Apple Mac OS X v39 User's Guide
en
Mac OS X Server Command-Line Administration For Version 10.3 or Later
034-2454_Cvr 10/15/03 11:47 AM Page 1
Apple Computer, Inc. 2003 Apple Computer, Inc. All rights reserved.
The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid for support services.
The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the keyboard Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws.
Apple, the Apple logo, AirPort, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, iMac, Keychain, Mac, Macintosh, Power Mac, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Extensions Manager and Finder are trademarks of Apple Computer, Inc.
034-2354/10-24-03
LL2354.book Page 2 Monday, October 20, 2003 9:47 AM
LL2354.book Page 3 Monday, October 20, 2003 9:47 AM
1 Contents
Preface 11 About This Book 11 Notation Conventions 11 Summary 11 Commands and Other Terminal Text 11 Command Parameters and Options 12 Default Settings 12 Commands Requiring Root Privileges
Chapter 1 13 Typing Commands 13 Using Terminal 14 Correcting Typing Errors 14 Repeating Commands 14 Including Paths Using Drag-and-Drop 15 Commands Requiring Root Privileges 16 Sending Commands to a Remote Server 16 Sending a Single Command 17 Updating SSH Key Fingerprints 17 Notes on Communication Security and servermgrd 18 Using Telnet 18 Getting Online Help for Commands 19 Notes About Specific Commands and Tools 19 serversetup 19 serveradmin
Chapter 2 21 Installing Server Software and Finishing Basic Setup 21 Installing Server Software 21 Automating Server Setup 21 Creating a Configuration File Template 22 Creating Customized Configuration Files from the Template File 25 Naming Configuration Files 25 Storing a Configuration File in an Accessible Location 25 Changing Server Settings
3
4
LL2354.book Page 4 Monday, October 20, 2003 9:47 AM
26 Viewing, Validating, and Setting the Software Serial Number
26 Updating Server Software 27 Moving a Server
Chapter 3 29 Restarting or Shutting Down a Server 29 Restarting a Server 29 Examples 29 Automatic Restart 30 Changing a Remote Servers Startup Disk 30 Shutting Down a Server 30 Examples
Chapter 4 31 Setting General System Preferences 31 Computer Name 31 Viewing or Changing the Computer Name 31 Date and Time 32 Viewing or Changing the System Date 32 Viewing or Changing the System Time 32 Viewing or Changing the System Time Zone 33 Viewing or Changing Network Time Server Usage 33 Energy Saver Settings 33 Viewing or Changing Sleep Settings 33 Viewing or Changing Automatic Restart Settings 34 Power Management Settings 34 Startup Disk Settings 34 Viewing or Changing the Startup Disk 35 Sharing Settings 35 Viewing or Changing Remote Login Settings 35 Viewing or Changing Apple Event Response 35 International Settings 35 Viewing or Changing Language Settings 36 Login Settings 36 Disabling the Restart and Shutdown Buttons
Chapter 5 37 Network Preferences 37 Network Interface Information 37 Viewing Port Names and Hardware Addresses 38 Viewing or Changing MTU Values 38 Viewing or Changing Media Settings 38 Network Port Configurations 38 Creating or Deleting Port Configurations 38 Activating Port Configurations
Contents
LL2354.book Page 5 Monday, October 20, 2003 9:47 AM
39 Changing Configuration Precedence 39 TCP/IP Settings 39 Changing a Servers IP Address 40 Viewing or Changing IP Address, Subnet Mask, or Router Address 41 Viewing or Changing DNS Servers 42 Enabling TCP/IP 42 AppleTalk Settings 42 Enabling and Disabling AppleTalk 42 Proxy Settings 42 Viewing or Changing FTP Proxy Settings 43 Viewing or Changing Web Proxy Settings 43 Viewing or Changing Secure Web Proxy Settings 43 Viewing or Changing Streaming Proxy Settings 43 Viewing or Changing Gopher Proxy Settings 44 Viewing or Changing SOCKS Firewall Proxy Settings 44 Viewing or Changing Proxy Bypass Domains 44 AirPort Settings 44 Viewing or Changing Airport Settings 44 Computer, Host, and Rendezvous Name 44 Viewing or Changing the Computer Name 45 Viewing or Changing the Local Host Name 45 Viewing or Changing the Rendezvous Name
