Apple oxs User Manual

Mac OS X Server Command-Line Administration

For Version 10.3 or Later



Apple Computer, Inc.

The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid for support services.

The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws.

Apple, the Apple logo, AirPort, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, iMac, Keychain, Mac, Macintosh, Power Mac, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Extensions Manager and Finder are trademarks of Apple Computer, Inc.

034-2354/10-24-03

Preface 11 About This Book

Notation Conventions

11 11 11 12 12

Summary Commands and Other Terminal Text Command Parameters and Options Default Settings Commands Requiring Root Privileges

Chapter 1 13 Typing Commands

Using Terminal

14 14 14 15 16 16 17 17 18 18 19 19 19

Correcting Typing Errors Repeating Commands Including Paths Using Drag-and-Drop Commands Requiring Root Privileges

Sending Commands to a Remote Server

Sending a Single Command Updating SSH Key Fingerprints Notes on Communication Security and

Using Telnet Getting Online Help for Commands Notes About Specific Commands and Tools

serversetup

serveradmin

servermgrd

Chapter 2 21 Installing Server Software and Finishing Basic Setup

Installing Server Software

Automating Server Setup

22 25 25 25

Creating a Configuration File Template Creating Customized Configuration Files from the Template File Naming Configuration Files Storing a Configuration File in an Accessible Location

Changing Server Settings

Viewing, Validating, and Setting the Software Serial Number

Updating Server Software

Moving a Server

Chapter 3 29 Restarting or Shutting Down a Server

Restarting a Server

29 29 30 30 30

Examples

Automatic Restart Changing a Remote Server’s Startup Disk Shutting Down a Server

Examples

Chapter 4 31 Setting General System Preferences

Computer Name

31 32 32 32 33 33 33 33

34 34 34

35 35 35 35 35 36 36

Viewing or Changing the Computer Name

Date and Time

Viewing or Changing the System Date Viewing or Changing the System Time Viewing or Changing the System Time Zone Viewing or Changing Network Time Server Usage

Energy Saver Settings

Viewing or Changing Sleep Settings

Viewing or Changing Automatic Restart Settings Power Management Settings Startup Disk Settings

Viewing or Changing the Startup Disk Sharing Settings

Viewing or Changing Remote Login Settings

Viewing or Changing Apple Event Response International Settings

Viewing or Changing Language Settings Login Settings

Disabling the Restart and Shutdown Buttons

Chapter 5 37 Network Preferences

Network Interface Information

37 38 38 38 38 38

Viewing Port Names and Hardware Addresses

Viewing or Changing MTU Values

Viewing or Changing Media Settings Network Port Configurations

Creating or Deleting Port Configurations

Activating Port Configurations

Contents

39 39 39

41 42 42 42 42 42 43 43 43 43 44 44 44 44 44 44 45 45

Changing Configuration Precedence

TCP/IP Settings

Changing a Server’s IP Address Viewing or Changing IP Address, Subnet Mask, or Router Address Viewing or Changing DNS Servers Enabling TCP/IP

AppleTalk Settings

Enabling and Disabling AppleTalk

Proxy Settings

Viewing or Changing FTP Proxy Settings Viewing or Changing Web Proxy Settings Viewing or Changing Secure Web Proxy Settings Viewing or Changing Streaming Proxy Settings Viewing or Changing Gopher Proxy Settings Viewing or Changing SOCKS Firewall Proxy Settings Viewing or Changing Proxy Bypass Domains

AirPort Settings

Viewing or Changing Airport Settings

Computer, Host, and Rendezvous Name

Viewing or Changing the Computer Name Viewing or Changing the Local Host Name Viewing or Changing the Rendezvous Name

Chapter 6 47 Working With Disks and Volumes

Mounting and Unmounting Volumes

47 47 47 48 49 50 50 50

51 51 51 51

Mounting Volumes

Unmounting Volumes Checking for Disk Problems Monitoring Disk Space Reclaiming Disk Space Using Log Rolling Scripts Managing Disk Journaling

