Slashdot Mirror
Mac OS X Server Panther
PeachPit Press labels Mac OS X Server 10.3 Panther as intended for those readers with intermediate to advanced OS X Server experience, but this is not accurate. The step-wise instruction provided by Regan and White is richly documented with screenshots, so even those new to OS X Server can follow this book. Intermediate or advanced server admins will find some nice "tips and tricks" to add to their arsenal of tools, and if they're preparing to set up their first OS X Server or XServe, they'll find this book a handy companion to "pre-lab" with and to use as a follow along guide.
In less than 20 pages, Chapter 1 takes the reader through planning his or her OS X Server deployment with an overview of partitioning options, various methods of installation and a tour of post-install logs. This is Regan's "20-pages-of-prep/20-minutes-to-install" chapter; concise, exact and representative of the pace and caliber of the chapters that follow.
Chapter 2, "Server Tools", covers the aftermath of the install; how to use the Server Administration software that comes with OS X Server to configure the server. The authors walk through language choices, network interfaces, administrator account setup, directory service and service startup options. The Server Admin and Workgroup Manager tools are also discussed in detail; how to customize Server Admin preferences, how to use Workgroup Manager preferences (resolve DNS, use SSL for sharing, show system users and groups) and how to add users to the local database. The Server Admin tool is the most used utility in OS X Server. It offers a well-designed GUI to manage all your services as well as preferences and advanced options. If you're upgrading from AppleShare IP, you'll want to look at the section on using the AppleShare IP Migration tool to ease the transition to OS X Panther Server. An overview of the Macintosh Manager follows, for support of Mac OS 9 user preferences. The chapter concludes with a brief introduction to additional server tools: MySQL Manager, using Server Monitor, the RAID Admin Tool, the Network Image Utility, the QTSS (QuickTime Streaming Server) Publisher and the QuickTime Broadcaster (the last two are discussed in greater detail in Chapter 12).
Implementing Open Directory is the focus of Chapter 3, but the actual implementation steps are prefaced by a strong discussion of directory services. The authors begin with a summary of LDAP (Lightweight Directory Access Protocol) and Microsoft's AD (Active Directory), both methods of storing user data. This leads neatly into the Mac OS X Client and Server Directory Access application and the various services options that allow the client or server to connect to another directory service (AD, BSD Flat Files and NIS, LDAPv3 or NetInfo) in order to obtain authentication, authorization and contact information. Each of these options is detailed in its own section. Using the Authentication tab of the Open Directory service to apply global password server policies and using Kerberos (authentication method) are also addressed here. This is an exceedingly well-composed chapter. Understanding directory services and Open Directory concepts will enable the server administrator to better organize the hierarchy of users, groups and shares in his or her environment, especially in a multi-platform situation.
User and group management is the logical segue to the discussion on directory services and is the title of Chapter 4. Topics range from: configuring basic user attributes, advanced user options and administrative user permissions; configuring password types (Open Directory/Kerberos single sign-on, shadow, crypt); creating groups and assigning group folders; setting the home directory and user disk quotas; adding email to user accounts and enabling printer quotas. The section devoted to setting the home directory will be of particular interest to many readers; most academic and corporate users are in an environment where their documents and application preferences are stored in a home directory.
OS X Server excels at providing file sharing via AFP (Apple File Protocol), SMB (Server Message Block), FTP (File Transfer Protocol) and NFS (Network File System). Chapter 5 concentrates on strategies and configuration of share points and sharing protocols. Of the four protocols addressed here, the most widely referenced will be SMB, the native Windows service provided in OS X Server by Samba, an open source/free software (samba.org). Subtopics in this category include connecting Mac OS X clients via SMB and Windows clients via SMB, configuring your server as a PDC (Primary Domain Controller) to enable Windows clients to authenticate against your server and enabling WINS. The chapter concludes with instructions on creating additional network mounts using a shared Application folders and a shared Library folder as real world examples. This chapter will help anyone in a cross-platform environment to blend their Mac OS X Server seamlessly with Windows client and server machines.
Chapter 6, "Network Configuration Options" looks at extending the functionality of your server by enabling other network services like DNS, DHCP, NAT and IP forwarding. The authors spend some time underscoring the importance of properly configuring DNS and the instructions here for setting up simple forward and reverse zone records and then testing the DNS settings are excellently done. Another well-written section is on enabling NAT. This is a simple procedure to perform and well worth it for the added security it provides.
