Apple oxs manual

Mac OS X Ser v er C ommand-Line Administr ation For Version 10.3 or Later 034-2454_Cvr 10/15/03 11:47 AM Page 1[...]

 Apple Computer , Inc. © 2003 Apple C omputer , Inc. All rights reser ved. The owner or authoriz ed user of a valid copy of Mac OS X Ser ver software may reproduc e this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purpose s, such as selling copies of t[...]

3 1 C on ten ts Prefac e 1 1 About This Book 11 Notation Con ventions 11 Summar y 11 Commands and Other T erminal T ex t 11 Command P arameters and Options 12 Default Settings 12 Commands Requiring Root P rivileges Chapter 1 1 3 T yping Commands 13 Using T erminal 14 Correcting T yping Errors 14 Repeating Commands 14 Including P aths Using Drag-and[...]

4 Contents 26 Viewing, V alidating , and S etting the Software Serial Number 26 Updating Ser ver Software 27 Moving a Server Chapter 3 29 Restarting or Shutting Down a Ser ver 29 Restarting a Ser ver 29 Examples 29 Automatic Restart 30 Changing a Remote Ser ver’ s Star tup Disk 30 Shutting Down a Ser ver 30 Examples Chapter 4 3 1 S etting General[...]

Contents 5 39 Changing Configuration P recedence 39 T CP/IP Settings 39 Changing a Ser ver ’ s IP Address 40 Viewing or Changing IP Address , Subnet Mask, or Router Address 41 Viewing or Changing DNS Ser vers 42 Enabling T CP/IP 42 Apple T alk Settings 42 Enabling and Disabling Apple T alk 42 Pr oxy Settings 42 Viewing or Changing FTP Proxy Setti[...]

6 Contents 57 User Attributes 62 Checking a Ser ver User ’ s Name, UID , or P assword 63 Creating a User’ s Home Direc tor y 63 Mounting a User’ s Home Direc tory 63 Creating a Group F older 63 Checking a User ’ s Administrator Privileges Chapter 8 65 W ork ing With F ile Ser vices 65 Share P oints 65 Listing Share P oints 66 Creating a Sha[...]

Contents 7 80 Checking SMB Ser vice Status 81 Viewing SMB Settings 81 Changing SMB Settings 82 List of SMB Ser vice Settings 84 List of SMB serveradmin Commands 84 Listing SMB Users 85 Disconnecting SMB Users 86 Listing SMB Ser vice Statistics 86 Updating Share P oint Information 87 Viewing SMB Ser vice Logs Chapter 9 89 W ork ing With Print Servic[...]

8 Contents 11 6 Mail serveradmin Commands 11 7 Listing Mail Ser vice Statistics 11 8 V iewing the Mail Ser vice Logs 11 9 Setting Up SSL for Mail Ser vice 11 9 Generating a CSR and Creating a Keychain 12 1 Obtaining an SSL Certificate 12 1 Impor ting an SSL Certificate Into the Keychain 12 2 Creating a P assphrase F ile 12 2 Setting Up SSL for Mail[...]

Contents 9 13 6 Firewall Service 13 6 Star ting and Stopping Firewall Service 13 7 Checking the Status of Firewall Service 13 7 Viewing Firewall Service Settings 13 7 Changing F irewall Service S ettings 13 7 F irewall Ser vice Settings 13 8 Defining Firewall Rules 141 IPFilter Rules Arra y 141 Firewall serveradmin C ommands 14 2 Viewing Firewall S[...]

10 Contents 15 7 A Note on Using ldapsearch 15 8 Idle Rebinding Options 15 8 Additional Inf ormation About LDAP 15 9 NetInfo 15 9 Configuring NetInfo 15 9 Passwor d Ser ver 15 9 Working With the P asswor d Ser ver 15 9 V iewing or Changing P assword P olicies 15 9 Enabling or Disabling Authentication Methods 16 0 Kerberos and Single Sign On Chapter[...]

11 Prefac e About T his Book Notation Con ventions The following con ven tions are used throughout this book. Summar y Commands and Other T erminal T ext Commands or command parameters that you might t ype, along with other tex t that normally appears in a T erminal window , are shown in this f ont. For example , Y ou can use the doit command to ge[...]

12 Preface About This Book Pa rameters Y ou Must T ype as Shown If you need to type a parameter as shown, it appears following the command in the same font. For example , $ doit -w later -t 12:30 T o use the command in the above example , t ype the entire line as shown. Pa rameter Values Y ou P rovide If you need to supply a value, its placeholder [...]

1 13 1 T yping C ommands How to use T erminal to execute commands , connect to a remote server , and view online information about commands and utilities . T o access a UNIX shell command prompt, you open the T erminal application. In T erminal, you can use the ssh command to log in to other servers. Y ou can use the man command to view online docu[...]

14 Chapter 1 Typing Commands T o t ype a command: m W ait for a prompt t o appear in the T erminal window , then type the command and press Return. If you get the message command not found , check your spelling. If the error recurs, the program you’ re tr ying to run might not be in your default search path. Add the path before the program name o[...]

Chapter 1 Typing Commands 15 Commands Requiring Root P rivileges Many commands used to manage a server must be executed by the r oot user . If you get a message such as “permission denied,” the command probably require s root privileges. T o issue a single command as the root user , begin the command with sudo . F or example: $ sudo serveradmin[...]

16 Chapter 1 Typing Commands Sending Commands to a Remot e Ser ver Secure Shell (SSH) lets you send secure, encr ypted commands to a ser ver over the network. Y ou can use the ssh command in T erminal to open a command-line connection to a remote ser ver . While the connection is open, commands you type are per formed on the remote server . Note: Y[...]

Chapter 1 Typing Commands 17 Updating SSH Key F ingerprints The first time you connec t to a remote ser ver using SSH, the local computer asks if it can add the remote server ’ s “fingerprint” (a securit y key) to a list of k nown remote computers. Y ou might see a message like this: The authenticity of host "server1.company.com" ca[...]

18 Chapter 1 Typing Commands Using T elnet Because it isn ’t as secure as SSH, T elnet access isn ’t enabled by default. T o enable T elnet access: $ service telnet start T o disable T elnet access: $ service telnet stop Getting Online Help for Commands Onscreen help is av ailable for most commands and utilities . Note: Not all techniques work [...]

Chapter 1 Typing Commands 19 Notes About Specific C ommands and T ools serversetup The serversetup utility is located in /System/Library/S er verSetup. T o run this command, you can t ype the full path, f or example: $ /System/Library/ServerSetup/serversetup -getAllPort Or , if you want to use the utilit y to per form several commands, you can chan[...]

LL2354.book Page 20 Monday, October 20, 2003 9:47 AM[...]

2 21 2 Installing Ser ver Software and F inishing Basic S etup Commands you can use to install, set up , and update Mac OS X Ser ver software on local or remote comput ers. Installing Ser ver Software Y ou can use the installer c ommand to install Mac OS X Server or other software on a computer . F or more inf ormation, see the man page. Automating[...]