Chapter 6 47 Working With Disks and Volumes 47 Mounting and Unmounting Volumes 47 Mounting Volumes 47 Unmounting Volumes 47 Checking for Disk Problems 48 Monitoring Disk Space 49 Reclaiming Disk Space Using Log Rolling Scripts 50 Managing Disk Journaling 50 Checking to See if Journaling is Enabled 50 Turning on Journaling for an Existing Volume 51 Enabling Journaling When You Erase a Disk 51 Disabling Journaling 51 Erasing, Partitioning, and Formatting Disks 51 Setting Up a Case-Sensitive HFS+ File System 52 Imaging and Cloning Volumes Using ASR
Chapter 7 53 Working With Users and Groups 53 Creating Server Administrator Users 54 Importing Users and Groups 55 Creating a Character-Delimited User Import File
Contents 5
6
LL2354.book Page 6 Monday, October 20, 2003 9:47 AM
57 User Attributes 62 Checking a Server Users Name, UID, or Password 63 Creating a Users Home Directory 63 Mounting a Users Home Directory 63 Creating a Group Folder 63 Checking a Users Administrator Privileges
Chapter 8 65 Working With File Services 65 Share Points 65 Listing Share Points 66 Creating a Share Point 67 Modifying a Share Point 67 Disabling a Share Point 67 AFP Service 67 Starting and Stopping AFP Service 67 Checking AFP Service Status 67 Viewing AFP Settings 68 Changing AFP Settings 68 List of AFP Settings 72 List of AFP serveradmin Commands 72 Listing Connected Users 73 Sending a Message to AFP Users 73 Disconnecting AFP Users 74 Canceling a User Disconnect 75 Listing AFP Service Statistics 76 Viewing AFP Log Files 76 NFS Service 76 Starting and Stopping NFS Service 76 Checking NFS Service Status 76 Viewing NFS Settings 77 Changing NFS Service Settings 77 FTP Service 77 Starting FTP Service 77 Stopping FTP Service 77 Checking FTP Service Status 77 Viewing FTP Settings 78 Changing FTP Settings 78 FTP Settings 79 List of FTP serveradmin Commands 80 Viewing the FTP Transfer Log 80 Checking for Connected FTP Users 80 Windows (SMB) Service 80 Starting and Stopping SMB Service
Contents
LL2354.book Page 7 Monday, October 20, 2003 9:47 AM
80 Checking SMB Service Status 81 Viewing SMB Settings 81 Changing SMB Settings 82 List of SMB Service Settings 84 List of SMB serveradmin Commands 84 Listing SMB Users 85 Disconnecting SMB Users 86 Listing SMB Service Statistics 86 Updating Share Point Information 87 Viewing SMB Service Logs
Chapter 9 89 Working With Print Service 89 Starting and Stopping Print Service 89 Checking the Status of Print Service 89 Viewing Print Service Settings 90 Changing Print Service Settings 90 Print Service Settings 91 Queue Data Array 93 Print Service serveradmin Commands 93 Listing Queues 93 Pausing a Queue 94 Listing Jobs and Job Information 94 Holding a Job 95 Viewing Print Service Log Files
Chapter 10 97 Working With NetBoot Service 97 Starting and Stopping NetBoot Service 97 Checking NetBoot Service Status 97 Viewing NetBoot Settings 98 Changing NetBoot Settings 98 NetBoot Service Settings 98 General Settings 99 Storage Record Array 99 Filters Record Array
100 Image Record Array 101 Port Record Array
Chapter 11 103 Working With Mail Service 103 Starting and Stopping Mail Service 103 Checking the Status of Mail Service 103 Viewing Mail Service Settings 104 Changing Mail Service Settings 104 Mail Service Settings
Contents 7
8
LL2354.book Page 8 Monday, October 20, 2003 9:47 AM