Printing services is the focus of Chapter 7 and goes over print queues, CUPS (Common Unix Printing System), configuring printers in Open Directory and on client machines, managing print jobs and viewing print logs. Every organization can benefit from a centralized print server that can allow an administrator to monitor and control print jobs. The authors make the process of configuring the server and clients extremely easy.
Not everyone needs to enable mail services (especially if they find themselves in a Windows environment with an Exchange server) but nonetheless, it's a valuable subject and the authors give a thorough explanation of not only the mail protocols and services built into OS X Server (SMTP and Postfix, POP, IMAP, Cyrus, SquirrelMail and Mailman) but they also expound on ways to handle spam, creating virtual domains, configuring secure mail authentication, enabling SSL and enabling mail lists via Mailman. Monitoring mail services using the Server Admin tool and Mailman close out the chapter.
Chapter 9, "Web Services," introduces the reader to the Apache Web server. Built into OS X Server, Apple has provided a unique integration of Apache that can be managed via the GUI. Using our friend, the Server Admin tool, the authors show how to set up a Web site, configure Web site options, set up SSL, edit or add to the built-in MIME types, enable Web proxies and monitor web services and log files. By far the most interesting part of this chapter is devoted to setting up realms and WebDAV. WebDAV is a network protocol that provides collaborative editing on a shared file server destination and it supports versioning of any type of media (HTML, GIF, JPEG, etc.), not just text-based. Since WebDAV works over HTTP, you get authentication, encryption, caching, proxy support and efficient transfers.
Every server administrator has to worry about security and the authors turn their attention to this topic in Chapter 10. They begin with physical security (locking the server room, locking the server itself, removing external devices from the server and installing Open Firmware Password to prevent someone from booting into a less secure mode) and then move to firewall basics and how to create advanced FTP rules. Password "good practices" comes next (seems like this is a no-brainer, but the sad fact is that this is a necessary reminder for many people, even server administrators) followed by how to enable encryption based on SSL (Secure Sockets Layer). The authors walk the reader through creating a private key and a corresponding CSR (Certificate Signing Request) and how to act as your own CA (Certificate Authority). They provide really nice directions on how to implement certificates for Open Directory, Web and email SSL as well using, of course, the Server Admin tool.
Chapter 11, "Running A NetBoot Server" combines many of the concepts from previously discussed protocols (DHCP, TFTP, NFS, HTTP) to illustrate another unique feature of OS X Server. NetBoot allows for client machines to boot off shared disk image files that reside on the server. It also enables the server admin to deploy an install image across a network. NetBoot is a highly valuable tool for anyone interested in creating an efficiently managed environment. The authors provide step-wise directions on how to create a bootable image and an install image, how to manage NetBoot images, how to automate installations (very neat) and how to import/export images in order to move them from server to server.
The last three tools in OS X Server are illustrated in Chapter 12: QTSS (QuickTime Streaming Server) which enables audio and video streaming, QTB (QuickTime Broadcaster) which allows you to produce live events for online delivery and QTSS Publisher which manages QuickTime movie, MPEG-4 and MP3 playlists.
The final chapter of the book concentrates on client management and how to implement managed preferences to workgroups, computer lists or individual user accounts. This, of course, is every administrator's dream: to manage and control clients from a centralized environment! The authors show that OS X Server provides excellent management options and with a bit of planning and foresight, an administrator can properly configure their OS X Server tools to provide a balance of efficiency and control.
So what's missing? Not much, really. VPN is not covered at all, though, and I would have liked a section on this. VPN is a real necessity not only for remote employees/students but also for the administrator. But sheesh -- that's a small complaint given the amount of information in this book, and I have to applaud the authors for their ability to combine such detailed instructions on nearly every aspect of OS X Server between two covers.
The book follows the classic Visual QuickPro Guide layout, with each page split into two columns to allow for instructional text situated alongside accompanying screenshots. This book is loaded with screenshots and icon graphics, so the reader will miss nary a step while following along on their test box or their production server. There are even pictures of the progress bar as configuration settings are being applied! (Well, sometimes patience needs to be encouraged.) Chapter subtopics are indicated on the binding of the book with gray thumb tabs. Extended information and digressions are highlighted in gray boxes as logical asides.
Everything about this book is designed to guide the reader through every aspect of the installation and configuration of OS X server. The authors provide clear explanations of each step using a task-based approach with extended discussions on the various choices the server presents the user with at appropriate intervals. There are plenty of real world "tips and tricks" that will save the administrator time and anguish over the course of setting up the server. Regan and White address some of the most difficult to comprehend topics and issues an admin will address: multi-platform environments and file sharing, DNS, Open Directory and security. Fully understanding these subjects is critical to making the correct choices while configuring the server. The authors' thorough discourse provides the reader with the knowledge and tools to get the job done.
