As Apple’s place in institutional and enterprise marketplaces has grown, so has Mac OS X Server, Apple’s server software product. Mac OS X Server seeks to provide centralized services to a variety of cross-platform clients, and has only grown in scope since its introduction in 2000. That tremendously expanding scope gave birth to this book.
Little or no in-depth documentation exists for Mac OS X Server. Sure, Apple provides about 1,200 pages worth of PDF documentation, but you have to wade through fields of Apple marketing jargon to get to the tasty bits, and even then, you’re left holding crumbs and scratching your head. A lot. Essential Mac OS X Panther Server Administration seeks to fill that void, approaching Apple’s server systems in a thorough and fundamental way, from the command line to Apple’s graphical tools.
Essential Mac OS X Panther Server Administration is for the IT professional who wants to push Mac OS X Server to its limits. Server administration all too typically is a complex task, requiring integration with not one but several disparate systems, often run by different administrators, and this book is written with that in mind. If you’ve ever wondered how to safely manipulate Mac OS X Server’s many underlying configuration files or needed to explain AFP permission mapping—this book’s for you.
This book is written for Macintosh system administrators responsible for running Mac OS X Server. While the focus is oriented towards IT professionals, this book should also be of interest to anyone pursuing an accumulated knowledge of server products and their evolution. Whether you’re a seasoned Unix or Windows administrator or a long-time Mac professional, Essential Mac OS X Panther Server Administration provides you with the depth you’re seeking to maximize the potential of your Mac OS X Server deployment.
This is not a book for beginners. If you are a graphic artist looking to install a web server, you should probably look for another book, such as Foundation Mac OS X Web Development by Phil Sherry (Apress, 2004). Schoun Regan’s Mac OS X Server 10.3 Panther: Visual QuickPro Guide(Peachpit, 2005) provides a basic introduction to Mac OS X Server.
This book is also an analysis of Mac OS X Server including the infrastructures and tools used to manage Apple’s Server services. As mentioned earlier, Mac OS X Server is an extremely broad product providing a variety of services. This book is not meant as a complete, protocol-level discussion of HTTP, DNS, or any other of the well-documented technologies implemented in Mac OS X Server. It is instead concerned primarily with Apple-specific changes, management techniques and configuration architectures.
This book is organized into eight parts, each of which deals with a generally related set of Mac OS X Server Services. Each part is made up of several chapters, that examine a specific service in greater depth. Each part also has an introduction of varying length, used to introduce its component services or document some feature that is relevant through all its chapters. The actual layout of the book looks something like this:
This first part of the book provides you with the prerequisites for Mac OS X Server Administration. A variety of tasks not specific to the management of any one service are documented here. The chapters in this part include:
This chapter acquaints you with the basic concerns of deployment planning. Hardware and infrastructure challenges are covered in depth with special consideration given to Apple’s Server products and common networking and storage issues.
The beginning of a server’s life is critical. Careful planning can alleviate later issues and lessen ongoing headaches as the size and scope of server services are forced to scale with organizational growth. Apple has given special attention to Server installation, and a large body of knowledge has developed around technologies that complement Apple’s efforts. The most thorough documentation of its type available, this chapter provides an analysis of the Mac OS X Server installation process through several variations: graphical, command-line, remote, and local.
The centerpiece of Mac OS X Server is its management tool suite. With an eye towards remote management, these tools tie the user experience together and provide cohesiveness among the product’s many services and options. This chapter examines both those tools and the underlying infrastructures that support their functionality.
In the past 20 or 30 years, a number of trends have developed in the field generally known as system administration. This chapter examines those trends and techniques in the context of how they specifically apply to Mac OS X Server. Specific topics such as backup and software updates are also included in this chapter.
When things break, they need to be fixed. This chapter consists of a rich set of tools and heuristics that may be leveraged towards those ends.
Traditional system administration titles have not had to focus much on user management. As centralized systems have developed, though, and as directory services have risen in visibility in core Apple markets, it has become necessary to devote increasingly large amounts of documentation to these increasingly complex systems. Part III documents the server side of Apple’s directory services infrastructure.
