Mac OS X Server Panther 155
| Mac OS X Server 10.3 Panther | |
| author | Schoun Regan with Kevin White |
| pages | 472 |
| publisher | Peachpit Press |
| rating | 9 |
| reviewer | Mary Norbury-Glaser |
| ISBN | 0321242521 |
| summary | Learn Mac OS X Server fast and efficiently. |
PeachPit Press labels Mac OS X Server 10.3 Panther as intended for those readers with intermediate to advanced OS X Server experience, but this is not accurate. The step-wise instruction provided by Regan and White is richly documented with screenshots, so even those new to OS X Server can follow this book. Intermediate or advanced server admins will find some nice "tips and tricks" to add to their arsenal of tools, and if they're preparing to set up their first OS X Server or XServe, they'll find this book a handy companion to "pre-lab" with and to use as a follow along guide.
In less than 20 pages, Chapter 1 takes the reader through planning his or her OS X Server deployment with an overview of partitioning options, various methods of installation and a tour of post-install logs. This is Regan's "20-pages-of-prep/20-minutes-to-install" chapter; concise, exact and representative of the pace and caliber of the chapters that follow.
Chapter 2, "Server Tools", covers the aftermath of the install; how to use the Server Administration software that comes with OS X Server to configure the server. The authors walk through language choices, network interfaces, administrator account setup, directory service and service startup options. The Server Admin and Workgroup Manager tools are also discussed in detail; how to customize Server Admin preferences, how to use Workgroup Manager preferences (resolve DNS, use SSL for sharing, show system users and groups) and how to add users to the local database. The Server Admin tool is the most used utility in OS X Server. It offers a well-designed GUI to manage all your services as well as preferences and advanced options. If you're upgrading from AppleShare IP, you'll want to look at the section on using the AppleShare IP Migration tool to ease the transition to OS X Panther Server. An overview of the Macintosh Manager follows, for support of Mac OS 9 user preferences. The chapter concludes with a brief introduction to additional server tools: MySQL Manager, using Server Monitor, the RAID Admin Tool, the Network Image Utility, the QTSS (QuickTime Streaming Server) Publisher and the QuickTime Broadcaster (the last two are discussed in greater detail in Chapter 12).
Implementing Open Directory is the focus of Chapter 3, but the actual implementation steps are prefaced by a strong discussion of directory services. The authors begin with a summary of LDAP (Lightweight Directory Access Protocol) and Microsoft's AD (Active Directory), both methods of storing user data. This leads neatly into the Mac OS X Client and Server Directory Access application and the various services options that allow the client or server to connect to another directory service (AD, BSD Flat Files and NIS, LDAPv3 or NetInfo) in order to obtain authentication, authorization and contact information. Each of these options is detailed in its own section. Using the Authentication tab of the Open Directory service to apply global password server policies and using Kerberos (authentication method) are also addressed here. This is an exceedingly well-composed chapter. Understanding directory services and Open Directory concepts will enable the server administrator to better organize the hierarchy of users, groups and shares in his or her environment, especially in a multi-platform situation.
User and group management is the logical segue to the discussion on directory services and is the title of Chapter 4. Topics range from: configuring basic user attributes, advanced user options and administrative user permissions; configuring password types (Open Directory/Kerberos single sign-on, shadow, crypt); creating groups and assigning group folders; setting the home directory and user disk quotas; adding email to user accounts and enabling printer quotas. The section devoted to setting the home directory will be of particular interest to many readers; most academic and corporate users are in an environment where their documents and application preferences are stored in a home directory.
OS X Server excels at providing file sharing via AFP (Apple File Protocol), SMB (Server Message Block), FTP (File Transfer Protocol) and NFS (Network File System). Chapter 5 concentrates on strategies and configuration of share points and sharing protocols. Of the four protocols addressed here, the most widely referenced will be SMB, the native Windows service provided in OS X Server by Samba, an open source/free software (samba.org). Subtopics in this category include connecting Mac OS X clients via SMB and Windows clients via SMB, configuring your server as a PDC (Primary Domain Controller) to enable Windows clients to authenticate against your server and enabling WINS. The chapter concludes with instructions on creating additional network mounts using a shared Application folders and a shared Library folder as real world examples. This chapter will help anyone in a cross-platform environment to blend their Mac OS X Server seamlessly with Windows client and server machines.
