Apple MAC OS X SERVER Administrator Guide

Mac OS X Server

Administrator’s Guide

K

Apple Computer, Inc.

©

2002 Apple Computer, Inc. All rights reserved.

Under the copyright laws, this publication may not be copied, in whole or in part, without the written
consent of Apple.

The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the
“keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may
constitute trademark infringement and unfair competition in violation of federal and state laws.

Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh,
Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered
in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of
Apple Computer, Inc.

Adobe and PostScript are trademarks of Adobe Systems Incorporated.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in
the U.S. and other countries.

Netscape Navigator is a trademark of Netscape Communications Corporation.

RealAudio is a trademark of Progressive Networks, Inc.

©

1995–2001 The Apache Group. All rights reserved.

UNIX is a registered trademark in the United States and other countries, licensed exclusively through
X/Open Company, Ltd.

062-9285/7-26-02

Contents

Preface How to Use This Guide 39

What’s Included in This Guide 39

Using This Guide 40

Setting Up Mac OS X Server for the First Time 41

Getting Help for Everyday Management Tasks 41

Getting Additional Information 41

1 Administering Your Server 43

Highlighting Key Features 43

Ease of Setup and Administration 43

Networking and Security 44

File and Printer Sharing 44

Open Directory Services 45

Comprehensive Management of Macintosh Workgroups 45

High Availability 46

Extensive Internet and Web Services 46

Highlighting Individual Services 46

Directory Services 47

Open Directory 47

Password Validation 47

Search Policies 48

File Services 48

Sharing 48

Apple File Service 49

Windows Services 49

3

Network File System (NFS) Service 49

File Transfer Protocol (FTP) 50

Print Service 50

Web Service 51

Mail Service 51

Macintosh Workgroup Management 52

Client Management 52

NetBoot 52

Network Install 53

Network Services 53

DHCP 54

DNS 54

IP Firewall 54

SLP DA 54

QuickTime Streaming Service 55

Highlighting Server Applications 56

Administering a Server From Different Computers 58

Server Assistant 58

Open Directory Assistant 58

Directory Access 59

Workgroup Manager 59

Opening and Authenticating in Workgroup Manager 59

Major Workgroup Manager Tasks 60

Server Settings 60

Server Status 61

Macintosh Manager 62

NetBoot Administration Tools 62

Network Install Administration Application 62

Server Monitor 62

Streaming Server Admin 63

Where to Find More Information 64

If You’re New to Server and Network Management 64

If You’re an Experienced Server Administrator 64

Contents

4

2 Directory Services 65

Storage for Data Needed by Mac OS X 66

A Historical Perspective 67

Data Consolidation 68

Data Distribution 69

Uses of Directory Data 70

Inside a Directory Domain 71

Discovery of Network Services 72

Directory Domain Protocols 73

Local and Shared Directory Domains 74

Local Data 74

Shared Data 75

Shared Data in Existing Directory Domains 78

Directory Domain Hierarchies 78

Two-Level Hierarchies 79

More Complex Hierarchies 81

Search Policies for Directory Domain Hierarchies 82

The Automatic Search Policy 83

Custom Search Policies 84

Directory Domain Planning 85

General Planning Guidelines 85

Controlling Data Accessibility 86

Simplifying Changes to Data in Directory Domains 86

Identifying Computers for Hosting Shared Domains 87

Open Directory Password Server 87

Authentication With a Password Server 88

Network Authentication Protocols 88

Password Server Database 88

Password Server Security 89

Overview of Directory Services Tools 89

Setup Overview 90

Before You Begin 91

Setting Up an Open Directory Domain and Password Server 92

Deleting a Shared Open Directory Domain 93

Contents

5

Configuring Open Directory Service Protocols 93

Setting Up Search Policies 94

Using the Automatic Search Policy 95

Defining a Custom Search Policy 95

Using a Local Directory Search Policy 96

Changing Basic LDAPv3 Settings 97

Enabling or Disabling Use of DHCP-Supplied LDAPv3 Servers 97

Showing or Hiding Available LDAPv3 Configurations 97

Configuring Access to Existing LDAPv3 Servers 98

Creating an LDAPv3 Configuration 98

Editing an LDAPv3 Configuration 99

Duplicating an LDAPv3 Configuration 99

