Mac OS X Server
Command-Line
Administration
For Version 10.3 or Later
Apple Computer, Inc.
© 2003 Apple Computer, Inc. All rights reserved.
The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this
publication for the purpose of learning to use such
software. No part of this publication may be reproduced
or transmitted for commercial purposes, such as selling
copies of this publication or for providing paid for
support services.
The Apple logo is a trademark of Apple Computer, Inc.,
registered in the U.S. and other countries. Use of the
“keyboard” Apple logo (Option-Shift-K) for commercial
purposes without the prior written consent of Apple
may constitute trademark infringement and unfair
competition in violation of federal and state laws.
Apple, the Apple logo, AirPort, AppleScript, AppleShare,
AppleTalk, ColorSync, FireWire, iMac, Keychain, Mac,
Macintosh, Power Mac, Power Macintosh, QuickTime,
Sherlock, and WebObjects are trademarks of Apple
Computer, Inc., registered in the U.S. and other
countries. Extensions Manager and Finder are
trademarks of Apple Computer, Inc.
034-2354/10-24-03
3
1
Contents
Preface 11 About This Book
11
Notation Conventions
11
Summary
11
Commands and Other Terminal Text
11
Command Parameters and Options
12
Default Settings
12
Commands Requiring Root Privileges
Chapter 1 13 Typing Commands
13
Using Terminal
14
Correcting Typing Errors
14
Repeating Commands
14
Including Paths Using Drag-and-Drop
15
Commands Requiring Root Privileges
16
Sending Commands to a Remote Server
16
Sending a Single Command
17
Updating SSH Key Fingerprints
17
Notes on Communication Security and
servermgrd
18
Using Telnet
18
Getting Online Help for Commands
19
Notes About Specific Commands and Tools
19
serversetup
19
serveradmin
Chapter 2 21 Installing Server Software and Finishing Basic Setup
21
Installing Server Software
21
Automating Server Setup
21
Creating a Configuration File Template
22
Creating Customized Configuration Files from the Template File
25
Naming Configuration Files
25
Storing a Configuration File in an Accessible Location
25
Changing Server Settings
4
Contents
26
Viewing, Validating, and Setting the Software
Serial Number
26
Updating Server Software
27
Moving a Server
Chapter 3 29 Restarting or Shutting Down a Server
29
Restarting a Server
29
Examples
29
Automatic Restart
30
Changing a Remote Server’s Startup Disk
30
Shutting Down a Server
30
Examples
Chapter 4 31 Setting General System Preferences
31
Computer Name
31
Viewing or Changing the Computer Name
31
Date and Time
32
Viewing or Changing the System Date
32
Viewing or Changing the System Time
32
Viewing or Changing the System Time Zone
33
Viewing or Changing Network Time Server Usage
33
Energy Saver Settings
33
Viewing or Changing Sleep Settings
33
Viewing or Changing Automatic Restart Settings
34
Power Management Settings
34
Startup Disk Settings
34
Viewing or Changing the Startup Disk
35
Sharing Settings
35
Viewing or Changing Remote Login Settings
35
Viewing or Changing Apple Event Response
35
International Settings
35
Viewing or Changing Language Settings
36
Login Settings
36
Disabling the Restart and Shutdown Buttons
Chapter 5 37 Network Preferences
37
Network Interface Information
37
Viewing Port Names and Hardware Addresses
38
Viewing or Changing MTU Values
38
Viewing or Changing Media Settings
38
Network Port Configurations
38
Creating or Deleting Port Configurations
38
Activating Port Configurations
Contents
5
39
Changing Configuration Precedence
39
TCP/IP Settings
39
Changing a Server’s IP Address
40
Viewing or Changing IP Address, Subnet Mask, or Router Address
41
Viewing or Changing DNS Servers
42
Enabling TCP/IP
42
AppleTalk Settings
42
Enabling and Disabling AppleTalk
42
Proxy Settings
42
Viewing or Changing FTP Proxy Settings
43
Viewing or Changing Web Proxy Settings
43
Viewing or Changing Secure Web Proxy Settings
43
Viewing or Changing Streaming Proxy Settings