Open Directory Server is Apple’s Directory Service—like Microsoft’s Active Directory, it is used to store administrative data (such as user and group accounts and security policies) centrally on the network. The biggest strength of this architecture is perhaps its standardized configuration mechanism. This chapter concerns the configuration and management and coordination of the underlying services that make up Open Directory Server.
Identity management is central to any directory service. This chapter discusses Apple’s use of OpenLDAP in identification and authorization.
Mac OS X Server maintains a robust authentication platform suited to the wide variety of services it must support. This chapter discusses those authentication technologies and their place in the larger world of directory services.
Replication adds a high availability aspect to Open Directory Server. This chapter takes a look at each component of that architecture and the processes and protocols used to keep user account and authentication data synchronized.
Network services can be described generally as services on which other services depend. They provide the basic functionality that makes networks useful and more friendly.
xinetd(which replaces the traditional Unix inetd) is a critical underlying process that starts certain system services on demand. Due to its central nature, I’ve devoted a chapter to it, even though it cannot be configured graphically.
This chapter looks at Mac OS X DNS Services—from Apple’s graphical tools to the configuration infrastructure put into place to help manage BIND, the underlying open source DNS server. Also included are a variety of advanced configuration techniques often useful in moderately sophisticated infrastructures.
DHCP can provide a variety of configuration data to Mac OS, Windows and Unix clients. This chapter goes beyond the basics and examines Apple’s homegrown DHCP server.
Network Address Translation, or NAT, has come to be a fundamental building block in network services everywhere. This chapter shows you how to use the Server Admin tool, as well as the command line, to set up and configure NAT services.
File and print services have long been a vital aspect of Apple Server products. This section of the book takes a close look at those services, with an emphasis on their commonalities and advanced configurations.
One of Mac OS X Server’s strong points is its ability to make share points available via a variety of file-sharing protocols. This chapter concerns the cross-protocol management systems put in place to set up shares and customize their behavior.
The Apple Filing Protocol is Apple’s homegrown file service, and is also the filesystem most commonly used for high-demand roles like network home directories.
Apple does not exist in a vacuum, and a flexible and robust Windows Services implementation is vital to the success of Mac OS X Server in nearly any market.
As ubiquitous as it is insecure, FTP unfortunately cannot be ignored. Users both inside and outside of your server framework will most likely need FTP services for transferring files back and forth. This chapter shows you how to set up and configure FTP services, and discusses use of Kerberos authentication and SSH’s sftp utility for secure FTP.
NFS is a useful remnant of Mac OS X Server’s Unix legacy and heritage. Used mostly in heterogeneous Unix environments and Mac OS X’s NetBoot service, it is documented extensively in Chapter 18.
Server-side print management has not proven to be Mac OS X Server’s forte. This chapter provides an analysis of Apple’s print service infrastructure and its Common Unix Printing System (CUPS) backend.
Central to any modern IT component is the question of security. Although good security principles are illustrated throughout the book, this part covers Mac OS X Server services specifically geared toward security.
Oversold perhaps as often as they are correctly deployed, firewalls(or packet filters) are a vital part of any security strategy. This chapter, written by Andre LeBranche, shows you how to set up and configure firewall services on your Server installation.
Virtual Private Networks have arrived only recently as an easily deployable technology. This chapter, written by Joel Rennich (of afp548 fame), attempts to decipher VPN services on Mac OS X Server.
Internet services is a convenient category created for portions of Mac OS X Server that are most commonly provided over the Internet (rather than to a local LAN).
Panther represents a huge step for Apple’s mail services, moving from a Workgroup-centric legacy mail server to a more modern and modular mail system built on powerful software. Completely open source, Mail is the canonical example of Apple’s “Open source made easy” moniker.
This chapter, written by James Duncan Davidson, details the inner workings of Apache on Mac OS X Server, along with Apple’s graphical management toolkit and its underlying configuration infrastructure.
Most modern web content is dynamic, with information drawn from databases, user input, or a combination of the two. This chapter, written by Wil Iverson, discusses the Java-based software packages that Mac OS X Server uses to provide these dynamic web services.