116 Mail serveradmin Commands 117 Listing Mail Service Statistics 118 Viewing the Mail Service Logs 119 Setting Up SSL for Mail Service 119 Generating a CSR and Creating a Keychain 121 Obtaining an SSL Certificate 121 Importing an SSL Certificate Into the Keychain 122 Creating a Passphrase File 122 Setting Up SSL for Mail Service on a Headless Server
Chapter 12 123 Working With Web Technologies 123 Starting and Stopping Web Service 123 Checking Web Service Status 123 Viewing Web Settings 124 Changing Web Settings 124 serveradmin and Apache Settings 124 Changing Settings Using serveradmin 125 Web serveradmin Commands 125 Listing Hosted Sites 125 Viewing Service Logs 126 Viewing Service Statistics 127 Example Script for Adding a Website
Chapter 13 129 Working With Network Services 129 DHCP Service 129 Starting and Stopping DHCP Service 129 Checking the Status of DHCP Service 129 Viewing DHCP Service Settings 130 Changing DHCP Service Settings 130 DHCP Service Settings 131 DHCP Subnet Settings Array 133 Adding a DHCP Subnet 134 List of DHCP serveradmin Commands 134 Viewing the DHCP Service Log 135 DNS Service 135 Starting and Stopping the DNS Service 135 Checking the Status of DNS Service 135 Viewing DNS Service Settings 135 Changing DNS Service Settings 135 DNS Service Settings 135 List of DNS serveradmin Commands 135 Viewing the DNS Service Log 136 Listing DNS Service Statistics
Contents
LL2354.book Page 9 Monday, October 20, 2003 9:47 AM
136 Firewall Service 136 Starting and Stopping Firewall Service 137 Checking the Status of Firewall Service 137 Viewing Firewall Service Settings 137 Changing Firewall Service Settings 137 Firewall Service Settings 138 Defining Firewall Rules 141 IPFilter Rules Array 141 Firewall serveradmin Commands 142 Viewing Firewall Service Log 142 Using Firewall Service to Simulate Network Activity 142 NAT Service 142 Starting and Stopping NAT Service 142 Checking the Status of NAT Service 142 Viewing NAT Service Settings 143 Changing NAT Service Settings 143 NAT Service Settings 144 NAT serveradmin Commands 144 Viewing the NAT Service Log 145 VPN Service 145 Starting and Stopping VPN Service 145 Checking the Status of VPN Service 145 Viewing VPN Service Settings 145 Changing VPN Service Settings 146 List of VPN Service Settings 149 List of VPN serveradmin Commands 149 Viewing the VPN Service Log 150 IP Failover 150 Requirements 150 Failover Operation 151 Enabling IP Failover 152 Configuring IP Failover 153 Enabling PPP Dial-In
Chapter 14 155 Working With Open Directory 155 General Directory Tools 155 Testing Your Open Directory Configuration 155 Modifying an Open Directory Node 155 Testing Open Directory Plugins 156 Registering URLs With Service Location Protocol (SLP) 156 Changing Open Directory Service Settings 157 LDAP 157 Configuring LDAP
Contents 9
10
LL2354.book Page 10 Monday, October 20, 2003 9:47 AM
157 A Note on Using ldapsearch 158 Idle Rebinding Options 158 Additional Information About LDAP 159 NetInfo 159 Configuring NetInfo 159 Password Server 159 Working With the Password Server 159 Viewing or Changing Password Policies 159 Enabling or Disabling Authentication Methods 160 Kerberos and Single Sign On
Chapter 15 161 Working With QuickTime Streaming Server 161 Starting QTSS Service 161 Stopping QTSS Service 161 Checking QTSS Service Status 162 Viewing QTSS Settings 162 Changing QTSS Settings 163 QTSS Settings 166 QTSS serveradmin Commands 166 Listing Current Connections 167 Viewing QTSS Service Statistics 168 Viewing Service Logs 168 Forcing QTSS to Re-Read its Preferences 169 Preparing Older Home Directories for User Streaming
Index 171
Contents
Pr ef
ac e
LL2354.book Page 11 Monday, October 20, 2003 9:47 AM
About This Book
Notation Conventions The following conventions are used throughout this book.