22 Chapter 2 Installing Server Software and Finishing Basic Setup T o create a template configur ation file at an y time after initial setup: 1 Open the Ser ver Assistant (in /Applications/Server). 2 In the W elcome pane , choose “Save setup information in a file or directory record” and click Continue . 3 Enter settings on the remaining panes,[...]

Chapter 2 Installing Server Software and Finishing Basic Setup 23 <key>DS</key> <dict> <key>DSClientInfo</key> <string>2 - NetInfo client - broadcast dhcp static -192.168.42.250 network</string> <key>DSClientType</key> <string>2</string> <key>DSType</key> <string>2 [...]

24 Chapter 2 Installing Server Software and Finishing Basic Setup <string></string> <key>Type</key> <string>DHCP Configuration</string> </dict> </dict> </array> <key>NetworkTimeProtocol</key> <dict> <key>UsingNTP</key> <false/> </dict> <key>Rendezv[...]

Chapter 2 Installing Server Software and Finishing Basic Setup 25 Naming Configur ation F iles The Ser ver Assistant r ecognizes configuration files with the se names: • MAC-address-of-server.plist • IP-address-of-server.plist • hardware-serial-number-of-server.plist • full-host-name-of-server.plist • generic.plist The Ser ver Assistant u[...]

26 Chapter 2 Installing Server Software and Finishing Basic Setup Viewing, V alidating , and Setting the Sof tware Serial Number Y ou can use the serversetup command to view or set the server ’ s sof tware serial number or to validat e a ser ver software serial number . The serversetup utilit y is located in /System/Library/Ser verSetup. T o disp[...]

Chapter 2 Installing Server Software and Finishing Basic Setup 27 Moving a Ser ver T r y to place a ser ver in its final network location (subnet) before setting it up f or the first time. If you’ re concerned about unauthorized or premature access, you can set up a firewall to protect the ser ver while you're finalizing its configuration. I[...]

LL2354.book Page 28 Monday, October 20, 2003 9:47 AM[...]

3 29 3 Restar ting or Shutting Down a Serve r Commands y ou can use to shut down or r estart a local or remote server . Restarting a S er ver Y ou can use the reboot or shutdown -r command to restart a ser ver at a specific time. For more inf ormation, see the man pages. Examples T o restar t the local ser ver: $ shutdown -r now T o restar t a remo[...]

30 Chapter 3 Restarting or Shutting Down a Server Changing a Remote Ser ver ’ s Star tup Disk Y ou can change a remote server ’ s star tup disk using SSH. T o change the star tup disk: Log in to the r emote server using SSH and t ype $ bless -folder "/Volumes/disk /System/Library/CoreServices" -setOF F or information on using SSH to l[...]

4 31 4 Setting G eneral S ystem P ref erenc es Commands y ou can use to set system pr efer ences , usually set using the System P reference s GUI application. Comput er Name Y ou can use the systemsetup command to view or change a server ’ s computer name (the name used to browse f or AFP share points on the server), which would otherwise be set [...]

32 Chapter 4 Setting General System Preferences Viewing or Changing the System Da te T o view the current system date: $ sudo systemsetup -getdate or $ serversetup -getDate T o set the current system date: $ sudo systemsetup -setdate mm:dd:yy or $ sudo serversetup -setDate mm/dd/yy Viewing or Changing the System Time T o view the current system tim[...]

Chapter 4 Setting General System Preferences 33 Viewing or Changing Network Time Ser ver Usage T o see if a network time ser ver is being used: $ sudo systemsetup -getusingnetworktime T o enable or disable use of a network time ser ver: $ sudo systemsetup -setusingnetworktime (on|off) T o view the current network time server: $ sudo systemsetup -ge[...]

34 Chapter 4 Setting General System Preferences T o set how long the system waits to restart after a power failure: $ sudo systemsetup -setWaitForStartupAfterPowerFailure seconds T o see if the system is set to restart af ter a system freez e: $ sudo systemsetup -getrestartfreeze T o set the system to restart af ter a system freez e: $ sudo systems[...]

Chapter 4 Setting General System Preferences 35 Sharing Settings Y ou can use the systemsetup command to view or change settings that would other wise be set using the Sharing pane of System Prefer ences. Viewing or Changing Remote Log in Settings Y ou can use SSH to log in to a remote server if remote login is enabled . T o see if the system is se[...]

36 Chapter 4 Setting General System Preferences Login Settings Disabling the Restart and Shutdown Buttons T o disable or enable the Restar t and Shutdown buttons in the login dialog: $ sudo serversetup -setDisableRestartShutdown (0|1) 0 disables the buttons. 1 enables the buttons. T o view the current setting: $ serversetup -getDisableRestartShutdo[...]

5 37 5 Network P refer ence s Commands y ou can use to change a server ’ s network settings. Network In ter face Information This section describes commands you address to a specific hardware device (for example , en0 ) or por t (for example , Built-in Ethernet ). If you prefer to work with network por t configurations following the approach used[...]

38 Chapter 5 Network Preferences Viewing or Changing MTU V alues Y ou can use these commands to change the maximum transmission unit (MTU) size f or a port. T o view the MTU value for a hardware port: $ sudo networksetup -getMTU (devicename |"portname") T o list valid MTU values for a har dware port: $ sudo networksetup -listvalidMTUrange[...]

Chapter 5 Network Preferences 39 T o enable or disable a por t configuration: $ sudo networksetup -setnetworkserviceenabled configuration (on|off) Changing C onfiguration P recedenc e T o list the configuration order: $ sudo networksetup -listnetworkserviceorder The configurations are listed in the order that they ’ re tried when a network connec[...]

40 Chapter 5 Network Preferences Viewing or Changing IP Addre ss, Subnet Mask, or Router A ddress Y ou can use the serversetup and networksetup commands to change a computer’ s T CP/IP settings. Important: Changing a server ’ s IP address isn ’t as simple as changing the TCP/IP settings. Y ou must first run the changeip utilit y to make sure [...]

Chapter 5 Network Preferences 41 Viewing or Changing DNS Ser vers T o view the DNS ser vers for port en0: $ serversetup -getDefaultDNSServer (devicename|"portname") T o change the DNS ser vers for port en0: $ sudo serversetup -setDefaultDNSServer (devicename|"portname ") server1 [server2 ] [ ... ] T o view the DNS ser vers for a[...]

42 Chapter 5 Network Preferences Enabling TCP/IP T o enable T CP/IP on a par ticular por t: $ serversetup -EnableTCPIP [(devicename |"portname")] If you don’ t provide an inter face, en0 is assumed. T o disable T CP/IP on a particular por t: $ serversetup -DisableTCPIP [(devicename |"portname")] If you don’ t provide an inte[...]

Chapter 5 Network Preferences 43 T o view the FTP passive setting for a configuration: $ sudo networksetup -getpassiveftp "configuration " T o enable or disable FTP passive mode for a configura tion: $ sudo networksetup -setpassiveftp "configuration" (on|off) T o enable or disable the FTP proxy for a configuration: $ sudo networ[...]