High on the list of features important to many administrators is client management. This broad term applies to a variety of Server and OS features, but generally refers to the ability to impose user experience restrictions on users, such as which applications they are permitted to run and what their dock looks like. These capabilities are detailed in this part, which was written by Ryan Faas.
Managed preferences allow you to preconfigure many of the settings users would typically configure on a standalone Mac OS X workstation. This chapter shows you how to use Workgroup Manager to manage the user environment for individual users, groups, workstations, or a combination of all three.
This chapter shows you how to use the Mac Manager to tap into Mac OS 9’s multiple users feature for managing Classic Mac OS workstations. You’ll learn about Mac OS 9’s multiple users feature and how to create limited-access users, and also learn about Mac Manager’s server component, installed with Mac OS X Server.
Windows services under Mac OS Server include the ability to share files and printers using the SMB protocol, which is the default file and print protocol for Windows, and Windows name resolution services, as well as the ability to function as a Windows Primary Domain Controller (PDC) and host a Windows domain. This chapter discusses how to support and manage Windows computers from Mac OS X Server.
This chapter covers the various ways in which you can deploy Mac OS 9 and Mac OS X client machines. It shows you how to image a system, and describes NetBoot and NetInstall—not only what they do and how to use them, but also how they differ. You’ll also learn how to use Apple Software Restore (ASR) to apply Mac 0S 9 and Mac OS X client images.
Although not included with Mac OS X Server, Apple Remote Desktop (also called simply Remote Desktop, or ARD) is an incredibly robust and useful tool that can make several of the tasks of deploying and managing a Mac network much easier for administrators and technical support staff alike. This chapter discusses the administrative and reporting functions of Apple Remote Desktop 2.1 (the current version as of this writing) and how they can be of use to system administrators and other IT staff.
There is also one appendix to this book:
This appendix delves into some client-side aspects of Mac OS X’s Open Directory Architecture.
The chapters in this book provide you with a complete overview of Mac OS X Server’s services and software. This in-depth architectural knowledge will guide you through a variety of deployment scenarios.
The following typographical conventions are used in this book:
Used to indicate new terms, URLs, filenames, file
extensions, directories, commands and options, program names, and
to highlight comments in examples. For example, a path in the
filesystem will appear as
Used to show the contents of files or the output from commands.
Constant width bold
Used in examples and tables to show commands or other text that should be typed literally by the user.
Constant width italic
Used in examples and tables to show text that should be replaced with user-supplied values.
Menus and their options are referred to in the text as File → Open, Edit → Copy, and so on. Arrows are also used to signify a navigation path when using window options; for example, System Preferences → Desktop & Screen Saver → Screen Saver means that you would launch System Preferences, click on the icon for the Desktop & Screen Saver preferences panel, and select the Screen Saver pane within that panel.
Pathnames are used to show the location of a file or
application in the filesystem. Directories (or folders, for Mac
and Windows users) are separated by a forward slash. For example,
if you see something like, “launch the Terminal application
the text, that means the Terminal application can be found in the
Utilities subfolder of the Applications folder.
The tilde character (
refers to the current user’s Home folder, so
~/Library refers to the Library folder
within your own Home folder.
A carriage return () at the end of a line of code is used to denote an unnatural line break; that is, you should not enter these as two lines of code, but as one continuous line. Multiple lines are used in these cases due to printing constraints.
The dollar sign (
used in some examples to show the user prompt for the
bashshell; the hash mark (
#) is the prompt for the root
When looking at the menus for any application, you will see some symbols associated with keyboard shortcuts for a particular command. For example, to open a document in Microsoft Word, you could go to the File menu and select Open (File → Open), or you could issue the keyboard shortcut -O.
Figure P-1 shows the symbols used in the various menus to denote a shortcut.
Rarely will you see the Control symbol used as a menu
command option; it’s more often used in association with mouse
clicks or for working with the
Indicates a tip, suggestion, or general note.
Indicates a warning or caution.
This book is here to help you get your job done. In general, you may use the code in this book in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: "Essential Mac OS X Panther Server Administration, by Michael Bartosh and Ryan Faas. Copyright 2005 O’Reilly Media, Inc., 0-596-00635-7.”