Checking to See if Journaling is Enabled

Turning on Journaling for an Existing Volume

Enabling Journaling When You Erase a Disk

Disabling Journaling Erasing, Partitioning, and Formatting Disks

Setting Up a Case-Sensitive HFS+ File System Imaging and Cloning Volumes Using ASR

Chapter 7 53 Working With Users and Groups

Creating Server Administrator Users

Importing Users and Groups

Creating a Character-Delimited User Import File

Contents

User Attributes

Checking a Server User’s Name, UID, or Password

Creating a User’s Home Directory

63 Mounting a User’s Home Directory 63 Creating a Group Folder 63 Checking a User’s Administrator Privileges

Chapter 8 65 Working With File Services

65 Share Points 65 Listing Share Points

66 Creating a Share Point

67 Modifying a Share Point 67 Disabling a Share Point 67 AFP Service 67 Starting and Stopping AFP Service 67 Checking AFP Service Status

67 Viewing AFP Settings 68 Changing AFP Settings 68 List of AFP Settings

72 List of AFP serveradmin Commands

72 Listing Connected Users

73 Sending a Message to AFP Users

73 Disconnecting AFP Users

74 Canceling a User Disconnect

75 Listing AFP Service Statistics

76 Viewing AFP Log Files

76 NFS Service

76 Starting and Stopping NFS Service

76 Checking NFS Service Status

76 Viewing NFS Settings

77 Changing NFS Service Settings

77 FTP Service

77 Starting FTP Service

77 Stopping FTP Service

77 Checking FTP Service Status

77 Viewing FTP Settings

78 Changing FTP Settings

78 FTP Settings

79 List of FTP serveradmin Commands 80 Viewing the FTP Transfer Log 80 Checking for Connected FTP Users 80 Windows (SMB) Service 80 Starting and Stopping SMB Service

Contents

80 Checking SMB Service Status

81 Viewing SMB Settings 81 Changing SMB Settings

82 List of SMB Service Settings 84 List of SMB serveradmin Commands 84 Listing SMB Users

85 Disconnecting SMB Users 86 Listing SMB Service Statistics 86 Updating Share Point Information

87 Viewing SMB Service Logs

Chapter 9 89 Working With Print Service

89 Starting and Stopping Print Service 89 Checking the Status of Print Service 89 Viewing Print Service Settings 90 Changing Print Service Settings 90 Print Service Settings

91 Queue Data Array

93 Print Service serveradmin Commands

93 Listing Queues

93 Pausing a Queue 94 Listing Jobs and Job Information 94 Holding a Job

95 Viewing Print Service Log Files

Chapter 10 97 Working With NetBoot Service

97 Starting and Stopping NetBoot Service

97 Checking NetBoot Service Status

97 Viewing NetBoot Settings 98 Changing NetBoot Settings 98 NetBoot Service Settings 98 General Settings 99 Storage Record Array 99 Filters Record Array

10 0 Image Record Array 101 Port Record Array

Chapter 11 103 Working With Mail Service

10 3 Starting and Stopping Mail Service 10 3 Checking the Status of Mail Service 10 3 Viewing Mail Service Settings 10 4 Changing Mail Service Settings 10 4 Mail Service Settings

Contents 7

11 6 Mail serveradmin Commands 117 Listing Mail Service Statistics 11 8 Viewing the Mail Service Logs 11 9 Setting Up SSL for Mail Service 11 9 Generating a CSR and Creating a Keychain 121 Obtaining an SSL Certificate

121 Importing an SSL Certificate Into the Keychain 12 2 Creating a Passphrase File 12 2 Setting Up SSL for Mail Service on a Headless Server

Chapter 12 123 Working With Web Technologies

12 3 Starting and Stopping Web Service 12 3 Checking Web Service Status 12 3 Viewing Web Settings 12 4 Changing Web Settings 12 4 serveradmin and Apache Settings 12 4 Changing Settings Using serveradmin 12 5 Web serveradmin Commands 12 5 Listing Hosted Sites 12 5 Viewing Service Logs 12 6 Viewing Service Statistics 12 7 Example Script for Adding a Website