Summary
Commands and Other Terminal Text Commands or command parameters that you might type, along with other text that normally appears in a Terminal window, are shown in this font. For example,
You can use the doit command to get things done.
When a command is shown on a line by itself as you might type it in a Terminal window, it follows a dollar sign that represents the shell prompt. For example,
$ doit
To use this command, type doit without the dollar sign at the command prompt in a Terminal window, then press the Return key.
Command Parameters and Options Most commands require one or more parameters to specify command options or the item to which the command is applied.
Notation Indicates
monospaced font A command or other terminal text
$ A shell prompt
[text_in_brackets] An optional parameter
(one|other) Alternative parameters (type one or the other)
underlined A parameter you must replace with a value
[...] A parameter that may be repeated
11
12
LL2354.book Page 12 Monday, October 20, 2003 9:47 AM
Parameters You Must Type as Shown If you need to type a parameter as shown, it appears following the command in the same font. For example,
$ doit -w later -t 12:30
To use the command in the above example, type the entire line as shown.
Parameter Values You Provide If you need to supply a value, its placeholder is underlined and has a name that indicates what you need to provide. For example,
$ doit -w later -t hh:mm
In the above example, you need to replace hh with the hour and mm with the minute, as shown in the previous example.
Optional Parameters If a parameter is available but not required, it appears in square brackets. For example,
$ doit [-w later]
To use the command in the above example, type either doit or doit -w later. The result might vary but the command will be performed either way.
Alternative Parameters If you need to type one of a number of parameters, theyre separated by a vertical line and grouped within parentheses ( | ). For example,
$ doit -w (now|later)
To perform the command, you must type either doit -w now or doit -w later.
Default Settings Descriptions of server settings usually include the default value for each setting. When this default value depends on other choices youve made (such as the name or IP address of your server, for example), its enclosed in angle brackets <>.
For example, the default value for the IMAP mail server is the host name of your server. This is indicated by mail:imap:servername = "
Commands Requiring Root Privileges Throughout this guide, commands that require root privileges begin with sudo.
Preface About This Book
1
LL2354.book Page 13 Monday, October 20, 2003 9:47 AM
1 Typing Commands
How to use Terminal to execute commands, connect to a remote server, and view online information about commands and utilities.
To access a UNIX shell command prompt, you open the Terminal application. In Terminal, you can use the ssh command to log in to other servers. You can use the man command to view online documentation for most common commands.
Using Terminal To enter shell commands or run server command-line tools and utilities, you need access to a UNIX shell prompt. Both Mac OS X and Mac OS X Server include Terminal, an application you can use to start a UNIX shell command-line session on the local server or on a remote server.
To open Terminal: m Click the Terminal icon in the dock or double-click the application icon in the Finder (in
/Applications/Utilities).
Terminal presents a prompt when its ready to accept a command. The prompt you see depends on Terminal and shell preferences, but often includes the name of the host youre logged in to, your current working directory, your user name, and a prompt symbol. For example, if youre using the default bash shell and the prompt is
server1:~ admin$
youre logged in to a computer named server1 as the user named admin and your current directory is the admins home directory (~).
Throughout this manual, wherever a command is shown as you might type it, the prompt is abbreviated as $.
13
14
LL2354.book Page 14 Monday, October 20, 2003 9:47 AM
To type a command: m Wait for a prompt to appear in the Terminal window, then type the command and
press Return.
If you get the message command not found, check your spelling. If the error recurs, the program youre trying to run might not be in your default search path. Add the path before the program name or change your working directory to the directory that contains the program. For example:
[server:/] admin$ serversetup -getAllPort
serversetup: Command not found.