If you feel that your use of code examples falls outside fair use or the permission given here, feel free to contact us at firstname.lastname@example.org.
When you see a Safari® Enabled icon on the cover of your favorite technology book, it means the book is available online through the O’Reilly Network Safari Bookshelf.
Safari offers a solution that’s better than e-books. It’s a virtual library that lets you easily search thousands of top technology books, cut and paste code samples, download chapters, and find quick answers when you need the most accurate, current information. Try it for free at http://safari.oreilly.com
Please address comments and questions concerning this book to the publisher:
O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 (800) 998-9938 (in the United States or Canada) (707) 829-0515 (international or local) (707) 829-0104 (fax)
We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at:
The author additionally maintains a site for further reading and discussion of book content:
To comment or ask technical questions about this book, send email to:
For more information about our books, conferences, Resource Centers, and the O’Reilly Network, see our web site at:
You can also visit the author’s companion web site at:
This book wouldn’t have been feasible without the help, tolerance, and support of many people, chief among them my wife Amber, who has not yet had the good sense to leave me.
Thanks also to the following contributors:
Andre LeBranche, for contributing Chapter 20, The Mac OS X Server Firewall.
Joel Rennich of http://afp54.com (and now at Apple) has been a friend, a sounding board, and finally a contributor when the first edition of this book came close to the wire. Joel contributed Chapter 21, Virtual Private Networks.
James Duncan Davidson, for contributing Chapter 23, Web Services.
Wil Iverson, for contributing Chapter 24, Application Servers.
Ryan Faas, for contributing all of the chapters in Part VII, Client Management after O’Reilly decided to fold our two books together.
When every screen shot in the book had to be re-done at the last minute, a nmber of folks pitched in.
Justin Krisko (thanks to Justin also for showing me London)
Jon L. Gardner (thanks also to Jon for showing me around Doha, Qatar)
And here’s a long list of thanks to all the people who supported me throughout the year or so it took me to write this book; it’s been a long haul, but I couldn’t have done it without you all:
My editor, Chuck Toporek, had way more faith in the whole thing than I did (he says he never doubted me, and since you now hold this book, it must be true).
Kurt Ackman was always there to grab a drink and simmer down a little whenever I was in Denver. He was the best AE Apple ever had.
Michelle, Jeff, and Gary at CU Boulder have been supportive since I was their SE, and Scott Brekken convinced me I wanted to work with Apple.
Greg Hydle. Rock on!
No one really knows what to say about Bodhi, least of all me, but he’s an alright guy, and he provided some keen feedback.
Schoun Regan is a good guy who’s put all sorts of opportunities in front of me, most of which I haven’t blown.
Iris Burdett is a hell of a lot of fun.
Daveo, Jason, Eric, and Simon have never really steered me wrong and have put up with a bunch of my not-so-positive all-the-time feedback.
Eric, Scott, Leland, Robert, and countless others at Apple have paved the way to make this thing happen, and if they all quit I wouldn’t have anything much to write about.
Brad Suinn has been particularly instructive over the years.
Material support was provided by Juan, the folks at Brocade, and several who wish to remain nameless.
Mike Bombich is an all-around great guy and thinks about IT in a way that should be embraced more thoroughly throughout Apple.
Many Education SEs and CEs have been very supportive, and to you guys, thanks.
All the folks at http://macosxlabs.com. I mean enterprise. Whatever. Thanks for all your input and inclusion.
Todd Snider and Robert Earl Keen provided the soundtrack for the development of this book, although I’d have been done sooner if I went to fewer concerts.
My mom has no clue what this book is about, but, you know, thanks.
James Rabe first interested me in the Mac way back. I’m grateful even if the world is still slightly pissed.
Mark McCann introduced me to the real heuristics of Unix system administration.
Thanks to everyone who has shared with me a good time at some point somewhere in the bars, beaches, venues, pastures, and clubs that keep me juiced for all this computer stuff. Thanking all of you would be a book in itself, but probably a good one.
Don’t read any order into this other than having Amber first. Put a fork in me. I think I’m done.