Chapter 13 129 Working With Network Services

12 9 DHCP Service 12 9 Starting and Stopping DHCP Service 12 9 Checking the Status of DHCP Service 12 9 Viewing DHCP Service Settings 13 0 Changing DHCP Service Settings 13 0 DHCP Service Settings

131 DHCP Subnet Settings Array 13 3 Adding a DHCP Subnet 13 4 List of DHCP serveradmin Commands 13 4 Viewing the DHCP Service Log 13 5 DNS Service 13 5 Starting and Stopping the DNS Service 13 5 Checking the Status of DNS Service 13 5 Viewing DNS Service Settings 13 5 Changing DNS Service Settings 13 5 DNS Service Settings 13 5 List of DNS serveradmin Commands 13 5 Viewing the DNS Service Log 13 6 Listing DNS Service Statistics

8 Contents

13 6 Firewall Service 13 6 Starting and Stopping Firewall Service 13 7 Checking the Status of Firewall Service 13 7 Viewing Firewall Service Settings 13 7 Changing Firewall Service Settings 13 7 Firewall Service Settings 13 8 Defining Firewall Rules

141 IPFilter Rules Array 141 Firewall serveradmin Commands

14 2 Viewing Firewall Service Log 14 2 Using Firewall Service to Simulate Network Activity 14 2 NAT Service 14 2 Starting and Stopping NAT Service 14 2 Checking the Status of NAT Service 14 2 Viewing NAT Service Settings 14 3 Changing NAT Service Settings 14 3 NAT Service Settings 14 4 NAT serveradmin Commands 14 4 Viewing the NAT Service Log 14 5 VPN Service 14 5 Starting and Stopping VPN Service 14 5 Checking the Status of VPN Service 14 5 Viewing VPN Service Settings 14 5 Changing VPN Service Settings 14 6 List of VPN Service Settings 14 9 List of VPN serveradmin Commands 14 9 Viewing the VPN Service Log 15 0 IP Failover 15 0 Requirements 15 0 Failover Operation

151 Enabling IP Failover 15 2 Configuring IP Failover 15 3 Enabling PPP Dial-In

Chapter 14 155 Working With Open Directory

15 5 General Directory Tools 15 5 Testing Your Open Directory Configuration 15 5 Modifying an Open Directory Node 15 5 Testing Open Directory Plugins 15 6 Registering URLs With Service Location Protocol (SLP) 15 6 Changing Open Directory Service Settings 157 LDAP 157 Configuring LDAP

Contents 9

157 A Note on Using ldapsearch 15 8 Idle Rebinding Options 15 8 Additional Information About LDAP 15 9 NetInfo 15 9 Configuring NetInfo 15 9 Password Server 15 9 Working With the Password Server 15 9 Viewing or Changing Password Policies 15 9 Enabling or Disabling Authentication Methods 160 Kerberos and Single Sign On

Chapter 15 161 Working With QuickTime Streaming Server

161 Starting QTSS Service

161 Stopping QTSS Service

161 Checking QTSS Service Status 162 Viewing QTSS Settings 162 Changing QTSS Settings 163 QTSS Settings 166 QTSS serveradmin Commands 166 Listing Current Connections 167 Viewing QTSS Service Statistics 168 Viewing Service Logs 168 Forcing QTSS to Re-Read its Preferences 169 Preparing Older Home Directories for User Streaming

Index 171

10 Contents

About This Book

Notation Conventions

The following conventions are used throughout this book.

Summary

Notation Indicates

monospaced font A command or other terminal text $ A shell prompt [text_in_brackets] An optional parameter (one|other) Alternative parameters (type one or the other) underlined [...] A parameter that may be repeated <anglebrackets> A displayed value that depends on your server configuration

A parameter you must replace with a value

Preface

Commands and Other Terminal Text

Commands or command parameters that you might type, along with other text that normally appears in a Terminal window, are shown in this font. For example,

You can use the doit command to get things done.

When a command is shown on a line by itself as you might type it in a Terminal window, it follows a dollar sign that represents the shell prompt. For example,

$ doit

To use this command, type “doit” without the dollar sign at the command prompt in a Terminal window, then press the Return key.

