Apple Mac OS X Server User Manual

Mac OS X ServerCommand-LineAdministrationFor Version 10.3 or Later034-2454_Cvr 10/15/03 11:47 AM Page 1

10 Contents157 A Note on Using ldapsearch158 Idle Rebinding Options158 Additional Information About LDAP159 NetInfo159 Configuring NetInfo159 Password

100 Chapter 10 Working With NetBoot Service Image Record ArrayAn array of the following values appears in the NetBoot service settings for each ima

Chapter 10 Working With NetBoot Service 101 Port Record ArrayAn array of the following items is included in the NetBoot service settings for each n

LL2354.book Page 102 Monday, October 20, 2003 9:47 AM

11 10311 Working With Mail ServiceCommands you can use to manage the Mail service in Mac OS X Server.Starting and Stopping Mail ServiceTo start M

104 Chapter 11 Working With Mail Service Changing Mail Service SettingsYou can use serveradmin to modify your server’s mail configuration. However,

Chapter 11 Working With Mail Service 105 postfix:error_notice_recipient Default = "postmaster"postfix:smtpd_sasl_local_domain Default = n

106 Chapter 11 Working With Mail Service postfix:line_length_limit Default = 2048postfix:mailbox_transport Default = 0postfix:deliver_lock_delay De

Chapter 11 Working With Mail Service 107 postfix:local_transport Default = "local:$myhostname"postfix:smtpd_helo_restrictions Default = n

108 Chapter 11 Working With Mail Service postfix:parent_domain_matches_subdomains Default = "debug_peer_list,fast_flush_domains,mynetworks,per

Chapter 11 Working With Mail Service 109 postfix:virtual_mailbox_limit Default = 51200000postfix:smtpd_noop_commands Default = 0postfix:mail_releas

11PrefaceAbout This BookNotation ConventionsThe following conventions are used throughout this book.SummaryCommands and Other Terminal TextComma

110 Chapter 11 Working With Mail Service postfix:queue_service_name Default = "qmgr"postfix:transport_maps Default = ""postfix:

Chapter 11 Working With Mail Service 111 postfix:showq_service_name Default = "showq"postfix:smtp_pix_workaround_delay_time Default = &qu

112 Chapter 11 Working With Mail Service postfix:proxy_read_maps Default = "$local_recipient_maps $mydestination $virtual_alias_maps $virtual_

Chapter 11 Working With Mail Service 113 postfix:append_dot_mydomain Default = yespostfix:command_expansion_filter Default = "1234567890!@%-_=

114 Chapter 11 Working With Mail Service imap:umask Default = "077"imap:tls_ca_path Default = ""imap:pop_auth_gssapi Default =

Chapter 11 Working With Mail Service 115 imap:tls_ca_file Default = ""imap:sasl_pwcheck_method Default = "auxprop"imap:postuser

116 Chapter 11 Working With Mail Service Mail serveradmin CommandsYou can use the following commands with the serveradmin application to manage Mai

Chapter 11 Working With Mail Service 117 Listing Mail Service StatisticsYou can use the serveradmin getHistory command to display a log of periodic

118 Chapter 11 Working With Mail Service Viewing the Mail Service LogsYou can use tail or any other file listing tool to view the contents of the M

Chapter 11 Working With Mail Service 119 Setting Up SSL for Mail ServiceMail service requires some configuration to provide Secure Sockets Layer (S

12 Preface About This Book Parameters You Must Type as ShownIf you need to type a parameter as shown, it appears following the command in the same

120 Chapter 11 Working With Mail Service 7 Type y when prompted to confirm the algorithm and key size, then press Return.You have selected algorith

Chapter 11 Working With Mail Service 121 Obtaining an SSL CertificateAfter generating a CSR and a keychain, you continue configuring Mail service f

122 Chapter 11 Working With Mail Service Creating a Passphrase FileTo create a passphrase file, you will use TextEdit, then change the privileges o

12 12312 Working With Web TechnologiesCommands you can use to manage Web service in Mac OS X Server.Starting and Stopping Web ServiceTo start Web