43
Viewing or Changing Gopher Proxy Settings
44
Viewing or Changing SOCKS Firewall Proxy Settings
44
Viewing or Changing Proxy Bypass Domains
44
AirPort Settings
44
Viewing or Changing Airport Settings
44
Computer, Host, and Rendezvous Name
44
Viewing or Changing the Computer Name
45
Viewing or Changing the Local Host Name
45
Viewing or Changing the Rendezvous Name
Chapter 6 47 Working With Disks and Volumes
47
Mounting and Unmounting Volumes
47
Mounting Volumes
47
Unmounting Volumes
47
Checking for Disk Problems
48
Monitoring Disk Space
49
Reclaiming Disk Space Using Log Rolling Scripts
50
Managing Disk Journaling
50
Checking to See if Journaling is Enabled
50
Turning on Journaling for an Existing Volume
51
Enabling Journaling When You Erase a Disk
51
Disabling Journaling
51
Erasing, Partitioning, and Formatting Disks
51
Setting Up a Case-Sensitive HFS+ File System
52
Imaging and Cloning Volumes Using ASR
Chapter 7 53 Working With Users and Groups
53
Creating Server Administrator Users
54
Importing Users and Groups
55
Creating a Character-Delimited User Import File
6
Contents
57
User Attributes
62
Checking a Server User’s Name, UID, or Password
63
Creating a User’s Home Directory
63 Mounting a User’s Home Directory
63 Creating a Group Folder
63 Checking a User’s Administrator Privileges
Chapter 8 65 Working With File Services
65 Share Points
65 Listing Share Points
66 Creating a Share Point
67 Modifying a Share Point
67 Disabling a Share Point
67 AFP Service
67 Starting and Stopping AFP Service
67 Checking AFP Service Status
67 Viewing AFP Settings
68 Changing AFP Settings
68 List of AFP Settings
72 List of AFP serveradmin Commands
72 Listing Connected Users
73 Sending a Message to AFP Users
73 Disconnecting AFP Users
74 Canceling a User Disconnect
75 Listing AFP Service Statistics
76 Viewing AFP Log Files
76 NFS Service
76 Starting and Stopping NFS Service
76 Checking NFS Service Status
76 Viewing NFS Settings
77 Changing NFS Service Settings
77 FTP Service
77 Starting FTP Service
77 Stopping FTP Service
77 Checking FTP Service Status
77 Viewing FTP Settings
78 Changing FTP Settings
78 FTP Settings
79 List of FTP serveradmin Commands
80 Viewing the FTP Transfer Log
80 Checking for Connected FTP Users
80 Windows (SMB) Service
80 Starting and Stopping SMB Service
Contents 7
80 Checking SMB Service Status
81 Viewing SMB Settings
81 Changing SMB Settings
82 List of SMB Service Settings
84 List of SMB serveradmin Commands
84 Listing SMB Users
85 Disconnecting SMB Users
86 Listing SMB Service Statistics
86 Updating Share Point Information
87 Viewing SMB Service Logs
Chapter 9 89 Working With Print Service
89 Starting and Stopping Print Service
89 Checking the Status of Print Service
89 Viewing Print Service Settings
90 Changing Print Service Settings
90 Print Service Settings
91 Queue Data Array
93 Print Service serveradmin Commands
93 Listing Queues
93 Pausing a Queue
94 Listing Jobs and Job Information
94 Holding a Job
95 Viewing Print Service Log Files
Chapter 10 97 Working With NetBoot Service
97 Starting and Stopping NetBoot Service
97 Checking NetBoot Service Status
97 Viewing NetBoot Settings
98 Changing NetBoot Settings
98 NetBoot Service Settings
98 General Settings
99 Storage Record Array
99 Filters Record Array
10 0 Image Record Array
101 Port Record Array
Chapter 11 103 Working With Mail Service
10 3 Starting and Stopping Mail Service
10 3 Checking the Status of Mail Service
10 3 Viewing Mail Service Settings
10 4 Changing Mail Service Settings
10 4 Mail Service Settings
8 Contents
11 6 Mail serveradmin Commands
117 Listing Mail Service Statistics
11 8 Viewing the Mail Service Logs
11 9 Setting Up SSL for Mail Service
11 9 Generating a CSR and Creating a Keychain
121 Obtaining an SSL Certificate
121 Importing an SSL Certificate Into the Keychain
12 2 Creating a Passphrase File
12 2 Setting Up SSL for Mail Service on a Headless Server