44 Chapter 5 Network Preferences Viewing or Changing SOCKS Fir ewall Pr oxy Settings T o view the SOCKS firewall proxy information for a configur ation: $ sudo networksetup -getsocksfirewallproxy "configuration " T o set the SOCKS firewall proxy information for a configur ation: $ sudo networksetup -setsocksfirewallproxy "configurati[...]

Chapter 5 Network Preferences 45 T o change the computer name: $ sudo systemsetup -setcomputername computername or $ sudo networksetup -setcomputername computername or $ sudo serversetup -setComputername computername T o validate a computer name: $ serversetup -verifyComputername computername Viewing or Changing the Local Host Name T o display the [...]

LL2354.book Page 46 Monday, October 20, 2003 9:47 AM[...]

6 47 6 W ork ing With Disks and V olumes Commands y ou can use to prepar e , use, and test disks and volume s. Mounting and Unmounting V olumes Y ou can use the mount_afp command to mount an AFP volume . For more inf ormation, typ e man mount_afp to see the man page . Mounting V olumes Y ou can use the mount command with parameters appropriate to t[...]

48 Chapter 6 Working With Disks and Volumes Monitoring Disk Space When you need more vigilant monitoring of disk space than the log rolling scripts provide , you can use the diskspacemonitor command-line tool. It lets you monitor disk s pace and take action more frequently than once a day when disk space is critically low , and gives you the opport[...]

Chapter 6 Working With Disks and Volumes 49 Reclaiming Disk Space Using L og Rolling Scripts Three predefined scripts ar e executed a utomatically to reclaim s pace used on your ser ver for log file s generated by • Apple file service • Windows service • W eb service • W eb performance cache • Mail ser vice • Print service The scripts u[...]

50 Chapter 6 Working With Disks and Volumes Managing Disk Journaling Checking to See if Journaling is Enabled Y ou can use the mount command to see if journaling is enable on a volume. T o see if journaling is enabled: $ mount Look f or journaled in the attributes in parenthe ses follo wing a volume. F or example: /dev/disk0s9 on / (local, journale[...]

Chapter 6 Working With Disks and Volumes 51 Enabling Journaling When Y ou Erase a Disk Y ou can use the newfs_hfs command to set up and enable journaling when you erase a disk. T o enable journaling when erasing a disk: $ newfs_hfs -J -v volname device Disabling Journaling T o disable journaling: $ diskutil disableJournal volume Erasing , P ar titi[...]

52 Chapter 6 Working With Disks and Volumes Imaging and Cloning V olumes U sing ASR Y ou can use Apple Software Restore (ASR) t o copy a disk image onto a volume or prepare existing disk images with checksum inf ormation for faster copie s. ASR can per form file copie s, in which individual file s are r estored to a volume unless an identical file [...]

7 53 7 W ork ing With Users and Groups Commands y ou can use to set up and manage users and groups in Mac OS X Ser ver . Creating Ser ver Administrat or Users Y ou can use the serversetup command to create administrator users f or a server . T o create regular users , see “Impor ting Users and Groups” on page 54. T o create a user: $ serversetu[...]

54 Chapter 7 Working With Users and Groups Impor ting Users and Groups Y ou can use the dsimportexport command to import user and group accounts. Note: Despite its name , dsimportexport can’t be used t o expor t user records. The utility is in /Applications/Ser ver/W orkgroup Manager .app/Conten ts/Resources . F or information on the formats of t[...]

Chapter 7 Working With Users and Groups 55 3 Open the T erminal application and t ype the dsimportexport command. T he tool is located in /Applications/Utilities/W orkgroup Manager .app/Con tents/Resour ces. T o include the space in the path name, precede it with a backslash (). For example: /Applications/Utilities/Workgroup Manager.app/Contents/[...]

56 Chapter 7 Working With Users and Groups In addition, you can include • UserShell (the default shell) • NFSHomeDirector y (the path to the user’ s home direc tory on the user ’ s computer) • Other user data t ypes, described under “User Attributes ” on page 57 F or group accounts , the list of attributes must include • RecordName [...]

Chapter 7 Working With Users and Groups 57 An example user account looks like this: jim:Adl47E$:408:20:J. Smith, Jr., M.D.:/Network/Servers/somemac/Homes/jim:/bin/csh Using the StandardGroupRecord Shorthand When the first record in a character-delimited import file contains StandardGroupRecord , the following record de scription is assumed: 0x0A 0x[...]

58 Chapter 7 Working With Users and Groups HomeDirectory: The location of an AFP-based home director y Structured UTF-8 text <home_dir> <url> afp://server/sharepoint </url> <path> usershomedirectory </path> </home_dir> In the following example, T om King’ s home directory is K-M/T om K ing, which resides beneat[...]

Chapter 7 Working With Users and Groups 59 MCXFlags: If present, MCXSettings is loaded; if absent, MCXSettings isn’ t loaded; required for a managed user. UTF-8 XML plist, single value MCXSettings : A user ’ s managed preferences UTF-8 XML plist, single value AdminLimits The privileges allowed by W orkgroup Manager to a user that can administer[...]

60 Chapter 7 Working With Users and Groups Mail Attributes in U ser Records The following table lists the standar d XML data structures for a user mail attribute , par t of a standard user record . MailAttribute field Description Sample values AttributeVersion A required case-insensitive value that must be set to AppleMail 1.0 . <key> kAttrib[...]

Chapter 7 Working With Users and Groups 61 NotificationState An optional keyword describing whether to notify the user whenever new mail arrives. If provided, it must be set to one of these values: NotificationOff , NotificationLastIP , or NotificationStaticIP . If this field is missing, NotificationOff is assumed. <key> kNotificationState &l[...]

62 Chapter 7 Working With Users and Groups Checking a S er ver User ’ s Name , UID , or P assw ord Y ou can use the following commands to check the name , UID , or passw ord of a user in the ser ver ’ s local director y . Note: The se tasks only apply to the local directory on the ser ver . T o see if a full name is already in use: $ serversetu[...]

Chapter 7 Working With Users and Groups 63 Creating a User’ s Home Director y Normally , you can create a user's home dir ector y by clicking the Create Home Now button on the Homes pane of Workgroup Manager . Y ou can also create home directory folders using the createhomedir tool. O ther wise, Mac OS X S er ver creates the user’ s home d[...]

LL2354.book Page 64 Monday, October 20, 2003 9:47 AM[...]

8 65 8 W ork ing With F ile Ser vice s Commands y ou can use to cr eate share poin ts and manage AFP , NFS, Windows (SMB), and FTP ser vices in Mac OS X Ser ver . Share P oints Y ou can use the sharing tool to list, create, and modify share points. Listing Share P oints T o list existing share points: $ sharing -l In the re sulting list, there ’ [...]

66 Chapter 8 Working With File Services Creating a Share P oint T o create a share point: $ sharing -a path [-n customname] [-A afpname] [-F ftpname ] [-S smbname ] [-s shareflags] [-g guestflags ] [-i inheritflags ] [-c creationmask ] [-d directorymask] [-o oplockflag ] [-t strictlockingflag ] Examples $ sharing -a /Volumes/100GB/Art Creates a sha[...]

