Mac OS X Server
Getting Started
Version 10.6 Snow Leopard
Apple Inc. K
© 2009 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this publication
for the purpose of learning to use such software. No part
of this publication may be reproduced or transmitted
for commercial purposes, such as selling copies of this
publication or for providing paid-for support services.
Every eort has been made to ensure that the information
in this manual is accurate. Apple Inc. is not responsible for
printing or clerical errors.
Because Apple periodically releases new versions and
updates to its software, images shown in this book may
be dierent from what you see on your screen.
Apple
1 Innite Loop
Cupertino, CA 95014
408-996-1010
www.apple.com
The Apple logo is a trademark of Apple Inc., registered in
the U.S. and other countries. Use of the “keyboard” Apple
logo (Option-Shift-K) for commercial purposes without the
prior written consent of Apple may constitute trademark
infringement and unfair competition in violation of federal
and state laws.
Apple, the Apple logo, AirPort, AirPort Express, AirPort
Extreme, Apple TV, Bonjour, FireWire, iCal, iChat, iPod,
iSight, iTunes, Keychain, Keynote, Leopard, Mac, Mac OS,
Macintosh, Panther, Power Mac, QuickTime, Safari, Tiger,
Time Capsule, Time Machine, Xcode, Xgrid, Xsan, and
Xserve are trademarks of Apple Inc., registered in the
U.S. and other countries. Apple Remote Desktop, Finder,
iPhone, Snow Leopard, and Spotlight are trademarks of
Apple Inc.
Adobe and PostScript are trademarks or registered
trademarks of Adobe Systems incorporated in the U.S.
and/or other countries.
Intel, Intel Core, and Xeon are trademarks of Intel Corp. in
the U.S. and other countries.
PowerPC™ and the PowerPC logo™ are trademarks of
International Business Machines Corporation, used under
license therefrom.
UNIX® is a registered trademark of The Open Group.
Other company and product names mentioned herein
are trademarks of their respective companies. Mention
of third-party products is for informational purposes
only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with
regard to the performance or use of these products.
034-4940-A/2009-08-01
Contents
7 Chapter 1: Introducing Mac OS X Server
8 What’s New in Snow Leopard Server
18 Snow Leopard Server in Small Business
24 Snow Leopard Server in a Workgroup
26 Basic Applications and Utilities
27 Advanced Tools and Applications
29 Chapter 2: Getting Ready for Mac OS X Server
30 What You Need to Install Snow Leopard Server
31 Preparing Your Network and Internet Connection
39 Deciding How to Manage Users and Groups
42 Deciding Which Basic Services to Provide
46 Providing More Services
49 Preparing Disks for Mac OS X Server
51 Preparing an Administrator Computer
53 Chapter 3: Installing Mac OS X Server
55 Installing Locally
57 Installing Remotely
3
63 Chapter 4: Setting Up Mac OS X Server
63 Setting Up a Server Locally
65 Setting Up a Server Remotely
69 After Setting Up a Server
73 Chapter 5: Managing Your Server
74 Using Server Preferences
75 Using the Server Status Widget
77 Connecting Server Preferences to a Remote Server
78 Backing Up and Restoring the Server
79 Keeping Snow Leopard Server Up to Date
81 Chapter 6: Managing Users
82 About User Accounts
84 About Administrator Accounts
88 Setting Up Users and Groups Management
89 Adding a User Account
91 Importing Users
93 Importing Groups of Users Automatically
95 Deleting a User Account
96 Changing a User’s Account Settings
97 Changing a User’s Contact Information
98 Controlling a User’s Access to Services
99 Changing a User’s Group Membership
4 Contents
100 Customizing the Welcome Email
101 Customizing the Server Invitation Email
102 Customizing the Group Invitation Email
105 Chapter 7: Managing Users’ Computers
105 Setting Up Users’ Macs Automatically
113 Setting Up Users’ Computers Manually
119 Chapter 8: Managing Groups
120 Creating a New Group
12 2 Adding or Removing Members of a Group
12 3 Adding or Removing External Members of a Group
125 Chapter 9: Customizing Services
125 Managing Address Book Service
12 7 Managing File Sharing Service
130 Managing iCal Service
13 2 Managing iChat Service
134 Managing Mail Service
13 8 Managing Web Services
145 Managing VPN Service
152 Customizing Services Using Advanced Applications
153 Chapter 10: Managing Server Information
154 Managing Server Information
5Contents
15 8 Using an SSL Certicate
162 Managing Users’ Backup Storage
163 Changing Security Settings
167 Checking Server Logs
169 Monitoring Server Graphs
171 Chapter 11: Learning More
171 Using Onscreen Help
17 2 Getting Documentation Updates
173 Getting Additional Information
175 Appendix: Services and Ports
17 9 Index
6 Contents
Introducing Mac OS X Server
1
Mac OS X Server has everything you need to provide
standards-based workgroup and Internet services,
making it ideal for education, small businesses, and large
enterprises.
Mac OS X Server version 10.6 Snow Leopard combines intuitively simple Macintosh
ease of use with a mature, stable UNIX foundation. It provides an extensive array of
services that support Macintosh, Windows, and UNIX client computers over a network.
With Snow Leopard Server, small organizations and workgroups without an IT
department can take full advantage of the benets of a server. Even a nontechnical
user can set up and manage Snow Leopard Server for a group. Other users in the group
can automatically congure their Macs to get services from Snow Leopard Server.
Snow Leopard Server has advanced conguration options and management tools for
IT professionals as well.
7
What’s New in Snow Leopard Server
Mac OS X Server v10.6 Snow Leopard oers major enhancements in several key areas:
64-bit computing Â
OpenCL Â
Podcast Producer 2 Â
Wiki Server Â
iCal Server 2 Â
Address Book Server Â
Mail Server Â
Mobile Access Server Â
64-Bit Operating System
To accommodate the enormous amounts of memory being added to today’s servers,
Snow Leopard Server has a 64-bit operating system to support up to a theoretical
16 TB of RAM. With more RAM, server applications can use more physical memory and
consequently run faster. In addition, the 64-bit operating system dramatically improves
the total number of simultaneous system processes, threads, and network connections
that the server can use.
Snow Leopard Server supports the latest 64-bit technology on today’s Xserve and
Mac Pro systems while maintaining 32-bit support for other systems. On all systems,
Mac OS X Server can run 64-bit and 32-bit applications concurrently, address large
amounts of RAM, and access 64-bit le systems and math and image libraries.
8 Chapter 1 Introducing Mac OS X Server
OpenCL
OpenCL (Open Computing Language), allows developers to eciently tap the vast
gigaops of computing power in the graphics processing unit (GPU). With GPUs
approaching processing speeds of a trillion operations a second, they’re capable of
considerably more than just drawing pictures. Unlike other server operating systems,
Mac OS X Server is specically designed to use the GPU for graphics rendering, podcast
eects and transitions, and drawing the user interface for Mac OS X Server itself.
OpenCL lets developers apply GPU power in high-performance computing applications
like genomics, video encoding, signal processing, and simulations of physical and
nancial models.
Podcast Producer 2
Podcast Producer 2 simplies the process of recording content, encoding, and
publishing high-quality podcasts for playback in iTunes and on iPod, iPhone, and
Apple TV. Users control recording of lectures, training, presentations, or any other
audio and video projects. Podcast Producer then automatically encodes and publishes
the recording based on your workow. With Snow Leopard and Snow Leopard
Server, Podcast Producer 2 gains an easy-to-use graphical workow editor, dual video
recording, Podcast Library, a web-based application to control recording, and optional
failover conguration for high availability.
9Chapter 1 Introducing Mac OS X Server
10 Chapter 1 Introducing Mac OS X Server
The graphical workow editor, Podcast Composer, leads you through the steps of
dening video-based Podcast Producer workows. You graphically choose the intro,
title, and exit videos; specify dierent transitions and eects between videos; and
view real-time titles and eects. You can add watermarks and overlays to your Podcast
content. Your workow also species encoding formats and targets distribution via
wiki, iTunes U, or Podcast Library for your nished podcast.
Podcast Producer 2 lets users record dual video sources using the Podcast Capture
application on a Mac or the new Podcast Capture web application on a Mac, iPhone,
or Windows computer. Apple provides several picture-in-picture templates, or you can
create your own.
Podcast Library lets your server store podcasts and deliver them to viewers through
RSS and Atom feeds. For example, your podcasts can feed directly from your server
through iTunes U. Atom feeds simplify distributing multiple podcast versions, such as
iPod, Apple TV, and audio only, because each Atom feed can contain multiple versions
and the viewer’s playback device automatically picks the best version.
Podcast Producer 2 and the services it relies on, including Xgrid, can be congured for
high availability by setting up failover servers and using an Xsan le system.
Wiki Server 2
Mac OS X Server includes web services that make it easy for users to create and
distribute information through shared wiki websites. Users can easily view, search,
and edit wiki content in their web browsers. They can add, delete, edit, and format wiki
content naturally—without knowing markup codes or special syntax. With a few clicks,
they can attach les and images, publish to podcasts, assign keywords, and link to
other wiki pages or other websites.
11Chapter 1 Introducing Mac OS X Server
Snow Leopard Server provides each wiki user with a convenient wiki portal, called
My Page, for viewing and creating wikis and blogs, using web calendars, tracking wiki
updates, and accessing webmail.
Mac OS X Server’s single sign-on authentication means a user only needs to enter a
name and password once to access all private wikis. Users don’t need administrator
passwords to create public and private wikis, and the creator of a private wiki controls
access to it.
12 Chapter 1 Introducing Mac OS X Server
Users can search across multiple wikis. They can also see Quick Look previews of wiki
attachments in the browser window, even if they don’t have applications that open the
attachments.
13Chapter 1 Introducing Mac OS X Server
Snow Leopard Server also has new wiki and blog templates optimized for iPhone.
Besides being better able to view wiki and blog pages, iPhone users can now track wiki
page changes and add comments and tags.
When users create events in personal and group web calendars, Snow Leopard Server
lets them invite other users and assists by looking up invitees and showing their
availability. Snow Leopard Server also allows multiple calendars per user and per group.
14 Chapter 1 Introducing Mac OS X Server
iCal Server 2
iCal Server makes it easy to share calendars, schedule meetings, and coordinate events
within a workgroup, a small business, or a large organization. Colleagues can check
each other’s availability, propose and accept meetings, book conference rooms, reserve
projectors, and more. iCal Server sends meeting invitations with agendas or to-do lists,
and tabulates replies.
15Chapter 1 Introducing Mac OS X Server
Snow Leopard Server adds push notications, the ability to email event invitations
to non–iCal Server users, integration with Calendar on iPhone, and a web application
that lets users access their calendars from any computer with a web browser. iCal
Server also integrates with the iCal application in Mac OS X and third-party calendar
applications that support the standard CalDAV protocol.
Address Book Server
Snow Leopard Server introduces Address Book Server, which allows users to nd
contact information in an address book across multiple computers without the schema
limitations and security issues associated with LDAP.
16 Chapter 1 Introducing Mac OS X Server
Users can view and add contact information in a server-based address book by using
the Address Book application on any Mac with Snow Leopard. Address Book Server can
also allow Snow Leopard users to nd public contact information in directory servers
that your server is connected to. Users of other computers can access address books on
your server using third-party applications that are compatible with the CardDAV open
standard.