[server:/] admin$ /System/Library/ServerSetup/serversetup -getAllPort
1
Built-in Ethernet
[server:/] admin$ cd /System/Library/ServerSetup
[server:/System/Library/ServerSetup] admin$ ./serversetup -getAllPort
1
Built-in Ethernet
[server:/System/Library/ServerSetup] admin$ cd /
[server:/] admin$ PATH = "$PATH:/System/Library/ServerSetup"
[server:/] admin$ serversetup -getAllPort
1
Built-in Ethernet
Correcting Typing Errors To correct a typing error before you press Return to issue the command, use the Delete key or press Control-H to erase unwanted characters and retype.
To ignore what you have typed and start again, press Control-U.
Repeating Commands To repeat a command, press Up-Arrow until you see the command, then press Return.
To repeat a command with modifications, press Up-Arrow until you see the command, press Left-Arrow or Right-Arrow to skip over parts of the command you dont want to change, press Delete to remove characters, type regular characters to insert them, then press Return to execute the command.
Including Paths Using Drag-and-Drop To include a fully-qualified file name or directory path in a command, stop typing where the item is required in the command and drag the folder or file from a Finder window into the Terminal window.
Chapter 1 Typing Commands
LL2354.book Page 15 Monday, October 20, 2003 9:47 AM
Commands Requiring Root Privileges Many commands used to manage a server must be executed by the root user. If you get a message such as permission denied, the command probably requires root privileges.
To issue a single command as the root user, begin the command with sudo. For example:
$ sudo serveradmin list
Youre prompted for the root password if you havent used sudo recently. The root user password is set to the administrator user password when you install Mac OS X Server.
To switch to the root user so you dont have to repeatedly type sudo, use the su command:
$ su root
Youre prompted for the root user password and then are logged in as the root user until you log out or use the su command to switch to another user.
Important: As the root user, you have sufficient privileges to do things that can cause your server to stop working properly. Dont execute commands as the root user unless you understand clearly what youre doing. Logging in as an administrative user and using sudo selectively might prevent you from making unintended changes.
Throughout this guide, commands that require root privileges begin with sudo.
Chapter 1 Typing Commands 15
16
LL2354.book Page 16 Monday, October 20, 2003 9:47 AM
Sending Commands to a Remote Server Secure Shell (SSH) lets you send secure, encrypted commands to a server over the network. You can use the ssh command in Terminal to open a command-line connection to a remote server. While the connection is open, commands you type are performed on the remote server.
Note: You can use any application that supports SSH to connect to Mac OS X Server.
To open a connection to a remote server:
1 Open Terminal.
2 Type the following command to log in to the remote server:
ssh -l username server
where username is the name of an administrator user on the remote server and server is the name or IP address of the server.
Example: ssh -l admin 10.0.1.2
3 If this is the first time youve connected to the server, youre prompted to continue connecting after the remote computers RSA fingerprint is displayed. Type yes and press Return.
4 When prompted, type the users password (the users password on the remote server) and press Return.
The command prompt changes to show that youre now connected to the remote server. In the case of the above example, the prompt might look like
[10.0.1.2:~] admin$
5 To send a command to the remote server, type the command and press Return.
To close a remote connection m Type logout and press Return.
Sending a Single Command You can authenticate and send a command using a single typed line by appending the command you want to execute to the basic ssh command.
For example, to delete a file you could type
$ ssh -l admin server1.company.com rm /Users/admin/Documents/report
or
$ ssh -l [email protected] "rm /Users/admin/Documents/report"
Youre prompted for the users password.
Chapter 1 Typing Commands
LL2354.book Page 17 Monday, October 20, 2003 9:47 AM
Updating SSH Key Fingerprints The first time you connect to a remote server using SSH, the local computer asks if it can add the remote servers fingerprint (a security key) to a list of known remote computers. You might see a message like this:
The authenticity of host "server1.company.com" cant be established.
RSA key fingerprint is a8:0d:27:63:74:f1:ad:bd:6a:e4:0d:a3:47:a8:f7.
Are you sure you want to continue connecting (yes/no)?
Type yes and press Return to finish authenticating.
If you later see a warning message about a man-in-the-middle attack when you try to connect, it might be because the key on the remote computer no longer matches the key stored on the local computer. This can happen if you: Change your SSH configuration Perform a clean install of the server software Start up from a Mac OS X Server CD
To connect again, delete the entries corresponding to the remote computer (which can be stored by both name and IP address) in the file ~/.ssh/known_hosts.