124 Chapter 12 Working With Web Technologies To list a group of settings:You can list a group of settings that have part of their names in common b

Chapter 12 Working With Web Technologies 125 To change several settings:$ sudo serveradmin settingsweb:setting = valueweb:setting = valueweb:settin

126 Chapter 12 Working With Web Technologies Viewing Service StatisticsYou can use the serveradmin getHistory command to display a log of periodic

Chapter 12 Working With Web Technologies 127 Example Script for Adding a WebsiteThe following script shows how you can use serveradmin to add a web

128 Chapter 12 Working With Web Technologies web:Sites:_array_id:_ipaddr\:_port__servername:ErrorDocument:_array_index:0:StatusCode = 404web:Sites:

13 12913 Working With Network ServicesCommands you can use to manage DHCP, DNS, Firewall, NAT, and VPN service in Mac OS X Server.DHCP ServiceSta

1 131 Typing CommandsHow to use Terminal to execute commands, connect to a remote server, and view online information about commands and utilitie

130 Chapter 13 Working With Network Services Changing DHCP Service SettingsTo change a setting:$ sudo serveradmin settings dhcp:setting = valueTo c

Chapter 13 Working With Network Services 131 DHCP Subnet Settings ArrayAn array of the settings listed in the following table is included in the DH

132 Chapter 13 Working With Network Services lease_time_secs Lease time in seconds.Default = "3600"Corresponds to the Lease Time pop-up m

Chapter 13 Working With Network Services 133 Adding a DHCP SubnetYou may already have a subnet for each port you enabled when you installed and set

134 Chapter 13 Working With Network Services List of DHCP serveradmin CommandsYou can use the following command with the serveradmin application to

Chapter 13 Working With Network Services 135 DNS ServiceStarting and Stopping the DNS ServiceTo start DNS service:$ sudo serveradmin start dnsTo st

136 Chapter 13 Working With Network Services To view the latest entries in a log:$ tail log-fileYou can use the serveradmin getLogPaths command to

Chapter 13 Working With Network Services 137 Checking the Status of Firewall ServiceTo see summary status of Firewall service:$ sudo serveradmin st

138 Chapter 13 Working With Network Services IPFilter Groups With Rules ArrayAn array of the following settings is included in the IPFilter setting

Chapter 13 Working With Network Services 139 The unmodified ipfw.conf file:# ipfw.conf.default - Installed by Apple, never modified by Server Admin

14 Chapter 1 Typing Commands To type a command:mWait for a prompt to appear in the Terminal window, then type the command and press Return.If you g

140 Chapter 13 Working With Network Services Adding Rules Using serveradminIf you prefer not to work with the ipfw.conf file, you can use the serve

Chapter 13 Working With Network Services 141 IPFilter Rules ArrayAn array of the following settings is included in the IPFilter settings for each d

142 Chapter 13 Working With Network Services Viewing Firewall Service LogYou can use tail or any other file listing tool to view the contents of th

Chapter 13 Working With Network Services 143 Changing NAT Service SettingsTo change a setting:$ sudo serveradmin settings nat:setting = valueTo cha

144 Chapter 13 Working With Network Services NAT serveradmin CommandsYou can use the following commands with the serveradmin application to manage

Chapter 13 Working With Network Services 145 VPN ServiceStarting and Stopping VPN ServiceTo start VPN service:$ sudo serveradmin start vpnTo stop V

146 Chapter 13 Working With Network Services List of VPN Service SettingsUse the following parameters with the serveradmin command to change settin

Chapter 13 Working With Network Services 147 com.<name>.ppp.l2tp:PPP:DSACLEnabledDefault = nocom.<name>.ppp.l2tp:PPP:VerboseLoggingDefa

148 Chapter 13 Working With Network Services com.<name>.ppp.pptp:Interface:SubTypeDefault = "PPTP"com.<name>.ppp.pptp:Interfa

Chapter 13 Working With Network Services 149 List of VPN serveradmin CommandsYou can use the following commands with the serveradmin application to