Deleting an LDAPv3 Configuration 100

Changing an LDAPv3 Configuration’s Connection Settings 100

Configuring LDAPv3 Search Bases and Mappings 101

Populating LDAPv3 Domains With Data for Mac OS X 103

Using an Active Directory Server 104

Creating an Active Directory Server Configuration 104

Setting Up an Active Directory Server 105

Populating Active Directory Domains With Data for Mac OS X 105

Accessing an Existing LDAPv2 Directory 106

Setting Up an LDAPv2 Server 106

Creating an LDAPv2 Server Configuration 106

Changing LDAPv2 Server Access Settings 107

Editing LDAPv2 Search Bases and Data Mappings 108

Using NetInfo Domains 110

Creating a Shared NetInfo Domain 110

Configuring NetInfo Binding 111

Adding a Machine Record to a Parent NetInfo Domain 113

Configuring Static Ports for Shared NetInfo Domains 113

Viewing and Changing NetInfo Data 114

Using UNIX Utilities for NetInfo 114

Using Berkeley Software Distribution (BSD) Configuration Files 115

Mapping BSD Configuration Files 115

Contents

6

Setting Up Data in BSD Configuration Files 118

Configuring Directory Access on a Remote Computer 118

Monitoring Directory Services 119

Backing Up and Restoring Directory Services Files 119

3 Users and Groups 121

How User Accounts Are Used 122

Authentication 122

Password Validation 123

Information Access Control 124

Directory and File Owner Access 125

Directory and File Access by Other Users 125

Administration Privileges 125

Server Administration 125

Local Mac OS X Computer Administration 126

Directory Domain Administration 126

Home Directories 126

Mail Settings 127

Resource Usage 127

User Preferences 127

How Group Accounts Are Used 127

Information Access Control 127

Group Directories 128

Workgroups 128

Computer Access 128

Kinds of Users and Groups 128

Users and Managed Users 128

Groups, Primary Groups, and Workgroups 129

Administrators 129

Guest Users 129

Predefined Accounts 130

Setup Overview 132

Before You Begin 135

Administering User Accounts 137

Where User Accounts Are Stored 137

Contents

7

Creating User Accounts in Directory Domains on Mac OS X Server 137

Creating Read-Write LDAPv3 User Accounts 138

Changing User Accounts 138

Working With Read-Only User Accounts 139

Working With Basic Settings for Users 139

Defining User Names 139

Defining Short Names 140

Choosing Stable Short Names 141

Avoiding Duplicate Names 141

Avoiding Duplicate Short Names 143

Defining User IDs 144

Defining Passwords 145

Assigning Administrator Rights for a Server 145

Assigning Administrator Rights for a Directory Domain 145

Working With Advanced Settings for Users 146

Defining Login Settings 146

Defining a Password Validation Strategy 147

Editing Comments 147

Working With Group Settings for Users 147

Defining a User’s Primary Group 148

Adding a User to Groups 148

Removing a User From a Group 149

Reviewing a User’s Group Memberships 149

Working With Home Settings for Users 149

Working With Mail Settings for Users 150

Disabling a User’s Mail Service 150

Enabling Mail Service Account Options 150

Forwarding a User’s Mail 151

Working With Print Settings for Users 151

Disabling a User’s Access to Print Queues Enforcing Quotas 152

Enabling a User’s Access to Print Queues Enforcing Quotas 152

Deleting a User’s Print Quota for a Specific Queue 153

Restarting a User’s Print Quota 153

Working With Managed Users 154

Contents

8

Defining a Guest User 154

Deleting a User Account 154

Disabling a User Account 155

Administering Home Directories 155

Distributing Home Directories Across Multiple Servers 156

Setting Up Home Directories for Users Defined in Existing Directory Servers 157

Choosing a Protocol for Home Directories 160

Setting Up AFP Home Directory Share Points 160

Setting Up NFS Home Directory Share Points 160

Creating Home Directory Folders 161

Defining a User’s Home Directory 161

Defining No Home Directory 162

Defining a Home Directory for Local Users 162

Defining a Network Home Directory 163

Defining an Advanced Home Directory 163

Setting Disk Quotas 164

Defining Default Home Directories for New Users 165

Using Import Files to Create AFP Home Directories 165

Moving Home Directories 165

Deleting Home Directories 165

Administering Group Accounts 165

Where Group Accounts Are Stored 165

Creating Group Accounts in a Directory Domain on Mac OS X Server 165

Creating Read-Write LDAPv3 Group Accounts 166

Changing Group Accounts 167

