Apple oxs - Manual

11 P refac e About This Book Notation Conventions The following conventions are used throughout this book. Summary Commands and Other Terminal Text Commands or command parameters that you might type, along with other text that normally appears in a Terminal window, are shown in this font. For exampl...

12 Preface About This Book Parameters You Must Type as Shown If you need to type a parameter as shown, it appears following the command in the same font. For example, $ doit -w later -t 12:30 To use the command in the above example, type the entire line as shown. Parameter Values You Provide If you ...

1 13 1 Typing Commands How to use Terminal to execute commands, connect to a remote server, and view online information about commands and utilities. To access a UNIX shell command prompt, you open the Terminal application. In Terminal, you can use the ssh command to log in to other servers. You can...

14 Chapter 1 Typing Commands To type a command: m Wait for a prompt to appear in the Terminal window, then type the command and press Return. If you get the message command not found , check your spelling. If the error recurs, the program you’re trying to run might not be in your default search path...

Chapter 1 Typing Commands 15 Commands Requiring Root Privileges Many commands used to manage a server must be executed by the root user. If you get a message such as “permission denied,” the command probably requires root privileges. To issue a single command as the root user, begin the command with...

16 Chapter 1 Typing Commands Sending Commands to a Remote Server Secure Shell (SSH) lets you send secure, encrypted commands to a server over the network. You can use the ssh command in Terminal to open a command-line connection to a remote server. While the connection is open, commands you type are...

Chapter 1 Typing Commands 17 Updating SSH Key Fingerprints The first time you connect to a remote server using SSH, the local computer asks if it can add the remote server’s “fingerprint” (a security key) to a list of known remote computers. You might see a message like this: The authenticity of hos...

18 Chapter 1 Typing Commands Using Telnet Because it isn’t as secure as SSH, Telnet access isn’t enabled by default. To enable Telnet access: $ service telnet start To disable Telnet access: $ service telnet stop Getting Online Help for Commands Onscreen help is available for most commands and utili...

Chapter 1 Typing Commands 19 Notes About Specific Commands and Tools serversetup The serversetup utility is located in /System/Library/ServerSetup. To run this command, you can type the full path, for example: $ /System/Library/ServerSetup/serversetup -getAllPort Or, if you want to use the utility t...

2 21 2 Installing Server Software and Finishing Basic Setup Commands you can use to install, set up, and update Mac OS X Server software on local or remote computers. Installing Server Software You can use the installer command to install Mac OS X Server or other software on a computer. For more inf...

22 Chapter 2 Installing Server Software and Finishing Basic Setup To create a template configuration file at any time after initial setup: 1 Open the Server Assistant (in /Applications/Server). 2 In the Welcome pane, choose “Save setup information in a file or directory record” and click Continue. 3...

Chapter 2 Installing Server Software and Finishing Basic Setup 25 Naming Configuration Files The Server Assistant recognizes configuration files with these names: • MAC-address-of-server.plist • IP-address-of-server.plist • hardware-serial-number-of-server.plist • full-host-name-of-server.plist • ge...

26 Chapter 2 Installing Server Software and Finishing Basic Setup Viewing, Validating, and Setting the Software Serial Number You can use the serversetup command to view or set the server’s software serial number or to validate a server software serial number. The serversetup utility is located in /...

Chapter 2 Installing Server Software and Finishing Basic Setup 27 Moving a Server Try to place a server in its final network location (subnet) before setting it up for the first time. If you’re concerned about unauthorized or premature access, you can set up a firewall to protect the server while yo...

3 29 3 Restarting or Shutting Down a Server Commands you can use to shut down or restart a local or remote server. Restarting a Server You can use the reboot or shutdown -r command to restart a server at a specific time. For more information, see the man pages. Examples To restart the local server: ...

30 Chapter 3 Restarting or Shutting Down a Server Changing a Remote Server’s Startup Disk You can change a remote server’s startup disk using SSH. To change the startup disk: Log in to the remote server using SSH and type $ bless -folder "/Volumes/disk/System/Library/CoreServices" -setOF For...