Command Parameters and Options

Most commands require one or more parameters to specify command options or the item to which the command is applied.

Parameters You Must Type as Shown

If you need to type a parameter as shown, it appears following the command in the same font. For example,

$ doit -w later -t 12:30

To use the command in the above example, type the entire line as shown.

Parameter Values You Provide

If you need to supply a value, its placeholder is underlined and has a name that indicates what you need to provide. For example,

$ doit -w later -t hh:mm

In the above example, you need to replace hh with the hour and mm with the minute, as shown in the previous example.

Optional Parameters

If a parameter is available but not required, it appears in square brackets. For example,

$ doit [-w later]

To use the command in the above example, type either doit or doit -w later. The result might vary but the command will be performed either way.

Alternative Parameters

If you need to type one of a number of parameters, they’re separated by a vertical line and grouped within parentheses ( | ). For example,

$ doit -w (now|later)

To perform the command, you must type either doit -w now or doit -w later.

Default Settings

Descriptions of server settings usually include the default value for each setting. When this default value depends on other choices you’ve made (such as the name or IP address of your server, for example), it’s enclosed in angle brackets <>.

For example, the default value for the IMAP mail server is the host name of your server. This is indicated by mail:imap:servername = "<hostname>".

Commands Requiring Root Privileges

Throughout this guide, commands that require root privileges begin with sudo.

12 Preface About This Book

1 Typing Commands

How to use Terminal to execute commands, connect to a remote server, and view online information about commands and utilities.

To access a UNIX shell command prompt, you open the Terminal application. In Terminal, you can use the ssh command to log in to other servers. You can use the man command to view online documentation for most common commands.

Using Terminal

To enter shell commands or run server command-line tools and utilities, you need access to a UNIX shell prompt. Both Mac OS X and Mac OS X Server include Terminal, an application you can use to start a UNIX shell command-line session on the local server or on a remote server.

To open Terminal:

Click the Terminal icon in the dock or double-click the application icon in the Finder (in /Applications/Utilities).

Terminal presents a prompt when it’s ready to accept a command. The prompt you see depends on Terminal and shell preferences, but often includes the name of the host you’re logged in to, your current working directory, your user name, and a prompt symbol. For example, if you’re using the default bash shell and the prompt is

server1:~ admin$

you’re logged in to a computer named “server1” as the user named “admin” and your current directory is the admin’s home directory (~).

Throughout this manual, wherever a command is shown as you might type it, the prompt is abbreviated as $.

To type a command:

Wait for a prompt to appear in the Terminal window, then type the command and press Return.

If you get the message command not found, check your spelling. If the error recurs, the program you’re trying to run might not be in your default search path. Add the path before the program name or change your working directory to the directory that contains the program. For example:

[server:/] admin$ serversetup -getAllPort serversetup: Command not found. [server:/] admin$ /System/Library/ServerSetup/serversetup -getAllPort 1 Built-in Ethernet [server:/] admin$ cd /System/Library/ServerSetup [server:/System/Library/ServerSetup] admin$ ./serversetup -getAllPort 1 Built-in Ethernet [server:/System/Library/ServerSetup] admin$ cd / [server:/] admin$ PATH = "$PATH:/System/Library/ServerSetup" [server:/] admin$ serversetup -getAllPort 1 Built-in Ethernet

Correcting Typing Errors

To correct a typing error before you press Return to issue the command, use the Delete key or press Control-H to erase unwanted characters and retype.

To ignore what you have typed and start again, press Control-U.

Repeating Commands

To repeat a command, press Up-Arrow until you see the command, then press Return.

To repeat a command with modifications, press Up-Arrow until you see the command, press Left-Arrow or Right-Arrow to skip over parts of the command you don’t want to change, press Delete to remove characters, type regular characters to insert them, then press Return to execute the command.

Including Paths Using Drag-and-Drop

To include a fully-qualified file name or directory path in a command, stop typing where the item is required in the command and drag the folder or file from a Finder window into the Terminal window.

14 Chapter 1 Typing Commands

Commands Requiring Root Privileges

Many commands used to manage a server must be executed by the root user. If you get a message such as “permission denied,” the command probably requires root privileges.