Chapter 12 123 Working With Web Technologies
12 3 Starting and Stopping Web Service
12 3 Checking Web Service Status
12 3 Viewing Web Settings
12 4 Changing Web Settings
12 4 serveradmin and Apache Settings
12 4 Changing Settings Using serveradmin
12 5 Web serveradmin Commands
12 5 Listing Hosted Sites
12 5 Viewing Service Logs
12 6 Viewing Service Statistics
12 7 Example Script for Adding a Website
Chapter 13 129 Working With Network Services
12 9 DHCP Service
12 9 Starting and Stopping DHCP Service
12 9 Checking the Status of DHCP Service
12 9 Viewing DHCP Service Settings
13 0 Changing DHCP Service Settings
13 0 DHCP Service Settings
131 DHCP Subnet Settings Array
13 3 Adding a DHCP Subnet
13 4 List of DHCP serveradmin Commands
13 4 Viewing the DHCP Service Log
13 5 DNS Service
13 5 Starting and Stopping the DNS Service
13 5 Checking the Status of DNS Service
13 5 Viewing DNS Service Settings
13 5 Changing DNS Service Settings
13 5 DNS Service Settings
13 5 List of DNS serveradmin Commands
13 5 Viewing the DNS Service Log
13 6 Listing DNS Service Statistics
Contents 9
13 6 Firewall Service
13 6 Starting and Stopping Firewall Service
13 7 Checking the Status of Firewall Service
13 7 Viewing Firewall Service Settings
13 7 Changing Firewall Service Settings
13 7 Firewall Service Settings
13 8 Defining Firewall Rules
141 IPFilter Rules Array
141 Firewall serveradmin Commands
14 2 Viewing Firewall Service Log
14 2 Using Firewall Service to Simulate Network Activity
14 2 NAT Service
14 2 Starting and Stopping NAT Service
14 2 Checking the Status of NAT Service
14 2 Viewing NAT Service Settings
14 3 Changing NAT Service Settings
14 3 NAT Service Settings
14 4 NAT serveradmin Commands
14 4 Viewing the NAT Service Log
14 5 VPN Service
14 5 Starting and Stopping VPN Service
14 5 Checking the Status of VPN Service
14 5 Viewing VPN Service Settings
14 5 Changing VPN Service Settings
14 6 List of VPN Service Settings
14 9 List of VPN serveradmin Commands
14 9 Viewing the VPN Service Log
15 0 IP Failover
15 0 Requirements
15 0 Failover Operation
151 Enabling IP Failover
15 2 Configuring IP Failover
15 3 Enabling PPP Dial-In
Chapter 14 155 Working With Open Directory
15 5 General Directory Tools
15 5 Testing Your Open Directory Configuration
15 5 Modifying an Open Directory Node
15 5 Testing Open Directory Plugins
15 6 Registering URLs With Service Location Protocol (SLP)
15 6 Changing Open Directory Service Settings
157 LDAP
157 Configuring LDAP
10 Contents
157 A Note on Using ldapsearch
15 8 Idle Rebinding Options
15 8 Additional Information About LDAP
15 9 NetInfo
15 9 Configuring NetInfo
15 9 Password Server
15 9 Working With the Password Server
15 9 Viewing or Changing Password Policies
15 9 Enabling or Disabling Authentication Methods
160 Kerberos and Single Sign On
Chapter 15 161 Working With QuickTime Streaming Server
161 Starting QTSS Service
161 Stopping QTSS Service
161 Checking QTSS Service Status
162 Viewing QTSS Settings
162 Changing QTSS Settings
163 QTSS Settings
166 QTSS serveradmin Commands
166 Listing Current Connections
167 Viewing QTSS Service Statistics
168 Viewing Service Logs
168 Forcing QTSS to Re-Read its Preferences
169 Preparing Older Home Directories for User Streaming
Index 171
11
Preface
About This Book
Notation Conventions
The following conventions are used throughout this book.
Summary
Commands and Other Terminal Text
Commands or command parameters that you might type, along with other text that
normally appears in a Terminal window, are shown in this font. For example,
You can use the doit command to get things done.
When a command is shown on a line by itself as you might type it in a Terminal
window, it follows a dollar sign that represents the shell prompt. For example,
$ doit
To use this command, type “doit” without the dollar sign at the command prompt in a
Terminal window, then press the Return key.