4 31 4 Setting General System Preferences Commands you can use to set system preferences, usually set using the System Preferences GUI application. Computer Name You can use the systemsetup command to view or change a server’s computer name (the name used to browse for AFP share points on the server...

32 Chapter 4 Setting General System Preferences Viewing or Changing the System Date To view the current system date: $ sudo systemsetup -getdate or $ serversetup -getDate To set the current system date: $ sudo systemsetup -setdate mm:dd:yy or $ sudo serversetup -setDate mm/dd/yy Viewing or Changing ...

Chapter 4 Setting General System Preferences 33 Viewing or Changing Network Time Server Usage To see if a network time server is being used: $ sudo systemsetup -getusingnetworktime To enable or disable use of a network time server: $ sudo systemsetup -setusingnetworktime (on|off) To view the current...

34 Chapter 4 Setting General System Preferences To set how long the system waits to restart after a power failure: $ sudo systemsetup -setWaitForStartupAfterPowerFailure seconds To see if the system is set to restart after a system freeze: $ sudo systemsetup -getrestartfreeze To set the system to re...

Chapter 4 Setting General System Preferences 35 Sharing Settings You can use the systemsetup command to view or change settings that would otherwise be set using the Sharing pane of System Preferences. Viewing or Changing Remote Login Settings You can use SSH to log in to a remote server if remote l...

36 Chapter 4 Setting General System Preferences Login Settings Disabling the Restart and Shutdown Buttons To disable or enable the Restart and Shutdown buttons in the login dialog: $ sudo serversetup -setDisableRestartShutdown (0|1) 0 disables the buttons. 1 enables the buttons. To view the current ...

5 37 5 Network Preferences Commands you can use to change a server’s network settings. Network Interface Information This section describes commands you address to a specific hardware device (for example, en0 ) or port (for example, Built-in Ethernet ). If you prefer to work with network port config...

38 Chapter 5 Network Preferences Viewing or Changing MTU Values You can use these commands to change the maximum transmission unit (MTU) size for a port. To view the MTU value for a hardware port: $ sudo networksetup -getMTU (devicename|"portname") To list valid MTU values for a hardware por...

Chapter 5 Network Preferences 39 To enable or disable a port configuration: $ sudo networksetup -setnetworkserviceenabled configuration (on|off) Changing Configuration Precedence To list the configuration order: $ sudo networksetup -listnetworkserviceorder The configurations are listed in the order ...

40 Chapter 5 Network Preferences Viewing or Changing IP Address, Subnet Mask, or Router Address You can use the serversetup and networksetup commands to change a computer’s TCP/IP settings. Important: Changing a server’s IP address isn’t as simple as changing the TCP/IP settings. You must first run ...

Chapter 5 Network Preferences 41 Viewing or Changing DNS Servers To view the DNS servers for port en0: $ serversetup -getDefaultDNSServer (devicename|"portname") To change the DNS servers for port en0: $ sudo serversetup -setDefaultDNSServer (devicename|"portname") server1 [server2] ...

42 Chapter 5 Network Preferences Enabling TCP/IP To enable TCP/IP on a particular port: $ serversetup -EnableTCPIP [(devicename|"portname")] If you don’t provide an interface, en0 is assumed. To disable TCP/IP on a particular port: $ serversetup -DisableTCPIP [(devicename|"portname")...

Chapter 5 Network Preferences 43 To view the FTP passive setting for a configuration: $ sudo networksetup -getpassiveftp "configuration" To enable or disable FTP passive mode for a configuration: $ sudo networksetup -setpassiveftp "configuration" (on|off) To enable or disable the FTP...

44 Chapter 5 Network Preferences Viewing or Changing SOCKS Firewall Proxy Settings To view the SOCKS firewall proxy information for a configuration: $ sudo networksetup -getsocksfirewallproxy "configuration" To set the SOCKS firewall proxy information for a configuration: $ sudo networksetup...

Chapter 5 Network Preferences 45 To change the computer name: $ sudo systemsetup -setcomputername computername or $ sudo networksetup -setcomputername computername or $ sudo serversetup -setComputername computername To validate a computer name: $ serversetup -verifyComputername computername Viewing ...