To issue a single command as the root user, begin the command with sudo. For example:

$ sudo serveradmin list

You’re prompted for the root password if you haven’t used sudo recently. The root user password is set to the administrator user password when you install Mac OS X Server.

To switch to the root user so you don’t have to repeatedly type sudo, use the su command:

$ su root

You’re prompted for the root user password and then are logged in as the root user until you log out or use the su command to switch to another user.

Important: As the root user, you have sufficient privileges to do things that can cause

your server to stop working properly. Don’t execute commands as the root user unless you understand clearly what you’re doing. Logging in as an administrative user and using sudo selectively might prevent you from making unintended changes.

Throughout this guide, commands that require root privileges begin with sudo.

Chapter 1 Typing Commands 15

Sending Commands to a Remote Server

Secure Shell (SSH) lets you send secure, encrypted commands to a server over the network. You can use the ssh command in Terminal to open a command-line connection to a remote server. While the connection is open, commands you type are performed on the remote server.

Note: You can use any application that supports SSH to connect to Mac OS X Server.

To open a connection to a remote server:

1 Open Terminal.

2 Type the following command to log in to the remote server:

ssh -l username server

where username is the name of an administrator user on the remote server and

server is the name or IP address of the server.

Example: ssh -l admin 10.0.1.2

3 If this is the first time you’ve connected to the server, you’re prompted to continue

connecting after the remote computer’s RSA fingerprint is displayed. Type yes and press Return.

4 When prompted, type the user’s password (the user’s password on the remote server)

and press Return.

The command prompt changes to show that you’re now connected to the remote server. In the case of the above example, the prompt might look like

[10.0.1.2:~] admin$

5 To send a command to the remote server, type the command and press Return.

To close a remote connection

Type logout and press Return.

Sending a Single Command

You can authenticate and send a command using a single typed line by appending the command you want to execute to the basic ssh command.

For example, to delete a file you could type

$ ssh -l admin server1.company.com rm /Users/admin/Documents/report

$ ssh -l admin@server1.company.com "rm /Users/admin/Documents/report"

You’re prompted for the user’s password.

16 Chapter 1 Typing Commands

Updating SSH Key Fingerprints

The first time you connect to a remote server using SSH, the local computer asks if it can add the remote server’s “fingerprint” (a security key) to a list of known remote computers. You might see a message like this:

The authenticity of host "server1.company.com" can’t be established. RSA key fingerprint is a8:0d:27:63:74:f1:ad:bd:6a:e4:0d:a3:47:a8:f7. Are you sure you want to continue connecting (yes/no)?

Type yes and press Return to finish authenticating.

If you later see a warning message about a “man-in-the-middle” attack when you try to connect, it might be because the key on the remote computer no longer matches the key stored on the local computer. This can happen if you:

• Change your SSH configuration

• Perform a clean install of the server software

• Start up from a Mac OS X Server CD

To connect again, delete the entries corresponding to the remote computer (which can be stored by both name and IP address) in the file ~/.ssh/known_hosts.

Important: Removing an entry from the known_hosts file bypasses a security

mechanism that helps you avoid imposters and “man-in -the-middle” attacks. Be sure you understand why the key on the remote computer has changed before you delete its entry from the known_hosts file.

Notes on Communication Security and servermgrd

When you use the Server Admin GUI application or the serveradmin command-line tool, you’re communicating with a local or remote servermgrd process.

• servermgrd uses SSL for encryption and client authentication but not for user

authentication, which uses HTTP basic authentication along with Directory Services.

• servermgrd uses a self-signed (test) SSL certificate installed by default in

/etc/servermgrd/ssl.crt/. You can replace this with an actual certificate.

• The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64

encoded DER with header and footer lines (from www.modssl.org).

• servermgrd checks the validity of the SSL certificate only if the “Require valid digital

signature” option is checked in Server Admin preferences. If this option is enabled, the certificate must be valid and not expired or Server Admin will refuse to connect.

• The SSLOptions and SSLRequire settings determine what SSL encryption options are

used. By default, they’re set as shown below but can be changed at any time by editing /etc/servermgrd/servermgrd.conf, port 311.