Mail Server
Snow Leopard Server boosts its Mail Server performance, reliability, and scalability with
a new, open standards–based engine designed to handle thousands of simultaneous
connections. In addition, Mail Server is enhanced to include push email, server-side
email rules, and vacation messages.
Mobile Access Server
Snow Leopard Server has a Mobile Access Server that can give mobile users secure
access to your private services without inconvenient VPN connections. You specify
whether users can access private mail, web, iCal, and address book services. Users
connect to the reverse proxy Mobile Access Server on the Internet, and it makes secure
connections on their behalf to services that Mac OS X Server provides on your private
network.
17Chapter 1 Introducing Mac OS X Server
Snow Leopard Server in Small Business
A single server with Mac OS X Server can provide all the services needed by computer
users in a small business. The server and users’ computers are all connected to a private
local network that shares a DSL or cable Internet connection. The Internet connection
can be shared through an AirPort Extreme Base Station (802.11n) or a Time Capsule,
through a router from the Internet service provider (ISP) or computer retailer, or
through the server. The next few pages illustrate and describe these congurations.
Single Server with AirPort Extreme
The following illustration shows Mac OS X Server and users’ computers and iPhones
sharing an Internet connection through an AirPort Extreme Base Station (802.11n).
The base station connects to the Internet through a DSL modem or cable modem and
connects to the local network to share the Internet connection with the server and
users’ computers. The server and some of the users’ computers have wired connections
to the local network, and other users’ computers connect to the local network
wirelessly through the base station. The server and users’ computers get their network
addresses from the base station’s DHCP server. They get DNS name service from the ISP.
The base station also protects the server and all users’ computers against malicious
attacks from the Internet by blocking communications that originate outside the local
network. However, the base station is congured to allow incoming communications
for some services. For example, the base station allows the server’s mail service to
receive email from outside the local network.
All the wired and wireless computers on the local network get services from Mac OS X
Server.
18 Chapter 1 Introducing Mac OS X Server
The server provides user and group accounts, shared folders, server-based address
Mac OS X
Server
DSL
or cable
modem
The Internet
AirPort
Extreme
ISP
Local network
Mac OS X computers iPhone
books, shared calendars, instant messaging, and wikis with user portals, web calendars,
and blogs. The ISP doesn’t provide enough email addresses for everyone in the
organization, so the server provides email addresses and mail service.
19Chapter 1 Introducing Mac OS X Server
Users with Mac OS X Snow Leopard or Leopard use Time Machine to back up their
Macs to an external hard drive (not shown) attached to the server.
Some users have their portable computers and home computers set up to connect to
the server’s VPN via the Internet. This gives them secure remote access, while traveling
or working at home, to all the services that the server provides on the local network.
iPhone users check wikis and blogs while they’re roaming.
Single Server with a Network Router
The next illustration shows Mac OS X Server and users’ computers and iPhones sharing
an Internet connection through a wireless router from the ISP.
The wireless router in this conguration takes the place of the AirPort Extreme Base
Station in the previous conguration. The wireless router has a built-in DSL or cable
modem that connects to the Internet. The router has wired and wireless connections
to the local network to provide Internet access to the server and users’ computers and
iPhones. The router includes a DHCP server that provides network addresses to the
server and to the users’ computers and iPhones.
In this conguration, the server’s rewall blocks malicious attacks originating outside
the local network. The rewall is congured to allow some services to receive incoming
communications. For example, iChat service can receive instant messaging invitations
from Google Talk users via the Internet.
20 Chapter 1 Introducing Mac OS X Server
Mac OS X Server provides services to all the wired and wireless computers on the local
Mac OS X
Server
The Internet
ISP
Local network
Wi-Fi
router
Mac OS X computers iPhone
network. The server provides user and group accounts, shared folders, server-based
address books, shared calendars, instant messaging, mail, and wikis with user portals,
web calendars, and blogs. Users with Mac OS X Snow Leopard or Leopard use storage
space on the server for Time Machine backups.
21Chapter 1 Introducing Mac OS X Server
While away from the local network, users with mobile devices can check email,
web calendars, wikis, and blogs via Wi-Fi hotspots in libraries, cafes, and airports.
Single Server as an Internet gateway
The next illustration shows Mac OS X Server congured as an Internet gateway to
provide Internet access to computers and mobile devices on the local network.
The server’s primary Ethernet port connects through a DSL or cable modem to the
Internet, and its other Ethernet port connects to the local network. The server’s DHCP
service provides network addresses to users’ computers and mobile devices. Thus the
server in this conguration does the job of the AirPort Extreme Base Station or generic
router in the previous two congurations.
The server’s rewall is congured to block malicious attacks from the Internet, but does
allow incoming email and iChat invitations that originate outside the local network.
Besides mail and iChat, the server also provides user and group accounts, shared
folders, server-based address books, shared calendars, and wikis with user portals,
web calendars, and blogs.
22 Chapter 1 Introducing Mac OS X Server
Users with Mac OS X Snow Leopard or Leopard use storage space on the server for
Mac OS X
Server
The Internet
AirPort
Extreme
Local network
DSL
or cable
modem
ISP
Mac OS X computers iPhone
Time Machine backups.
23Chapter 1 Introducing Mac OS X Server
Snow Leopard Server in a Workgroup
The next illustration shows a conguration of Mac OS X Server that serves a
department in a large organization. This organization has an IT department that
provides DHCP service for assigning network addresses, DNS name service, mail service,
Internet access, and a VPN.
Everyone in the department already has a user account provided by the organization’s
Open Directory server, so these user accounts have been imported to the department’s
server. This means everyone simply uses the user name and password they already
know to authenticate for services provided by the department’s server. Those services
were set up to use the Kerberos authentication of the Open Directory server, allowing
users to log in once per session for all departmental services.
The department’s server provides address book, calendar, and instant messaging
services that work with the users’ Mac OS X Address Book, iCal, and iChat applications.
The department’s server also provides shared folders and private wikis for groups and
projects within the department. Some projects include participants from outside the
department. Outside participants use their existing user accounts to authenticate for
wiki or shared folder access.
The organization’s servers provide storage for backup, but most users have Mac OS X
Snow Leopard and prefer to use Time Machine with the external hard drive (not
shown) attached to the department’s server.
The department has some Windows users, who use Internet Explorer, Safari, and FireFox
to access wikis, web calendars, and blogs. Shared folders appear as mapped drives in
their Network Places. They have also set up their PCs to use the department server’s
Jabber instant messaging.
24 Chapter 1 Introducing Mac OS X Server
Organization
Department
Mac OS X
Server
AirPort
Extreme
Mac OS X
administrator computer
Mac OS X computers iPhonesWindows computers
Local network
ISP
The Internet
File sharing,
address book,
iCal, mail,
Open Directory,
and web
Firewall, VPN,
push, and
mobile access
25Chapter 1 Introducing Mac OS X Server
Basic Applications and Utilities
After setting up Snow Leopard Server, you can manage users and groups, change
essential service settings, and perform other basic server administration tasks using the
applications and utilities described below. For information about using them, see the
other chapters in this book.
Important: If you have versions of these applications and utilities from Mac OS X Server
v10.5 Leopard or earlier, do not use them with Snow Leopard Server.
Applications and utilities for server administrators
iCal Server Utility (in /Applications/Server/)
Create, edit, and delete the locations and resources that users can reserve when they schedule
meetings in shared calendars hosted by iCal Server.
Server Assistant
Set up Mac OS X Server for the rst time. Install Mac OS X Server on a remote computer.
Server Preferences (in /Applications/Server/)
Manage users and groups, customize services and system information, and monitor server activity.
Server Status widget for Dashboard
Monitor server activity from any Mac with Snow Leopard.
System Preferences (in /Applications/)
Connect your server to a directory server in your organization. Congure Time Machine backup of
the server. Congure sharing for a directly connected USB or FireWire printer.
26 Chapter 1 Introducing Mac OS X Server
Advanced Tools and Applications
Besides Server Preferences and the other basic administration applications, Snow
Leopard Server includes the advanced administration applications and tools described
in the following table. For more information about these tools and applications, open
Server Admin and then use the Help menu, or see the Mac OS X Server Resources
website at www.apple.com/server/macosx/resources/.
Important: If you have administration applications and tools from Mac OS X Server
v10.5 Leopard or earlier, do not use them with Snow Leopard Server.
Advanced applications and tools for server administrators
Directory Utility
Congure advanced connections to directory servers. Open Directory Utility by clicking Edit
(or Join) in the Login Options section of the Accounts pane of System Preferences.
Podcast Capture (in /Applications/Utilities/)
Record high-quality audio and video from a local or remote camera, capture screen activity,
or upload QuickTime les into Podcast Producer for encoding and distribution.
Podcast Composer (in /Applications/Server/)
Follow a structured, graphical process to create workows that control how Podcast Producer
generates and distributes podcasts.
QuickTime Broadcaster (in /Applications/)
Capture live audio and video that works seamlessly with QuickTime Streaming Server for highquality network broadcasting.
RAID Admin (in /Applications/Server/)
Set up and monitor Xserve RAID hardware.
27Chapter 1 Introducing Mac OS X Server
Advanced applications and tools for server administrators
Server Admin (in /Applications/Server/)
Change advanced service settings, congure advanced services, and manage le share points.
Monitor server activity and view detailed service logs.
Server Assistant
Set up multiple servers automatically, using saved auto setup proles. Open Server Assistant by
using the Server menu in Server Admin.
Server Monitor (in /Applications/Server/)
Remotely monitor and manage one or more Xserve systems.
System Image Utility (in /Applications/Server/)
Create NetBoot and NetInstall images for Mac OS X and Mac OS X Server computers.
System Preferences (in /Applications/)
Connect the server to a directory server in your organization.
Workgroup Manager (in /Applications/Server/)
Manage users, groups, computers, and computer groups in advanced server deployments.
Manage preferences for Mac OS X users.
Xgrid Admin (in /Applications/Server/)
Remotely manage clusters, monitor controller and agent activity, and check job status on the grid.
Command-line tools
Use UNIX tools to install and set up server software, administer services, manage users, and more.
28 Chapter 1 Introducing Mac OS X Server
Getting Ready for Mac OS X Server
2
Check the server hardware, set up your network, decide
how to manage users and groups, decide which services
to provide, and prepare server disks.
Before you install and set up Mac OS X Server, you need to:
Make sure the computer you want to use as a server meets system requirements Â
(page 30)
Make sure your Internet connection and local network are ready for your server Â
(page 31 )
Understand the ways you can manage users and groups, and decide which way is Â
right for your circumstances (page 39)
Learn about the services Mac OS X Server can provide, and decide which basic Â
services you want to set up initially (page 42)
Prepare disks for installing Mac OS X Server (page  49)
If your server won’t have a display, or won’t be accessible, you can set up an Â
administrator computer (page 51 )
29
What You Need to Install Snow Leopard Server
To install Snow Leopard Server, you need a Macintosh desktop computer or server with:
An Intel processor Â
At least 2 gigabytes (GB) of random access memory (RAM) Â
At least 10 gigabytes (GB) of disk space available Â
Your server needs signicantly more disk space—such as a high capacity external
hard drive—if you want to allow Snow Leopard and Leopard users to back up their
Macs on the server. A server needs even more disk space if you want to back up the
server using Time Machine.