Mary Norbury-Glaser is an IT Director at a University of Colorado Health Sciences affiliate center in Denver. Working in a multi-platform academic environment dominated by Windows boxes, she sometimes feels like the Mac Maytag Lady. You can purchase Mac OS X Server 10.3 Panther from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
There's a MacOSX server? I had no idea. That's weird. Actually, it's kinda cool. We've got the UNIX stlye environment - proven in the server area - along with the best (IMHO) user interface for setting anything up. I like it.
I absolutely respect the MacOS X Server, but in a server world dominated by a Solaris/Linux/Win32 are there any installations of this for medium-to-large shops? I want to hear from the folks that actually run this for serious production systems.
P.S. I am genuinely curious, not trying to flamebait here
http://zero-to-enterprise.blogspot.com/
Well, then, where's my lunch, beeeeaaatch?
Was that question directed at Mary "Look how empowered I am with my hypenated last name" Norbury-Glaser?
Their area of expertise in cleaning, cooking and making babies.
Clearly, your's in grammar.
sig
Nuh uh!
you're*
Does OS X Panther run on regular macs or only on their xserve machines?
...because Tiger server will be out. From what I've heard, there are a couple of things that will make people really want to jump for this one...like centralized management of Software Updates.
Panther was released in October of 2003, folks...
Please help metamoderate.
With all of the additional features in 10.4 (Tiger) Server, including built-in iChat server capabilities, this book is probably nice, but will very soon be on the bargain shelf.
10.3 Server came out in late 2003, if I recall correctly.
Peachpit usually makes nice books, regardless of the topic.
Serious production systems? Try virginia tech's supercomputer (one of the world's fastest) made up entirely of macs.
http://www.tcf.vt.edu/systemX.html
OS X: It's a Unix system. You know this.
You have two hands and one brain, so always code twice as much as you think!
as, is yours, my friend. There is no apostrophe in "yours."
What's the name of that law where when you correct someone else's grammar you are inevitably going to make a mistake of your own?
Bummer.
If you're going to make a grammar flame, you really need to make it grammatically correct.
Why yes, I AM a rocket scientist!
I don't remember writing or collaborating on a book recently...
Until 10.3, you weren't missing much. 10 through 10.2 were...disasters. 10.3 was more polished, but still has lots of clunky issues...for example, you have to do manual mucking around in Open Directory to add a standalone printer with an LPR queue. Not terribly hard, just unnecessary- which makes you wonder, "and why couldn't someone have spent a day on making a wizard for this?"
Netbooting setup is also a complete disaster- it was horrible in 10.2, and it's not much better in 10.3, with a lot of parameters not very well explained, etc. Editing plists and tweaking the Open Directory reminded me of the days of editing the Windows registry, and on a Mac, there's something fundamentally wrong with that.
Please help metamoderate.
You, sir, have fallen for a meta troll. A troll trolled a troll and YHBT. HAND.
It's not toight like a tiger...
The Software Update feature will be incredible for wide-scale workstation management. Rather than all machines needing to download updates from apple, and set one at a time to download, one (with tiger server) can download all the updates onto the server, and send them to the workstations FROM THE SERVER. At 20mb/update (just a made up figure) times 1000 workstations (again made up figure) = 20,000mb, or 20 GB OF WAN BANDWIDTH, as opposed to simply 20gb within the lan.
"Clearly, yours in grammar."
Hey, wait. There's *another* error. Maybe it's a joke?
It runs on nearly every machine the normal version of OS X will run on. Some hardware monitoring features are, however, only available on XServes.
Not really. 90% of it will apply to 10.4 as well as will all the fundamentals and theories behind Open Directory. Would you rather just need to learn the new stuff when Tiger comes out, or be caught flat-footed and need to learn all of it?
Glad to see another UNIX growing up on PPC
:-)
Long live AIX
FINALLY moving to all CUPS based printing... No longer handing it from appleshare to CUPS... ALL CUPS.
Rejoice.
- what is the definition of simultanagnosia?! I've been meaning to look it up!
Are there any good docs about VPN support on Mac OS X Server at all?
Presumably PPTP works but what if you want something stronger? Plain IPsec does not seem to be supported and L2TP/IPsec is only supported for Preshared Keys. Which means that clients must either share the same Preshared Key (not terribly secure) or use fixed IP addresses (excludes Road Warriors).
-------
Warning: Slashdot may contain traces of nuts.