SSLCertificateFile /private/etc/servermgrd/ssl.crt/server.crt SSLCertificateKeyFile /private/etc/servermgrd/ssl.key/server.key SSLCipherSuite

ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLOptions +StdEnvVars

Chapter 1 Typing Commands 17

Using Telnet

Because it isn’t as secure as SSH, Telnet access isn’t enabled by default.

To enable Telnet access:

$ service telnet start

To disable Telnet access:

$ service telnet stop

Getting Online Help for Commands

Onscreen help is available for most commands and utilities.

Note: Not all techniques work for all commands, and some commands have no onscreen help.

To view onscreen information about a command, try the following:

• Type the command without any parameters or options. This will often list a summary

of options and parameters you can use with the command. Example:

$ sudo serveradmin

• Type man command, where command is the command you’re curious about. This

usually displays detailed information about the command, its options, parameters, and proper use. Example:

$ man serveradmin

For help using the man command, type:

$ man man

• Type the command followed by a -help, -h, --help, or help parameter.

Examples:

$ hdiutil help $ dig -h $ diff --help

18 Chapter 1 Typing Commands

Notes About Specific Commands and Tools

serversetup

The serversetup utility is located in /System/Library/ServerSetup. To run this command, you can type the full path, for example:

$ /System/Library/ServerSetup/serversetup -getAllPort

Or, if you want to use the utility to perform several commands, you can change your working directory and type a shorter command:

$ cd /System/Library/ServerSetup $ ./serversetup -getAllPort $ ./serversetup -getDefaultInfo

or add the directory to your search path for this session and type an even shorter command:

$ PATH = "$PATH:/System/Library/ServerSetup" $ serversetup -getAllPort

To permanently add the directory to your search path, add the path to the file /etc/profile.

serveradmin

You can use the serveradmin tool to perform many service-related tasks. You’ll see it used throughout this guide.

Determining Whether a Service Needs to be Restarted

Some services need to be restarted after you change certain settings. If a change you make using a service’s writeSettings command requires that you restart the service, the output from the command includes the setting <svc>:needsRecycleOrRestart with a value of yes.

Important: The needsRecycleOrRestart setting is displayed only if you use the

serveradmin svc:command = writeSettings command to change settings. You

won’t see it if you use the serveradmin settings command.

Chapter 1 Typing Commands 19

2 Installing Server Software and

Finishing Basic Setup

Commands you can use to install, set up, and update Mac OS X Server software on local or remote computers.

Installing Server Software

You can use the installer command to install Mac OS X Server or other software on a computer. For more information, see the man page.

Automating Server Setup

Normally, when you install Mac OS X Server on a computer and restart, the Server Assistant opens and asks you to provide the basic information necessary to get the server up and running (for example, the name and password of the administrator user, the TCP/IP configuration information for the server’s network interfaces, and how the server uses directory services). You can automate this initial setup task by providing a configuration file that contains these settings. Servers starting up for the first time look for this file and use it to complete initial server setup without user interaction.

Creating a Configuration File Template

An easy way to prepare configuration files to automate the setup of a group of servers is to start with a file saved using the Server Assistant. You can save the file as the last step when you use the Server Assistant to set up the first server, or you can run the Server Assistant later to create the file. You can then use that first file as a template for creating configuration files for other servers. You can edit the file directly or create scripts to create customized configuration files for any number of servers that use similar hardware.

To save a template configuration file during server setup:

1 In the final pane of the Server Assistant, after you review the settings, click Save As.

2 In the dialog that appears, choose Configuration File next to “Save as” and click OK.

So you can later edit the file, don’t select “Save in Encrypted Format.”

3 Choose a location to save the file and click Save.

To create a template configuration file at any time after initial setup:

1 Open the Server Assistant (in /Applications/Server).

2 In the Welcome pane, choose “Save setup information in a file or directory record” and

click Continue.

3 Enter settings on the remaining panes, then, after you review the settings in the final

pane, click Save As.

4 In the dialog that appears, choose Configuration File next to “Save as” and click OK.

So you can later edit the file, don’t select “Save in Encrypted Format.”