6 47 6 Working With Disks and Volumes Commands you can use to prepare, use, and test disks and volumes. Mounting and Unmounting Volumes You can use the mount_afp command to mount an AFP volume. For more information, type man mount_afp to see the man page. Mounting Volumes You can use the mount comma...

48 Chapter 6 Working With Disks and Volumes Monitoring Disk Space When you need more vigilant monitoring of disk space than the log rolling scripts provide, you can use the diskspacemonitor command-line tool. It lets you monitor disk space and take action more frequently than once a day when disk sp...

Chapter 6 Working With Disks and Volumes 49 Reclaiming Disk Space Using Log Rolling Scripts Three predefined scripts are executed automatically to reclaim space used on your server for log files generated by • Apple file service • Windows service • Web service • Web performance cache • Mail service ...

50 Chapter 6 Working With Disks and Volumes Managing Disk Journaling Checking to See if Journaling is Enabled You can use the mount command to see if journaling is enable on a volume. To see if journaling is enabled: $ mount Look for journaled in the attributes in parentheses following a volume. For...

Chapter 6 Working With Disks and Volumes 51 Enabling Journaling When You Erase a Disk You can use the newfs_hfs command to set up and enable journaling when you erase a disk. To enable journaling when erasing a disk: $ newfs_hfs -J -v volname device Disabling Journaling To disable journaling: $ disk...

52 Chapter 6 Working With Disks and Volumes Imaging and Cloning Volumes Using ASR You can use Apple Software Restore (ASR) to copy a disk image onto a volume or prepare existing disk images with checksum information for faster copies. ASR can perform file copies, in which individual files are restor...

7 53 7 Working With Users and Groups Commands you can use to set up and manage users and groups in Mac OS X Server. Creating Server Administrator Users You can use the serversetup command to create administrator users for a server. To create regular users, see “Importing Users and Groups” on page 54...

54 Chapter 7 Working With Users and Groups Importing Users and Groups You can use the dsimportexport command to import user and group accounts. Note: Despite its name, dsimportexport can’t be used to export user records. The utility is in /Applications/Server/Workgroup Manager.app/Contents/Resources...

Chapter 7 Working With Users and Groups 55 3 Open the Terminal application and type the dsimportexport command. The tool is located in /Applications/Utilities/Workgroup Manager.app/Contents/Resources. To include the space in the path name, precede it with a backslash (\). For example: /Applications/...

56 Chapter 7 Working With Users and Groups In addition, you can include • UserShell (the default shell) • NFSHomeDirectory (the path to the user’s home directory on the user’s computer) • Other user data types, described under “User Attributes” on page 57 For group accounts, the list of attributes m...

Chapter 7 Working With Users and Groups 57 An example user account looks like this: jim:Adl47E$:408:20:J. Smith, Jr., M.D.:/Network/Servers/somemac/Homes/jim:/bin/csh Using the StandardGroupRecord Shorthand When the first record in a character-delimited import file contains StandardGroupRecord , the...

60 Chapter 7 Working With Users and Groups Mail Attributes in User Records The following table lists the standard XML data structures for a user mail attribute, part of a standard user record. MailAttribute field Description Sample values AttributeVersion A required case-insensitive value that must ...

62 Chapter 7 Working With Users and Groups Checking a Server User’s Name, UID, or Password You can use the following commands to check the name, UID, or password of a user in the server’s local directory. Note: These tasks only apply to the local directory on the server. To see if a full name is alr...

Chapter 7 Working With Users and Groups 63 Creating a User’s Home Directory Normally, you can create a user's home directory by clicking the Create Home Now button on the Homes pane of Workgroup Manager. You can also create home directory folders using the createhomedir tool. Otherwise, Mac OS X Ser...

8 65 8 Working With File Services Commands you can use to create share points and manage AFP, NFS, Windows (SMB), and FTP services in Mac OS X Server. Share Points You can use the sharing tool to list, create, and modify share points. Listing Share Points To list existing share points: $ sharing -l ...