Working With Read-Only Group Accounts 167

Working With Member Settings for Groups 167

Adding Users to a Group 168

Removing Users From a Group 168

Naming a Group 169

Defining a Group ID 170

Working With Volume Settings for Groups 170

Creating Group Directories 171

Automatically Creating Group Directories 171

Contents

9

Customizing Group Directory Settings 172

Working With Group and Computer Preferences 173

Deleting a Group Account 173

Finding User and Group Accounts 173

Listing Users and Groups in the Local Directory Domain 174

Listing Users and Groups in Search Path Directory Domains 174

Listing Users and Groups in Available Directory Domains 174

Refreshing User and Group Lists 175

Finding Specific Users and Groups in a List 175

Sorting User and Group Lists 175

Shortcuts for Working With Users and Groups 176

Editing Multiple Users Simultaneously 176

Using Presets 176

Creating a Preset for User Accounts 176

Creating a Preset for Group Accounts 177

Using Presets to Create New Accounts 177

Renaming Presets 178

Deleting a Preset 178

Changing Presets 178

Importing and Exporting User and Group Information 178

Understanding What You Can Import 179

Using Workgroup Manager to Import Users and Groups 179

Using Workgroup Manager to Export Users and Groups 181

Using dsimportexport to Import Users and Groups 181

Using dsimportexport to Export Users and Groups 184

Using XML Files Created With Mac OS X Server 10.1 or Earlier 186

Using XML Files Created With AppleShare IP 6.3 186

Using Character-Delimited Files 187

Writing a Record Description 188

Using the StandardUserRecord Shorthand 189

Using the StandardGroupRecord Shorthand 189

Understanding Password Validation 189

Contrasting Password Validation Options 191

The Authentication Authority Attribute 192

Contents

10

Choosing a Password 192

Migrating Passwords 193

Setting Up Password Validation Options 193

Storing Passwords in User Accounts 193

Enabling Basic Password Validation for a User 193

The Problem With Readable Passwords 194

Using a Password Server 195

Setting Up a Password Server 196

Enabling the Use of a Password Server for a User 196

Exporting Users With Password Server Passwords 197

Making a Password Server More Secure 197

Monitoring a Password Server 197

Using Kerberos 197

Understanding Kerberos 198

Integrating Mac OS X With a Kerberos Server 199

Enabling Kerberos Authentication for Mail 200

Enabling Kerberos Authentication for AFP 200

Enabling Kerberos Authentication for FTP 200

Enabling Kerberos Authentication for Login Window 200

Enabling Kerberos Authentication for Telnet 201

Solving Problems With Kerberos 201

Using LDAP Bind Authentication 201

Backing Up and Restoring Files 201

Backing Up a Password Server 201

Backing Up Root and Administrator User Accounts 202

Supporting Client Computers 202

Validating Windows User Passwords 202

Setting Up Search Policies on Mac OS X Client Computers 202

Solving Problems 202

You Can’t Modify an Account Using Workgroup Manager 202

A Password Server User’s Password Can’t Be Modified 203

Users Can’t Log In or Authenticate 203

You Can’t Assign Server Administrator Privileges 204

Users Can’t Access Their Home Directories 204

Contents

11

Mac OS X User in Shared NetInfo Domain Can’t Log In 204

Kerberos Users Can’t Authenticate 204

4 Sharing 205

Privileges 205

Explicit Privileges 206

User Categories 206

Privileges Hierarchy 207

Client Users and Privileges 207

Privileges in the Mac OS X Environment 207

Network Globe Contents 207

Share Points in the Network Globe 208

Static Versus Dynamic Linking 208

Adding System Resources to the Network Library Folder 208

Setup Overview 208

Before You Begin 209

Organize Your Shared Information 210

Windows Users 210

Security Issues 210

Restricting Access by Unregistered Users (Guests) 210

Setting Up Sharing 211

Creating Share Points and Setting Privileges 211

Configuring Apple File Protocol (AFP) Share Points 212

Configuring Server Message Block (SMB) Share Points 212

Configuring File Transfer Protocol (FTP) Share Points 213

Sharing (Exporting) Items Using Network File System (NFS) 213

Automounting Share Points 214

Resharing NFS Mounts as AFP Share Points 215

Managing Sharing 215

Turning Sharing Off 216

Removing a Share Point 216

Browsing Server Disks 216

Viewing Share Points 216

Copying Privileges to Enclosed Items 217

Viewing Share Point Settings 217

Contents