Command Parameters and Options
Most commands require one or more parameters to specify command options or the
item to which the command is applied.
Notation Indicates
monospaced font A command or other terminal text
$ A shell prompt
[text_in_brackets] An optional parameter
(one|other) Alternative parameters (type one or the other)
underlined
A parameter you must replace with a value
[...] A parameter that may be repeated
<anglebrackets> A displayed value that depends on your server configuration
12 Preface About This Book
Parameters You Must Type as Shown
If you need to type a parameter as shown, it appears following the command in the
same font. For example,
$ doit -w later -t 12:30
To use the command in the above example, type the entire line as shown.
Parameter Values You Provide
If you need to supply a value, its placeholder is underlined and has a name that
indicates what you need to provide. For example,
$ doit -w later -t hh:mm
In the above example, you need to replace hh with the hour and mm with the minute, as
shown in the previous example.
Optional Parameters
If a parameter is available but not required, it appears in square brackets. For example,
$ doit [-w later]
To use the command in the above example, type either doit or doit -w later. The
result might vary but the command will be performed either way.
Alternative Parameters
If you need to type one of a number of parameters, they’re separated by a vertical line
and grouped within parentheses ( | ). For example,
$ doit -w (now|later)
To perform the command, you must type either doit -w now or doit -w later.
Default Settings
Descriptions of server settings usually include the default value for each setting. When
this default value depends on other choices you’ve made (such as the name or IP
address of your server, for example), it’s enclosed in angle brackets <>.
For example, the default value for the IMAP mail server is the host name of your server.
This is indicated by mail:imap:servername = "<hostname>".
Commands Requiring Root Privileges
Throughout this guide, commands that require root privileges begin with sudo.
1
13
1 Typing Commands
How to use Terminal to execute commands, connect to a
remote server, and view online information about
commands and utilities.
To access a UNIX shell command prompt, you open the Terminal application. In
Terminal, you can use the ssh command to log in to other servers. You can use the man
command to view online documentation for most common commands.
Using Terminal
To enter shell commands or run server command-line tools and utilities, you need
access to a UNIX shell prompt. Both Mac OS X and Mac OS X Server include Terminal,
an application you can use to start a UNIX shell command-line session on the local
server or on a remote server.
To open Terminal:
m
Click the Terminal icon in the dock or double-click the application icon in the Finder (in
/Applications/Utilities).
Terminal presents a prompt when it’s ready to accept a command. The prompt you see
depends on Terminal and shell preferences, but often includes the name of the host
you’re logged in to, your current working directory, your user name, and a prompt
symbol. For example, if you’re using the default bash shell and the prompt is
server1:~ admin$
you’re logged in to a computer named “server1” as the user named “admin” and your
current directory is the admin’s home directory (~).
Throughout this manual, wherever a command is shown as you might type it, the
prompt is abbreviated as $.
14 Chapter 1 Typing Commands
To type a command:
m
Wait for a prompt to appear in the Terminal window, then type the command and
press Return.
If you get the message command not found, check your spelling. If the error recurs,
the program you’re trying to run might not be in your default search path. Add the
path before the program name or change your working directory to the directory that
contains the program. For example:
[server:/] admin$ serversetup -getAllPort
serversetup: Command not found.
[server:/] admin$ /System/Library/ServerSetup/serversetup -getAllPort
1
Built-in Ethernet
[server:/] admin$ cd /System/Library/ServerSetup
[server:/System/Library/ServerSetup] admin$ ./serversetup -getAllPort
1
Built-in Ethernet
[server:/System/Library/ServerSetup] admin$ cd /
[server:/] admin$ PATH = "$PATH:/System/Library/ServerSetup"
[server:/] admin$ serversetup -getAllPort
1
Built-in Ethernet
Correcting Typing Errors
To correct a typing error before you press Return to issue the command, use the Delete
key or press Control-H to erase unwanted characters and retype.
To ignore what you have typed and start again, press Control-U.
Repeating Commands
To repeat a command, press Up-Arrow until you see the command, then press Return.
To repeat a command with modifications, press Up-Arrow until you see the command,
press Left-Arrow or Right-Arrow to skip over parts of the command you don’t want to
change, press Delete to remove characters, type regular characters to insert them, then
press Return to execute the command.
Including Paths Using Drag-and-Drop
To include a fully-qualified file name or directory path in a command, stop typing
where the item is required in the command and drag the folder or file from a Finder
window into the Terminal window.