Chapter 8 Working With File Services 67 Shares the directory named Windo ws Docs on the disk 1 00GB. T he share point is named WinDocs for server management purposes , but SMB users see it as Documents. It ’ s shared using only the SMB protocol with oplocks enabled . Modifying a Share P oint T o change share point settings: $ sharing -e sharepoin[...]

68 Chapter 8 Working With File Services T o list a par ticular setting: $ sudo serveradmin settings afp:setting T o list a group of settings: Y ou can list a group of settings that hav e par t of their names in common by typing only as much of the name as you want, stopping at a colon (:), and typing an asterisk (*) as a wildcard for the remaining [...]

Chapter 8 Working With File Services 69 activityLogSize Rollover size (in kilobytes) f or the activity log. Only used if activityLogTime isn’ t specified . Default = 1000 activityLogTime Rollover time (in days) f or the activit y log. Default = 7 admin31GetsSp Set to true to force administrative users on Mac OS X to see share points instead of al[...]

70 Chapter 8 Working With File Services guestAccess Allow guest users access to the server . Default = yes idleDisconnectFlag: adminUsers Enforce idle disconnect for administrative users . Default = yes idleDisconnectFlag: guestUsers Enforce idle disconnect for guest users. Default = yes idleDisconnectFlag: registeredUsers Enforce idle disconnect f[...]

Chapter 8 Working With File Services 71 maxThreads Maximum number of AFP threads. (Must be specified at startup.) Default = 40 noNetworkUsers Indication to client that all users are users on the server . Default = no permissionsModel How permissions are enforced . Can be set to: classic_permissions unix_with_classic_admin_permissions unix_permissio[...]

72 Chapter 8 Working With File Services List of AFP serveradmin Commands In addition to the standard start , stop , status , and settings commands, you can use serveradmin to issue the following service-specific AFP commands. Listing Connected Users Y ou can use the serveradmin getConnectedUsers command to retrieve inf ormation about connected AFP [...]

Chapter 8 Working With File Services 73 Sending a Message to AFP Users Y ou can use the serveradmin sendMessage command to send a text message to connected AFP users. Users are specified by session ID . T o send a message: $ sudo serveradmin command afp:command = sendMessage afp:message = "message-text " afp:sessionIDsArray:_array_index:0[...]

74 Chapter 8 Working With File Services Output afp:command = "disconnectUsers" afp:messageSent = "<message>" afp:timeStamp = "< time> " afp:timerID = <disconnectID> <user listing> afp:status = <status> Canceling a U ser Disconnect Y ou can use the serveradmin cancelDisconnect command to ca[...]

Chapter 8 Working With File Services 75 Listing AFP Ser vice Statistics Y ou can use the serveradmin getHistory command to display a log of periodic samples of the number of connections and the data throughput. Samples ar e taken once each minute. T o list samples: $ sudo serveradmin command afp:command = getHistory afp:variant = statistic afp:time[...]

76 Chapter 8 Working With File Services Viewing AFP Log F iles Y ou can use tail or any other file listing tool to view the con tents of the AFP service logs. T o view the latest entries in a log: $ tail log-file Y ou can use the serveradmin getLogPaths command to see where the current AFP error and activity logs are located. T o display the log pa[...]

Chapter 8 Working With File Services 77 Changing NFS Ser vice Settings Use the following parameters with the serveradmin command to change settings for the NFS ser vice. FTP Ser vice Star ting FTP Ser vice T o star t FTP ser vice: $ sudo serveradmin start ftp Stopping FTP Ser vice T o stop FTP ser vice: $ sudo serveradmin stop ftp Checking FTP Ser [...]

78 Chapter 8 Working With File Services Changing FTP Settings Y ou can change FTP ser vice settings using the serveradmin application. T o change a setting: $ sudo serveradmin settings ftp:setting = value T o change several settings: $ sudo serveradmin settings ftp:setting = value ftp:setting = value ftp:setting = value [...] Control-D FTP Settings[...]

Chapter 8 Working With File Services 79 List of FTP serveradmin Commands Y ou can use the following commands with the serveradmin application to manage FTP ser vice. logCommands:anonymous Default = no logCommands:guest Default = no logCommands:real Default = no loginFailuresPermitted Default = 3 logSecurity:anonymous Default = no logSecurity:guest [...]

80 Chapter 8 Working With File Services Viewing the FTP T ransfer Log Y ou can use tail or any other file listing tool to view the con tents of the FTP transf er log. T o view the latest entries in the transfer log: $ tail log-file The default location of log-file is /Library/Logs/FTP .transger .log. Y ou can use the serveradmin getLogPaths command[...]

Chapter 8 Working With File Services 81 Viewing SMB Settings T o list all SMB ser vice settings: $ sudo serveradmin settings smb T o list a par ticular setting: $ sudo serveradmin settings smb:setting T o list a group of settings: Y ou can list a group of settings that hav e par t of their names in common by typing only as much of the name as you w[...]

82 Chapter 8 Working With File Services List of SMB Ser vice Settings Use the following parameters with the serveradmin command to change settings for the SMB ser vice. Par ameter ( smb: ) Description adminCommands:homes Whether home directories are mounted aut omatically when Windows users log in so you don’ t have to set up individual share poi[...]

Chapter 8 Working With File Services 83 local master Whether the server is providing workgroup master browser service. C an be set to: yes | no Corres ponds to the W orkgroup Master Browser checkbox in the Advanced pane of Window ser vice settings in the Ser ver Admin GUI application. log level The amount of detail written to the service logs. Can [...]

84 Chapter 8 Working With File Services List of SMB serveradmin Commands Y ou can use these commands with the serveradmin tool to manage SMB service. Listing SMB Users Y ou can use the serveradmin getConnectedUsers command to retrieve inf ormation about connected SMB users. For example , you can use this command to retrieve the session IDs you need[...]

Chapter 8 Working With File Services 85 Output The follo wing array of settings is displa yed for each connected user: smb:usersArray:_array_index:i:disconnectID = <disconnectID> smb:usersArray:_array_index:i:sessionID = <sessionID> smb:usersArray:_array_index:i:connectAt = <connect-time> smb:usersArray:_array_index:i:service = &l[...]

86 Chapter 8 Working With File Services Listing SMB Ser vice Statistics Y ou can use the serveradmin getHistory command to display a log of periodic samples of the number of SMB connections. Samples are taken once each minute. T o list samples: $ sudo serveradmin command smb:command = getHistory smb:variant = v1 smb:timeScale = scale Control-D Outp[...]

Chapter 8 Working With File Services 87 Viewing SMB Ser vice Logs Y ou can use tail or any other file listing tool to view the con tents of the SMB service logs. T o view the latest entries in a log: $ tail log-file Y ou can use the serveradmin getLogPaths command to see where the current SMB logs are located . T o display the log paths: $ sudo ser[...]

LL2354.book Page 88 Monday, October 20, 2003 9:47 AM[...]

9 89 9 W ork ing With Prin t Ser vice Commands y ou can use to manage the P rint service in Mac OS X Ser ver . Star ting and Stopping Prin t Ser vice T o star t Print service: $ sudo serveradmin start print T o stop Print service: $ sudo serveradmin stop print Checking the Status of Print Ser vice T o see summar y status of Print service: $ sudo se[...]