12

Changing Share Point Owner and Privilege Settings 217

Changing the Protocols for a Share Point 218

Deleting an NFS Client from a Share Point 218

Creating a Drop Box 218

Supporting Client Computers 219

Solving Problems 219

Users Can’t Access a CD-ROM Disc 219

Users Can’t Find a Shared Item 219

Users Can’t See the Contents of a Share Point 219

5 File Services 221

Before You Begin 221

Security Issues 222

Allowing Access to Registered Users Only 222

Client Computer Requirements 223

Setup Overview 223

Apple File Service 224

Automatic Reconnect 224

Find By Content 224

Kerberos Authentication 224

Apple File Service Specifications 224

Before You Set Up Apple File Service 225

Setting Up Apple File Service 225

Configuring Apple File Service General Settings 225

Configuring Apple File Service Access Settings 226

Configuring Apple File Service Logging Settings 227

Configuring Apple File Service Idle Users Settings 228

Starting Apple File Service 229

Managing Apple File Service 229

Viewing Apple File Service Status 229

Viewing Apple File Service Logs 230

Stopping Apple File Service 230

Starting Up Apple File Service Automatically 231

Changing the Apple File Server Name 231

Registering With Network Service Locator 231

Contents

13

Enabling AppleTalk Browsing for Apple File Service 232

Setting Maximum Connections for Apple File Service 232

Turning On Access Logs for Apple File Service 232

Archiving Apple File Service Logs 233

Disconnecting a User From the Apple File Server 233

Disconnecting Idle Users From the Apple File Server 234

Allowing Guest Access to the Apple File Server 234

Creating a Login Greeting for Apple File Service 234

Sending a Message to an Apple File Service User 235

Windows Services 235

Windows Services Specifications 236

Before You Set Up Windows Services 236

Ensuring the Best Cross-Platform Experience 236

Windows User Password Validation 236

Setting Up Windows Services 237

Configuring Windows Services General Settings 237

Configuring Windows Services Access Settings 238

Configuring Windows Services Logging Settings 239

Configuring Windows Services Neighborhood Settings 239

Starting Windows Services 240

Managing Windows Services 240

Stopping Windows Services 240

Setting Automatic Startup for Windows Services 240

Changing the Windows Server Name 241

Finding the Server’s Workgroup Name 241

Checking Windows Services Status 241

Registering with a WINS Server 242

Enabling Domain Browsing for Windows Services 242

Setting Maximum Connections for Windows Services 242

Setting Up the Windows Services Log 243

Disconnecting a User From the Windows Server 243

Allowing Guest Access in Windows Services 243

Assigning the Windows Server to a Workgroup 244

File Transfer Protocol (FTP) Service 244

Contents

14

Secure FTP Environment 244

User Environments 245

On-the-Fly File Conversion 247

Custom FTP Root 248

Kerberos Authentication 248

Before You Set Up FTP Service 248

Restrictions on Anonymous FTP Users (Guests) 249

Setup Overview 249

Setting Up File Transfer Protocol (FTP) Service 250

Configuring FTP General Settings 250

Configuring FTP Access Settings 251

Configuring FTP Logging Settings 251

Configuring FTP Advanced Settings 252

Starting FTP Service 252

Managing File Transfer Protocol (FTP) Service 252

Stopping FTP Service 252

Setting Up Anonymous FTP Service 253

Creating an Uploads Folder for Anonymous Users 253

Specifying a Custom FTP Root 253

Specifying the FTP Authentication Method 254

Configuring the FTP User Environment 254

Viewing FTP Logs 254

Displaying Banner and Welcome Messages to Users 255

Displaying Messages Using message.txt files 255

Using README Message 255

Network File System (NFS) Service 256

Before You Set Up NFS Service 256

Security Implications 256

Setup Overview 256

Setting Up NFS Service 257

Configuring NFS Settings 257

Managing NFS Service 258

Stopping NFS Service 258

Viewing NFS Service Status 258

Contents

15

Viewing Current NFS Exports 258

Supporting Client Computers 259

Supporting Mac OS X Clients 259

Connecting to the Apple File Server in Mac OS X 259

Setting Up a Mac OS X Client to Mount a Share Point Automatically 260

Changing the Priority of Network Connections 260

Supporting Mac OS 8 and Mac OS 9 Clients 260

Connecting to the Apple File Server in Mac OS 8 or Mac OS 9 261

Setting up a Mac OS 8 or Mac OS 9 Client to Mount a Share Point Automatically 261