An active connection to a secure network Â
If you’re an experienced system administrator, you can install and initially set up
Snow Leopard Server without a network connection if, during setup, you select the
option to congure manually and you don’t create an Open Directory master or
connect to an existing directory server during initial setup. The server will need a
network connection when you set up its directory services.
Some Podcast encoding operations require a compatible graphics card.
Some features have additional system requirements or require additional purchases.
For details, see the Mac OS X Server website at www.apple.com/server/macosx/.
Unless you have a site license, you need a unique serial number for each server.
You must use a Mac OS X Server v10.6 Snow Leopard serial number, which begins
with XSVR-106.
30 Chapter 2 Getting Ready for Mac OS X Server
A built-in DVD drive is convenient for installing Mac OS X Server, but you can also
attach an external FireWire DVD drive or a Mac that has a DVD drive and is operating in
target disk mode.
A display is optional. You can use an administrator computer to install and administer
Mac OS X Server on a computer that has no display. For information, see “Preparing an
Administrator Computer” on page 51.
Your server doesn’t need to be located where someone has constant access to it. When
you need to perform administrative tasks, you can use any Mac that you’ve set up as an
administrator computer.
Preparing Your Network and Internet Connection
Before installing and setting up Snow Leopard Server for the rst time, you need to
get DNS and DHCP services ready for your server. If you’re setting up an independent
server for a small organization, you’ll also want to protect it against malicious attacks
from the Internet.
Setting Up DNS for Your Server
To allow users to access your server by using its name, the domain name system (DNS)
servers for your local network need to be congured to resolve your server’s DNS name
to its IP address. Some services provided by your server also require that DNS servers
be congured to resolve your server’s IP address to its primary DNS name.
31Chapter 2 Getting Ready for Mac OS X Server
Conditions that aect DNS setup
If users will only access your server from your local network
Your server can provide DNS service for your local network (IP subnet). This local DNS service is
congured automatically during initial server setup if no existing DNS service can be found for
your server. The local DNS service has an entry for the DNS name and IP address you specify for
your server during initial setup.
In order for your clients to use the local DNS service that your server provides, you may need to
congure this local DNS service and your DHCP server (usually your network router) after you
nish initial server setup. If this applies to you, you’ll nd more information in the Mac OS X Server
Next Steps document that’s generated and placed on the server’s desktop after initial setup.
If your server’s local DNS service is all you need, you can skip to the next topic, “Setting Up DHCP
for Your Server” on page 35.
If you don’t have a domain name like example.com
You need a registered Internet domain like example.com if you want to allow Internet users to
access services by name. You can purchase one through your ISP or from a public registrar of
domain names. Ask the registrar to congure the domain to point to your server’s IP address.
For information about domain name registrars, search the web.
If your server doesn’t have a registered DNS name like myserver.example.com
Work with your ISP, the IT department in your organization, or the public registrar where you
obtained your domain to assign your server a meaningful DNS name. The server’s DNS name is
the basis for the addresses of all services that users get from the server, including email, iChat, iCal,
address book, wiki, le sharing, blog, webmail, and VPN.
32 Chapter 2 Getting Ready for Mac OS X Server
Conditions that aect DNS setup
If you’re setting up a server for a small organization
Ask your ISP or the public registrar for your domain to add a DNS entry for your server’s DNS
name that resolves to your server’s public IP address. Also ask for a reverse lookup entry that
resolves the public IP address to the DNS name. Your ISP provides a public IP address as part of
your Internet service.
For Internet users to be able to use your domain name to get services from your server, your
domain name must always point to your server. You can ensure this by obtaining a static (xed)
IP public address for your server. If your ISP hasn’t provided a static IP address, you can usually
upgrade to one for a fee. If you don’t have a static IP address, then your server’s IP address may
change, and Internet users may no longer be able to reach your server by name.
If you’re setting up a server for a department or workgroup in a larger organization
Ask your IT department or DNS server administrator for a static (xed) IP address for your server.
Ask them to add a DNS entry for your server’s DNS name that resolves to your server’s public IP
address, and also ask for a reverse lookup entry that resolves the public IP address to the DNS
name. If your organization doesn’t have its own DNS servers, add these entries through your ISP or
with the public registrar for your domain.
33Chapter 2 Getting Ready for Mac OS X Server
Conditions that aect DNS setup
If your server will provide mail or web services
If your server will provide mail service or web services, you can provide easier access to
them by requesting DNS entries for names like mail.example.com and www.example.com.
If your server will provide mail service, request an MX (mail exchanger) entry for your server.
An MX entry (or record) allows users to have an email address like mchen@example.com.
Without an MX entry, email addresses must include your server’s full DNS name (for example,
mchen@myserver.example.com).
If mobile users will access some services from the Internet
Your server’s DNS name needs to be the same on your local network and on the Internet if you
want to allow mobile users to access some services without using VPN. You need to obtain a
registered Internet DNS name for your server as described above.
 If you don’t have a DNS server for your network, Mac OS X Server will provide a minimal DNS
service for your local network. This DNS service is set up automatically for the DNS name you
enter and the private IP address you specify during server setup.
 If your organization has a DNS server for your local network, ask your IT department or DNS server
administrator to add an entry that resolves your server’s DNS name to your server’s IP address
on the local network, and also ask for a reverse lookup entry that resolves the IP address to the
DNS name.
Private IP addresses begin with 192.168., 10., or 172.16. through 172.31.254. For example, 192.168.1.12,
10.0.1.12, and 172.16.1.12 are private IP addresses.
34 Chapter 2 Getting Ready for Mac OS X Server
Setting Up DHCP for Your Server
Most users’ computers are congured by default to get network addresses from a DHCP
server on the local network. The DHCP server for your network needs to be congured
to provide network addresses, including an IP address for each computer, the IP
address of the router or gateway for your network, and IP addresses of one or two
DNS servers for your network. If your DHCP server needs any conguration changes,
you’ll nd information about them in the Mac OS X Server Next Steps document that’s
generated and placed on the server’s desktop after initial setup.
Protecting a Small Network
If you have an AirPort Extreme Base Station (802.11n), a Time Capsule, a cable router,
a DSL router, another network router, or a gateway that shares an Internet connection
among computers on your local network, that device isolates your local network
from the Internet. These Internet-sharing devices protect your local network against
malicious attacks from the Internet by blocking communications that originate outside
the local network. Computers on the Internet can’t access your server unless you
congure your AirPort Extreme Base Station, Time Capsule, router, or gateway to allow
access to specic services.
Note: You can allow users with accounts on your server to get secure remote access to
all its services via the Internet. After nishing initial server setup, use Server Preferences
to turn on VPN service. For more information, see “Managing VPN Service” on page 145.
35Chapter 2 Getting Ready for Mac OS X Server
Protecting Your Network with AirPort Extreme
If you have an AirPort Extreme Base Station (802.11n) or a Time Capsule, Mac OS X
Server can automatically manage it to protect your local network while allowing access
to selected services from the Internet. After initial setup, you can use Server Preferences
to specify individual services that you want to be accessible from outside your local
network. Mac OS X Server will congure your AirPort Extreme Base Station or Time
Capsule to allow incoming requests for those services to pass to your server.
Your AirPort Extreme Base Station or Time Capsule must have its Connection Sharing
option set to “Share a public IP address” (that is, an Internet connection) in order for
Mac OS X Server to manage it. In addition, the advanced option IPv6 Mode must be set
to Tunnel.
You should also make sure the AirPort Extreme Base Station or Time Capsule has a
secure password instead of the default password, which is public. You’ll need to know
the base station or Time Capsule password—not the wireless network password—to
turn on automatic AirPort management.
Protecting Your Network with a Router
If you have a cable router, DSL router, or other network router congured as a NAT
device, you can manually congure it to protect your local network while allowing
access to selected services from the Internet. You congure your router to forward
requests for individual services to your server. This process is called port forwarding or
port mapping, because each service communicates through an abstract, numbered
communication port. These ports are not physical like the Ethernet port on your
computer.
36 Chapter 2 Getting Ready for Mac OS X Server
You can manually congure port mapping on most Internet routers by using their
conguration software. Usually the conguration software consists of several
webpages. Using a web browser on any computer connected to your local network,
you go to the webpage with settings for port mapping or port forwarding. In some
cases, you can select standard services such as web or VPN and specify that each be
mapped to your server’s IP address. In other cases, you must enter port numbers for
services and enter your server’s IP address for each one.
For a list of services and the corresponding ports for which you might want to set up
port mapping or forwarding, see “Services and Ports” on page 175 .
Protecting Your Network by Making Your Server a Gateway
If you don’t have an AirPort Base Station or other router, but your server has two
Ethernet ports, you can make the server a gateway to share an Internet connection
with other computers on your local network. The server’s Ethernet ports must be
congured as follows before you begin initial Mac OS X Server setup:
One Ethernet port must have a public IP address on the Internet (not a private IP Â
address like 10.0.0.1 or 192.168.1.1). This port is connected to your DSL modem, cable
modem, or other Internet source. Usually, you use the server’s rst built-in Ethernet
port for this.
Another Ethernet port must be connected to a functional network switch or hub in Â
your local private network. This Ethernet port must be uncongured, have a manual
IP address, or have a self-assigned IP address beginning with 169.254.
37Chapter 2 Getting Ready for Mac OS X Server
If this port has an IP address assigned by a DHCP server, you won’t be able to make
the server a gateway during initial Mac OS X Server setup. This is because, as a
gateway, the server would provide DHCP service that might conict with an existing
DHCP server on the same network.
Other computers connected to this local network will share the server’s Internet
connection.
For Internet users to be able to use your domain name to get services from your server,
your domain name must always point to your server. You can ensure this by obtaining
a static (xed) IP address for your server. If your ISP hasn’t provided a static IP address,
you can usually upgrade to one for a fee. If you don’t have a static IP address, then your
server’s IP address may change, and Internet users may no longer be able to reach your
server by name.
Setting up your server as a gateway does the following:
Assigns the Ethernet port connected to the local network the private IP address Â
192.168.1.1.
Turns on DHCP service and congures it to provide IP addresses 192.168.1.100 Â
through 192.168.1.199 to computers on the local network. DHCP service assigns these
addresses to computers whose Ethernet ports are congured with the “Using DHCP”
option.
You can also give users addresses 192.168.1.2 through 192.168.1.99, to use to congure
their Ethernet ports with the “Using DCHP with manual address” option. Addresses
192.168.1.200 through 192.168.1.220 are reserved for your server’s VPN service.
Sets up NAT service to share the server’s Internet connection with computers on the Â
local network.
38 Chapter 2 Getting Ready for Mac OS X Server
Sets up the server’s rewall to block incoming connections that originate from Â
computers on the Internet. The rewall allows outgoing connections from computers
on the local network. It also allows incoming connections that are responding to the
local computers’ outgoing connections. After setup, you can use the Security pane
of Server Preferences to allow incoming requests through the rewall for specic
services.
Sets up DNS service for the local network, and congures it to cache DNS name Â
lookups to improve performance for local network computers.