Chapter 1 Typing Commands 15
Commands Requiring Root Privileges
Many commands used to manage a server must be executed by the root user. If you
get a message such as “permission denied,” the command probably requires root
privileges.
To issue a single command as the root user, begin the command with sudo.
For example:
$ sudo serveradmin list
You’re prompted for the root password if you haven’t used sudo recently. The root user
password is set to the administrator user password when you install Mac OS X Server.
To switch to the root user so you don’t have to repeatedly type sudo, use the su
command:
$ su root
You’re prompted for the root user password and then are logged in as the root user
until you log out or use the su command to switch to another user.
Important: As the root user, you have sufficient privileges to do things that can cause
your server to stop working properly. Don’t execute commands as the root user unless
you understand clearly what you’re doing. Logging in as an administrative user and
using sudo selectively might prevent you from making unintended changes.
Throughout this guide, commands that require root privileges begin with sudo.
16 Chapter 1 Typing Commands
Sending Commands to a Remote Server
Secure Shell (SSH) lets you send secure, encrypted commands to a server over the
network. You can use the ssh command in Terminal to open a command-line
connection to a remote server. While the connection is open, commands you type are
performed on the remote server.
Note: You can use any application that supports SSH to connect to Mac OS X Server.
To open a connection to a remote server:
1 Open Terminal.
2 Type the following command to log in to the remote server:
ssh -l username server
where username is the name of an administrator user on the remote server and
server is the name or IP address of the server.
Example: ssh -l admin 10.0.1.2
3 If this is the first time you’ve connected to the server, you’re prompted to continue
connecting after the remote computer’s RSA fingerprint is displayed. Type yes and
press Return.
4 When prompted, type the user’s password (the user’s password on the remote server)
and press Return.
The command prompt changes to show that you’re now connected to the remote
server. In the case of the above example, the prompt might look like
[10.0.1.2:~] admin$
5 To send a command to the remote server, type the command and press Return.
To close a remote connection
m
Type logout and press Return.
Sending a Single Command
You can authenticate and send a command using a single typed line by appending the
command you want to execute to the basic ssh command.
For example, to delete a file you could type
$ ssh -l admin server1.company.com rm /Users/admin/Documents/report
or
$ ssh -l admin@server1.company.com "rm /Users/admin/Documents/report"
You’re prompted for the user’s password.
Chapter 1 Typing Commands 17
Updating SSH Key Fingerprints
The first time you connect to a remote server using SSH, the local computer asks if it
can add the remote server’s “fingerprint” (a security key) to a list of known remote
computers. You might see a message like this:
The authenticity of host "server1.company.com" can’t be established.
RSA key fingerprint is a8:0d:27:63:74:f1:ad:bd:6a:e4:0d:a3:47:a8:f7.
Are you sure you want to continue connecting (yes/no)?
Type yes and press Return to finish authenticating.
If you later see a warning message about a “man-in-the-middle” attack when you try to
connect, it might be because the key on the remote computer no longer matches the
key stored on the local computer. This can happen if you:
• Change your SSH configuration
• Perform a clean install of the server software
• Start up from a Mac OS X Server CD
To connect again, delete the entries corresponding to the remote computer (which can
be stored by both name and IP address) in the file ~/.ssh/known_hosts.
Important: Removing an entry from the known_hosts file bypasses a security
mechanism that helps you avoid imposters and “man-in -the-middle” attacks. Be sure
you understand why the key on the remote computer has changed before you delete
its entry from the known_hosts file.
Notes on Communication Security and servermgrd
When you use the Server Admin GUI application or the serveradmin command-line
tool, you’re communicating with a local or remote servermgrd process.
• servermgrd uses SSL for encryption and client authentication but not for user
authentication, which uses HTTP basic authentication along with Directory Services.
• servermgrd uses a self-signed (test) SSL certificate installed by default in
/etc/servermgrd/ssl.crt/. You can replace this with an actual certificate.
• The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64
encoded DER with header and footer lines (from www.modssl.org).
• servermgrd checks the validity of the SSL certificate only if the “Require valid digital
signature” option is checked in Server Admin preferences. If this option is enabled,
the certificate must be valid and not expired or Server Admin will refuse to connect.