Chapter 6, "Network Configuration Options" looks at extending the functionality of your server by enabling other network services like DNS, DHCP, NAT and IP forwarding. The authors spend some time underscoring the importance of properly configuring DNS and the instructions here for setting up simple forward and reverse zone records and then testing the DNS settings are excellently done. Another well-written section is on enabling NAT. This is a simple procedure to perform and well worth it for the added security it provides.
Printing services is the focus of Chapter 7 and goes over print queues, CUPS (Common Unix Printing System), configuring printers in Open Directory and on client machines, managing print jobs and viewing print logs. Every organization can benefit from a centralized print server that can allow an administrator to monitor and control print jobs. The authors make the process of configuring the server and clients extremely easy.
Not everyone needs to enable mail services (especially if they find themselves in a Windows environment with an Exchange server) but nonetheless, it's a valuable subject and the authors give a thorough explanation of not only the mail protocols and services built into OS X Server (SMTP and Postfix, POP, IMAP, Cyrus, SquirrelMail and Mailman) but they also expound on ways to handle spam, creating virtual domains, configuring secure mail authentication, enabling SSL and enabling mail lists via Mailman. Monitoring mail services using the Server Admin tool and Mailman close out the chapter.
Chapter 9, "Web Services," introduces the reader to the Apache Web server. Built into OS X Server, Apple has provided a unique integration of Apache that can be managed via the GUI. Using our friend, the Server Admin tool, the authors show how to set up a Web site, configure Web site options, set up SSL, edit or add to the built-in MIME types, enable Web proxies and monitor web services and log files. By far the most interesting part of this chapter is devoted to setting up realms and WebDAV. WebDAV is a network protocol that provides collaborative editing on a shared file server destination and it supports versioning of any type of media (HTML, GIF, JPEG, etc.), not just text-based. Since WebDAV works over HTTP, you get authentication, encryption, caching, proxy support and efficient transfers.
Every server administrator has to worry about security and the authors turn their attention to this topic in Chapter 10. They begin with physical security (locking the server room, locking the server itself, removing external devices from the server and installing Open Firmware Password to prevent someone from booting into a less secure mode) and then move to firewall basics and how to create advanced FTP rules. Password "good practices" comes next (seems like this is a no-brainer, but the sad fact is that this is a necessary reminder for many people, even server administrators) followed by how to enable encryption based on SSL (Secure Sockets Layer). The authors walk the reader through creating a private key and a corresponding CSR (Certificate Signing Request) and how to act as your own CA (Certificate Authority). They provide really nice directions on how to implement certificates for Open Directory, Web and email SSL as well using, of course, the Server Admin tool.
Chapter 11, "Running A NetBoot Server" combines many of the concepts from previously discussed protocols (DHCP, TFTP, NFS, HTTP) to illustrate another unique feature of OS X Server. NetBoot allows for client machines to boot off shared disk image files that reside on the server. It also enables the server admin to deploy an install image across a network. NetBoot is a highly valuable tool for anyone interested in creating an efficiently managed environment. The authors provide step-wise directions on how to create a bootable image and an install image, how to manage NetBoot images, how to automate installations (very neat) and how to import/export images in order to move them from server to server.
The last three tools in OS X Server are illustrated in Chapter 12: QTSS (QuickTime Streaming Server) which enables audio and video streaming, QTB (QuickTime Broadcaster) which allows you to produce live events for online delivery and QTSS Publisher which manages QuickTime movie, MPEG-4 and MP3 playlists.
The final chapter of the book concentrates on client management and how to implement managed preferences to workgroups, computer lists or individual user accounts. This, of course, is every administrator's dream: to manage and control clients from a centralized environment! The authors show that OS X Server provides excellent management options and with a bit of planning and foresight, an administrator can properly configure their OS X Server tools to provide a balance of efficiency and control.