66 Chapter 8 Working With File Services Creating a Share Point To create a share point: $ sharing -a path [-n customname] [-A afpname] [-F ftpname] [-S smbname] [-s shareflags] [-g guestflags] [-i inheritflags] [-c creationmask] [-d directorymask] [-o oplockflag] [-t strictlockingflag] Examples $ sh...

Chapter 8 Working With File Services 67 Shares the directory named Windows Docs on the disk 100GB. The share point is named WinDocs for server management purposes, but SMB users see it as Documents. It’s shared using only the SMB protocol with oplocks enabled. Modifying a Share Point To change share...

68 Chapter 8 Working With File Services To list a particular setting: $ sudo serveradmin settings afp:setting To list a group of settings: You can list a group of settings that have part of their names in common by typing only as much of the name as you want, stopping at a colon (:), and typing an a...

72 Chapter 8 Working With File Services List of AFP serveradmin Commands In addition to the standard start , stop , status , and settings commands, you can use serveradmin to issue the following service-specific AFP commands. Listing Connected Users You can use the serveradmin getConnectedUsers comm...

Chapter 8 Working With File Services 73 Sending a Message to AFP Users You can use the serveradmin sendMessage command to send a text message to connected AFP users. Users are specified by session ID. To send a message: $ sudo serveradmin command afp:command = sendMessage afp:message = "message-...

74 Chapter 8 Working With File Services Output afp:command = "disconnectUsers" afp:messageSent = "<message>" afp:timeStamp = "< time> " afp:timerID = <disconnectID> <user listing> afp:status = <status> Canceling a User Disconnect You can use the ...

Chapter 8 Working With File Services 75 Listing AFP Service Statistics You can use the serveradmin getHistory command to display a log of periodic samples of the number of connections and the data throughput. Samples are taken once each minute. To list samples: $ sudo serveradmin command afp:command...

76 Chapter 8 Working With File Services Viewing AFP Log Files You can use tail or any other file listing tool to view the contents of the AFP service logs. To view the latest entries in a log: $ tail log-file You can use the serveradmin getLogPaths command to see where the current AFP error and acti...

Chapter 8 Working With File Services 77 Changing NFS Service Settings Use the following parameters with the serveradmin command to change settings for the NFS service. FTP Service Starting FTP Service To start FTP service: $ sudo serveradmin start ftp Stopping FTP Service To stop FTP service: $ sudo...

78 Chapter 8 Working With File Services Changing FTP Settings You can change FTP service settings using the serveradmin application. To change a setting: $ sudo serveradmin settings ftp:setting = value To change several settings: $ sudo serveradmin settings ftp:setting = value ftp:setting = value ft...

Chapter 8 Working With File Services 79 List of FTP serveradmin Commands You can use the following commands with the serveradmin application to manage FTP service. logCommands:anonymous Default = no logCommands:guest Default = no logCommands:real Default = no loginFailuresPermitted Default = 3 logSe...

80 Chapter 8 Working With File Services Viewing the FTP Transfer Log You can use tail or any other file listing tool to view the contents of the FTP transfer log. To view the latest entries in the transfer log: $ tail log-file The default location of log-file is /Library/Logs/FTP.transger.log. You c...

Chapter 8 Working With File Services 81 Viewing SMB Settings To list all SMB service settings: $ sudo serveradmin settings smb To list a particular setting: $ sudo serveradmin settings smb:setting To list a group of settings: You can list a group of settings that have part of their names in common b...

82 Chapter 8 Working With File Services List of SMB Service Settings Use the following parameters with the serveradmin command to change settings for the SMB service. Parameter ( smb: ) Description adminCommands:homes Whether home directories are mounted automatically when Windows users log in so yo...

84 Chapter 8 Working With File Services List of SMB serveradmin Commands You can use these commands with the serveradmin tool to manage SMB service. Listing SMB Users You can use the serveradmin getConnectedUsers command to retrieve information about connected SMB users. For example, you can use thi...

Chapter 8 Working With File Services 85 Output The following array of settings is displayed for each connected user: smb:usersArray:_array_index:i:disconnectID = <disconnectID> smb:usersArray:_array_index:i:sessionID = <sessionID> smb:usersArray:_array_index:i:connectAt = <connect-tim...