90 Chapter 9 Working With Print Service Changing Prin t Ser vice Settings T o change a setting: $ sudo serveradmin settings print:setting = value T o change several settings: $ sudo serveradmin settings print:setting = value print:setting = value print:setting = value [...] Control-D Prin t Ser vice Settings Use the following parameters with the se[...]

Chapter 9 Working With Print Service 91 Queue Data Arra y Print service settings include an array of value s for each existing print queue . T he array is a set of 1 4 parameters that define values for each queue. <id> is the queue ID , for example, 29D3ECF3-17C8-16E5-A330-84CEC733F249 . Par ameter ( print: ) Description queuesArray:_array_id[...]

92 Chapter 9 Working With Print Service Here is an example of a queue array parameter block: print:queuesArray:_array_id:29D3ECF3-17C8-16E5-A330- 84CEC733F249:quotasEnforced = no print:queuesArray:_array_id:29D3ECF3-17C8-16E5-A330- 84CEC733F249:sharingList:_array_index:0:service = "LPR" print:queuesArray:_array_id:29D3ECF3-17C8-16E5-A330-[...]

Chapter 9 Working With Print Service 93 Prin t Ser vice serveradmin Commands Y ou can use the following commands with the serveradmin application to manage Print service. Listing Queues Y ou can use the serveradmin getQueues command to list Prin t ser vice queues. $ sudo serveradmin command print:command = getQueues P ausing a Queue Y ou can use th[...]

94 Chapter 9 Working With Print Service Listing Jobs and Job Information Y ou can use the serveradmin getJobs command to list information about print jobs . $ sudo serveradmin command print:command = getJobs print:maxDisplayJobs = jobs print:queueNamesArray:_array_index:0 = queue Control-D F or each job , the command lists: • Document name • Nu[...]

Chapter 9 Working With Print Service 95 T o release the job for printing , change its state t o PENDING . T o release the job: $ sudo serveradmin command print:command = setJobState print:status = PENDING print:namesArray:_array_index:0:printer = queue print:namesArray:_array_index:0:idsArray:_array_index:0 = jobid Control-D Viewing Print Ser vice [...]

LL2354.book Page 96 Monday, October 20, 2003 9:47 AM[...]

10 97 10 W ork ing With NetBoot Ser vice Commands y ou can use to manage the NetBoot service in Mac OS X Ser ver . Star ting and Stopping NetBoot Ser vice T o star t NetBoot ser vice: $ sudo serveradmin start netboot If you get the following response: $ netboot:state = "STOPPED" $ netboot:status = 5000 you have not yet enabled NetBoot on [...]

98 Chapter 10 Working With NetBoot Service Changing NetBoot Settings Y ou can change NetBoot ser vice settings using the serveradmin command. T o change a setting: $ sudo serveradmin settings netboot:setting = value T o change several settings: $ sudo serveradmin settings netboot:setting = value netboot:setting = value netboot:setting = value [...][...]

Chapter 10 Working With NetBoot Service 99 Storage Recor d Arra y A volume parameter array: F ilters Record Arr ay An array of the follo wing values appears in the NetBoot service settings for each computer explicitly allowed or denied acce ss to images stored on the ser ver: Par ameter ( netboot: ) Description netBootStorageRecordsArray:_array_ind[...]

100 Chapter 10 Working With NetBoot Service Image Record Arra y An array of the follo wing values appears in the NetBoot service settings for each image stored on the server: Par ameter ( netboot: ) Description: netBootImagesRecordsArray: _array_index:<n>:Name Name of the image as it appears in the Star tup Disk control panel (Mac OS 9) or Pr[...]

Chapter 10 Working With NetBoot Service 101 P or t Record Array An array of the follo wing items is included in the NetBoot service settings for each network port on the ser ver set to deliver images: Par ameter ( netboot: ) Description netBootPortsRecordsArray:_array_index:<m>: isEnabledAtIndex First parameter in an arra y describing a netwo[...]

LL2354.book Page 102 Monday, October 20, 2003 9:47 AM[...]

11 103 11 W ork ing With Mail Ser vice Commands y ou can use to manage the Mail service in Mac OS X Ser ver . Star ting and Stopping Mail Ser vice T o star t Mail ser vice: $ sudo serveradmin start mail T o stop Mail ser vice: $ sudo serveradmin stop mail Checking the Status of Mail S er vice T o see summar y status of Mail ser vice: $ sudo servera[...]

104 Chapter 11 Working With Mail Service Changing Mail Ser vice Settings Y ou can use serveradmin to modify your ser ver ’ s mail configuration. However , if you want to work with the M ail ser vice from the command-line, you ’ll probably find it more straightforward to work directly with the underlying P ostfix and C yrus mail services. F or i[...]

Chapter 11 Working With Mail Service 105 postfix:error_notice_recipient Default = "postmaster" postfix:smtpd_sasl_local_domain Default = no postfix:strict_mime_encoding_domain Default = no postfix:unknown_relay_recipient_reject_code Default = 550 postfix:disable_vrfy_command Default = no postfix:unknown_virtual_mailbox_reject_code Default[...]

106 Chapter 11 Working With Mail Service postfix:line_length_limit Default = 2048 postfix:mailbox_transport Default = 0 postfix:deliver_lock_delay Default = "1s" postfix:best_mx_transport Default = 0 postfix:notify_classes Default = "resource,software" postfix:mailbox_command Default = "" postfix:mydomain Default = <[...]

Chapter 11 Working With Mail Service 107 postfix:local_transport Default = "local:$myhostname" postfix:smtpd_helo_restrictions Default = no postfix:fork_delay Default = "1s" postfix:disable_mime_output_conversion Default = no postfix:mynetworks:_array_index:0 Default = "127.0.0.1/32" postfix:smtp_never_send_ehlo Defaul[...]

108 Chapter 11 Working With Mail Service postfix:parent_domain_matches_subdomains Default = "debug_peer_list,fast_flu sh_domains,mynetworks,per mit_mx_backup_networks,qm qpd_authorized_clients,re lay_domains,smtpd_access_ maps" postfix:setgid_group Default = "postdrop" postfix:mime_header_checks Default = "$header_checks&qu[...]

Chapter 11 Working With Mail Service 109 postfix:virtual_mailbox_limit Default = 51200000 postfix:smtpd_noop_commands Default = 0 postfix:mail_release_date Default = "20030319" postfix:append_at_myorigin Default = yes postfix:body_checks_size_limit Default = 51200 postfix:qmgr_message_active_limit Default = 20000 postfix:mail_name Default[...]

110 Chapter 11 Working With Mail Service postfix:queue_service_name Default = "qmgr" postfix:transport_maps Default = "" postfix:smtp_destination_concurrency_limit Default = "$default_destination_con currency_limit" postfix:virtual_mailbox_lock Default = "fcntl" postfix:qmgr_fudge_factor Default = 100 postfix[...]