Deciding How to Manage Users and Groups
During the initial setup of Mac OS X Server, you’ll choose how the server manages the
user and group accounts it uses to authenticate users and determine which services
they’re allowed to access. You can choose to:
Manage users and groups independently for a small organization Â
Import users and groups for a workgroup in a medium or large organization Â
Congure manually for a server that provides selected services to a medium or large Â
organization
Managing Your Own Users and Groups
If you’re setting up a server for a small organization without an existing directory
server, you can choose to set up an independent server with its own users and groups.
The server provides its own directory service, as an Open Directory master, for its user
and group accounts.
39Chapter 2 Getting Ready for Mac OS X Server
After setup, you’ll manage users and groups, congure basic service settings, and
monitor server status with the easy-to-use Server Preferences application. You can also
use the Server Admin and Workgroup Manager applications if you need to change
advanced settings or set up advanced services.
Importing Users and Groups for a Workgroup
If you’re setting up a server for a department or workgroup in an organization with an
existing directory server, you can choose to import users from that directory server.
This allows people to use your server with their existing user names and passwords.
You’ll need to know the following information:
The directory server’s DNS name or IP address Â
Whether you need to authenticate to the directory server, and if so, the type of Â
directory server and the name and password of a user account on the directory
server
 For an Open Directory server, you can use a standard user account; you don’t need a
directory administrator account.
 For an Active Directory server, you can use an Active Directory administrator
account or a standard user account that has the “Add workstations to domain”
privilege.
Your server uses the account name, password, and other attributes that already exist in
imported user accounts. Your server can augment the existing attributes with attributes
needed for its services. For example, imported users can be members of a group you
create on your server.
40 Chapter 2 Getting Ready for Mac OS X Server
Your server will also provide its own directory service as an Open Directory master, and
thus can have its own user and group accounts. After setup, you can create groups for
teams or projects within the workgroup, and you can create a user account for anyone
who doesn’t have one from the organization’s directory server.
After setup, you’ll manage users and groups, congure basic service settings, and
monitor server status with the easy-to-use Server Preferences application. You can
also use the Server Admin Workgroup Manager applications if you need to change
advanced settings or set up advanced services.
Conguring Manually
If you’re an experienced system administrator setting up one or more servers for a
medium or large organization, and you need complete control of service conguration,
you can choose to congure manually. This choice accommodates a wide variety of
business needs.
During initial setup, you’ll be able to bind your server to a directory server or make your
server a directory server by creating an Open Directory master. You can also choose to
congure directory services after initial setup.
After initial setup, you can congure services and manage users by using either
advanced applications such as Server Admin and Workgroup Manager or commandline tools. You can also use the Server Preferences application if you only need to
congure basic service settings and manage basic user and group settings.
41Chapter 2 Getting Ready for Mac OS X Server
Deciding Which Basic Services to Provide
During the initial setup of Mac OS X Server, you can select which basic services your
server will initially provide to users: address book, iCal, le sharing, iChat, mail, and web.
For information to help you decide which of these services to provide, see the next six
topics.
You’ll congure basic services after initial setup, along with other services, if during
initial server setup you choose to congure manually, don’t connect to a directory
server, and don’t create an Open Directory master.
For information about the services you can congure after initial setup, see “Providing
More Services” on page 46.
Address Book Service Overview
The address book service for Mac OS X Server, Address Book Server, allows users to nd
contact information in a server-based address book across multiple computers without
the schema limitations and security issues associated with LDAP. Users can view and
add contact information in a server-based address book by using the Address Book
application on any Mac with Snow Leopard. Address Book Server can also allow Snow
Leopard users to nd public contact information in directory servers that your server is
connected to. Users of other computers can access address books on your server using
third-party applications that are compatible with the CardDAV open standard.
42 Chapter 2 Getting Ready for Mac OS X Server
File Sharing Service Overview
Mac OS X Server le sharing service lets your group members access shared folders
and store personal les on the server. They can use Macintosh, Windows, or UNIX
computers to access their les and shared folders without special software, using native
le protocols including AFP and SMB. Windows users see Mac OS X Server le servers in
their Network Places, just like Windows le servers.
iCal Service Overview
The calendar service for Mac OS X Server, iCal Server, makes it easy for users to share
calendars, schedule meetings, and coordinate events within a workgroup, a small
business, or a large organization. Colleagues can quickly and easily check each other’s
availability, set up and propose meetings, book conference rooms, reserve projectors,
and more. iCal Server sends the invitations, which can include information such as an
agenda or to-do list, and tabulates replies.
iCal Server works with the iCal application in Mac OS X v10.6 Snow Leopard, Calendar
on iPhone, web calendars in Snow Leopard Server wikis, and third-party calendar
applications that support the standard CalDAV protocol.
iChat Service Overview
iChat service provides instant messaging (IM) for Macintosh, Windows, and Linux users.
Team members can brainstorm solutions, make plans, exchange URLs, or transfer
les, without worrying about outsiders intercepting condential information. Instant
messaging service provides text messaging between users or among multiple users.
It also facilitates direct connections between users for audio, video, and multiway audio
and video sessions.
43Chapter 2 Getting Ready for Mac OS X Server
iChat service works with the iChat application in Mac OS X, Google Talk, and other
instant messaging software that uses the XMPP protocol, called Jabber.
Mail Service Overview
Mail service lets users send and receive email on your local network and the Internet,
using any email application. Mail service includes lters that protect users from junk
mail and viruses. Mail service works with the Mail application in Mac OS X, Mail on
iPhone, and other popular mail applications that use the standard IMAP, POP, and SMTP
email protocols.
Web Services Overview
Web services can provide wiki, blogs, web calendars, web access to email, and custom
websites.
If web services are on, everyone with a user account on the server gets a convenient
wiki portal, called My Page, for viewing and creating wikis and blogs, using web
calendars, tracking wiki updates, and accessing webmail.
All users can easily create wikis and control who can view, search, and edit their wiki
content. By using included templates or creating their own, users can add, delete, edit,
and format content naturally—without knowing markup codes or special syntax.
With a few clicks, or by dragging and dropping, they can attach les and images,
publish podcasts, assign keywords, and link to other wiki pages or other websites.
They can also review the wiki’s complete history of changes and revert any page to
a previous version.
44 Chapter 2 Getting Ready for Mac OS X Server
Web calendars let people keep track of appointments, meetings, and other events
using any web browser. Users can send and receive invitations to events. When inviting
people to an event, users can see each person’s availability on a timeline. Each user’s
My Page portal includes a personal web calendar, and each wiki can also have a
calendar that everyone who has access to the wiki can use. Users can create multiple
calendars on their personal web calendars and on wiki group calendars that they have
access to. Users with Snow Leopard can also use the iCal application to view, change,
and create events that appear in web calendars.
Blogs give nontechnical users a way to keep their colleagues up-to-date with projects,
les they’re working on, and pictures or podcasts. Users publish their own blogs with
drag-and-drop ease, using a selection of built-in professional templates.
With webmail, users can receive and send mail from a web browser anywhere on the
Internet. They can access all their email as if they were using Mac OS X Mail or another
mail application on their computers.
Web services also let you publish custom websites that you have created (or someone
has created for you) using website development software. You can restrict access to
each website to a particular group, or restrict parts of the website to particular groups.
You can also specify each website’s IP address, an access port, and the folder where
website les are stored on the server. A custom website is also called a virtual host.
45Chapter 2 Getting Ready for Mac OS X Server
Providing More Services
Whether you set up basic services during initial server setup or not, you can congure
them and many others after setup. You can change basic service and system settings
and add users and groups with Server Preferences. You can change advanced settings
and congure advanced services with Server Admin. You can use Workgroup Manager
to change advanced user and group settings, control user preferences, and manage
computer records.
The next two tables show what you can congure with Server Preferences, Workgroup
Manager, and Server Admin. The tables also show what you can have automatically
congured during initial server setup.
For information about using Server Preferences, rst see Chapter 5, “Managing Your
Server,” through Chapter 10 , “ Managing Server Information.” For additional information,
open Server Preferences and then use the Help menu.
For information about using Server Admin or Workgroup Manager, open the
application and then use the Help menu.
Service Initial server setup Server Preferences Workgroup Manager
Basic user and group
management
Advanced user and
group management
No Yes Yes
No No Yes
46 Chapter 2 Getting Ready for Mac OS X Server
Service Initial server setup Server Preferences Workgroup Manager
Computer account
and computer group
management
Managed preferences No No Yes
Service Initial server setup Server Preferences Server Admin
Address book Optional Yes Yes
DHCP, DNS, NAT Automatic No Yes
File sharing (AFP and
SMB protocols)
File sharing (FTP and
NFS protocols)
Firewall (application
rewall)
Firewall (IP rewall) Automatic Ye s Yes
Gateway (NAT, DNS,
DHCP)
iCal (calendar sharing,
event scheduling)
iChat (instant
messaging)
Mail with spam and
virus ltering
Mobile access No No Ye s
No No Yes
Optional Yes Yes
No No Yes
Automatic Use System
Preferences
Optional No Yes
Optional Yes Yes
Optional Yes Yes
Optional Yes Yes
Use System
Preferences
47Chapter 2 Getting Ready for Mac OS X Server
Service Initial server setup Server Preferences Server Admin
MySQL No No Yes
NetBoot and NetInstall
(system imaging)
Network time Automatic No Ye s
Network management
(SNMP)
NFS No No Yes
Open Directory master
(user accounts and
other data)
Podcast Producer No No Yes
Print No No Yes
Push notication Automatic Automatic Yes
QuickTime Streaming No No Yes
RADIUS No No Yes
Remote login (SSH) Optional Use System
Software update No No Yes
Time Machine backup
of users’ Macs
Time Machine backup
of server
No No Yes
No No Yes
Optional Optional Yes
Preferences
Optional Yes Yes
No Use System
Preferences
Yes
Use System
Preferences
48 Chapter 2 Getting Ready for Mac OS X Server
Service Initial server setup Server Preferences Server Admin
VPN (secure remote
access)
Web (wikis, blogs,
webmail)
Xgrid (computational
clustering)
No Yes Yes
Optional Yes Yes
No No Yes
Preparing Disks for Mac OS X Server
If you’re going to install Mac OS X Server on an existing computer and want a clean
installation, you need to erase the disk you’ll install on. You can use the Disk Utility
application before installing locally or use Server Assistant while installing remotely.
If the server has multiple disks that you want to erase and format, or if you want to
partition the server’s disk into multiple volumes or set up a RAID set, you can use Disk
Utility before installing.
Note: The Installer won’t erase the disk for you before it installs Snow Leopard Server.
If you don’t want to upgrade Mac OS X Server on an existing server, be sure to use Disk
Utility to erase the disk before installing.
Erasing with Disk Utility
You can erase disks and partition hard drives with Disk Utility while installing Mac OS X
Server locally. You open Disk Utility by choosing it from the Utilities menu of the
Installer. You can erase the startup disk using these formats:
49Chapter 2 Getting Ready for Mac OS X Server
Mac OS Extended (Journaled): This is recommended and is the most common format
for a Mac OS X Server startup volume.
Mac OS Extended (Case-sensitive, Journaled): This is worth considering if you are
planning to have your server host a custom website with static web content instead of
or in addition to wikis. A case-sensitive disk can host static web content with a more
direct mapping between les and URLs.
You can erase other disks using the formats above or a non-journaled variant: Mac OS
Extended or Mac OS Extended (Case-sensitive).