86 Chapter 8 Working With File Services Listing SMB Service Statistics You can use the serveradmin getHistory command to display a log of periodic samples of the number of SMB connections. Samples are taken once each minute. To list samples: $ sudo serveradmin command smb:command = getHistory smb:va...

Chapter 8 Working With File Services 87 Viewing SMB Service Logs You can use tail or any other file listing tool to view the contents of the SMB service logs. To view the latest entries in a log: $ tail log-file You can use the serveradmin getLogPaths command to see where the current SMB logs are lo...

9 89 9 Working With Print Service Commands you can use to manage the Print service in Mac OS X Server. Starting and Stopping Print Service To start Print service: $ sudo serveradmin start print To stop Print service: $ sudo serveradmin stop print Checking the Status of Print Service To see summary s...

90 Chapter 9 Working With Print Service Changing Print Service Settings To change a setting: $ sudo serveradmin settings print:setting = value To change several settings: $ sudo serveradmin settings print:setting = value print:setting = value print:setting = value [...] Control-D Print Service Setti...

Chapter 9 Working With Print Service 91 Queue Data Array Print service settings include an array of values for each existing print queue. The array is a set of 14 parameters that define values for each queue. <id> is the queue ID, for example, 29D3ECF3-17C8-16E5-A330-84CEC733F249 . Parameter (...

92 Chapter 9 Working With Print Service Here is an example of a queue array parameter block: print:queuesArray:_array_id:29D3ECF3-17C8-16E5-A330- 84CEC733F249:quotasEnforced = no print:queuesArray:_array_id:29D3ECF3-17C8-16E5-A330- 84CEC733F249:sharingList:_array_index:0:service = "LPR" prin...

Chapter 9 Working With Print Service 93 Print Service serveradmin Commands You can use the following commands with the serveradmin application to manage Print service. Listing Queues You can use the serveradmin getQueues command to list Print service queues. $ sudo serveradmin command print:command ...

94 Chapter 9 Working With Print Service Listing Jobs and Job Information You can use the serveradmin getJobs command to list information about print jobs. $ sudo serveradmin command print:command = getJobs print:maxDisplayJobs = jobs print:queueNamesArray:_array_index:0 = queue Control-D For each jo...

Chapter 9 Working With Print Service 95 To release the job for printing, change its state to PENDING . To release the job: $ sudo serveradmin command print:command = setJobState print:status = PENDING print:namesArray:_array_index:0:printer = queue print:namesArray:_array_index:0:idsArray:_array_ind...

10 97 10 Working With NetBoot Service Commands you can use to manage the NetBoot service in Mac OS X Server. Starting and Stopping NetBoot Service To start NetBoot service: $ sudo serveradmin start netboot If you get the following response: $ netboot:state = "STOPPED" $ netboot:status = 5000...

98 Chapter 10 Working With NetBoot Service Changing NetBoot Settings You can change NetBoot service settings using the serveradmin command. To change a setting: $ sudo serveradmin settings netboot:setting = value To change several settings: $ sudo serveradmin settings netboot:setting = value netboot...

Chapter 10 Working With NetBoot Service 99 Storage Record Array A volume parameter array: Filters Record Array An array of the following values appears in the NetBoot service settings for each computer explicitly allowed or denied access to images stored on the server: Parameter ( netboot: ) Descrip...

100 Chapter 10 Working With NetBoot Service Image Record Array An array of the following values appears in the NetBoot service settings for each image stored on the server: Parameter ( netboot: ) Description: netBootImagesRecordsArray: _array_index:<n>:Name Name of the image as it appears in t...

Chapter 10 Working With NetBoot Service 101 Port Record Array An array of the following items is included in the NetBoot service settings for each network port on the server set to deliver images: Parameter ( netboot: ) Description netBootPortsRecordsArray:_array_index:<m>: isEnabledAtIndex Fi...

11 103 11 Working With Mail Service Commands you can use to manage the Mail service in Mac OS X Server. Starting and Stopping Mail Service To start Mail service: $ sudo serveradmin start mail To stop Mail service: $ sudo serveradmin stop mail Checking the Status of Mail Service To see summary status...