5 Choose a location to save the file and click Save.

Creating Customized Configuration Files from the Template File

After you create a template configuration file, you can modify it directly using a text editor or write a script to automatically generate custom configuration files for a group of servers.

The file uses XML format to encode the setup information. The name of an XML key reveals the setup parameter it contains.

The following example shows the basic structure and contents of a configuration file for a server with the following configuration:

• An administrative user named “Administrator” (short name “admin”) with a user ID of

501 and the password “secret”

• A computer name and host name of “server1.company.com”

• A single Ethernet network interface set to get its address from DHCP

• No server services set to start automatically

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>

<key>AdminUser</key> <dict>

<key>exists</key> <false/> <key>name</key> <string>admin</string> <key>password</key> <string>secret</string> <key>realname</key> <string>Administrator</string> <key>uid</key>

<string>501</string> </dict> <key>ComputerName</key> <string>server1.company.com</string>

22 Chapter 2 Installing Server Software and Finishing Basic Setup

<key>DSClientInfo</key>

<string>2 - NetInfo client - broadcast dhcp static -192.168.42.250

network</string>

<key>DSClientType</key>

<key>DSType</key>

<string>2 - directory client</string> </dict> <key>HostName</key> <string>server1.company.com</string> <key>InstallLanguage</key> <string>English</string> <key>Keyboard</key> <dict>

<key>DefaultFormat</key>

<key>DefaultScript</key>

<key>ResID</key>

<key>ResName</key>

<key>ScriptID</key>

<integer>0</integer> </dict> <key>NetworkInterfaces</key> <array>

<dict>

<key>ActiveAT</key> <true/> <key>ActiveTCPIP</key> <true/> <key>DNSDomains</key> <array>

<string>company.com</string> </array> <key>DNSServers</key> <array>

<string>192.168.100.10</string> </array> <key>DeviceName</key> <string>en0</string> <key>EthernetAddress</key> <string>00:0a:93:bc:6d:1a</string> <key>PortName</key> <string>Built-in Ethernet</string> <key>Settings</key> <dict>

<key>DHCPClientID</key>

Chapter 2 Installing Server Software and Finishing Basic Setup 23

<string>DHCP Configuration</string> </dict>

</dict> </array> <key>NetworkTimeProtocol</key> <dict>

<key>UsingNTP</key>

<false/> </dict> <key>Rendezvous</key> <dict>

<key>RendezvousEnabled</key>

<true/>

<key>RendezvousName</key>

<string>beasbe3</string> </dict> <key>SerialNumber</key> <string>a-123-bcd-456-efg-789-hij-012-klm-345-n</string> <key>ServicesAutoStart</key> <dict>

<key>Apache</key>

<key>MacManager</key>

<key>Print</key>

<key>WebDAV</key>

<false/> </dict> <key>TimeZone</key> <string>US/Pacific</string> <key>VersionNumber</key> <integer>1</integer>

</dict> </plist>

Note: The actual contents of a configuration file depend on the hardware configuration of the computer on which it’s created. This is one reason you should start from a template configuration file created on a computer similar to those you plan to set up.

24 Chapter 2 Installing Server Software and Finishing Basic Setup

Naming Configuration Files

The Server Assistant recognizes configuration files with these names:

• MAC-address-of-server.plist

• IP-address-of-server.plist

• hardware-serial-number-of-server.plist

• full-host-name-of-server.plist

• generic.plist

The Server Assistant uses the file to set up the server with the matching address, name, or serial number. If the Server Assistant cannot find a file named for a particular server, it will use the file named generic.plist.

Storing a Configuration File in an Accessible Location

The Server Assistant looks for configuration files in the following locations:

/Volumes/vol/Auto Server Setup/

where vol is any device volume mounted in the /Volumes directory.

Devices you can use to provide configuration files include

• A partition on one of the server’s hard disks

• An iPod

• An optical (CD or DVD) drive

• A USB or FireWire drive

• Any other portable storage device that mounts in the /Volumes directory

Changing Server Settings

After initial setup, you can use a variety of commands to view or change Mac OS X Server configuration settings.