• The SSLOptions and SSLRequire settings determine what SSL encryption options are
used. By default, they’re set as shown below but can be changed at any time by
editing /etc/servermgrd/servermgrd.conf, port 311.
SSLCertificateFile /private/etc/servermgrd/ssl.crt/server.crt
SSLCertificateKeyFile /private/etc/servermgrd/ssl.key/server.key
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars
18 Chapter 1 Typing Commands
Using Telnet
Because it isn’t as secure as SSH, Telnet access isn’t enabled by default.
To enable Telnet access:
$ service telnet start
To disable Telnet access:
$ service telnet stop
Getting Online Help for Commands
Onscreen help is available for most commands and utilities.
Note: Not all techniques work for all commands, and some commands have no
onscreen help.
To view onscreen information about a command, try the following:
• Type the command without any parameters or options. This will often list a summary
of options and parameters you can use with the command.
Example:
$ sudo serveradmin
• Type man command, where command is the command you’re curious about. This
usually displays detailed information about the command, its options, parameters,
and proper use.
Example:
$ man serveradmin
For help using the man command, type:
$ man man
• Type the command followed by a -help, -h, --help, or help parameter.
Examples:
$ hdiutil help
$ dig -h
$ diff --help
Chapter 1 Typing Commands 19
Notes About Specific Commands and Tools
serversetup
The serversetup utility is located in /System/Library/ServerSetup. To run this
command, you can type the full path, for example:
$ /System/Library/ServerSetup/serversetup -getAllPort
Or, if you want to use the utility to perform several commands, you can change your
working directory and type a shorter command:
$ cd /System/Library/ServerSetup
$ ./serversetup -getAllPort
$ ./serversetup -getDefaultInfo
or add the directory to your search path for this session and type an even shorter
command:
$ PATH = "$PATH:/System/Library/ServerSetup"
$ serversetup -getAllPort
To permanently add the directory to your search path, add the path to the file
/etc/profile.
serveradmin
You can use the serveradmin tool to perform many service-related tasks. You’ll see it
used throughout this guide.
Determining Whether a Service Needs to be Restarted
Some services need to be restarted after you change certain settings. If a change you
make using a service’s writeSettings command requires that you restart the service,
the output from the command includes the setting <svc>:needsRecycleOrRestart
with a value of yes.
Important: The needsRecycleOrRestart setting is displayed only if you use the
serveradmin svc:command = writeSettings command to change settings. You
won’t see it if you use the serveradmin settings command.
2
21
2 Installing Server Software and
Finishing Basic Setup
Commands you can use to install, set up, and update
Mac OS X Server software on local or remote computers.
Installing Server Software
You can use the installer command to install Mac OS X Server or other software on a
computer. For more information, see the man page.
Automating Server Setup
Normally, when you install Mac OS X Server on a computer and restart, the Server
Assistant opens and asks you to provide the basic information necessary to get the
server up and running (for example, the name and password of the administrator user,
the TCP/IP configuration information for the server’s network interfaces, and how the
server uses directory services). You can automate this initial setup task by providing a
configuration file that contains these settings. Servers starting up for the first time look
for this file and use it to complete initial server setup without user interaction.
Creating a Configuration File Template
An easy way to prepare configuration files to automate the setup of a group of servers
is to start with a file saved using the Server Assistant. You can save the file as the last
step when you use the Server Assistant to set up the first server, or you can run the
Server Assistant later to create the file. You can then use that first file as a template for
creating configuration files for other servers. You can edit the file directly or create
scripts to create customized configuration files for any number of servers that use
similar hardware.
To save a template configuration file during server setup:
1 In the final pane of the Server Assistant, after you review the settings, click Save As.
2 In the dialog that appears, choose Configuration File next to “Save as” and click OK.
So you can later edit the file, don’t select “Save in Encrypted Format.”
3 Choose a location to save the file and click Save.
22 Chapter 2 Installing Server Software and Finishing Basic Setup
To create a template configuration file at any time after initial setup:
1 Open the Server Assistant (in /Applications/Server).
2 In the Welcome pane, choose “Save setup information in a file or directory record” and
click Continue.
3 Enter settings on the remaining panes, then, after you review the settings in the final
pane, click Save As.
4 In the dialog that appears, choose Configuration File next to “Save as” and click OK.
So you can later edit the file, don’t select “Save in Encrypted Format.”