So what's missing? Not much, really. VPN is not covered at all, though, and I would have liked a section on this. VPN is a real necessity not only for remote employees/students but also for the administrator. But sheesh -- that's a small complaint given the amount of information in this book, and I have to applaud the authors for their ability to combine such detailed instructions on nearly every aspect of OS X Server between two covers.
The book follows the classic Visual QuickPro Guide layout, with each page split into two columns to allow for instructional text situated alongside accompanying screenshots. This book is loaded with screenshots and icon graphics, so the reader will miss nary a step while following along on their test box or their production server. There are even pictures of the progress bar as configuration settings are being applied! (Well, sometimes patience needs to be encouraged.) Chapter subtopics are indicated on the binding of the book with gray thumb tabs. Extended information and digressions are highlighted in gray boxes as logical asides.
Everything about this book is designed to guide the reader through every aspect of the installation and configuration of OS X server. The authors provide clear explanations of each step using a task-based approach with extended discussions on the various choices the server presents the user with at appropriate intervals. There are plenty of real world "tips and tricks" that will save the administrator time and anguish over the course of setting up the server. Regan and White address some of the most difficult to comprehend topics and issues an admin will address: multi-platform environments and file sharing, DNS, Open Directory and security. Fully understanding these subjects is critical to making the correct choices while configuring the server. The authors' thorough discourse provides the reader with the knowledge and tools to get the job done.
Mary Norbury-Glaser is an IT Director at a University of Colorado Health Sciences affiliate center in Denver. Working in a multi-platform academic environment dominated by Windows boxes, she sometimes feels like the Mac Maytag Lady. You can purchase Mac OS X Server 10.3 Panther from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Re:Wait... (Score:2, Informative)
Re:Real world stories (Score:2, Informative)
Virginia tech (Score:1, Informative)
http://www.tcf.vt.edu/systemX.html
No Need to Pay For It (Score:3, Informative)
OS X: It's a Unix system. You know this.
10.3 was the first good OS X Server (Score:5, Informative)
Until 10.3, you weren't missing much. 10 through 10.2 were...disasters. 10.3 was more polished, but still has lots of clunky issues...for example, you have to do manual mucking around in Open Directory to add a standalone printer with an LPR queue. Not terribly hard, just unnecessary- which makes you wonder, "and why couldn't someone have spent a day on making a wizard for this?"
Netbooting setup is also a complete disaster- it was horrible in 10.2, and it's not much better in 10.3, with a lot of parameters not very well explained, etc. Editing plists and tweaking the Open Directory reminded me of the days of editing the Windows registry, and on a Mac, there's something fundamentally wrong with that.
Re:I never make sweeping generalizations (Score:2, Informative)
Re:No Need to Pay For It (Score:5, Informative)
File sharing (AFP) is substantially more flexible on OS X server.
Not to mention, it includes Open Directory, an LDAP based directory service that uses Kerberos for authentication (fairly equivalent to Active Directory or NDS), QuickTime streaming Server, and all sorts of other stuff. And it has a DNS, DHCP, etc, built in, and GUIs for configuring them all.
Sure, they're both UNIX, but there are a ton of extra services on OS X server, and tools for managing them. Downloading BIND, building it, installing it, and configuring via config files is not worth many peoples' time if they need the service. Not everyone is hardened UNIX admin.
and in tiger they are... (Score:4, Informative)
Rejoice.
Re:10.3 was the first good OS X Server (Score:3, Informative)
To answer your question, OS X includes a lot of UNIX server software out of the box - Apache (with mod_ssl, IIRC), PHP, Postfix, OpenSSH and an FTP daemon (the name escapes me). These are enabled and disabled by ticking boxes - laughably easy. (And for the technical, you can still hack around in httpd.conf to customise your setup.) MySQL is also very easily installed. For the rest, use Fink [sf.net] - it's apt-get for OS X.
OS X Server is a somewhat different beast. It includes all of this UNIX goodness and more, plus a slick interface (Server Admin) for configuring it all. But if you're buying a Mac mini, I can't see you needing this - it's a computer for home use, and Server is enterprise-grade stuff. Kinda like running Windows 2003 Server on your Shuttle, but even weirder.