Supporting Windows Clients 261

TCP/IP 262

Using the Network Neighborhood to Connect to the Windows Server 262

Connecting to the Windows Server Without the Network Neighborhood 262

Supporting NFS Clients 262

Solving Problems With File Services 263

Solving Problems With Apple File Service 263

User Can’t Find the Apple File Server 263

User Can’t Connect to the Apple File Server 263

User Doesn’t See Login Greeting 263

Solving Problems With Windows Services 263

User Can’t See the Windows Server in the Network Neighborhood 263

User Can’t Log in to the Windows Server 264

Solving Problems With File Transfer Protocol (FTP) 264

FTP Connections Are Refused 264

Clients Can’t Connect to the FTP Server 265

Anonymous FTP Users Can’t Connect 265

Where to Find More Information About File Services 265

6 Client Management: Mac OS X 267

The User Experience 268

Logging In 268

Locating the Home Directory 268

Before You Begin 269

Designating Administrators 270

Setting Up User Accounts 270

Contents

16

Setting Up Group Accounts 271

Setting Up Computer Accounts 271

Creating a Computer Account 272

Creating a Preset for Computer Accounts 273

Using a Computer Accounts Preset 273

Adding Computers to an Existing Computer Account 274

Editing Information About a Computer 274

Moving a Computer to a Different Computer Account 275

Deleting Computers From a Computer List 275

Deleting a Computer Account 276

Searching for Computer Accounts 276

Managing Guest Computers 277

Working With Access Settings 278

Restricting Access to Computers 278

Making Computers Available to All Users 279

Using Local User Accounts 279

Managing Portable Computers 280

Unknown Portable Computers 280

Portable Computers With Multiple Local Users 280

Portable Computers With One Primary Local User 280

Using Wireless Services 281

How Workgroup Manager Works With System Preferences 281

Managing Preferences 282

About the Preferences Cache 283

Updating the Managed Preferences Cache 283

Updating Cached Preferences Manually 283

How Preference Management Works 284

Preference Management Options 284

Managing a Preference Once 285

Always Managing a Preference 285

Never Managing a Preference 285

Managing User Preferences 285

Managing Group Preferences 286

Managing Computer Preferences 286

Contents

17

Editing Preferences for Multiple Records 287

Disabling Management for Specific Preferences 287

Managing Applications Preferences 288

Applications Items Preferences 288

Creating a List of Approved Applications 288

Preventing Users From Opening Applications on Local Volumes 289

Managing Application Access to Helper Applications 289

Applications System Preferences 290

Managing Access to System Preferences 290

Managing Classic Preferences 291

Classic Startup Preferences 291

Making Classic Start Up After a User Logs In 291

Choosing a Classic System Folder 291

Classic Advanced Preferences 292

Allowing Special Actions During Restart 292

Keeping Control Panels Secure 292

Preventing Access to the Chooser and Network Browser 293

Making Apple Menu Items Available in Classic 293

Adjusting Classic Sleep Settings 294

Managing Dock Preferences 294

Dock Display Preferences 294

Controlling the User’s Dock 294

Dock Items Preferences 295

Adding Items to a User’s Dock 295

Preventing Users From Adding Additional Dock Items 296

Managing Finder Preferences 296

Finder Preferences 296

Keeping Disks and Servers From Appearing on the User’s Desktop 296

Controlling the Behavior of Finder Windows 297

Making File Extensions Visible 298

Selecting the User Environment 298

Hiding the Alert Message When a User Empties the Trash 298

Finder Commands Preferences 299

Controlling User Access to an iDisk 299

Contents

18

Controlling User Access to Remote Servers 299

Controlling User Access to Folders 300

Preventing Users From Ejecting Disks 300

Hiding the Burn Disc Command in the Finder 301

Removing Restart and Shut Down Commands From the Apple Menu 301

Finder Views Preferences 302

Adjusting the Appearance and Arrangement of Desktop Items 302

Adjusting the Appearance of Finder Window Contents 303

Managing Internet Preferences 304

Setting Email Preferences 304

Setting Web Browser Preferences 304

Managing Login Preferences 305

Login Window Preferences 305

Deciding How a User Logs In 305

Helping Users Remember Passwords 306

Preventing Restarting or Shutting Down the Computer at Login 306

Login Items Preferences 307

Opening Applications Automatically After a User Logs In 307

Managing Media Access Preferences 308

Media Access Disc Media Preferences 308

Controlling Access to CDs and DVDs 308

Controlling the Use of Recordable Discs 309

Media Access Other Media Preferences 309

Controlling Access to Hard Drives and Disks 309

Ejecting Items Automatically When a User Logs Out 310

Managing Printing Preferences 311

Printer List Preferences 311

Making Printers Available to Users 311