Important: Removing an entry from the known_hosts file bypasses a security mechanism that helps you avoid imposters and man-in -the-middle attacks. Be sure you understand why the key on the remote computer has changed before you delete its entry from the known_hosts file.
Notes on Communication Security and servermgrd When you use the Server Admin GUI application or the serveradmin command-line tool, youre communicating with a local or remote servermgrd process. servermgrd uses SSL for encryption and client authentication but not for user
authentication, which uses HTTP basic authentication along with Directory Services. servermgrd uses a self-signed (test) SSL certificate installed by default in
/etc/servermgrd/ssl.crt/. You can replace this with an actual certificate. The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64
encoded DER with header and footer lines (from www.modssl.org). servermgrd checks the validity of the SSL certificate only if the Require valid digital
signature option is checked in Server Admin preferences. If this option is enabled, the certificate must be valid and not expired or Server Admin will refuse to connect.
The SSLOptions and SSLRequire settings determine what SSL encryption options are used. By default, theyre set as shown below but can be changed at any time by editing /etc/servermgrd/servermgrd.conf, port 311.
SSLCertificateFile /private/etc/servermgrd/ssl.crt/server.crt
SSLCertificateKeyFile /private/etc/servermgrd/ssl.key/server.key
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars
Chapter 1 Typing Commands 17
18
LL2354.book Page 18 Monday, October 20, 2003 9:47 AM
Using Telnet Because it isnt as secure as SSH, Telnet access isnt enabled by default.
To enable Telnet access: $ service telnet start
To disable Telnet access: $ service telnet stop
Getting Online Help for Commands Onscreen help is available for most commands and utilities.
Note: Not all techniques work for all commands, and some commands have no onscreen help.
To view onscreen information about a command, try the following: Type the command without any parameters or options. This will often list a summary
of options and parameters you can use with the command. Example:
$ sudo serveradmin
Type man command, where command is the command youre curious about. This usually displays detailed information about the command, its options, parameters, and proper use. Example:
$ man serveradmin
For help using the man command, type:
$ man man
Type the command followed by a -help, -h, --help, or help parameter. Examples:
$ hdiutil help
$ dig -h
$ diff --help
Chapter 1 Typing Commands
LL2354.book Page 19 Monday, October 20, 2003 9:47 AM
Notes About Specific Commands and Tools
serversetup The serversetup utility is located in /System/Library/ServerSetup. To run this command, you can type the full path, for example:
$ /System/Library/ServerSetup/serversetup -getAllPort
Or, if you want to use the utility to perform several commands, you can change your working directory and type a shorter command:
$ cd /System/Library/ServerSetup
$ ./serversetup -getAllPort
$ ./serversetup -getDefaultInfo
or add the directory to your search path for this session and type an even shorter command:
$ PATH = "$PATH:/System/Library/ServerSetup"
$ serversetup -getAllPort
To permanently add the directory to your search path, add the path to the file /etc/profile.
serveradmin You can use the serveradmin tool to perform many service-related tasks. Youll see it used throughout this guide.
Determining Whether a Service Needs to be Restarted Some services need to be restarted after you change certain settings. If a change you make using a services writeSettings command requires that you restart the service, the output from the command includes the setting
Important: The needsRecycleOrRestart setting is displayed only if you use the serveradmin svc:command = writeSettings command to change settings. You wont see it if you use the serveradmin settings command.
Chapter 1 Typing Commands 19
LL2354.book Page 20 Monday, October 20, 2003 9:47 AM
2
LL2354.book Page 21 Monday, October 20, 2003 9:47 AM
2 Installing Server Software and Finishing Basic Setup
Commands you can use to install, set up, and update Mac OS X Server software on local or remote computers.
Installing Server Software You can use the installer command to install Mac OS X Server or other software on a computer. For more information, see the man page.