If the server has a disk formatted using the UNIX File System (UFS) format by an earlier
version of Mac OS X or Mac OS X Server, do not use the UFS disk for a Mac OS X Server
startup disk.
Erasing with Server Assistant
If you’re using Server Assistant to install Mac OS X Server remotely, and the target disk
already has Mac OS X Server or Mac OS X installed, Server Assistant can erase the disk
using the Mac OS Extended (Journaled) format only.
Partitioning a Hard Disk
Partitioning the hard disk creates a volume for server system software and one or
more additional volumes for data and other software. The volume you install the server
system software on should be at least 20 GB. This volume should be larger if you plan
to store shared folders, wikis, and other service data on it. Use Disk Utility to partition a
hard disk.
50 Chapter 2 Getting Ready for Mac OS X Server
Creating a RAID Set
If you’re installing Snow Leopard Server on a computer with multiple internal hard disk
drives, you can create a RAID (Redundant Array of Independent Disks) set to optimize
storage capacity, improve performance, and increase reliability in case of a disk failure.
For example, a mirrored RAID set increases reliability by writing your data to two or
more disks at once. If one disk fails, your server automatically continues using other
disks in the RAID set.
You can set up RAID mirroring or another type of RAID set when you begin installing
Mac OS X Server, by choosing Disk Utility from the Installer’s Utilities menu. You can
also set up RAID mirroring after installing on a disk that isn’t partitioned, by opening
Disk Utility (in /Applications/Utilities). To prevent data loss, you should set up RAID
mirroring as soon as possible. For information about setting up a RAID set, open Disk
Utility and then use the Help menu.
Preparing an Administrator Computer
You can use an administrator computer to install and set up Mac OS X Server on
another computer over the network. The remote server doesn’t need a display.
51Chapter 2 Getting Ready for Mac OS X Server
As illustrated below, you start up the server using the Mac OS X Server Install Disc
Administrator
computer
Target server
with DVD drive
Server
Assistant
and then use Server Assistant on the administrator computer to perform a remote
installation and setup.
You can also use an administrator computer to manage the server remotely after setup.
You make a computer with Mac OS X v10.6 into an administrator computer by installing
server administration software on it. If you have another server with Mac OS X Server
v10.6 already set up, you can use it as an administrator computer as well.
To set up an administrator computer:
1 Make sure the Mac OS X computer has Mac OS X v10.6 Snow Leopard installed.
2 Insert the Mac OS X Server Administration Tools disc.
3 Open the Installers folder.
4 Double-click ServerAdministrationSoftware.mpkg to open the Installer, and then follow
the onscreen instructions.
For information about using an administrator computer, see “Installing Remotely” on
page 57, “Setting Up a Server Remotely” on page 65, and “Connecting Server
Preferences to a Remote Server” on page 77.
52 Chapter 2 Getting Ready for Mac OS X Server
Installing Mac OS X Server
3
Use the Installer to install Snow Leopard locally, or use
Server Admin to install remotely.
Before installing Mac OS X Server, be sure to prepare the computer you’re going
to use as a server and get your network and Internet connection ready. Also, use
the Installation & Setup Worksheet to collect information you’ll need. (It’s in the
Documentation folder on the Mac OS X Server Install Disc.) For more information about
these preparations, see the previous chapter.
You can install Mac OS X Server v10.6 Snow Leopard using one of these methods:
Install locally if the target server has a display and keyboard that you can use Â
conveniently
Install remotely if the target server is inconveniently located or doesn’t have a display Â
For information about other installation methods, such as upgrading an existing
server or migrating an existing server to a new computer with Snow Leopard Server,
open Server Admin (in /Applications/Server/) and then use the Help menu, or see the
Mac OS X Server Resources website at www.apple.com/server/macosx/resources/.
53
Installing Mac OS X Server Securely
When you start up a computer from the Mac OS X Server Install Disc, SSH remote login
service and VNC screen sharing service start automatically in order to make remote
installation possible.
Important: Make sure the network is secure before you install or reinstall Mac OS X
Server, because SSH and VNC give others access to the computer over the network.
For example, set up your local network so that only users you trust can access it.
Avoid having Ethernet jacks in public places. If you have an AirPort Base Station or
other wireless access point, congure it to use WPA2 authentication (also called RSN)
with a strong password. Consider making the wireless network name private. Also,
try to keep the server’s hardware serial number condential, because it’s used as the
password for remote installation and setup.
54 Chapter 3 Installing Mac OS X Server
Installing Locally
Installer
application
Target server
You can install Mac OS X Server directly onto a computer by starting up the computer
from the Mac OS X Server Install Disc. The Installer application guides you through the
interactive installation process. The computer must have a display attached so you can
interact with the Installer. When you install locally, you can use Disk Utility and other
applications in the Installer’s Utilities menu, and you can customize the installation by
selecting items to be installed.
You can perform:
A new installation of Mac OS X Server on a disk that doesn’t already have Mac OS X Â
Server or Mac OS X installed
A clean installation, which installs Mac OS X Server after erasing and formatting a Â
target disk
An upgrade of a server with an Intel processor and Mac OS X Server v10.5 Leopard or Â
Mac OS X Server v10.4.11 Tiger (for information about other upgrading and migrating
options, open Server Admin and then use the Help menu, or see the Mac OS X
Server Resources website at www.apple.com/server/macosx/resources/)
55Chapter 3 Installing Mac OS X Server
To install Mac OS X Server locally:
1 If you’re planning to erase or partition the target disk, make sure you have a backup of
the disk.
2 Start up the computer, log in if necessary, and insert the Mac OS X Server Install Disc into
the DVD drive.
3 Open the Install Mac OS X Server application and click the Restart button.
The application is in the Mac OS X Server Install Disc window.
If you see an Install button instead of a Restart button in the lower-right corner of the
application window, click Install and proceed through the Installer panes by following
the onscreen instructions (skip steps 4 through 8 below). When installation is complete,
restart the server. Server Assistant opens so you can set up the server. For information,
see “Setting Up a Server Locally” on page 63.
4 After the computer restarts, choose the language you want to use on the server,
and then click the arrow button.
5 Read the information about Mac OS X Server, use the Utilities menu if necessary,
and then click Continue.
 If you need to erase the target disk before installing, choose Utilities > Disk Utility.
You can also use Disk Utility to partition the server’s hard disk or create a RAID set.
For more information, see “Erasing with Disk Utility” on page 49.
Note: The Installer won’t erase the disk for you before it installs Snow Leopard Server.
If you don’t want to upgrade Mac OS X Server on an existing server, be sure to use
Disk Utility to erase the disk before installing.
 If you want to restore from a Time Machine backup of Mac OS X Server, choose Utilities >
Restore System From Backup.
56 Chapter 3 Installing Mac OS X Server
6 Read and agree to the software license agreement.
7 Select the disk or volume (partition) you want to install on, and make sure it’s in the
expected state before clicking Install to begin installing.
If you want to select the language translations, printer drivers, and other optional items
that will be installed, click Customize.
You can quit installation before it begins by using the Mac OS X Installer menu.
8 After installation is complete, the computer restarts and Server Assistant opens so you
can set up the server.
For information, see “Setting Up a Server Locally” on page 63.
Installing Remotely
Using Server Admin and Server Assistant on an administrator computer, you can install
Mac OS X Server on another computer over the network. The computer you’re installing
on doesn’t need a display, but it does need a DVD drive for the Mac OS X Server Install
Disc. If the computer doesn’t have a built-in DVD drive, you can attach an external
FireWire DVD drive or a Mac that has a DVD drive and is operating in target disk mode.
You can perform:
A new installation of Mac OS X Server on a disk that doesn’t already have Mac OS X Â
Server or Mac OS X installed
A clean installation, which installs Mac OS X Server after erasing and formatting a Â
target disk
57Chapter 3 Installing Mac OS X Server
An upgrade of a server with an Intel processor and Mac OS X Server v10.5 Leopard or Â
Mac OS X Server v10.4.11 Tiger (for information about other upgrading and migrating
options, open Server Admin and then use the Help menu, or see the Mac OS X
Server Resources website at www.apple.com/server/macosx/resources/
To install Mac OS X Server remotely:
1 If you’re planning to erase the target disk or partition, make sure you have a backup of
it, and optionally use Disk Utility to prepare the target disk.
If you only need to erase the target disk using the most common format, Mac OS
Extended (Journaled), you don’t need to use Disk Utility. With Disk Utility, you can erase
the target disk using other formats, partition the server’s hard disk, or create a RAID set.
For information about using Disk Utility for these tasks, see “Erasing with Disk Utility” on
page 49.
2 Start up the target server with the Mac OS X Server Install Disc.
If the target server has a built-in DVD drive, insert the disc and then restart the
computer while holding down the C key on the keyboard. Release the C key when you
see the Apple logo.
If the target server has an external FireWire DVD drive, restart the computer while
holding down the Option key, select the icon representing the Mac OS X Server Install
Disc, and then click the Arrow button.
3 On an administrator computer, open Server Admin and select “Ready for Install” in the
list on the left.
Server Admin is located in /Applications/Server/.
58 Chapter 3 Installing Mac OS X Server
If Server Admin asks for a password to connect to a server that’s already set up on
your network, you can click Cancel. You don’t need an administrator account to install
Mac OS X Server remotely.
4 Select the target server on the right, and then click Install.
If the server you want isn’t listed, you can click the Refresh (curved arrow) button to
have Server Admin look again for servers that are ready for installation on your local
network.
If the server you want is on a dierent local network, choose Server > Install Remote
Server.
5 When Server Assistant opens, conrm the target server’s address, enter the rst 8
characters of the server’s built-in hardware serial number as a password, and click
Continue.
If the Address eld is blank or incorrect, enter the server’s DNS name or its IP address in
IPv4 format (for example, 192.0.2.200).
For servers that Server Assistant nds on the local network (IP subnet), an IP address
may be assigned automatically by a DHCP server on the network. If no DHCP server
exists, the target server uses a 169.254.xxx.xxx address unique among servers on the
local network. Later, when you set up the server, you can change the IP address.
To nd the serial number, look for a label on the server. Match the capitalization of the
serial number when you type it.
For an Xserve with Intel processor that has had its main logic board replaced and
has no hardware serial number, enter “System S” (don’t enter the quotation marks)
as the password. For another computer that has no built-in hardware serial number,
use 12345678 as the password.
59Chapter 3 Installing Mac OS X Server
6 Select the language you want Mac OS X Server to use and click Continue.
The language you select doesn’t aect the language on users’ computers.
7 Select a destination disk or volume (partition) and click Install.
8 If the volume you selected already has Mac OS X Server or Mac OS X installed, select an
available option and then click OK.
The options may include:
Erase: Completely erases the destination volume before installing a new copy of
Mac OS X Server.
Upgrade: This option is available only if the destination volume has Mac OS X Server
v10.5 Leopard or Mac OS X Server v10.4.11 Tiger. You can upgrade this volume to
Snow Leopard Server without erasing the destination volume. For information about
upgrading and migrating, open Server Admin and then use the Help menu, or see the
Mac OS X Server Resources website at www.apple.com/server/macosx/resources/.
9 After installation is complete, the target server restarts and you can click More Options
to set up the server remotely or to install Mac OS X Server on another computer.