Preventing Users From Modifying the Printer List 312

Restricting Access to Printers Connected to a Computer 312

Printer Access Preferences 313

Setting a Default Printer 313

Restricting Access to Printers 313

Contents

19

7 Print Service 315

What Printers Can Be Shared? 316

Who Can Use Shared Printers? 317

Setup Overview 317

Before You Begin 319

Security Issues 319

Setting Up Print Service 319

Starting Up and Configuring Print Service 319

Adding Printers 320

Configuring Print Queues 320

Adding Print Queues to Shared Open Directory Domains 321

Setting Up Print Quotas 322

Enforcing Quotas for a Print Queue 322

Setting Up Printing on Client Computers 323

Mac OS X Clients 323

Adding a Print Queue in Mac OS X Using AppleTalk 323

Adding a Print Queue in Mac OS X Using LPR 323

Adding a Print Queue From an Open Directory Domain 323

Mac OS 8 and Mac OS 9 Clients 324

Setting Up Printing on Mac OS 8 or 9 Client for an AppleTalk Printer 324

Setting Up Printing on Mac OS 8 or 9 Clients for an LPR Printer 324

Windows Clients 325

UNIX Clients 325

Managing Print Service 325

Monitoring Print Service 325

Stopping Print Service 326

Setting Print Service to Start Automatically 326

Managing Print Queues 326

Monitoring a Print Queue 326

Putting a Print Queue on Hold (Stopping a Print Queue) 327

Restarting a Print Queue 327

Changing a Print Queue’s Configuration 327

Renaming a Print Queue 328

Selecting a Default Print Queue 329

Contents

20

Deleting a Print Queue 329

Managing Print Jobs 329

Monitoring a Print Job 329

Stopping a Print Job 330

Putting a Print Job on Hold 330

Restarting a Print Job 330

Holding All New Print Jobs 331

Setting the Default Priority for New Print Jobs 331

Changing a Print Job’s Priority 331

Deleting a Print Job 332

Managing Print Quotas 332

Suspending Quotas for a Print Queue 332

Managing Print Logs 332

Viewing Print Logs 333

Archiving Print Logs 333

Deleting Print Log Archives 334

Solving Problems 334

Print Service Doesn’t Start 334

Users Can’t Print 334

Print Jobs Don’t Print 334

Print Queue Becomes Unavailable 335

8 Web Service 337

Before You Begin 338

Configuring Web Service 338

Providing Secure Transactions 338

Setting Up Web Sites 338

Hosting More Than One Web Site 339

Understanding WebDAV 339

Defining Realms 339

Setting WebDAV Privileges 339

Understanding WebDAV Security 339

Understanding Multipurpose Internet Mail Extension (MIME) 340

Setting Up Web Service for the First Time 341

Managing Web Service 342

Contents

21

Starting or Stopping Web Service 343

Starting Web Service Automatically 343

Modifying MIME Mappings 343

Setting Up Persistent Connections for Web Service 344

Limiting Simultaneous Connections for Web Service 344

Setting Up Proxy Caching for Web Service 345

Blocking Web Sites From Your Web Server Cache 345

Enabling SSL for Web Service 346

Setting Up the SSL Log for a Web Server 346

Setting Up WebDAV for a Web Server 346

Starting Tomcat 347

Checking Web Service Status 348

Viewing Logs of Web Service Activity 348

Setting Up Multiple IP Addresses for a Port 348

Managing Web Sites 349

Setting Up the Documents Folder for Your Web Site 349

Changing the Default Web Folder for a Site 349

Enabling a Web Site on a Server 350

Setting the Default Page for a Web Site 351

Changing the Access Port for a Web Site 351

Improving Performance of Static Web Sites 351

Enabling Access and Error Logs for a Web Site 352

Setting Up Directory Listing for a Web Site 352

Connecting to Your Web Site 353

Enabling WebDAV 353

Setting Access for WebDAV-Enabled Sites 354

Enabling a Common Gateway Interface (CGI) script 354

Enabling Server Side Includes (SSI) 355

Monitoring Web Sites 356

Setting Server Responses to MIME Types 356

Enabling SSL 357

Enabling PHP 357

WebMail 358

WebMail Users 358

Contents

22

WebMail and Your Mail Server 359

WebMail Protocols 359

Enabling WebMail 359

Configuring WebMail 360

Setting Up Secure Sockets Layer (SSL) Service 361

Generating a Certificate Signing Request (CSR) for Your Server 361

Obtaining a Web Site Certificate 362

Installing the Certificate on Your Server 363

Enabling SSL for the Site 363

Solving Problems 364

Users Can’t Connect to a Web Site on Your Server 364

A Web Module Is Not Working as Expected 364

A CGI Will Not Run 364

Installing and Viewing Web Modules 365

Macintosh-Specific Modules 365

mod_macbinary_apple 365

mod_sherlock_apple 365

mod_auth_apple 365

mod_redirectacgi_apple 366

mod_hfs_apple 366

Open-Source Modules 366

Tomcat 366

PHP: Hypertext Preprocessor 366

mod_perl 366

MySQL 367

Where to Find More Information 367

9 Mail Service 369

Mail Service Protocols 370

Post Office Protocol (POP) 370

Internet Message Access Protocol (IMAP) 371

Simple Mail Transfer Protocol (SMTP) 371

SMTP Alternatives: Sendmail and Postfix 371

How Mail Service Uses SSL 372

How Mail Service Uses DNS 372