Chapter 1 Typing Commands 15 Commands Requiring Root PrivilegesMany commands used to manage a server must be executed by the root user. If you get

150 Chapter 13 Working With Network Services IP FailoverIP failover allows a secondary server to acquire the IP address of a primary server if the

Chapter 13 Working With Network Services 151 Enabling IP FailoverYou enable IP failover by adding command lines to the file /etc/hostconfig on the

152 Chapter 13 Working With Network Services Configuring IP FailoverYou configure failover behavior using scripts. The scripts must be executable (

Chapter 13 Working With Network Services 153 For example, your secondary server may perform other services on the network such as running a statist

LL2354.book Page 154 Monday, October 20, 2003 9:47 AM

14 15514 Working With Open DirectoryCommands you can use to manage the Open Directory service in Mac OS X Server.This chapter includes descriptio

156 Chapter 14 Working With Open Directory Registering URLs With Service Location Protocol (SLP)You can use the slp_reg command to register service

Chapter 14 Working With Open Directory 157 LDAPConfiguring LDAPThe following tools are available for configuring LDAP. For more information, see th

158 Chapter 14 Working With Open Directory The -x option forces ldapsearch to use simple authentication instead of SASL.Idle Rebinding OptionsThe f

Chapter 14 Working With Open Directory 159 NetInfoConfiguring NetInfoYou can use the following command-line utilities to manage the NetInfo directo

16 Chapter 1 Typing Commands Sending Commands to a Remote ServerSecure Shell (SSH) lets you send secure, encrypted commands to a server over the ne

160 Chapter 14 Working With Open Directory For information on the available methods, see the Open Directory administration guide.Kerberos and Singl

15 16115 Working With QuickTime Streaming ServerCommands you can use to manage QTSS service in Mac OS X Server.Starting QTSS ServiceYou can use t

162 Chapter 15 Working With QuickTime Streaming Server Viewing QTSS SettingsTo list all QTSS service settings:$ sudo serveradmin settings qtssTo li

Chapter 15 Working With QuickTime Streaming Server 163 QTSS SettingsUse the following parameters with the serveradmin command to change settings fo

164 Chapter 15 Working With QuickTime Streaming Server modules:_array_id:QTSSAdminModule:AdministratorGroupDefault = "admin"modules:_arra

Chapter 15 Working With QuickTime Streaming Server 165 modules:_array_id:QTSSReflectorModule:allow_broadcastsDefault = yesmodules:_array_id:QTSSRef

166 Chapter 15 Working With QuickTime Streaming Server QTSS serveradmin CommandsYou can use the following commands with the serveradmin application

Chapter 15 Working With QuickTime Streaming Server 167 Viewing QTSS Service StatisticsYou can use the serveradmin getHistory command to display a l

168 Chapter 15 Working With QuickTime Streaming Server Viewing Service LogsYou can use tail or any other file listing tool to view the contents of

Chapter 15 Working With QuickTime Streaming Server 169 Preparing Older Home Directories for User StreamingIf you want to enable QTSS home directory

Chapter 1 Typing Commands 17 Updating SSH Key FingerprintsThe first time you connect to a remote server using SSH, the local computer asks if it ca

LL2354.book Page 170 Monday, October 20, 2003 9:47 AM

171IndexIndexAAFP (Apple Filing Protocol)canceling user disconnect 74changing service settings 68checking service status 67disconnecting users 73l

172 Index Ffile system, case-sensitive 51File Transfer Protocol. See FTPfingerprint, RSA 17Firewall service. See IPFilter servicefsck command 50

Index 173checking service status 142service settings 143starting service 142stopping service 142viewing service logs 144viewing service setti

174 Index SSASLused by ldapsearch 157scriptsadding a website 127Secure Sockets Layer. See SSLserial number, server software 26serveradmin utilit

Index 175starting service 145stopping service 145viewing service logs 149viewing service settings 145Wweb proxy settings 43Web servicechangin

18 Chapter 1 Typing Commands Using TelnetBecause it isn’t as secure as SSH, Telnet access isn’t enabled by default.To enable Telnet access:$ servic