1 0 If you clicked More Options, choose what you want to do with Server Assistant now.
Install Mac OS X Server remotely: Repeat this procedure, skipping steps 3 and 4.
Set up Mac OS X Server remotely: For instructions, see “Setting Up a Server
Remotely” on page 65.
60 Chapter 3 Installing Mac OS X Server
Prepare and save information for automatic setup: Lets you go through the setup
process, selecting setup options and entering setup data, and then instead of using
the setup information to congure a server right now, save the setup information as an
auto setup prole on a removable drive or disc. Later you can use the saved auto setup
prole to automate the setup of one or more servers. For more information, see the
Installation & Setup Worksheet. (It’s in the Documentation folder on the Mac OS X Server
Install Disc.)
Instead of using Server Assistant on an administrator computer, you can remotely
control installation by using screen sharing on a Mac with Mac OS X v10.5 Leopard
or Mac OS X v10.6 Snow Leopard, or by using Apple Remote Desktop (which you
can purchase separately) on another Mac. For information, open Server Admin
and then use the Help menu, and visit the Apple Remote Desktop website at
www.apple.com/remotedesktop/.
61Chapter 3 Installing Mac OS X Server
Setting Up Mac OS X Server
4
Server Assistant leads you through setting up your server
for the rst time.
Server Assistant opens automatically when you:
Finish installing Mac OS X Server v10.6 Snow Leopard Â
Start up a new server with Snow Leopard Server preinstalled Â
You can use Server Assistant:
Locally on the server Â
Remotely on an administrator computer to set up the server over an Ethernet Â
network
For information about automatically setting up a server using a saved auto setup
prole or setting up multiple remote servers, see the Installation & Setup Worksheet.
(It’s in the Documentation folder on the Mac OS X Server Install Disc.)
Setting Up a Server Locally
You can set up a new server or a computer with Mac OS X Server newly installed,
by using the server’s keyboard, mouse, and display.
63
To set up a server locally:
1 Prepare for setup by lling out a printed copy of the Installation & Setup Worksheet.
The Installation & Setup Worksheet is located in the Documentation folder on the
Mac OS X Server Install Disc. For more information, see Chapter 2, “Getting Ready for
Mac OS X Server,” on page 29.
2 If you have DHCP or DNS service provided by your ISP, Internet router, or other servers
on your network, make sure they are set up for your new server and are running.
For information about how DHCP, DNS, and other network services should be set up,
see “Preparing Your Network and Internet Connection” on page 31.
3 Make sure your server has an active connection to a secure network.
This network connection is needed to set up the server’s directory services. If you’re
an experienced system administrator, you can set up the server without a network
connection if, during setup, you select the option to congure manually and don’t
create an Open Directory master or connect to an existing directory server during
initial setup.
If your server will connect to a wireless network, you’ll congure the connection
during setup.
4 If you want to set up your server as an Internet gateway so other computers on your
network can share the server’s Internet connection, verify the following:
One Ethernet port, or interface, connects to your DSL modem, cable modem, or Â
other Internet source. The Internet interface must have a public IP address (not a
private IP address like 10.0.1.1 or 192.168.1.1). The public IP address must be static
(xed) so users can access the server by its DNS name—for example, to use the
server’s VPN service.
64 Chapter 4 Setting Up Mac OS X Server
Another Ethernet port connects to your local network. Â
During setup, Server Assistant automatically identies which port connects to the
Internet.
For more information, see “Protecting Your Network by Making Your Server a
Gateway” on page 37.
5 If the server is o, turn it on.
When the server starts up, Server Assistant opens automatically.
6 Proceed through the Server Assistant panes, following the onscreen instructions and
entering the information you’ve recorded on the Installation & Setup Worksheet.
For information about settings in a Server Assistant pane, click the Help button in
the pane.
7 After server setup is complete, you can take some additional steps to enhance the
security, accessibility, and usefulness of your new server. For information, see “After
Setting Up a Server” on page 69.
Setting Up a Server Remotely
If you have a new server or a computer with Mac OS X Server newly installed,
you can set it up over the network by using Server Admin and Server Assistant on
an administrator computer. The server you’re setting up doesn’t need a display.
For information about administrator computers, see “Preparing an Administrator
Computer” on page 51. For information about setting up multiple servers remotely,
open Server Admin and then use the Help menu.
65Chapter 4 Setting Up Mac OS X Server
To set up a remote server:
1 Prepare for setup by lling out a printed copy of the Installation & Setup Worksheet.
The Installation & Setup Worksheet is located in the Documentation folder on the
Mac OS X Server Install Disc.
2 If you have DHCP or DNS service provided by your ISP, Internet router, or other servers
on your network, make sure they are set up for your new server and are running.
For information about how DHCP, DNS, and other network services should be set up,
see “Preparing Your Network and Internet Connection” on page 31.
3 Make sure your server has an active connection to a secure Ethernet network.
4 If you want to set up your server as an Internet gateway, so other computers on your
network can share the server’s Internet connection, verify the following:
One Ethernet port, or interface, connects to your DSL modem, cable modem, or Â
other Internet source. The Internet interface must have a public IP address (not a
private IP address like 10.0.1.1 or 192.168.1.1). The public IP address must be static
(xed) so users’ computers can access the server via the Internet, for example to use
the server’s VPN service.
Another Ethernet port connects to your local network. Â
During setup, Server Assistant automatically identies which port connects to the
Internet.
For more information, see “Protecting Your Network by Making Your Server a
Gateway” on page 37.
5 If the server is o, turn it on.
66 Chapter 4 Setting Up Mac OS X Server
When the server starts up, Server Assistant opens automatically and waits for remote
setup to begin.
6 On an administrator computer, open Server Admin and select “Ready for Setup” in the
list on the left.
Server Admin is located in /Applications/Server/.
If Server Admin asks for a password to connect to a server that’s already set up on
your network, you can click Cancel. You don’t need an administrator account to set up
Mac OS X Server remotely.
7 Select the target server on the right, and then click Set Up.
Server Admin identies uncongured servers by name, IP address, and MAC address.
The name may be generated from the computer model and the MAC address.
If the server you want isn’t listed, you can click the Refresh (curved arrow) button
to have Server Admin look again for servers that are ready for setup on your local
network.
If the server you want is on a dierent local network, choose Server > Set Up Remote
Server.
8 When Server Assistant opens, do one of the following, depending on the status of the
server you want to set up:
 If the server is listed as “Authentication required,” select it, click Authenticate, and enter
its password.
 If server you want isn’t listed, click Add, enter the server’s DNS name or its IP address in
IPv4 format (for example, 192.0.2.200), and enter its password.
67Chapter 4 Setting Up Mac OS X Server
The password for a new installation of Mac OS X Server is the rst 8 characters of the
server’s built-in hardware serial number. To nd the serial number, look for a label on
the server. Match the capitalization of the serial number when you type it. For an Intelbased Xserve that has had its main logic board replaced and has no hardware serial
number, enter “System S” (don’t enter the quotation marks) as the password. For a
computer that has no built-in hardware serial number, use 12345678 as the password.
The password for an upgraded server is the password of the server’s root user.
9 Click Continue and proceed through the Server Assistant panes, following the onscreen
instructions and entering the information you’ve recorded on the Installation & Setup
Worksheet.
For information about settings in a Server Assistant pane, click the Help button in
the pane.
1 0 After server setup is complete, Server Assistant presents three options:
Set Up Another Server: Go back to step 1 and set up another server for the rst time.
(Because Server Assistant is already open, you can skip steps 6 and 7.)
Congure: Open Server Preferences on the computer you used to set up the
remote server. Then you can open a new connection to the remote server and set
up users and groups, customize services and system information, or monitor server
activity. For information about these tasks, see “Connecting Server Preferences
to a Remote Server” on page 77 and Chapter 5, “ Managing Your Server,” through
Chapter 10, “ Managing Server Information.”
Share Screen: Begin a screen sharing session with the server you just set up. When
asked to authenticate, use the name and password of the administrator account you
created on that server.
68 Chapter 4 Setting Up Mac OS X Server
After server setup is complete, you can take some additional steps to enhance the
security, accessibility, and overall usefulness of your new server. For information,
see “After Setting Up a Server”, next.
After Setting Up a Server
After setting up a server, you can:
Enhance the security, accessibility, and usefulness of your new server by following Â
the advice in the Mac OS X Server Next Steps document that’s generated and placed
on the server’s desktop after initial setup.
Take a few steps to keep the server secure. For information, see the next two topics, Â
“Keeping Your Server Secure” and “Protecting the System Administrator (root)
Account”.
If your organization has an Open Directory server, Active Directory server, or other Â
directory server that you didn’t connect (bind) your new server to during initial
setup, you can connect it now. For instructions, see “Connecting Your Server to a
Directory Server” on page 71.
Use Software Update to install any available Mac OS X Server updates. Â
For information, see “Keeping Snow Leopard Server Up to Date” on page 79.
Congure an AirPort Base Station or an Internet router to protect your network Â
while allowing users to access selected services over the Internet. For information,
see “Protecting Your Network with AirPort Extreme” on page 36 and “Protecting Your
Network with a Router” on page 36.
69Chapter 4 Setting Up Mac OS X Server
If you set up a single server for a small organization or a server for a workgroup Â
in a medium or large organization, use Server Preferences to set up users and
groups, customize services and system information, and monitor server activity.
For information about these tasks, see Chapter 5, “Managing Your Server,” through
Chapter 10, “ Managing Server Information,” or open Server Preferences and then use
the Help menu.
You can also use the Server Status widget with Dashboard to monitor your server.
For information, see “Using the Server Status Widget” on page 75.
Change advanced settings, congure advanced services, change advanced Â
user and group settings, and manage users’ computers with Server Admin,
Workgroup Manager, other Mac OS X applications, or UNIX command-line tools.
For information about these applications and tools, open the application and
then use the Help menu, or see the Mac OS X Server Resources website at
www.apple.com/server/macosx/resources/.
Keeping Your Server Secure
For security, you should create a standard user account after completing server setup.
When you log in on the server, routinely use this standard account instead of an
administrator account. Then use your administrator account with each application
that requires administrator privileges. For example, use your administrator name and
password with Server Preferences when you need to manage users, groups, or services.
To create a standard user account, use the Accounts pane of System Preferences on the
server. For information, open System Preferences and then use the Help menu.
70 Chapter 4 Setting Up Mac OS X Server
Protecting the System Administrator (root) Account
The administrator password you enter during setup is also used for the server’s System
Administrator user account, whose short name is root. The System Administrator (root)
account can be used to move or delete any le in the system, including system les not
available to a server administrator account or any other user account. You don’t need
root user privileges to administer your server.
Important: Protecting the root user password is very important, so it should not be the
same as another account’s password. After setting up the server, you should change
the password of the root user account.
To change the root user’s password, open the Accounts pane of System Preferences,
select Login Options, click the Edit button, click Open Directory Utility, and then choose
Edit > Change Root Password. If you don’t see an Edit button in Login Options, but do
see a Join button, click the Join button, click Open Directory Utility, and then choose
Edit > Change Root Password.
You can also change the root user’s password by opening Terminal (in /Applications/
Utilities/) and then entering sudo passwd root.