104 Chapter 11 Working With Mail Service Changing Mail Service Settings You can use serveradmin to modify your server’s mail configuration. However, if you want to work with the Mail service from the command-line, you’ll probably find it more straightforward to work directly with the underlying Post...

116 Chapter 11 Working With Mail Service Mail serveradmin Commands You can use the following commands with the serveradmin application to manage Mail service. imap:configdirectory Default = "/var/imap" imap:sasl_maximum_layer Default = 256 imap:sendmail Default = "/usr/sbin/sendmail"...

Chapter 11 Working With Mail Service 117 Listing Mail Service Statistics You can use the serveradmin getHistory command to display a log of periodic samples of the number of user connections and the data throughput. Samples are taken once each minute. To list samples: $ sudo serveradmin command mail...

118 Chapter 11 Working With Mail Service Viewing the Mail Service Logs You can use tail or any other file listing tool to view the contents of the Mail service logs. To view the latest entries in a log: $ tail log-file You can use the serveradmin getLogPaths command to see where the Mail service log...

Chapter 11 Working With Mail Service 119 Setting Up SSL for Mail Service Mail service requires some configuration to provide Secure Sockets Layer (SSL) connections automatically. The basic steps are as follows: • Generate a Certificate Signing Request (CSR) and create a keychain. • Obtain an SSL cer...

Chapter 11 Working With Mail Service 121 Obtaining an SSL Certificate After generating a CSR and a keychain, you continue configuring Mail service for automatic SSL connections by purchasing an SSL certificate from a certificate authority such as Verisign or Thawte. You can do this by completing a f...

122 Chapter 11 Working With Mail Service Creating a Passphrase File To create a passphrase file, you will use TextEdit, then change the privileges of the file using the Terminal application. This file contains the passphrase you specified when you created the keychain. Mail service will automaticall...

12 123 12 Working With Web Technologies Commands you can use to manage Web service in Mac OS X Server. Starting and Stopping Web Service To start Web service: $ sudo serveradmin start web To stop Web service: $ sudo serveradmin stop web Checking Web Service Status To see if Web service is running: $...

124 Chapter 12 Working With Web Technologies To list a group of settings: You can list a group of settings that have part of their names in common by typing only as much of the name as you want, stopping at a colon (:), and typing an asterisk (*) as a wildcard for the remaining parts of the name. Fo...

Chapter 12 Working With Web Technologies 125 To change several settings: $ sudo serveradmin settings web:setting = value web:setting = value web:setting = value [...] Control-D Web serveradmin Commands You can use the following commands with the serveradmin application to manage Web service. Listing...

126 Chapter 12 Working With Web Technologies Viewing Service Statistics You can use the serveradmin getHistory command to display a log of periodic samples of the number of requests, cache performance, and data throughput. Samples are taken once each minute. To list samples: $ sudo serveradmin comma...

Chapter 12 Working With Web Technologies 127 Example Script for Adding a Website The following script shows how you can use serveradmin to add a website to the server’s Web service configuration. The script uses two files: • addsite The actual script you run. It accepts values for the site’s IP addr...

128 Chapter 12 Working With Web Technologies web:Sites:_array_id:_ipaddr\:_port__servername:ErrorDocument:_array_index:0: StatusCode = 404 web:Sites:_array_id:_ipaddr\:_port__servername:ErrorDocument:_array_index:0: Document = "/nwesite_notfound.html" web:Sites:_array_id:_ipaddr\:_port__serv...

13 129 13 Working With Network Services Commands you can use to manage DHCP, DNS, Firewall, NAT, and VPN service in Mac OS X Server. DHCP Service Starting and Stopping DHCP Service To start DHCP service: $ sudo serveradmin start dhcp To stop DHCP service: $ sudo serveradmin stop dhcp Checking the St...

130 Chapter 13 Working With Network Services Changing DHCP Service Settings To change a setting: $ sudo serveradmin settings dhcp:setting = value To change several settings: $ sudo serveradmin settings dhcp:setting = value dhcp:setting = value dhcp:setting = value [...] Control-D DHCP Service Settin...