Contents

23

Where Mail Is Stored 373

How User Account Settings Affect Mail Service 373

What Mail Service Can Do About Junk Mail 373

SMTP Authentication 374

Restricted SMTP Relay 374

SMTP Authentication and Restricted SMTP Relay Combinations 375

Rejected SMTP Servers 375

Mismatched DNS Name and IP Address 375

Blacklisted Servers 375

What Mail Service Doesn’t Do 376

Mail Service Configuration in the Local Directory 376

Overview of Mail Service Tools 376

Setup Overview 377

Overview of Ongoing Mail Service Management 379

Before You Begin 379

Working With General Settings for Mail Service 380

Starting and Stopping Mail Service 380

Starting Mail Service Automatically 380

Requiring or Allowing Kerberos Authentication 381

Adding or Removing Local Names for the Mail Server 381

Changing Protocol Settings for Mail Service 382

Monitoring and Archiving Mail 382

Working With Settings for Incoming Mail 382

Limiting Incoming Message Size 383

Deleting Email Automatically 383

Notifying Users Who Have New Mail 383

Working With Settings for Incoming POP Mail 384

Requiring Authenticated POP (APOP) 384

Changing the POP Response Name 384

Changing the POP Port Number 385

Working With Settings for Incoming IMAP Mail 385

Requiring Secure IMAP Authentication 385

Changing the IMAP Response Name 386

Using Case-Sensitive IMAP Folder Names 386

Contents

24

Controlling IMAP Connections Per User 386

Terminating Idle IMAP Connections 387

Changing the IMAP Port Number 387

Working With Settings for Outgoing Mail 387

Sending Nonlocal Mail 388

Sending Only Local Mail 388

Suspending Outgoing Mail Service 388

Working With Settings for SMTP Mail 389

Requiring SMTP Authentication 389

Sending SMTP Mail via Another Server 389

Changing the SMTP Response Names 390

Changing the Incoming SMTP Port Number 391

Changing the Outgoing SMTP Port Number 391

Enabling an Alternate Mail Transfer Agent 391

Starting Sendmail 392

Working With the Mail Database 393

Converting the Mail Database From an Earlier Version 393

Changing Where Mail Is Stored 394

Configuring Automatic Mail Deletion 394

Allowing Administrator Access to the Mail Database and Files 394

Cleaning Up the Mail Files 395

Working With Network Settings for Mail Service 396

Specifying DNS Lookup for Mail Service 396

Updating the DNS Cache in Mail Service 397

Changing Mail Service Timeouts 397

Limiting Junk Mail 398

Restricting SMTP Relay 398

Rejecting SMTP Connections From Specific Servers 399

Checking for Mismatched SMTP Server Name and IP Address 399

Rejecting Mail From Blacklisted Senders 401

Allowing SMTP Relay for a Backup Mail Server 401

Filtering SMTP Connections 401

Working With Undeliverable Mail 402

Forwarding Undeliverable Incoming Mail 402

Contents

25

Limiting Delivery Attempts in Mail Service 402

Sending Nondelivery Reports to Postmaster 403

Monitoring Mail Status 403

Viewing Overall Mail Service Activity 404

Viewing Connected Mail Users 404

Viewing Mail Accounts 404

Reviewing Mail Service Logs 404

Reclaiming Disk Space Used by Mail Service Logs 405

Supporting Mail Users 405

Configuring Mail Settings for User Accounts 405

Configuring Email Client Software 406

Creating Additional Email Addresses for a User 407

Performance Tuning 407

Backing Up and Restoring Mail Files 408

Where to Find More Information 408

Books 408

Internet 409

10 Client Management: Mac OS 9 and OS 8 411

The User Experience 412

Logging In 412

Logging In Using the All Other Users Account 413

Logging In Using the Guest Account 413

Locating the Home Directory 413

Finding Applications 414

Finding Shared Documents 414

Before You Begin 414

Client Computer Requirements 414

Administrator Computer Requirements 415

Using Update Packages 417

Choosing a Language for Macintosh Manager Servers and Clients 417

Changing the Apple File Service Language Script 418

Inside Macintosh Manager 418

Macintosh Manager Security 418

About the Macintosh Manager Share Point 419

Contents

26

The Multi-User Items Folder 419

How the Multi-User Items Folder Is Updated 420

How Macintosh Manager Works With Directory Services 420

Where User Information Is Stored 421

How Macintosh Manager Works With Home Directories 422

How Macintosh Manager Works With Preferences 422

Where Macintosh Manager Preferences Are Stored 422

Using the MMLocalPrefs Extension 423

Using NetBoot With Macintosh Manager 423

Preparation for Using NetBoot 423

Setting Up Mac OS 9 or Mac OS 8 Managed Clients 424

Logging In to Macintosh Manager as an Administrator 425

Working With Macintosh Manager Preferences 426

Importing User Accounts 426

Applying User Settings With a Template 426

Importing All Users 427

Importing One or More Users 427

Collecting User Information in a Text File 428

Importing a List of Users From a Text File 428

Finding Specific Imported Users 429

Providing Quick Access to Unimported Users 429