Connecting Your Server to a Directory Server
If your server can have its own users and groups, you can also set up your server to
import user accounts from an Open Directory server or Active Directory server in your
organization. To be able to import user accounts, your server must be connected to
the directory server. Imported user accounts have access to the same services as user
accounts you create on your server.
71Chapter 4 Setting Up Mac OS X Server
If you don’t import some user accounts from the connected directory server, you can
make them external members of groups. You can also give them access to your server’s
private wikis. For more information, see “Importing Users” on page 91, “ Adding or
Removing External Members of a Group” on page 12 3 , and “Setting Up Web Services” on
page 140.
To connect to a directory server:
1 Open the Accounts pane of System Preferences on your server.
2 Click Login Options and then click Edit.
If you don’t see an Edit button but do see a Join button, you need to congure your
server to have its own users and groups before you can congure it to import users
from an existing directory server. For instructions, see “Setting Up Users and Groups
Management” on page 88.
3 Click the Add (+) button, and then choose the directory server from the pop-up menu
or enter the directory server’s DNS name or IP address.
4 If the dialog expands to show Client Computer ID, User Name, and Password elds,
enter the name and password of a user account on the directory server.
 For an Open Directory server, you can enter the name and password of a standard
user account; you don’t need to use a directory administrator account. If the dialog
says you can leave the name and password elds blank, you can connect without
authentication, although this is less secure.
 For an Active Directory server, you can enter the name and password of an Active
Directory administrator account or a standard user account that has the “Add
workstations to domain” privilege.
72 Chapter 4 Setting Up Mac OS X Server
Managing Your Server
5
Use the Server Status widget, Server Preferences, Time
Machine, and Software Update to check status, change
settings, back up and restore, and update server software.
Check status with Server Preferences or the Server Status widget. Find and change
server settings with Server Preferences. Use Server Preferences and the Server Status
widget on the server itself or over the network from any Mac with Snow Leopard. Set
Time Machine preferences to back up the server, and restore using the Time Machine
application or the Installer. Keep the server software current with Software Update.
73
Using Server Preferences
Find the setting you
need without knowing
its exact location
With Server Preferences, you can check the status of services and change essential
settings. You can use Server Preferences to manage various aspects of Snow Leopard
Server, such as who can use its services, how its services are congured, or what its
status is.
To manage a server with Server Preferences:
1 Open Server Preferences.
Server Preferences is located in /Applications/Server/.
2 If Server Preferences asks you for Server, User Name, and Password, enter the server’s
DNS name or IP address, the name of an administrator user account on the server,
and the password for the administrator account.
The account you created when you set up the server is an administrator account.
74 Chapter 5 Managing Your Server
Using the Server Status Widget
You can use the Server Status widget to monitor the status of Mac OS X Server either
on the server itself or from another computer with Mac OS X Server or Mac OS X.
To use the Server Status widget:
1 Open Dashboard and look for the Server Status widget.
You can open Dashboard by clicking its icon in the Dock, or by pressing its keyboard
shortcut, which is usually the F4 key or the F12 key.
If you don’t see the Server Status widget in Dashboard, click Dashboard’s Open (+)
button and then click or drag the Server Status widget from the widget bar.
2 If you see the Server, User Name, and Password elds, enter the server’s DNS name or IP
address followed by an administrator name and password, and then click Done.
3 When the Server Status widget is connected to a server, it displays a graph and other
status information about the server and its services.
Monitor processor utilization, network load, or disk usage by clicking an icon below Â
the graph.
75Chapter 5 Managing Your Server
Change the processor or network graph’s time period to one hour, day, or week by Â
clicking the graph.
If your server has more than one disk, view the status of each disk in turn by clicking Â
the disk usage graph.
Check the status indicator and activity statistics for the listed services. A green Â
indicator means the service is running.
Connect to a dierent server by moving the mouse to the upper left corner of the Â
widget and clicking the small Info (i) button.
You can open another Server Status widget to see more than one aspect of a server’s
status at once, or to monitor another server on the network.
The Server Status widget works with Mac OS X Server v10.6 Snow Leopard and
Mac OS X v10.6 Snow Leopard.
For information about widgets and Dashboard, switch to the Finder and then use the
Help menu.
You can also see graphs of server activity using Server Preferences. For information,
see “Monitoring Server Graphs” on page 16 9.
76 Chapter 5 Managing Your Server
Connecting Server Preferences to a Remote Server
Mac OS X
administrator
computer
Mac OS X
Server
You can connect Server Preferences to a server over the network and manage users,
groups, services, and system information remotely.
To manage a server remotely:
1 Open Server Preferences on an administrator computer and choose Connection >
New Connection.
For information about administrator computers, see “Preparing an Administrator
Computer” on page 51.
2 Enter the remote server’s DNS name or IP address and the name and password of an
administrator account on the remote server.
When Server Preferences is connected to a remote server, the server’s name or IP
address is displayed in the title bar of the Server Preferences window.
77Chapter 5 Managing Your Server
To reconnect to a server you have connected to recently, choose Connection >
Open Recent Connection, and then choose the server you want.
You can connect Server Preferences to any server with Mac OS X Server v10.6 or later.
Backing Up and Restoring the Server
You can back up server les automatically using Time Machine. It’s a comprehensive
backup solution for the system. It automatically makes a complete backup of all les on
the system to a locally attached external hard drive, an available internal hard drive, or
a remote network le system. It also keeps track as les are created, updated, or deleted
over time. Time Machine backs up the changes and creates a history of the le system
that you can navigate by date. You can use its intuitive time-based visual browser to
search back through time to nd and restore any les that were backed up.
You can set up a list of folders and disks that you want to exclude from backup.
Time Machine automatically excludes temporary and cache les located in /tmp/,
/Library/Logs/, /Library/Caches/, and /Users/username/Library/Caches/.
Time Machine automatically backs up data and settings for basic services: le sharing,
address book, iCal, iChat, mail, web and wiki, VPN, and Open Directory. Time Machine
also automatically backs up some settings for other services, but you may not be able
to completely restore settings changed with Server Admin or with command-line tools.
You set backup options in the Time Machine pane of System Preferences on the server,
and use the Time Machine application to restore les. You can also restore the system
to a previous state using the Installer. For information about backing up and restoring
with Time Machine or recovering the server system with the Installer, open System
Preferences and then use the Help menu.
78 Chapter 5 Managing Your Server
For information about backing up users’ computers on the server, see “Managing Users’
Backup Storage” on page 162.
Keeping Snow Leopard Server Up to Date
When your server is connected to the Internet, Software Update can automatically get
the latest free Snow Leopard Server version, security updates, and other enhancements
from Apple. You can have your server check for updates daily, weekly, or monthly. You
can also check now.
79Chapter 5 Managing Your Server
To check for updates or adjust automatic updating:
1 Open System Preferences on the server.
2 Click the Software Update Icon and follow the onscreen instructions.
If your organization has another server with Mac OS X Server, your server may get
software updates from it rather than from Apple. An expert administrator can set up
Mac OS X Server to provide software update service by using Server Admin.
You can also download software updates directly from the Apple Downloads website:
www.apple.com/support/downloads/
80 Chapter 5 Managing Your Server
Managing Users
Find users
Select a user settings pane
Manage emails sent to users
Add or delete users
6
Create or import user accounts, change their settings,
or delete them in the Users pane of Server Preferences.
In the Users pane, you set up accounts for people who use the services that this
server provides, and you control which services they can access. You can update their
contact information and change their group memberships. You can also manage email
welcome messages that go to new users.
81
About User Accounts
User accounts on your server allow users to gain access to services provided by the
server. A user account contains the information needed to prove the user’s identity for
all services that require authentication. A user account also provides a centralized place
to store a user’s contact information and other data.
Each user account has an email address, an iChat instant messaging address, a personal
calendar, and a My Page wiki portal. User accounts can also have access to wikis, blogs,
web calendars, a server-based address book, the server’s shared les, and Time Machine
backup storage, and they can use VPN to access the server remotely. Users can be
members of groups, authorizing them to access group shared folders and group wikis.
Of course, if any of these services isn’t turned on, then users don’t have access to it.
You can add user accounts in the Users pane of Server Preferences by:
Creating new accounts Â
Importing existing accounts, if your organization has a directory server that your Â
server is connected to
You can import user accounts individually. You can also automatically import all user
accounts that are members of a group.
User Accounts in Your Server’s Directory
New user accounts you create are stored in your server’s directory. You can use Server
Preferences to create and edit them.
82 Chapter 6 Managing Users
Imported User Accounts
Imported user accounts remain in your organization’s directory server. You can
supplement imported accounts with contact information, group membership
information, and so forth. The supplemental information is stored in your server’s
directory. When someone uses an imported user account, your server automatically
combines the account information stored in the directory server with supplemental
account information stored in your server’s directory.
If your server has imported user accounts, you can use Server Preferences to edit an
account’s supplemental information in your server’s directory, but not the account
information in your organization’s directory. An administrator of that directory can edit
its account information using tools for the directory server.
Local User Accounts
Users with administrator privileges on their Macs can create local user accounts using
the Accounts pane of System Preferences. These local user accounts are stored on the
user’s computer. Local user accounts have home folders on the computer and can
be used for logging in to the computer. Users can’t use their computers’ local user
accounts to access the server over the network.
Like users’ Macs, your server has local accounts in addition to server accounts and
possibly imported accounts. Your server’s local accounts can be used to log in to it, and
a local account with administrator privileges can be used to administer the server. For
information about administrator privileges, see “About Administrator Accounts,” next.
Types of User Accounts Compared
The following table summarizes key dierences among server accounts, imported
accounts, and local accounts.
83Chapter 6 Managing Users
Account type Stored in Created by Used for
Server account Your server’s directory You (a server
Imported account Your organization’s
directory server, with
supplements in your
server’s directory
Local account Each Mac OS X
computer
administrator), using
Server Preferences
The directory server’s
administrator
A user with an
administrator account
on the computer,
using System
Preferences
Group membership,
contact information,
authenticating for
services
Group membership,
contact information,
authenticating for
services
Logging in to the
computer and
accessing the home
folder
About Administrator Accounts
You need an administrator account on your server to create other user accounts,
create groups, change server settings, and perform other tasks using Server
Preferences. With an administrator account, you can also make changes to locked
preferences in System Preferences, install software on the server, and perform other
tasks that standard users can’t.
Your server may have two administrator accounts after you nish setting it up for the
rst time: a primary administrator account and a directory administrator account.
84 Chapter 6 Managing Users
Primary Administrator Account
The server always has a primary administrator account, whose name and password you
entered while setting up the server. The primary administrator account is stored on
the server along with any user accounts you might create using the Accounts pane of
System Preferences. You can use this administrator account on the server itself, and you
can use it to manage your server over the network from another Mac.
Directory Administrator Account
If your server hosts users and groups in its own directory, the server also has a directory
administrator account. This account has the password you entered for the primary
administrator during setup, but its name is Directory Administrator and its short
name is diradmin. You can enter a dierent name and short name if you choose the
“Congure manually” option during setup.
The directory administrator account is in your server’s directory, along with the
standard user accounts you create in the Users pane of Server Preferences. However,
the directory administrator account isn’t shown in the User pane of Server Preferences.
If a malfunction makes the primary administrator account unusable, you can use the
directory administrator account on the server itself, and you can use it to manage the
server over the network from an administrator computer.