Chapter 1 Typing Commands 19 Notes About Specific Commands and ToolsserversetupThe serversetup utility is located in /System/Library/ServerSetup. T

 Apple Computer, Inc.© 2003 Apple Computer, Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software ma

LL2354.book Page 20 Monday, October 20, 2003 9:47 AM

2 212 Installing Server Software and Finishing Basic SetupCommands you can use to install, set up, and update Mac OS X Server software on local o

22 Chapter 2 Installing Server Software and Finishing Basic Setup To create a template configuration file at any time after initial setup:1 Open th

Chapter 2 Installing Server Software and Finishing Basic Setup 23 <key>DS</key><dict><key>DSClientInfo</key><strin

24 Chapter 2 Installing Server Software and Finishing Basic Setup <string></string><key>Type</key><string>DHCP Config

Chapter 2 Installing Server Software and Finishing Basic Setup 25 Naming Configuration FilesThe Server Assistant recognizes configuration files wit

26 Chapter 2 Installing Server Software and Finishing Basic Setup Viewing, Validating, and Setting the Software Serial NumberYou can use the server

Chapter 2 Installing Server Software and Finishing Basic Setup 27 Moving a ServerTry to place a server in its final network location (subnet) befor

LL2354.book Page 28 Monday, October 20, 2003 9:47 AM

3 293 Restarting or Shutting Down a ServerCommands you can use to shut down or restart a local or remote server.Restarting a ServerYou can use th

3 1 Contents Preface 11 About This Book11 Notation Conventions 11 Summary 11 Commands and Other Terminal Text 11 Command Parameters and Option

30 Chapter 3 Restarting or Shutting Down a Server Changing a Remote Server’s Startup DiskYou can change a remote server’s startup disk using SSH.To

4 314 Setting General System PreferencesCommands you can use to set system preferences, usually set using the System Preferences GUI application.

32 Chapter 4 Setting General System Preferences Viewing or Changing the System DateTo view the current system date:$ sudo systemsetup -getdateor$ s

Chapter 4 Setting General System Preferences 33 Viewing or Changing Network Time Server UsageTo see if a network time server is being used:$ sudo s

34 Chapter 4 Setting General System Preferences To set how long the system waits to restart after a power failure:$ sudo systemsetup -setWaitForSta

Chapter 4 Setting General System Preferences 35 Sharing SettingsYou can use the systemsetup command to view or change settings that would otherwise

36 Chapter 4 Setting General System Preferences Login SettingsDisabling the Restart and Shutdown ButtonsTo disable or enable the Restart and Shutdo

5 375 Network PreferencesCommands you can use to change a server’s network settings.Network Interface InformationThis section describes commands

38 Chapter 5 Network Preferences Viewing or Changing MTU ValuesYou can use these commands to change the maximum transmission unit (MTU) size for a

Chapter 5 Network Preferences 39 To enable or disable a port configuration:$ sudo networksetup -setnetworkserviceenabled configuration (on|off)Chan

4 Contents 26 Viewing, Validating, and Setting the Software Serial Number 26 Updating Server Software 27 Moving a Server Chapter 3 29 Restarting or S

40 Chapter 5 Network Preferences Viewing or Changing IP Address, Subnet Mask, or Router AddressYou can use the serversetup and networksetup command

Chapter 5 Network Preferences 41 Viewing or Changing DNS ServersTo view the DNS servers for port en0:$ serversetup -getDefaultDNSServer (devicename

42 Chapter 5 Network Preferences Enabling TCP/IPTo enable TCP/IP on a particular port:$ serversetup -EnableTCPIP [(devicename|"portname")

Chapter 5 Network Preferences 43 To view the FTP passive setting for a configuration:$ sudo networksetup -getpassiveftp "configuration"To

44 Chapter 5 Network Preferences Viewing or Changing SOCKS Firewall Proxy SettingsTo view the SOCKS firewall proxy information for a configuration:

Chapter 5 Network Preferences 45 To change the computer name:$ sudo systemsetup -setcomputername computernameor$ sudo networksetup -setcomputername