Chapter 11 Working With Mail Service 111 postfix:showq_service_name Default = "showq" postfix:smtp_pix_workaround_delay_time Default = "10s" postfix:lmtp_sasl_security_options Default = "noplaintext, noanonymous" postfix:bounce_size_limit Default = 50000 postfix:qmqpd_timeout Default = "300s" postfix:allow_ma[...]

112 Chapter 11 Working With Mail Service postfix:proxy_read_maps Default = "$local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetwo[...]

Chapter 11 Working With Mail Service 113 postfix:append_dot_mydomain Default = yes postfix:command_expansion_filter Default = "1234567890!@%- _=+:,./abcdefghijklmnopqr stuvwxyzABCDEFGHIJKLMNOPQ RSTUVWXYZ" postfix:default_extra_recipient_limit Default = 1000 postfix:lmtp_data_done_timeout Default = "600s" postfix:myorigin Default[...]

114 Chapter 11 Working With Mail Service imap:umask Default = "077" imap:tls_ca_path Default = "" imap:pop_auth_gssapi Default = yes imap:sasl_minimum_layer Default = 0 imap:tls_cert_file Default = "" imap:poptimeout Default = 10 imap:tls_sieve_require_cert Default = no imap:mupdate_server Default = "" imap:t[...]

Chapter 11 Working With Mail Service 115 imap:tls_ca_file Default = "" imap:sasl_pwcheck_method Default = "auxprop" imap:postuser Default = "" imap:sieve_maxscripts Default = 5 imap:defaultpartition Default = "default" imap:altnamespace Default = yes imap:max_imap_connections Default = 100 imap:tls_imap_cert_[...]

116 Chapter 11 Working With Mail Service Mail serveradmin Commands Y ou can use the following commands with the serveradmin application to manage Mail ser vice. imap:configdirectory Default = "/var/imap" imap:sasl_maximum_layer Default = 256 imap:sendmail Default = "/usr/sbin/sendmail" imap:loginuseacl Default = no imap:mupdate_[...]

Chapter 11 Working With Mail Service 117 Listing Mail Ser vice Statistics Y ou can use the serveradmin getHistory command to display a log of periodic samples of the number of user connections and the data throughput. Samples ar e taken once each minute. T o list samples: $ sudo serveradmin command mail:command = getHistory mail:variant = statistic[...]

118 Chapter 11 Working With Mail Service Viewing the Mail Ser vice L ogs Y ou can use tail or any other file listing tool to view the con tents of the Mail service logs. T o view the latest entries in a log: $ tail log-file Y ou can use the serveradmin getLogPaths command to see where the Mail ser vice logs are located . T o display the log locatio[...]

Chapter 11 Working With Mail Service 119 Setting Up SSL for Mail Ser vice Mail ser vice requires some configuration to provide Secure Sockets Layer (SSL) connections automatically . The basic steps are as follows: • Generate a Cer tificate Signing Request (CSR) and create a k eychain. • Obtain an SSL cer tificate from an issuing authorit y . ?[...]

120 Chapter 11 Working With Mail Service 7 Ty p e y when prompted to confirm the algorithm and key size, then press Return. You have selected algorithm RSA, key size (size entered above) bits. OK (y/anything)? 8 Ty p e b when prompted to specify how this certificate will be used, then press Return. Enter cert/key usage (s=signing, b=signing AND enc[...]

Chapter 11 Working With Mail Service 121 Obtaining an SSL Certificate After generating a CSR and a keychain, you continue configuring Mail ser vice for automatic SSL connections by purchasing an SSL certificate from a certificate authority such as V erisign or Tha wte. Y ou can do this by completing a f orm on the certificate authority ’ s w ebsi[...]

122 Chapter 11 Working With Mail Service Creating a P assphrase F ile T o create a passphrase file, you will use T extEdit, then change the privileges of the file using the T erminal application. This file contains the passphrase you specified when you created the keychain. Mail ser vice will automatically use the passphrase file to unlock the k ey[...]

12 123 12 W ork ing With W eb T echnologies Commands y ou can use to manage W eb ser vice in Mac OS X Ser ver . Star ting and Stopping W eb Ser vice T o star t Web service: $ sudo serveradmin start web T o stop W eb ser vice: $ sudo serveradmin stop web Checking W eb S er vice Status T o see if W eb ser vice is running: $ sudo serveradmin status we[...]

124 Chapter 12 Working With Web Technologies T o list a group of settings: Y ou can list a group of settings that hav e par t of their names in common by typing only as much of the name as you want, stopping at a colon (:), and typing an asterisk (*) as a wildcard for the remaining parts of the name. For example , $ sudo serveradmin settings web:IF[...]

Chapter 12 Working With Web Technologies 125 T o change several settings: $ sudo serveradmin settings web:setting = value web:setting = value web:setting = value [...] Control-D W eb serveradmin Commands Y ou can use the following commands with the serveradmin application to manage W eb service. Listing Hosted Site s Y ou can use the serveradmin ge[...]

126 Chapter 12 Working With Web Technologies Viewing S er vice Statistics Y ou can use the serveradmin getHistory command to display a log of periodic samples of the number of requests , cache per formance , and data throughput. Samples are taken once each minute. T o list samples: $ sudo serveradmin command qtss:command = getHistory qtss:variant =[...]

Chapter 12 Working With Web Technologies 127 Example Script for A dding a W ebsite The following script shows how you can use serveradmin to add a website to the ser ver’ s W eb ser vice configuration. The script uses two files: • addsite The actual script you run. It accepts values for the site’ s IP address, por t number , server name, and [...]

128 Chapter 12 Working With Web Technologies web:Sites:_array_id:_ipaddr:_port__servername:ErrorDocument:_array_index:0: StatusCode = 404 web:Sites:_array_id:_ipaddr:_port__servername:ErrorDocument:_array_index:0: Document = "/nwesite_notfound.html" web:Sites:_array_id:_ipaddr:_port__servername:LogLevel = "warn" web:Sites:_ar[...]

13 129 13 W ork ing With Network Ser vices Commands y ou can use to manage DHCP , DNS, F irewall, NA T , and VPN ser vice in Mac OS X Ser ver . DHCP Ser vice Star ting and Stopping DHCP Ser vice T o star t DHCP ser vice: $ sudo serveradmin start dhcp T o stop DHCP ser vice: $ sudo serveradmin stop dhcp Checking the Status of DHCP Ser vice T o see s[...]

130 Chapter 13 Working With Network Services Changing DHCP Ser vice Settings T o change a setting: $ sudo serveradmin settings dhcp:setting = value T o change several settings: $ sudo serveradmin settings dhcp:setting = value dhcp:setting = value dhcp:setting = value [...] Control-D DHCP Ser vice Settings Use the following parameters with the serve[...]

Chapter 13 Working With Network Services 131 DHCP Subnet Settings Array An array of the settings listed in the f ollowing table is included in the DHCP service settings for each subnet you define. Y ou can add a subnet to the DHCP configuration by using serveradmin to add an array of the se settings. About Subnet IDs In an actual list of settings, [...]

