cd openssl-1.1.0e
D. ./config
E. make
F. make test
G. sudo make install
FreeRADIUS
1. Download the current stable version of FreeRADIUS from
freeradius.org. and unpack the archive.
NOTE: The steps below use FreeRADIUS 3.0.21. Your version may be different.
2. Run the following commands:
A. tar zxvf freeradius-server-3.0.21.tar.gz
B. cd freeradius-server-3.0.21
C. ./configure --enable-developer=yes --localstatedir=/var --
with-openssl-lib-dir=/usr/local/lib
D. make
E. sudo make install
Configure FreeRADIUS
Once FreeRADIUS is built, you must configure it.
1. Verify that the package is functional using the following command:
sudo /usr/local/sbin/radiusd -X
2. Wait until the line "Ready to process requests" is printed, then press
Control-C to stop the service.
3. Verify that the opendirectory module is present using the following
command:
sudo ls /usr/local/etc/raddb/mods-available/
You should see opendirectory in the output.
4. Run the following command:
ls /usr/local/lib/rlm_opendirectory.*
You should see the following in the output:
• rlm_opendirectory.a
• rlm_opendirectory.dylib
• rlm_opendirectory.la
Configure sqlite
1. Run the following commands:
A. cd /usr/local/etc/raddb/
B. sudo -s
C. cd mods-enabled
D. ln -s ../mods-available/sql sql
E. cd ..
6. In the mods-enabled/sql file, make the following changes:
macOS Server— Service Migration Guide | March 2021 13
Loading...