For information on changing general system preferences, see Chapter 4, “Setting General System Preferences,” on page 31.

For information on changing network settings, see Chapter 5, “Network Preferences,” on page 37.

For information on changing service-specific settings, see the chapter that covers the service.

Chapter 2 Installing Server Software and Finishing Basic Setup 25

Viewing, Validating, and Setting the Software Serial Number

You can use the serversetup command to view or set the server’s software serial number or to validate a server software serial number. The serversetup utility is located in /System/Library/ServerSetup.

To display the server’s software serial number:

$ serversetup -getSerialNumber

To set the server software serial number:

$ sudo serversetup -setSerialNumber serialnumber

Parameter Description

serialnumber

A valid Mac OS X Server software serial number, as found on the software packaging that comes with the software.

To validate a server software serial number:

$ serversetup -verifySerialNumber serialnumber

Displays 0 if the number is valid, 1 if it isn’t.

Updating Server Software

You can use the softwareupdate command to check for and install software updates over the web from Apple’s website.

To check for available updates:

$ softwareupdate --list

To install an update:

$ softwareupdate --install update-version

Parameter Description

update-version

The hyphenated product version string that appears in the list of updates when you use the --list option.

To view command help:

$ softwareupdate --help

26 Chapter 2 Installing Server Software and Finishing Basic Setup

Moving a Server

Try to place a server in its final network location (subnet) before setting it up for the first time. If you’re concerned about unauthorized or premature access, you can set up a firewall to protect the server while you're finalizing its configuration.

If you must move a server after initial setup, you need to change settings that are sensitive to network location before the server can be used. For example, the server's IP address and host name—stored in both directories and configuration files that reside on the server—must be updated.

When you move a server, consider these guidelines:

• Minimize the time the server is in its temporary location so the information you need

to change is limited.

• Don’t configure services that depend on network settings until the server is in its

final location. Such services include Open Directory replication, Apache settings (such as virtual hosts), DHCP, and other network infrastructure settings that other computers depend on.

• Wait to import final user accounts. Limit accounts to test accounts so you minimize

the user-specific network information (such as home directory location) that will need to change after the move.

• After you move the server, use the changeip tool to change IP addresses, host

names, and other data stored in Open Directory NetInfo and LDAP directories on the server. See “Changing a Server’s IP Address” on page 39. You may need to manually adjust some network configurations, such as the local DNS database, after using the tool.

• Reconfigure the search policy of computers (such as user computers and DHCP

servers) that have been configured to use the server in its original location.

Chapter 2 Installing Server Software and Finishing Basic Setup 27

3 Restarting or Shutting Down a

Server

Commands you can use to shut down or restart a local or remote server.

Restarting a Server

You can use the reboot or shutdown -r command to restart a server at a specific time. For more information, see the man pages.

Examples

To restart the local server:

$ shutdown -r now

To restart a remote server immediately:

$ ssh -l root server shutdown -r now

To restart a remote server at a specific time:

$ ssh -l root server shutdown -r hhmm

Parameter Description

server hhmm

The IP address or DNS name of the server.

The hour and minute when the server restarts.

Automatic Restart

You can also use the systemsetup command to set up the server to start automatically after a power failure or system freeze. See “Viewing or Changing Automatic Restart Settings” on page 33.

Changing a Remote Server’s Startup Disk

You can change a remote server’s startup disk using SSH.

To change the startup disk:

$ bless -folder "/Volumes/disk/System/Library/CoreServices" -setOF

Parameter Description

disk

The name of the disk that contains the desired startup volume.

For information on using SSH to log in to a remote server, see “Sending Commands to a Remote Server” on page 16.

Shutting Down a Server

You can use the shutdown command to shut down a server at a specific time. For more information, see the man page.

Examples

To shut down a remote server immediately:

$ ssh -l root server shutdown -h now

To shut down the local server in 30 minutes:

$ shutdown -h +30

Parameter Description

server

The IP address or DNS name of the server.

30 Chapter 3 Restarting or Shutting Down a Server

+ 145 hidden pages