132 Chapter 13 Working With Network Services lease_time_secs Lease time in seconds. Default = "3600" Corresponds to the L ease Time pop-up menu and field in the General pane of the subnet settings in the Ser ver Admin GUI application. net_address The IPv4 network address for the subnet. net_mask The subnet mask for the subnet. Corresponds[...]

Chapter 13 Working With Network Services 133 Adding a DHCP Subnet Y ou may already ha ve a subnet for each port you enabled when you installed and set up the ser ver . Y ou can use the serveradmin settings command to check for subnets that the ser ver set up for you; see “ Viewing DHCP Ser vice S ettings” on page 1 29. Y ou can use the serverad[...]

134 Chapter 13 Working With Network Services List of DHCP serveradmin Commands Y ou can use the following command with the serveradmin application to manage DHCP ser vice. Viewing the DHCP Ser vice Log Y ou can use tail or any other file listing tool to view the con tents of the DHCP service log. T o view the latest entries in a log: $ tail log-fil[...]

Chapter 13 Working With Network Services 135 DNS Ser vice Star ting and Stopping the DNS Ser vice T o star t DNS ser vice: $ sudo serveradmin start dns T o stop DNS ser vice: $ sudo serveradmin stop dns Checking the Status of DNS Ser vice T o see summar y status of DNS ser vice: $ sudo serveradmin status dns T o see detailed status of DNS ser vice:[...]

136 Chapter 13 Working With Network Services T o view the latest entries in a log: $ tail log-file Y ou can use the serveradmin getLogPaths command to see where the current DNS log is located. The defa ult is /Library/Logs/named.log . T o display the log path: $ sudo serveradmin command dns:command = getLogPaths Listing DNS Ser vice Statistics Y ou[...]

Chapter 13 Working With Network Services 137 Checking the Status of Fir ewall Ser vice T o see summar y status of Firewall service: $ sudo serveradmin status ipfilter T o see detailed status of Firewall service, including rules: $ sudo serveradmin fullstatus ipfilter Viewing Firewall Service Settings T o list Firewall service configuration settings[...]

138 Chapter 13 Working With Network Services IPFilter Gr oups With Rules Arr ay An array of the follo wing settings is included in the IPFilt er settings for each defined IP address gr oup. These arrays aren ’t part of a standard ipfw configuration, but are cr eated by the Ser ver Admin GUI application t o implement the IP Addr ess groups on the [...]

Chapter 13 Working With Network Services 139 The unmodified ipfw .conf file: # ipfw.conf.default - Installed by Apple, never modified by Server Admin app # # ipfw.conf - The servermgrd process (the back end of Server Admin app) # creates this from ipfw.conf.default if it's absent, but does not modify # it. # # Administrators can place custom i[...]

140 Chapter 13 Working With Network Services Adding Rules U sing serveradmin If you prefer not to work with the ipfw.conf file, you can use the serveradmin settings command to add firewall rules to your configuration. Note: Be sure to include the special first setting (ending with = create ). This is how you tell serveradmin to create the necessary[...]

Chapter 13 Working With Network Services 141 IPF ilter Rules Arra y An array of the follo wing settings is included in the IPFilt er settings for each defined firewall rule. In an actual list of settings, <rule> is replaced with a rule number . Y ou can add a rule by using serveradmin to create such an arra y in the firewall settings (see “[...]

142 Chapter 13 Working With Network Services Viewing Firewall Service Log Y ou can use tail or an y other file listing tool t o view the contents of the ipfilt er service log. T o view the latest entries in the log: $ tail log-file Y ou can use the serveradmin getLogPaths command to see where the current ipfilter service log is located. T o display[...]

Chapter 13 Working With Network Services 143 Changing NA T S er vice Settings T o change a setting: $ sudo serveradmin settings nat:setting = value T o change several settings: $ sudo serveradmin settings nat:setting = value nat:setting = value nat:setting = value [...] Control-D NA T S er vice Settings Use the following parameters with the servera[...]

144 Chapter 13 Working With Network Services NA T serveradmin Commands Y ou can use the following commands with the serveradmin application to manage NA T ser vice. Viewing the NA T Ser vice Log Y ou can use tail or any other file listing tool to view the con tents of the NA T service log. T o view the latest entries in the log: $ tail log-file Y o[...]

Chapter 13 Working With Network Services 145 VPN Ser vice Star ting and Stopping VPN S er vice T o star t VPN ser vice: $ sudo serveradmin start vpn T o stop VPN service: $ sudo serveradmin stop vpn Checking the Status of VPN Ser vice T o see summar y status of VPN service: $ sudo serveradmin status vpn T o see detailed status of VPN service: $ sud[...]

146 Chapter 13 Working With Network Services List of VPN Service Settings Use the following parameters with the serveradmin command to change settings for VPN ser vice. Par ameter ( vpn:Servers: ) Description com.<name>.ppp.l2tp: Server:VerboseLogging Default = 1 com.<name>.ppp.l2tp: Server:MaximumSessions Default = 128 com.<name>[...]

Chapter 13 Working With Network Services 147 com.<name>.ppp.l2tp: PPP:DSACLEnabled Default = no com.<name>.ppp.l2tp: PPP:VerboseLogging Default = 1 com.<name>.ppp.l2tp: PPP:AuthenticatorPlugins: _array_index: n Default = "DSAuth" com.<name>.ppp.l2tp: PPP:LCPEchoInterval Default = 60 com.<name>.ppp.l2tp: PPP:L[...]

148 Chapter 13 Working With Network Services com.<name>.ppp.pptp: Interface:SubType Default = "PPTP" com.<name>.ppp.pptp: Interface:Type Default = "PPP" com.<name>.ppp.pptp: PPP:CCPProtocols:_array_index: n Default = "MPPE" com.<name>.ppp.pptp: PPP:LCPEchoFailure Default = 5 com.<name>.ppp[...]

Chapter 13 Working With Network Services 149 List of VPN serveradmin C ommands Y ou can use the following commands with the serveradmin application to manage VPN ser vice. Viewing the VPN Ser vice Log Y ou can use tail or any other file listing tool to view the con tents of the VPN ser vice log. T o view the latest entries in the log: $ tail log-fi[...]

150 Chapter 13 Working With Network Services IP F ailover IP failover allows a secondary ser ver to acquire the IP addre ss of a primary ser ver if the primar y server ceases to function. Once the primary ser ver returns to normal operation, the secondar y ser ver relinquishes the IP addr ess. This allows your w ebsite to remain available on the ne[...]

Chapter 13 Working With Network Services 151 Enabling IP F ailover Y ou enable IP failover by adding command line s to the file /etc/hostconfig on the primar y and the secondar y ser ver . Be sure to en ter these lines exactly as shown with regard to s paces and punctuation marks. T o enable IP failover: 1 At the primary ser ver , add the f ollowin[...]

152 Chapter 13 Working With Network Services Configuring IP F ailover Y ou configure failover beha vior using scripts. The scripts must be ex ecutable (for example, shell scripts, Perl, compiled C code, or executable AppleScripts). Y ou place these scripts in /Library/IPF ailover/<IP addre ss> on the secondary ser ver . Y ou need to create a [...]