5 Choose a location to save the file and click Save.
Creating Customized Configuration Files from the Template File
After you create a template configuration file, you can modify it directly using a text
editor or write a script to automatically generate custom configuration files for a group
of servers.
The file uses XML format to encode the setup information. The name of an XML key
reveals the setup parameter it contains.
The following example shows the basic structure and contents of a configuration file
for a server with the following configuration:
• An administrative user named “Administrator” (short name “admin”) with a user ID of
501 and the password “secret”
• A computer name and host name of “server1.company.com”
• A single Ethernet network interface set to get its address from DHCP
• No server services set to start automatically
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AdminUser</key>
<dict>
<key>exists</key>
<false/>
<key>name</key>
<string>admin</string>
<key>password</key>
<string>secret</string>
<key>realname</key>
<string>Administrator</string>
<key>uid</key>
<string>501</string>
</dict>
<key>ComputerName</key>
<string>server1.company.com</string>
Chapter 2 Installing Server Software and Finishing Basic Setup 23
<key>DS</key>
<dict>
<key>DSClientInfo</key>
<string>2 - NetInfo client - broadcast dhcp static -192.168.42.250
network</string>
<key>DSClientType</key>
<string>2</string>
<key>DSType</key>
<string>2 - directory client</string>
</dict>
<key>HostName</key>
<string>server1.company.com</string>
<key>InstallLanguage</key>
<string>English</string>
<key>Keyboard</key>
<dict>
<key>DefaultFormat</key>
<string>0</string>
<key>DefaultScript</key>
<string>0</string>
<key>ResID</key>
<integer>0</integer>
<key>ResName</key>
<string>U.S.</string>
<key>ScriptID</key>
<integer>0</integer>
</dict>
<key>NetworkInterfaces</key>
<array>
<dict>
<key>ActiveAT</key>
<true/>
<key>ActiveTCPIP</key>
<true/>
<key>DNSDomains</key>
<array>
<string>company.com</string>
</array>
<key>DNSServers</key>
<array>
<string>192.168.100.10</string>
</array>
<key>DeviceName</key>
<string>en0</string>
<key>EthernetAddress</key>
<string>00:0a:93:bc:6d:1a</string>
<key>PortName</key>
<string>Built-in Ethernet</string>
<key>Settings</key>
<dict>
<key>DHCPClientID</key>
24 Chapter 2 Installing Server Software and Finishing Basic Setup
<string></string>
<key>Type</key>
<string>DHCP Configuration</string>
</dict>
</dict>
</array>
<key>NetworkTimeProtocol</key>
<dict>
<key>UsingNTP</key>
<false/>
</dict>
<key>Rendezvous</key>
<dict>
<key>RendezvousEnabled</key>
<true/>
<key>RendezvousName</key>
<string>beasbe3</string>
</dict>
<key>SerialNumber</key>
<string>a-123-bcd-456-efg-789-hij-012-klm-345-n</string>
<key>ServicesAutoStart</key>
<dict>
<key>Apache</key>
<false/>
<key>File</key>
<false/>
<key>MacManager</key>
<false/>
<key>Mail</key>
<false/>
<key>Print</key>
<false/>
<key>QTSS</key>
<false/>
<key>WebDAV</key>
<false/>
</dict>
<key>TimeZone</key>
<string>US/Pacific</string>
<key>VersionNumber</key>
<integer>1</integer>
</dict>
</plist>
Note: The actual contents of a configuration file depend on the hardware configuration
of the computer on which it’s created. This is one reason you should start from a
template configuration file created on a computer similar to those you plan to set up.
Chapter 2 Installing Server Software and Finishing Basic Setup 25
Naming Configuration Files
The Server Assistant recognizes configuration files with these names:
• MAC-address-of-server.plist
• IP-address-of-server.plist
• hardware-serial-number-of-server.plist
• full-host-name-of-server.plist
• generic.plist
The Server Assistant uses the file to set up the server with the matching address, name,
or serial number. If the Server Assistant cannot find a file named for a particular server,
it will use the file named generic.plist.
Storing a Configuration File in an Accessible Location
The Server Assistant looks for configuration files in the following locations:
/Volumes/vol/Auto Server Setup/
where vol is any device volume mounted in the /Volumes directory.