Chapter 13 Working With Network Services 131 DHCP Subnet Settings Array An array of the settings listed in the following table is included in the DHCP service settings for each subnet you define. You can add a subnet to the DHCP configuration by using serveradmin to add an array of these settings. A...

Chapter 13 Working With Network Services 133 Adding a DHCP Subnet You may already have a subnet for each port you enabled when you installed and set up the server. You can use the serveradmin settings command to check for subnets that the server set up for you; see “Viewing DHCP Service Settings” on...

134 Chapter 13 Working With Network Services List of DHCP serveradmin Commands You can use the following command with the serveradmin application to manage DHCP service. Viewing the DHCP Service Log You can use tail or any other file listing tool to view the contents of the DHCP service log. To view...

Chapter 13 Working With Network Services 135 DNS Service Starting and Stopping the DNS Service To start DNS service: $ sudo serveradmin start dns To stop DNS service: $ sudo serveradmin stop dns Checking the Status of DNS Service To see summary status of DNS service: $ sudo serveradmin status dns To...

136 Chapter 13 Working With Network Services To view the latest entries in a log: $ tail log-file You can use the serveradmin getLogPaths command to see where the current DNS log is located. The default is /Library/Logs/named.log . To display the log path: $ sudo serveradmin command dns:command = ge...

Chapter 13 Working With Network Services 137 Checking the Status of Firewall Service To see summary status of Firewall service: $ sudo serveradmin status ipfilter To see detailed status of Firewall service, including rules: $ sudo serveradmin fullstatus ipfilter Viewing Firewall Service Settings To ...

138 Chapter 13 Working With Network Services IPFilter Groups With Rules Array An array of the following settings is included in the IPFilter settings for each defined IP address group. These arrays aren’t part of a standard ipfw configuration, but are created by the Server Admin GUI application to i...

140 Chapter 13 Working With Network Services Adding Rules Using serveradmin If you prefer not to work with the ipfw.conf file, you can use the serveradmin settings command to add firewall rules to your configuration. Note: Be sure to include the special first setting (ending with = create ). This is...

Chapter 13 Working With Network Services 141 IPFilter Rules Array An array of the following settings is included in the IPFilter settings for each defined firewall rule. In an actual list of settings, <rule> is replaced with a rule number. You can add a rule by using serveradmin to create such...

142 Chapter 13 Working With Network Services Viewing Firewall Service Log You can use tail or any other file listing tool to view the contents of the ipfilter service log. To view the latest entries in the log: $ tail log-file You can use the serveradmin getLogPaths command to see where the current ...

Chapter 13 Working With Network Services 143 Changing NAT Service Settings To change a setting: $ sudo serveradmin settings nat:setting = value To change several settings: $ sudo serveradmin settings nat:setting = value nat:setting = value nat:setting = value [...] Control-D NAT Service Settings Use...

144 Chapter 13 Working With Network Services NAT serveradmin Commands You can use the following commands with the serveradmin application to manage NAT service. Viewing the NAT Service Log You can use tail or any other file listing tool to view the contents of the NAT service log. To view the latest...

Chapter 13 Working With Network Services 145 VPN Service Starting and Stopping VPN Service To start VPN service: $ sudo serveradmin start vpn To stop VPN service: $ sudo serveradmin stop vpn Checking the Status of VPN Service To see summary status of VPN service: $ sudo serveradmin status vpn To see...

146 Chapter 13 Working With Network Services List of VPN Service Settings Use the following parameters with the serveradmin command to change settings for VPN service. Parameter ( vpn:Servers: ) Description com.<name>.ppp.l2tp: Server:VerboseLogging Default = 1 com.<name>.ppp.l2tp: Serve...

Chapter 13 Working With Network Services 149 List of VPN serveradmin Commands You can use the following commands with the serveradmin application to manage VPN service. Viewing the VPN Service Log You can use tail or any other file listing tool to view the contents of the VPN service log. To view th...

150 Chapter 13 Working With Network Services IP Failover IP failover allows a secondary server to acquire the IP address of a primary server if the primary server ceases to function. Once the primary server returns to normal operation, the secondary server relinquishes the IP address. This allows yo...