I've been reading this for a couple of weeks online at safaribooks online via my employer's free subscription using netglearning.
.COM? do you need to? ) etc.
I wish it went into more realistic scenarios. I just got OS Server and can't figure out most of the topics. Sure, the book makes it sounds easy, but it just doesn't work without knowing a lot more than the steps in the book. I am still trying to figure out some things, like how/why/where to 'name' the server? They give server.example.com, but I have no clue where this is done for the real name you give it, or why (why use
One must know quite a bit about all the major topics, first. and I don't.
Go Purdue!
for the release of Tiger.
Which makes it one year and four months old. OH MY GOD!
Mac OS X Server 10.3 Panther is one of the latest in Peachpit Press' Visual QuickPro guides (not to be confused with the beginner "QuickStart" series) and is written by one of the best IT/Mac trainers in the industry, Schoun Regan, with assistance by his devoted sidekick and co-trainer at itinstruction.com, Kevin White. Peachpit and the authors have produced a book with excellent content and delivery; the installation and setup of OS X Server and Web services is explained with clarity and precise detail."
Should this even be needed? You would think for the $500 that OS X server costs it would come with a manual describing how to do basic things such as installing OS X server and setting up web services.
...coming out soon. It's supposed to be a lot more in-depth.
6 006357/qid=1098337973/sr=8-2/ref=sr_8_xs_ap_i2_xgl 14/104-2351813-4727169?v=glance&s=books&n=507846
http://www.amazon.com/exec/obidos/tg/detail/-/059
I looked into using a Mac server at the request of a Mac-nerd client. I found a lot of information about why using OS X is as good as linux at this or that, but never anything saying it's actually better at anything. Seems like a niche OS for Mac fundamentalists who can't imagine that there's any computing question where the best solution comes from Apple.
Jump into a nice cozy terminal
Run tar, mv, rsync (cp & rm too) to move data from 1 file system to another. I'm assuming these filesystems are sharing w/ AFP and HFS on 'em.
You just lost data. Mac files have a resource fork & a data fork. The unix commands only work on the data fork.
Ok, do it in the GUI.
You just munged permissions. *sigh*
Yes, there are some commands buried somewhere that preserve this stuff. Does the book cover them? It should!
I admin (part time out of love, not a pro) an XServe that serves as an opendirectory master in a mixed environment, with Windows, Linux and Solaris clients. I really thought this book was going to be a decent reference/addendum to the docs provided by Apple, so I pre-ordered it many moons ago. Unfortunately, I was mistaken.
:-)
My major criticism of the book is that it simply consists of walkthroughs for standard setups with Mac and Windows clients. It provides screenshots accompanied by textual explanations for all of the most common tasks involved with setting up a simple server. Unfortunately, there are not enough details provided to allow the reader to alter the examples to suit their own needs or troubleshoot errors that may arise.
For example, it is clearly stated in the book that DNS MUST be working correctly before promoting a server to an opendirectory master in order to have a working KDC, but no details are provided as to what the user should do if that wasn't the case (outside of reinstalling, or demoting the server to standalone, which is a huge no no if the server is already in production). Also, there are a number of examples on setting a Mac client up to access the server using Directory Services, and one example on setting up a PC running Windoze. Unfortunately, linux and unix clients are not even an afterthought in this book.
I understand that this is a visual quickstart guide, but at the very least I would have appreciated an appendix or two listing the command line tools incorporated in OS X Server (and no, smartass, they are not all standard tools) and a guide to debugging error logs. As it stands now, they got my money for a book that will just collect dust as I spend my time scouring http://afp548.com and http://discussions.info.apple.com.
P.S. -- I got KDC running without losing any info by hand cranking it on the command line, for those who may be curious
Name me an Apple corporate or educational account with a thousand Macintosh workstations? I know the figures are made up, but there simply isn't that kind of deployment out there like that, with the exception of strange niches like that G5 cluster at Virginia Tech.
No matter how good this book is, it's going to be outdated in about three months when Tiger and Tiger Server ship.
And from the comments, it's hardly the type of thorough documentation that OS X Server so sorely needs. The third party books are all written for n00bs and only cover the basics that I can figure out myself. Apple's documentation aims over my head, mentioning things I have no clue about in passing as if it should be second nature to the reader.
There is STILL no book for a guy in between those extremes, who knows how to get most things working with a little poking around in the setup dialogs but would like to know *why* some settings have to be a certain way on some things, and who needs a few nudges in the right direction on the more advanced stuff. I ended up getting my company to spend $450 on the class materials for Apple's OS X Server exam prep course (9L0-607), which come about as close to that as I've seen.
