PDA

View Full Version : A step by step newbie guide for seting up apple os x server




esquire360
Feb 22, 2008, 04:37 PM
Gaffed from this thread a newbie must read.

http://discussions.apple.com/thread.jspa?threadID=1251475

Hi

I have not upgraded any single-server site. I have always started from a fresh install. You should really post another thread as this thread is referring to a different problem altogether which I personally have not seen. What you are asking is not that simple as everyone's requirement and network is not the same. If I describe what can be done simply and concisely then maybe it might benefit you as well as possibly others.

These instructions are for the GUI only with no manual configuration and hardly any recourse for the command line. These instructions also assume that this will be the only server on the network with an existing 3rd-Party router providing access to the internet. The Router's IP address is 172.16.16.1

Substitute appropriately the example given for your situation. The example used is for a pretend business called ĎMy Businessí. I'm going to assume you have started with a clean installation and that the hardware used meets Apple's minimum requirements for Leopard Server:

http://www.apple.com/uk/server/macosx/specs.html.

After installing the Server Software the Server Setup Assistant will launch. There will be a series of prompts/windows that will appear. How you answer some of these will be important in preventing problems later on. When prompted by the Setup Assistant select 'Advanced'. When prompted for DNS details in the first field key in 'server.mybusiness.com', key in 'server' in the second field, although this should autofill for you, don't worry if does not. As you progress past this point you'll be prompted to create the default System Administrator Account (UID 501). Use Administrator as the long name and admin as the short name with admin as the password. You can change this later on. For the Network Settings (TCP/IP) assign a fixed IP address of 172.16.16.254, a subnet mask of 255.255.255.0 and the router/gateway IP address as 172.16.16.1. Key in any ISP supplied DNS Server IP addresses in the DNS Servers field. You can key in the Router IP address instead as this will pass on any ISP DNS Addresses that the router picks up on its WAN port. Donít start any services apart from Remote Desktop. You can enable Screen Sharing if you wish.

Two important things to note at this stage: Root is enabled by default on Server Installations as is SSH access. VNC also starts to allow for Screen Sharing. This is not the case with the client OS. Some System Admins have no problem with root and ssh being enabled as they will see this as two useful tools in administering and troubleshooting the server. On the other hand having root and SSH enabled can be seen as a security risk. Deal with this as seems appropriate to you. You can disable these later on using the Sharing Preferences Pane for SSH and the Directory Utility for root.

Save the configuration as a text file and restart the Server. After the restart log in using the newly created System Administrator account details. Now would be a good time to test internet connectivity as well as running Software Update and installing all the updates relevant for the server. Make sure the server is fully up to date before doing anything else.

Before starting any other service configure the DNS Service first. Launch Server Admin. You may get a message stating the server can't be found. Don't worry about this simply remove it from the list when asked. Select Add Server and key in 'server.local' along with the admin name and password. You can if you wish use the 172.16.16.254 address as well as the loopback (127.0.0.1) address. Later on after DNS has been configured you can use its FQDN (Fully Qualified Domain Name). You should now be logged into Server Admin. Select the Server name and select Settings and select Services. Enable the DNS Service. This should now be available under the server name in the left hand pane. Select DNS and Select Zones. You should see nothing in the zones. Select Add Primary Zone. As soon as you do this Server Admin will 'helpfully' autofill the top window with a zone name and a Reverse Pointer Setting. These will be defaulted to example.com and ns 10.0.0.1. Select the Zone as well as clicking the disclosure triangle to reveal the Named Server Record (ns). Start with the zone first and edit example.com to read mybusiness.com. The Fully Qualified tick box should be ticked and grayed out. In the Server field, edit the server name to read server. Don't click save yet! Next select the ns record and edit the server name to read server and the IP address to read 172.16.16.254. Now click Save. As soon as you do this the Reverse Pointer field should autofill itself with the relevant information based on what you have already keyed in. Select Settings and key in the Forwarders field your ISP's DNS Server Addresses. You don't have to enable Zones Transfer although it does not hurt at this stage if you do. Up the Logging levels to debug and now start the Service. Next go the Network Preferences Pane and replace the ISP DNS Server IP addresses or the Router's IP Address with the server's own IP address: 172.16.16.254. Apply the changes and launch a web browser. You should now be on the internet using the Server's own DNS Service.

Test and qualify the DNS Service by launching terminal and issuing the host command:

host server.mybusiness.com
server.mybusiness.com has address 172.16.16.254
host 172.16.16.254
254.16.16.172.in-addr.arpa domain name pointer host172-16-16-254.in-addr.server.mybusiness.com

This qualifies the forward and reverse pointers for the DNS Service. You can also issue this command:

server:~ admin$ sudo changeip -checkhostname

Supply the password when prompted, you should see this returned:

Primary address = 172.16.1.254

Current HostName = server.mybusiness.com
DNS HostName = server.mybusiness.com

The names match. There is nothing to change.

That should pretty much clinch it.

Now configure simple file services: AFP and if necessary Windows. Don't enable Guest Access and leave Any Method as the Authentication Method to be used for the AFP Service. Start the Services. Create a test user in the local server directory and test using a client computer to access the default share points: Users, Groups, Public. Donít be tempted to delete these folders as the server will complain. If you donít want to use these you can simply unshare the share points and create new ones. You could for example create share points on a connected XServe RAID and share these instead. Save any changes made. Apple have moved File Sharing administration away from Workgroup Manager to Server Admin. Select the Server Name and click on File Sharing. By default ACLs are enabled on 10.5 Server. If you don't wish to use ACLs you have to disable them using the command line:

sudo fsaclctl -p path -d disable (where path is the volume)

To re-enable ACLs do the following:

sudo fsaclctl -p path -d enable

You must always restart the server after either enabling or disabling ACLs.

If you want the Server to issue IP addresses then consider using the DHCP Service. If your router is already doing this then there is no need to bother just yet. Once you get comfortable and familiar with the Server you could look at this later on as well as any other service you may want.

As ever how internal DNS Services are configured is absolutely crucial to how effective the server is going to be. Pretty much everything available in Leopard Server will benefit from having internal DNS Services configured correctly. All the more advanced technologies will absolutely require DNS. Internal DNS Services do not have to be configured on the server itself just as long as they are configured somewhere (on another server for example) on the private network will do.

Hope this helps, Tony