Chapter 13 Working With Network Services 151 Enabling IP Failover You enable IP failover by adding command lines to the file /etc/hostconfig on the primary and the secondary server. Be sure to enter these lines exactly as shown with regard to spaces and punctuation marks. To enable IP failover: 1 At...

152 Chapter 13 Working With Network Services Configuring IP Failover You configure failover behavior using scripts. The scripts must be executable (for example, shell scripts, Perl, compiled C code, or executable AppleScripts). You place these scripts in /Library/IPFailover/<IP address> on the...

14 155 14 Working With Open Directory Commands you can use to manage the Open Directory service in Mac OS X Server. This chapter includes descriptions of general directory tools and tools for working with LDAP, NetInfo, and the Password Server. General Directory Tools Testing Your Open Directory Con...

156 Chapter 14 Working With Open Directory Registering URLs With Service Location Protocol (SLP) You can use the slp_reg command to register service URLs using the Service Location Protocol (SLP). For more information, type man slp_reg to see the man page. SLP registration is handled by the SLP daem...

Chapter 14 Working With Open Directory 157 LDAP Configuring LDAP The following tools are available for configuring LDAP. For more information, see the man page for each tool. slapconfig You can use the slapconfig utility to configure the slapd and slurpd LDAP daemons and related search policies. For...

158 Chapter 14 Working With Open Directory The -x option forces ldapsearch to use simple authentication instead of SASL. Idle Rebinding Options The following two LDAPv3 plugin parameters aren’t documented in the open directory administration guide. The parameters are in, or can be added to, the file...

Chapter 14 Working With Open Directory 159 NetInfo Configuring NetInfo You can use the following command-line utilities to manage the NetInfo directory. For more information about a utility, see the related man page. For example, you can use the NeST -setprotocols command to specify which authentica...

160 Chapter 14 Working With Open Directory For information on the available methods, see the Open Directory administration guide. Kerberos and Single Sign On The following tools are available for setting up your Kerberos and Single Sign-On environment. For more information on a tool, see the related...

15 161 15 Working With QuickTime Streaming Server Commands you can use to manage QTSS service in Mac OS X Server. Starting QTSS Service You can use the serveradmin command to start QTSS service, or you can use the quicktimestreamingserver command to specify additional service parameters when you sta...

162 Chapter 15 Working With QuickTime Streaming Server Viewing QTSS Settings To list all QTSS service settings: $ sudo serveradmin settings qtss To list a particular setting: $ sudo serveradmin settings qtss:setting To list a group of settings: You can list a group of settings that have part of thei...

Chapter 15 Working With QuickTime Streaming Server 163 QTSS Settings Use the following parameters with the serveradmin command to change settings for the QTSS service. Descriptions of Settings To see descriptions of most QTSS settings, you can look in the sample settings file /Library/QuickTimeStrea...

166 Chapter 15 Working With QuickTime Streaming Server QTSS serveradmin Commands You can use the following commands with the serveradmin application to manage QTSS service. Listing Current Connections You can use the serveradmin getConnectedUsers command to retrieve information about QTSS connection...

Chapter 15 Working With QuickTime Streaming Server 167 Viewing QTSS Service Statistics You can use the serveradmin getHistory command to display a log of periodic samples of the number of connections and the data throughput. Samples are taken once each minute. To list samples: $ sudo serveradmin com...

168 Chapter 15 Working With QuickTime Streaming Server Viewing Service Logs You can use tail or any other file listing tool to view the contents of the QTSS service logs. To view the latest entries in a log: $ tail log-file You can use the serveradmin getLogPaths command to see where the current QTS...

Chapter 15 Working With QuickTime Streaming Server 169 Preparing Older Home Directories for User Streaming If you want to enable QTSS home directory streaming for home directories created using an earlier version of Mac OS X Server (before version 10.3), you need to set up the necessary streaming me...

171 Inde x Index A AFP (Apple Filing Protocol) canceling user disconnect 74changing service settings 68checking service status 67disconnecting users 73listing connected users 72sending user message 73service settings 68starting service 67stopping service 67viewing service logs 76viewing service sett...