Primary and Directory Administrator Accounts Compared
The following table summarizes similarities and dierences between the primary
administrator account and the directory administrator account.
85Chapter 6 Managing Users
Feature Primary administrator Directory administrator
Name and short name Specied during setup Directory Administrator and
Password Specied during setup Same as primary administrator
Stored in the server’s directory No Yes
Can be used from an
administrator computer
Yes Yes
diradmin (or specied during
setup)
Administrators on an Upgraded Server
If your server was upgraded or migrated from a standard or workgroup conguration
of Mac OS X Server v10.5 Leopard, you have dierent administrator accounts.
Your primary administrator account is in your server’s directory. This is a directory
administrator account, and it has the name and short name specied during Leopard
Server setup. You also have an administrator account stored on your server, and it has
the name Local Administrator and short name localadmin. For more information about
these accounts, see Getting Started for Mac OS X Server v10.5. It’s available on the Apple
Manuals website at support.apple.com/manuals/.
Additional Administrator Accounts
When you create a new user account, you specify whether the user is an administrator
or a standard user. You can also make an imported user account a server administrator.
If you don’t want a user to be able to use Server Preferences or install software on the
server, don’t make the user an administrator.
86 Chapter 6 Managing Users
Administrator Account Security
To keep your server secure:
Don’t share an administrator name and password with anyone. Â
Log out when you leave your server, or set up a locked screen saver using the Screen Â
Saver pane and Security pane of System Preferences. If you leave your server while
you’re logged in and the screen is unlocked, someone could sit down at your server
while you’re away and make changes using your administrator privileges.
Never set an administrator to be automatically logged in when the server starts up. Â
If you do, someone can simply restart the server to gain access as an administrator.
For added security, routinely log in on the server using a standard user account. Â
Use your administrator name and password when you open Server Preferences or
another application that requires administrator privileges.
87Chapter 6 Managing Users
Setting Up Users and Groups Management
If your server wasn’t initially set up to manage its own users and groups, you see a “Set
Up” button when you view the Users pane or the Groups pane in Server Preferences.
You don’t see this window if your server is already congured to manage users and
groups.
You can congure your server to have its own directory by clicking this Set Up button.
This creates an Open Directory domain on your server and makes your server an Open
Directory master. For more information about Open Directory, open Server Admin and
then use the Help menu to search for “Open Directory Overview,” or see the Mac OS X
Server Resources website at www.apple.com/server/macosx/resources/.
88 Chapter 6 Managing Users
Adding a User Account
You can add an individual user account for each person who uses the services provided
by your server. Your server gives each user account its own email address, iChat
address, personal calendar, and My Page wiki portal. User accounts can also have access
to wikis, blogs, web calendars, a server-based address book, the server’s shared les,
and Time Machine backup storage, and they can use VPN to access the server remotely.
Availability of each service is subject to the service being turned on, and you can
individually control each user account’s access to services.
To add a new user account:
1 Click the Add (+) button in the Users pane of Server Preferences.
2 If you see a pop-up menu, choose one of the commands:
Import User From Directory: You can import users’ existing accounts from your
organization’s directory server. For instructions, see “Importing Users” on page 91.
Create New User: You typically add new users from your organization’s directory server
if possible, but you can also create new user accounts in your server’s directory. To do
this, continue with step 3.
If you don’t see a pop-up menu when you click the Add (+) button, your server isn’t
connected to a directory server. Continue with step 3 to create a user account in your
server’s directory.
3 Enter the user’s name.
The name can be up to 255 characters (which can be as few as 85 Japanese characters).
It can include spaces.
89Chapter 6 Managing Users
4 If you don’t want to use the generated short name, enter a dierent short name.
After the account is created, you can’t change this short name.
The short name typically is eight or fewer characters, but can be up to 255 Roman
characters. Use only the characters a through z, A through Z, 0 through 9, . (period),
_ (underscore), or - (hyphen).
Note: If a user already has a short name on a Mac, try to use the same short name
for the user’s account on the server. Having the same short name facilitates the user’s
access to services.
5 Enter the user’s password in the Password and Verify elds.
You can use Password Assistant to help you choose a password. Click the Key button at
the right of the Password eld to see how secure the password is. The user can change
this password in the Accounts pane of System Preferences on the user’s computer.
6 Select “Allow user to administer this computer” if this user account needs to create
other user accounts, create groups, install software on the server, or change server
settings.
90 Chapter 6 Managing Users
Importing Users
If your server is connected to your organization’s directory server, you can import users’
existing accounts
Your server gives each imported user account its own iChat address, personal calendar,
and My Page wiki portal. Imported user accounts can also have access to wikis, blogs,
web calendars, a server-based address book, the server’s shared les, and Time Machine
backup storage. If your server’s mail service and VPN service are turned on, imported
user accounts get email addresses and can use VPN to access the server remotely.
Availability of each service is subject to the service being turned on, and you can
individually control each imported user account’s access to services.
91Chapter 6 Managing Users
To import a user account:
1 If you’re going to have the server send an invitation email to imported users, make sure
the custom introduction and the sender’s name and email address suit your needs.
For information, see “Customizing the Server Invitation Email” on page 101.
2 In the Users pane of Server Preferences, click the Add (+) button and choose “Import
User From Directory” from the pop-up menu.
If you don’t see a pop-up menu when you click Add (+), your server isn’t connected
to a directory server in your organization. See “Connecting Your Server to a Directory
Server” on page 71.
If your organization doesn’t have a directory server (apart from your server), you can
create new user accounts. For instructions, see “Adding a User Account” on page 89.
3 Type part or all of the user’s name in the search eld, and when you see the name
listed, select it, optionally select “Send imported users an email invitation,” and then
click Import.
4 When you’re nished importing user accounts, click Done.
User accounts you import using this procedure are shown as “Imported” in the
Users pane.
Instead of importing user accounts individually using this procedure, you can import
user accounts automatically from groups. For instructions, see the next section.
92 Chapter 6 Managing Users
Importing Groups of Users Automatically
If your server is connected to your organization’s directory server, you can import
groups of existing user accounts. If you import a group, your server automatically
imports user accounts for all group members. Your server periodically checks with
your organization’s directory server for changes in each imported group’s membership,
and automatically adds and removes imported user accounts as users are added to or
removed from an imported group.
Your server gives each imported user account its own iChat address, personal calendar,
and My Page wiki portal. Imported user accounts can also have access to wikis, blogs,
web calendars, a server-based address book, the server’s shared les, and Time Machine
backup storage. If your server’s mail service and VPN service are turned on, imported
user accounts get email addresses and can use VPN to access the server remotely.
Availability of each service is subject to the service being turned on, and you can
individually control each imported user account’s access to services.
93Chapter 6 Managing Users
To import user accounts automatically from groups:
1 If you’re going to have the server send an invitation email to imported users, make sure
the custom introduction and the sender’s name and email address suit your needs.
For information, see “Customizing the Server Invitation Email” on page 101.
2 In the Users pane of Server Preferences, click the Action (gear) button and choose
Import Users From Groups from the pop-up menu.
If the Action pop-up menu doesn’t include this option, your server isn’t connected to a
directory server. See “Connecting Your Server to a Directory Server” on page 71.
If your organization doesn’t have a directory server (apart from your server), you can
create new user accounts. For instructions, see “Adding a User Account” on page 89.
3 Edit the list on the right so it contains the groups whose members you want to import
automatically:
 To add a group, type part or all of its name in the search eld, and when you see the
group in the list on the left, select it and click Add.
 To remove a group, select it in the list on the right and click Remove.
4 Optionally select “Send new imported users an email invitation.”
5 When you’re satised with the list of groups to import, click Save.
User accounts that are imported automatically from groups are listed as “Automatic” in
the Users pane.
You can also import user accounts individually. For instructions, see the previous topic,
“Importing Users,” on page 91.
94 Chapter 6 Managing Users
Deleting a User Account
You can use Server Preferences to delete user accounts that are no longer needed for
your server.
To delete a user account:
1 In the Users pane of Server Preferences, select the user account you want to delete in
the list on the left.
2 Click the Delete (–) button.
Deleting a user account cancels its group memberships and stops its access to group
services and private wikis. Deleting a user account also deletes the user’s mail stored
on the server. A deleted user account can no longer access calendars and address book
information on the server.
Deleting a user account doesn’t remove the user’s backup data. If the Time Machine
preferences on the deleted user’s computer were set to use the server for backup
storage, the user’s backup data remains in /Shared Items/Backups/ on the backup disk
specied in the Time Machine pane of Server Preferences.
95Chapter 6 Managing Users
Changing a User’s Account Settings
Can’t be changed after the
account is created
Allows user to manage
users, groups, and services
Full name can be used to
authenticate for services
Click to set a new
password
Click to change the
picture
You can change a user’s name, password, picture, or administrator privilege by clicking
Account in the Users pane of Server Preferences.
If settings besides the short name are dimmed in the Account pane, you can’t change
them because they are stored in the directory server that your server is connected to.
96 Chapter 6 Managing Users
Changing a User’s Contact Information
Personal website address
and blog address
Add or delete an email
address, chat address,
or phone number
You can change a user’s rst and last names, address, email and chat addresses,
website address, and blog address by clicking Contact Info in the Users pane of Server
Preferences.
If some settings in the Contact Info pane are dimmed, you can’t change them because
they’re stored in the directory server that your server is connected to.
97Chapter 6 Managing Users
Controlling a User’s Access to Services
Select ser vices you want
to let the user access, and
deselect services you don’t
want the user to access
You can control a user’s access to individual services by clicking Services in the Users
pane of Server Preferences.
98 Chapter 6 Managing Users
Changing a User’s Group Membership
Click to begin editing
membership, and then
click to finish editing
Select the checkbox of
each group you want
the user to belong to
You can add a user to a group or remove a user from a group by clicking Groups in the
Users pane.
Group members can access the group’s le sharing folder, and they can be added to
each other’s iChat buddy lists automatically. Group members can also be given access
to private wikis by the wiki owners. Group members’ access to each of these services is
subject to it being turned on and the group being allowed to access it.
You can’t remove a user from the permanent group named Workgroup, which always
includes all users as members.
For information about adding, removing, or conguring groups, see
Chapter 8, “ Managing Groups.”
99Chapter 6 Managing Users
Customizing the Welcome Email
You can use Server Preferences to add your name, email address, and a personal
introduction to the standard email message that your server sends to tell new users
about its services. The standard message species the server’s DNS name and explains
the services that the server provides.
The server sends the email automatically when you add a new user account. However,
your server doesn’t send the email if its mail service is stopped when you add new user
accounts.
To customize the email sent to newly added user accounts:
1 In the Users pane of Server Preferences, click the Action (gear) button and choose Email
Message Settings from the pop-up menu.
2 Enter the sender’s name and email address in the Administrator Full Name eld and the
Administrator Email eld.
3 Optionally enter a personal message in the Welcome eld.
You can use the message to introduce yourself, so recipients know the email is genuine.
For example: Hi, I’m the administrator for our server. If you need help getting services from
it, please don’t hesitate to send me an email or call me at 310-555-4357. —Bill
Users receive the welcome email when they start using their email accounts. They see
your introduction in a boxed section set apart from the standard message text that the
server generates.
100 Chapter 6 Managing Users
Loading...