Using Guest Accounts 429

Providing Access to Unimported Mac OS X Server Users 430

Setting Up a Guest User Account 431

Designating Administrators 431

About Macintosh Manager Administrators 431

Allowing Mac OS X Server Administrators to Use Macintosh Manager Accounts 432

About Workgroup Administrators 432

Creating a Macintosh Manager Administrator 432

Creating a Workgroup Administrator 432

Changing Your Macintosh Manager Administrator Password 433

Working With User Settings 433

Changing Basic User Settings 433

Allowing Multiple Logins for Users 434

Contents

27

Granting a User System Access 434

Changing Advanced Settings 434

Limiting a User’s Disk Storage Space 435

Updating User Information From Mac OS X Server 435

Setting Up Workgroups 436

Types of Workgroup Environments 436

Creating a Workgroup 436

Using a Template to Apply Workgroup Settings 437

Creating Workgroups From an Existing Workgroup 437

Modifying an Existing Workgroup 438

Using Items Settings 438

Setting Up Shortcuts to Items for Finder Workgroups 438

Making Items Available to Panels or Restricted Finder Workgroups 439

Making Items Available to Individual Users 440

Using Privileges Settings 440

Protecting the System Folder and Applications Folder 440

Protecting the User’s Desktop 440

Preventing Applications From Altering Files 441

Preventing Access to FireWire Disks 441

Allowing Users to Play Audio CDs 441

Allowing Users to Take Screen Shots 442

Allowing Users to Open Applications From a Disk 442

Setting Access Privileges for Removable Media 442

Setting Access Privileges for Menu Items 443

Sharing Information in Macintosh Manager 443

Selecting Privileges for Workgroup Folders 444

Setting Up a Shared Workgroup Folder 444

Setting Up a Hand-In Folder 445

Using Volumes Settings 445

Connecting to AFP Servers 445

Providing Access to Server Volumes 446

Using Printers Settings 447

Making Printers Available to Workgroups 447

Setting a Default Printer 447

Contents

28

Restricting Access to Printers 448

Setting Print Quotas 448

Allowing Users to Exceed Print Quotas 448

Setting Up a System Access Printer 449

Using Options Settings 449

Choosing a Location for Storing Group Documents 450

Making Items Open at Startup 450

Checking for Email When Users Log In 451

Creating Login Messages for Workgroups 451

Setting Up Computer Lists 451

Creating Computer Lists 451

Setting Up the All Other Computers Account 452

Duplicating a Computer List 452

Creating a Computer List Template 453

Disabling Login for Computers 453

Using Workgroup Settings for Computers 454

Controlling Access to Computers 454

Using Control Settings 454

Disconnecting Computers Automatically to Minimize Network Traffic 454

Setting the Computer Clock Using the Server Clock 455

Using a Specific Hard Disk Name 455

Creating Email Addresses for Managed Users 455

Using Security Settings for Computers 456

Keeping Computers Secure If a User Forgets to Log Out 456

Allowing Access to All CDs and DVDs 457

Allowing Access to Specific CDs or DVDs 457

Choosing Computer Security Settings for Applications 457

Allowing Specific Applications to Be Opened by Other Applications 458

Allowing Users to Work Offline 458

Allowing Users to Switch Servers After Logging In 459

Allowing Users to Force-Quit Applications 459

Allowing Users to Disable Extensions 459

Using Computer Login Settings 460

Choosing How Users Log In 460

Contents

29

Creating Login Messages for Computers 460

Customizing Panel Names 460

Managing Portable Computers 461

Portable Computers With Network Users 461

Portable Computers With Local Users 461

Letting Users Check Out Computers 462

Using Wireless Services 462

Using Global Security Settings 462

Using Macintosh Manager Reports 463

Setting the Number of Items in a Report 463

Keeping the Administration Program Secure 463

Verifying Login Information Using Kerberos 464

Preventing Users From Changing Their Passwords 464

Allowing Administrators to Access User Accounts 464

Copying Preferences for Mac OS 8 Computers 464

Using Global CD-ROM Settings 465

Managing Preferences 466

Using Initial Preferences 466

Using Forced Preferences 467

Preserved Preferences 468

Solving Problems 470

I’ve Forgotten My Administrator Password 470

Administrators Can’t Get to the Finder After Logging In 470

Generic Icons Appear in the Items Pane 470

Selecting “Local User” in the Multiple Users Control Panel Doesn’t Work 471

Some Printers Don’t Appear in the Available Printers List 471

Users Can’t Log In to the Macintosh Manager Server 471

Users Can’t Log In as “Guest” on Japanese-Language Computers 471

A Client Computer Can’t Connect to the Server 471

The Server Doesn’t Appear in the AppleTalk List 472

The User’s Computer Freezes 472

Users Can’t Access Their Home Directories 472

Users Can’t Access Shared Files 472

Shared Workgroup Documents Don’t Appear in a Panels Environment 472

Contents

30