LL2354.book Page 46 Monday, October 20, 2003 9:47 AM

6 476 Working With Disks and VolumesCommands you can use to prepare, use, and test disks and volumes.Mounting and Unmounting VolumesYou can use t

48 Chapter 6 Working With Disks and Volumes Monitoring Disk SpaceWhen you need more vigilant monitoring of disk space than the log rolling scripts

Chapter 6 Working With Disks and Volumes 49 Reclaiming Disk Space Using Log Rolling ScriptsThree predefined scripts are executed automatically to r

Contents 5 39 Changing Configuration Precedence 39 TCP/IP Settings 39 Changing a Server’s IP Address 40 Viewing or Changing IP Address, Subnet Mask,

50 Chapter 6 Working With Disks and Volumes Managing Disk JournalingChecking to See if Journaling is EnabledYou can use the mount command to see if

Chapter 6 Working With Disks and Volumes 51 Enabling Journaling When You Erase a DiskYou can use the newfs_hfs command to set up and enable journal

52 Chapter 6 Working With Disks and Volumes Imaging and Cloning Volumes Using ASRYou can use Apple Software Restore (ASR) to copy a disk image onto

7 537 Working With Users and GroupsCommands you can use to set up and manage users and groups in Mac OS X Server.Creating Server Administrator Us

54 Chapter 7 Working With Users and Groups Importing Users and GroupsYou can use the dsimportexport command to import user and group accounts. Note

Chapter 7 Working With Users and Groups 55 3 Open the Terminal application and type the dsimportexport command. The tool is located in /Application

56 Chapter 7 Working With Users and Groups In addition, you can include• UserShell (the default shell)• NFSHomeDirectory (the path to the user’s ho

Chapter 7 Working With Users and Groups 57 An example user account looks like this:jim:Adl47E$:408:20:J. Smith, Jr., M.D.:/Network/Servers/somemac/

58 Chapter 7 Working With Users and Groups HomeDirectory: The location of an AFP-based home directory Structured UTF-8 text<home_dir> <url

Chapter 7 Working With Users and Groups 59 MCXFlags:If present, MCXSettings is loaded; if absent, MCXSettings isn’t loaded; required for a managed

6 Contents 57 User Attributes 62 Checking a Server User’s Name, UID, or Password 63 Creating a User’s Home Directory63 Mounting a User’s Home Directo

60 Chapter 7 Working With Users and Groups Mail Attributes in User RecordsThe following table lists the standard XML data structures for a user mai

Chapter 7 Working With Users and Groups 61 NotificationState An optional keyword describing whether to notify the user whenever new mail arrives. I

62 Chapter 7 Working With Users and Groups Checking a Server User’s Name, UID, or PasswordYou can use the following commands to check the name, UID

Chapter 7 Working With Users and Groups 63 Creating a User’s Home DirectoryNormally, you can create a user's home directory by clicking the Cr

LL2354.book Page 64 Monday, October 20, 2003 9:47 AM

8 658 Working With File ServicesCommands you can use to create share points and manage AFP, NFS, Windows (SMB), and FTP services in Mac OS X Serv

66 Chapter 8 Working With File Services Creating a Share PointTo create a share point:$ sharing -a path [-n customname] [-A afpname] [-F ftpname] [

Chapter 8 Working With File Services 67 Shares the directory named Windows Docs on the disk 100GB. The share point is named WinDocs for server mana

68 Chapter 8 Working With File Services To list a particular setting:$ sudo serveradmin settings afp:settingTo list a group of settings:You can lis

Chapter 8 Working With File Services 69 activityLogSize Rollover size (in kilobytes) for the activity log. Only used if activityLogTime isn’t speci

Contents 780 Checking SMB Service Status81 Viewing SMB Settings81 Changing SMB Settings82 List of SMB Service Settings84 List of SMB serveradmin Comma

70 Chapter 8 Working With File Services guestAccess Allow guest users access to the server.Default = yesidleDisconnectFlag: adminUsersEnforce idle

Chapter 8 Working With File Services 71 maxThreads Maximum number of AFP threads. (Must be specified at startup.)Default = 40noNetworkUsers Indicat