Chapter 13 Working With Network Services 153 F or example , your secondary ser ver may perform other services on the netw ork such as running a statistical analysis application and distributed image processing software. A preacquisition script quits the running applications to free up the CPU f or the W eb ser ver . A postacquisition script starts [...]

LL2354.book Page 154 Monday, October 20, 2003 9:47 AM[...]

14 155 14 W ork ing With Open Director y Commands y ou can use to manage the Open Dir ector y ser vice in Mac OS X Ser ver . This chapter includes de scriptions of general director y tools and tools for w orking with LDAP , NetInf o , and the P assword Ser ver . General Director y T ools T esting Y our Open Director y Configuration Y ou can use the[...]

156 Chapter 14 Working With Open Directory Registering URLs With Ser vice Location P rotocol (SLP) Y ou can use the slp_reg command to register service URLs using the Ser vice Location Prot ocol (SLP). F or more information, type man slp_reg to see the man page. SLP registration is handled by the SLP daemon slpd . For more inf ormation, type man sl[...]

Chapter 14 Working With Open Directory 157 LDAP Configuring LDAP The follo wing tools are av ailable for configuring LDAP . F or more inf ormation, see the man page for each tool. slapconfig Y ou can use the slapconfig utility to configure the slapd and slurpd LDAP daemons and related search policies . For more inf ormation, type man slapconfig to [...]

158 Chapter 14 Working With Open Directory The -x option force s ldapsearch to use simple authentication inst ead of SASL. Idle Rebinding Options The follo wing two LDAPv3 plugin parameters aren ’t documented in the open directory administration guide. The parameters are in, or can be added to, the file /librar y/preference s/directoryser vice/DS[...]

Chapter 14 Working With Open Directory 159 NetInfo Configuring NetInf o Y ou can use the following command-line utilities to manage the NetInfo direc tory . For more information about a utilit y , see the related man page. F or example, you can use the NeST -setprotocols command to specify which authentication methods the server ’ s Open Director[...]

160 Chapter 14 Working With Open Directory F or information on the a vailable methods , see the Open Directory administration guide. Kerberos and Single Sign On The following tools are av ailable for setting up your Kerberos and Single Sign-On environmen t. For more inf ormation on a tool, see the related man page. T ool (in usr/sbin/) Description [...]

15 161 15 W ork ing With QuickTime Streaming Ser ver Commands y ou can use to manage Q TSS ser vice in Mac OS X Ser ver . Star ting Q TSS Ser vice Y ou can use the serveradmin command to star t QTSS service, or you can use the quicktimestreamingserver command to specify additional service parameters when you star t the ser vice. T o star t QTSS ser[...]

162 Chapter 15 Working With QuickTime Streaming Server Viewing QT SS Settings T o list all QTSS service settings: $ sudo serveradmin settings qtss T o list a par ticular setting: $ sudo serveradmin settings qtss:setting T o list a group of settings: Y ou can list a group of settings that hav e par t of their names in common by typing only as much o[...]

Chapter 15 Working With QuickTime Streaming Server 163 Q TSS Settings Use the following parameters with the serveradmin command to change settings for the QT SS service. Descriptions of Settings T o see descriptions of most QTSS settings, you can look in the sample settings file /Librar y/Quick TimeStreaming/C onfig/streamingserver .xml-sample . Lo[...]

164 Chapter 15 Working With QuickTime Streaming Server modules:_array_id:QTSSAdminModule: AdministratorGroup Default = "admin " modules:_array_id:QTSSAdminModule: Authenticate Default = yes modules:_array_id:QTSSAdminModule: enable_remote_admin Default = yes modules:_array_id:QTSSAdminModule: IPAccessList Default = "127.0.0.* " [...]

Chapter 15 Working With QuickTime Streaming Server 165 modules:_array_id:QTSSReflectorModule: allow_broadcasts Default = yes modules:_array_id:QTSSReflectorModule: allow_non_sdp_urls Default = yes modules:_array_id:QTSSReflectorModule: BroadcasterGroup Default = "broadcaster" modules:_array_id:QTSSReflectorModule: broadcast_dir_list Defau[...]

166 Chapter 15 Working With QuickTime Streaming Server Q TSS serveradmin C ommands Y ou can use the following commands with the serveradmin application to manage QT SS service. Listing Curr ent C onnections Y ou can use the serveradmin getConnectedUsers command to retrieve inf ormation about QT SS connections. T o list connec ted users: $serveradmi[...]

Chapter 15 Working With QuickTime Streaming Server 167 Viewing QT SS Ser vice Statistics Y ou can use the serveradmin getHistory command to display a log of periodic samples of the number of connections and the data throughput. Samples ar e taken once each minute. T o list samples: $ sudo serveradmin command qtss:command = getHistory qtss:variant =[...]

168 Chapter 15 Working With QuickTime Streaming Server Viewing Ser vice L ogs Y ou can use tail or any other file listing tool to view the con tents of the Q TSS ser vice logs. T o view the latest entries in a log: $ tail log-file Y ou can use the serveradmin getLogPaths command to see where the current Q TSS error and activity logs are located. T [...]

Chapter 15 Working With QuickTime Streaming Server 169 Pr eparing Older Home Directories f or User Streaming If you want to enable QT SS home director y streaming for home directories created using an earlier version of Mac OS X Ser ver (before version 1 0.3), y ou need to set up the necessary streaming media folder in each user ’ s home director[...]

LL2354.book Page 170 Monday, October 20, 2003 9:47 AM[...]

171 Index Index A AFP (Apple Filing Protocol) canceling user disconnect 74 changing service settings 68 checking service status 67 disconnecting users 73 listing connected users 72 sending user message 73 service settings 68 starting service 67 stopping service 67 viewing service logs 76 viewing service settings 67 viewing service statistics 75 Air[...]

172 Index F file system, case-sensitive 51 File Transfer Protocol. See FTP fingerprint, RSA 17 Firewall service. See IPFilter service fsck command 50 FTP (File Transfer Protocol) changing service settings 78 checking connections 80 checking service status 77 service settings 78 starting service 77 stopping service 77 viewing service logs 80 viewing[...]

Index 173 checking service status 142 service settings 143 starting service 142 stopping service 142 viewing service logs 144 viewing service settings 142 NeST tool 159 NetBoot service changing settings 98 checking status 97 filters record array 99 general settings 98 image record array 100 port record array 101 starting 97 stopping 97 storage reco[...]

174 Index S SASL used by ldapsearch 157 scripts adding a website 127 Secure Sockets Layer. See SSL serial number, server software 26 serveradmin utility usage notes 19 server configuration file example 22 naming 25 saving 21 Server Message Block. See SMB serversetup utility usage notes 19 Service Location Protocol. See SLP share points creating 66 [...]

Index 175 starting service 145 stopping service 145 viewing service logs 149 viewing service settings 145 W web proxy settings 43 Web service changing settings 124 checking status 123 listing sites 125 script to add site 127 starting 123 stopping 123 viewing logs 125 viewing settings 123 viewing statistics 126 websites script for adding 127 Windows[...]