Devices you can use to provide configuration files include
• A partition on one of the server’s hard disks
• An iPod
• An optical (CD or DVD) drive
• A USB or FireWire drive
• Any other portable storage device that mounts in the /Volumes directory
Changing Server Settings
After initial setup, you can use a variety of commands to view or change Mac OS X
Server configuration settings.
For information on changing general system preferences, see Chapter 4, “Setting
General System Preferences,” on page 31.
For information on changing network settings, see Chapter 5, “Network Preferences,” on
page 37.
For information on changing service-specific settings, see the chapter that covers the
service.
26 Chapter 2 Installing Server Software and Finishing Basic Setup
Viewing, Validating, and Setting the Software
Serial Number
You can use the serversetup command to view or set the server’s software serial
number or to validate a server software serial number. The serversetup utility is
located in /System/Library/ServerSetup.
To display the server’s software serial number:
$ serversetup -getSerialNumber
To set the server software serial number:
$ sudo serversetup -setSerialNumber serialnumber
To validate a server software serial number:
$ serversetup -verifySerialNumber serialnumber
Displays 0 if the number is valid, 1 if it isn’t.
Updating Server Software
You can use the softwareupdate command to check for and install software updates
over the web from Apple’s website.
To check for available updates:
$ softwareupdate --list
To install an update:
$ softwareupdate --install update-version
To view command help:
$ softwareupdate --help
Parameter Description
serialnumber
A valid Mac OS X Server software serial number, as found on the
software packaging that comes with the software.
Parameter Description
update-version
The hyphenated product version string that appears in the list of
updates when you use the --list option.
Chapter 2 Installing Server Software and Finishing Basic Setup 27
Moving a Server
Try to place a server in its final network location (subnet) before setting it up for the
first time. If you’re concerned about unauthorized or premature access, you can set up
a firewall to protect the server while you're finalizing its configuration.
If you must move a server after initial setup, you need to change settings that are
sensitive to network location before the server can be used. For example, the server's IP
address and host name—stored in both directories and configuration files that reside
on the server—must be updated.
When you move a server, consider these guidelines:
• Minimize the time the server is in its temporary location so the information you need
to change is limited.
• Don’t configure services that depend on network settings until the server is in its
final location. Such services include Open Directory replication, Apache settings
(such as virtual hosts), DHCP, and other network infrastructure settings that other
computers depend on.
• Wait to import final user accounts. Limit accounts to test accounts so you minimize
the user-specific network information (such as home directory location) that will
need to change after the move.
• After you move the server, use the changeip tool to change IP addresses, host
names, and other data stored in Open Directory NetInfo and LDAP directories on the
server. See “Changing a Server’s IP Address” on page 39. You may need to manually
adjust some network configurations, such as the local DNS database, after using the
tool.
• Reconfigure the search policy of computers (such as user computers and DHCP
servers) that have been configured to use the server in its original location.
3
29
3 Restarting or Shutting Down a
Server
Commands you can use to shut down or restart a local or
remote server.
Restarting a Server
You can use the reboot or shutdown -r command to restart a server at a specific
time. For more information, see the man pages.
Examples
To restart the local server:
$ shutdown -r now
To restart a remote server immediately:
$ ssh -l root server shutdown -r now
To restart a remote server at a specific time:
$ ssh -l root server shutdown -r hhmm
Automatic Restart
You can also use the systemsetup command to set up the server to start automatically
after a power failure or system freeze. See “Viewing or Changing Automatic Restart
Settings” on page 33.
Parameter Description
server
The IP address or DNS name of the server.
hhmm
The hour and minute when the server restarts.
30 Chapter 3 Restarting or Shutting Down a Server
Changing a Remote Server’s Startup Disk
You can change a remote server’s startup disk using SSH.
To change the startup disk:
Log in to the remote server using SSH and type
$ bless -folder "/Volumes/disk/System/Library/CoreServices" -setOF
For information on using SSH to log in to a remote server, see “Sending Commands to
a Remote Server” on page 16.
Shutting Down a Server
You can use the shutdown command to shut down a server at a specific time. For more
information, see the man page.
Examples
To shut down a remote server immediately:
$ ssh -l root server shutdown -h now
To shut down the local server in 30 minutes:
$ shutdown -h +30
Parameter Description
disk
The name of the disk that contains the desired startup volume.
Parameter Description
server
The IP address or DNS name of the server.