Name me an Apple corporate or educational account with a thousand Macintosh workstations?
Last time I checked, USC had about 20,000 Macs on campus. Pixar has several thousand, of course, though I don't have a precise figure. I believe the Washington Post has upwards of a thousand, and the various magazines in the American Way family (the American Airlines in flight magazine, plus they publish Southwest Spirit, Celebrated Living and some other in-flight mags) easily has several thousand.
Not everybody operates in the small-business world, ya know.
Back in the old days when I was a wee lad, we used to have something that did this. I seem to recall it was called an HTTP proxy.
Support SETI@home
I've got 600.
and I know of much bigger clients than me.
i don't read slashdot anymore.
At my school that I work at, we have about 850 OSX macs, the figures are very real. Either way, if you think 1000 workstations is too high, the point still remains, 20mb is a small os update, figure a 40mb or so update at 500 workstations, still very realistic, and still 20gb of bandwidth.
You have DHCP server turned on for your outward-facing interface (assuming you're using an OS X Server box as a gateway/firewall). The documentation is in one of the tabs for the DHCP/Netboot server, I believe "Interfaces", and you just uncheck the outbound interface. If push comes to shove, restrict the DHCP server to only answering MAC addresses of machines in the cluster.
What does OS X server do that regular ol' OS X can't do? I'm about to put in a server that will get a small (but not tiny) amount of traffic. Do I need OS X Server?
No, actually the point is that it's not correct.
According to the Unix page of the Tiger preview, yes:
HFS and Command-Line Support
Tiger provides a standard, Darwin-level API for managing resource forks, filesystem metadata, security information, properties and other attributes in a consistent, cross-platform manner. For example, common UNIX utilities such as cp, tar and rsync can properly handle HFS+ resource forks.
is a book on how to use that complicated 'two button mouse' :p
fuckity fuck fuck fuck
The University of Wisconsin - Madison has about 8000 Macs.
There are SEVERAL major research universities (University of Michigan, UT-Austin, Stanford, etc.) with several thousand Macs.
The DoE National Laboratories also have several labs that have numbers of Macs in the thousands (LLNL and LANL, for example).
This isn't any surprise.
Not to reply again, but there's also things like this in K-12:
Georgia school district looking to get 63,000 iBooks
Replies below or up explains the waste of review posting to slashdot.
"Its expensive", "command line", "one button mouse" and all usual crap.
Next time if you review a book about some real world server, don't use slashdot as platform.
Hopely networks like macnn, ziff davis or even macslash will pick it up so it won't be a total waste.
And a year or so after that there'll be, uh, Königstiger?
No. It was called rdist.
daveschroeder's Latest 24 of 709 Comments (516195)
:P
Apparently they're a breeze to administer!
I love Mac OS X. I use it exclusively at home, and I convinced my employer -- a company that is absolutely in LOVE with Windows, where Apple is a dirty word -- to buy me THREE Macs for my team. That's absolutely unheard of here, but those Macs let us work so much more efficiently than we could with Windows, Solaris, or IRIX.
That said, SETIGuy's points are absolutely valid. I will personally vouch for everything he's saying. That's not to say that OS X Server is crap, simply that it needs more work.
In our setup, we have a G5 Power Mac running OS X Server 10.3.8 with an Xserve RAID hooked up to it. The Mac is serving NFS to our Suns, SGIs and Linux machines, SMB to the Windows machines, and AFP to the 2 PowerBooks. It is a member of our NIS network so all Unix accounts can login with NFS home directories. We use the automount daemon with automount maps provided via NIS. It runs a couple of local print queues. Remote login is available via ssh, telnet, and rlogin (we're on a firewalled internal network). Apache is serving a dynamic website that allows our team members to query and process data. I'm thinking of using MySQL, and moving our CVS server to this machine as well.
We don't use any of the other major services because the corporation at large provides those. The Power Mac is faster than any of the Suns or SGIs, so it also gets tapped for crunching through lots of data.
Let me say that this machine has been generally fantastic for us, but SETIGuy's points still stand:
So that going to any machine's name under the automount directory would mount that machine's /usr/people. I could add new machines to the network and it Just Works(tm). But with Apple, it doesn't. I had to explicitly enumerate each machine as a separate item in the mount map.
Furthermore, OS X's automounter won't take mount maps from NIS. I had to write a perl script that dumps the NIS mount map (via ypcat), compares it to the current file being used, and updates the automounter if the NIS map is different. I run this every 15 minutes from a cron job. Big kluge to get it to Just Work(tm).