72 Chapter 8 Working With File Services List of AFP serveradmin CommandsIn addition to the standard start, stop, status, and settings commands, you

Chapter 8 Working With File Services 73 Sending a Message to AFP UsersYou can use the serveradmin sendMessage command to send a text message to con

74 Chapter 8 Working With File Services Outputafp:command = "disconnectUsers"afp:messageSent = "<message>"afp:timeStamp =

Chapter 8 Working With File Services 75 Listing AFP Service StatisticsYou can use the serveradmin getHistory command to display a log of periodic s

76 Chapter 8 Working With File Services Viewing AFP Log FilesYou can use tail or any other file listing tool to view the contents of the AFP servic

Chapter 8 Working With File Services 77 Changing NFS Service SettingsUse the following parameters with the serveradmin command to change settings f

78 Chapter 8 Working With File Services Changing FTP SettingsYou can change FTP service settings using the serveradmin application.To change a sett

Chapter 8 Working With File Services 79 List of FTP serveradmin CommandsYou can use the following commands with the serveradmin application to mana

8 Contents11 6 Mail serveradmin Commands11 7 Listing Mail Service Statistics11 8 Viewing the Mail Service Logs11 9 Setting Up SSL for Mail Service11 9

80 Chapter 8 Working With File Services Viewing the FTP Transfer LogYou can use tail or any other file listing tool to view the contents of the FTP

Chapter 8 Working With File Services 81 Viewing SMB SettingsTo list all SMB service settings:$ sudo serveradmin settings smbTo list a particular se

82 Chapter 8 Working With File Services List of SMB Service SettingsUse the following parameters with the serveradmin command to change settings fo

Chapter 8 Working With File Services 83 local master Whether the server is providing workgroup master browser service. Can be set to:yes | noCorres

84 Chapter 8 Working With File Services List of SMB serveradmin CommandsYou can use these commands with the serveradmin tool to manage SMB service.

Chapter 8 Working With File Services 85 OutputThe following array of settings is displayed for each connected user:smb:usersArray:_array_index:i:di

86 Chapter 8 Working With File Services Listing SMB Service StatisticsYou can use the serveradmin getHistory command to display a log of periodic s

Chapter 8 Working With File Services 87 Viewing SMB Service LogsYou can use tail or any other file listing tool to view the contents of the SMB ser

LL2354.book Page 88 Monday, October 20, 2003 9:47 AM

9 899 Working With Print ServiceCommands you can use to manage the Print service in Mac OS X Server.Starting and Stopping Print ServiceTo start P

Contents 913 6 Firewall Service13 6 Starting and Stopping Firewall Service137 Checking the Status of Firewall Service137 Viewing Firewall Service Sett

90 Chapter 9 Working With Print Service Changing Print Service SettingsTo change a setting:$ sudo serveradmin settings print:setting = valueTo chan

Chapter 9 Working With Print Service 91 Queue Data ArrayPrint service settings include an array of values for each existing print queue. The array

92 Chapter 9 Working With Print Service Here is an example of a queue array parameter block:print:queuesArray:_array_id:29D3ECF3-17C8-16E5-A330-84C

Chapter 9 Working With Print Service 93 Print Service serveradmin CommandsYou can use the following commands with the serveradmin application to ma

94 Chapter 9 Working With Print Service Listing Jobs and Job InformationYou can use the serveradmin getJobs command to list information about print

Chapter 9 Working With Print Service 95 To release the job for printing, change its state to PENDING.To release the job:$ sudo serveradmin commandp

LL2354.book Page 96 Monday, October 20, 2003 9:47 AM

10 9710 Working With NetBoot ServiceCommands you can use to manage the NetBoot service in Mac OS X Server.Starting and Stopping NetBoot ServiceTo

98 Chapter 10 Working With NetBoot Service Changing NetBoot SettingsYou can change NetBoot service settings using the serveradmin command.To change

Chapter 10 Working With NetBoot Service 99 Storage Record ArrayA volume parameter array:Filters Record ArrayAn array of the following values appear