Automating Server Setup Normally, when you install Mac OS X Server on a computer and restart, the Server Assistant opens and asks you to provide the basic information necessary to get the server up and running (for example, the name and password of the administrator user, the TCP/IP configuration information for the servers network interfaces, and how the server uses directory services). You can automate this initial setup task by providing a configuration file that contains these settings. Servers starting up for the first time look for this file and use it to complete initial server setup without user interaction.
Creating a Configuration File Template An easy way to prepare configuration files to automate the setup of a group of servers is to start with a file saved using the Server Assistant. You can save the file as the last step when you use the Server Assistant to set up the first server, or you can run the Server Assistant later to create the file. You can then use that first file as a template for creating configuration files for other servers. You can edit the file directly or create scripts to create customized configuration files for any number of servers that use similar hardware.
To save a template configuration file during server setup: 1 In the final pane of the Server Assistant, after you review the settings, click Save As.
2 In the dialog that appears, choose Configuration File next to Save as and click OK.
So you can later edit the file, dont select Save in Encrypted Format.
3 Choose a location to save the file and click Save.
21
22
LL2354.book Page 22 Monday, October 20, 2003 9:47 AM
To create a template configuration file at any time after initial setup: 1 Open the Server Assistant (in /Applications/Server).
2 In the Welcome pane, choose Save setup information in a file or directory record and click Continue.
3 Enter settings on the remaining panes, then, after you review the settings in the final pane, click Save As.
4 In the dialog that appears, choose Configuration File next to Save as and click OK.
So you can later edit the file, dont select Save in Encrypted Format.
5 Choose a location to save the file and click Save.
Creating Customized Configuration Files from the Template File After you create a template configuration file, you can modify it directly using a text editor or write a script to automatically generate custom configuration files for a group of servers.
The file uses XML format to encode the setup information. The name of an XML key reveals the setup parameter it contains.
The following example shows the basic structure and contents of a configuration file for a server with the following configuration: An administrative user named Administrator (short name admin) with a user ID of
501 and the password secret A computer name and host name of server1.company.com A single Ethernet network interface set to get its address from DHCP No server services set to start automatically
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Chapter 2 Installing Server Software and Finishing Basic Setup
LL2354.book Page 23 Monday, October 20, 2003 9:47 AM
network
Chapter 2 Installing Server Software and Finishing Basic Setup 23
24
LL2354.book Page 24 Monday, October 20, 2003 9:47 AM
Note: The actual contents of a configuration file depend on the hardware configuration of the computer on which its created. This is one reason you should start from a template configuration file created on a computer similar to those you plan to set up.
Chapter 2 Installing Server Software and Finishing Basic Setup
LL2354.book Page 25 Monday, October 20, 2003 9:47 AM
Naming Configuration Files The Server Assistant recognizes configuration files with these names: MAC-address-of-server.plist IP-address-of-server.plist hardware-serial-number-of-server.plist full-host-name-of-server.plist
generic.plist
The Server Assistant uses the file to set up the server with the matching address, name, or serial number. If the Server Assistant cannot find a file named for a particular server, it will use the file named generic.plist.
Storing a Configuration File in an Accessible Location The Server Assistant looks for configuration files in the following locations:
/Volumes/vol/Auto Server Setup/
where vol is any device volume mounted in the /Volumes directory.
Devices you can use to provide configuration files include A partition on one of the servers hard disks An iPod An optical (CD or DVD) drive A USB or FireWire drive Any other portable storage device that mounts in the /Volumes directory
Changing Server Settings After initial setup, you can use a variety of commands to view or change Mac OS X Server configuration settings.
For information on changing general system preferences, see Chapter 4, Setting General System Preferences, on page 31.
For information on changing network settings, see Chapter 5, Network Preferences, on page 37.
For information on changing service-specific settings, see the chapter that covers the service.
Chapter 2 Installing Server Software and Finishing Basic Setup 25
26
LL2354.book Page 26 Monday, October 20, 2003 9:47 AM
Viewing, Validating, and Setting the Software Serial Number You can use the serversetup command to view or set the servers software serial number or to validate a server software serial number. The serversetup utility is located in /System/Library/ServerSetup.
To disp