Even so, I'd hold off on buying the Mac mini for the moment. 10.4 is not far away and will bring a host of new additions to the already-impressive OS X feature set.
iqu
O'Reilly has a Mac OS X Server Book (Score:1, Informative)
http://www.amazon.com/exec/obidos/tg/detail/-/059
Re:Real world stories (Score:2, Informative)
It all plays nice together, and is easy to manipulate for basic stuff. And if I want to really go nuts configuring stuff to a far greater degree than I can from the GUI, I have the command line and the GUI.
[shrug]
It just works.
Re:Real world stories (Score:3, Informative)
I'm probably 'small', but I run a campus of 300 staff and 3000 students, all services run on OS X Server.
Open Directory setup, masters, replicas, Samba, Apache, Tomcat, Cyrus, Postfix, MySQL, PostgreSQL, NFS, NetBoot, NetRestore, QTSS, ISC DHCPD, BIND, yadda yadda yadda.
Most storage is on XServe RAIDS, no FC switches, just direct FC.
All computers have AFP or SMB mounted home directories, the laptop users are on mobile homes.
It's a good server platform. Sure, the GUI gets annoying every so often when there are basic things it can't do like virtual mail domains, but I tend to prefer managing those kinds of things from the command line anyway.
The best thing is Open Directory. Apple realized a while ago that they simply had to "play well with others", and so it integrates very nicely with all the big ones, NIS, LDAP, Active Directory, etc.
Re:What's the point? (Score:3, Informative)
OS X Server appeals to two classes of buyers:
First are traditonal Mac shops that need servers. They have no experience with the command line, need an easy, graphical interface, and support for AppleTalk. A Linux server is hopelessly beyond these people, while OS X Server requires only a little more homework.
Second are those attracted by the XServe rackmount server and XServe RAID storage system. XServe is a competitive 64-bit server, and XServe RAID is a nice fibre channel storage box with fairly low cost-per-gigabyte. Sure, you could buy the hardware, wipe OS X, and install Linux, but there's no real reason to do so.
In general, people are attracted to Mac servers for the same reason they're attracted to Mac laptops and desktops: a nice face on top of Unix, and sexy hardware.
Re:In a few months, this book will be mostly usele (Score:3, Informative)
Last time I checked, USC had about 20,000 Macs on campus. Pixar has several thousand, of course, though I don't have a precise figure. I believe the Washington Post has upwards of a thousand, and the various magazines in the American Way family (the American Airlines in flight magazine, plus they publish Southwest Spirit, Celebrated Living and some other in-flight mags) easily has several thousand.
Not everybody operates in the small-business world, ya know.
Re:It ain't Unix! (Score:4, Informative)
There are already versions of cp and mv that support resource forks and file metadata. They are installed as part of the Apple Developer Tools and are named CpMac and MvMac. They get installed in the
I don't know if Apple will be making modifications to the normal cp and mv commands to add this type of functionality to future versions of Mac OS but I wouldn't doubt it.
Re:No Need to Pay For It (Score:1, Informative)
Re:It ain't Unix! (Score:3, Informative)
2. The resource fork data you lose with cp and mv is stuff you don't have on a regular Unix system anyway.
You're right. It's not Unix. It's Unix++.
Re:What does server add? (Score:2, Informative)
Assuming you have a familiarity with Linux, or any command line really, you can get yourself up and running with a standard OS X 'client' based machine. I'd suggest installing Webmin [webmin.com] on your box to help configure things. I've got Webmin running on two of my OS X machines and it makes configuration really simple by adding web-based remote administration to many many tasks (Apache, BIND, Squid, Webalizer, remote access to the file system, etc) while still giving you the ability to edit the raw config files if you want.
You may also want to install Fink [sourceforge.net] to help you get some of the services that are not installed by default in there. (For example Apache is in the OS X client, it just happens to call it "Personal Web Sharing" in the GUI, but their is no POP3 server built in)
Put down the Steve Jobs Kool-aid, mods (Score:1, Informative)
I love Mac OS X. I use it exclusively at home, and I convinced my employer -- a company that is absolutely in LOVE with Windows, where Apple is a dirty word -- to buy me THREE Macs for my team. That's absolutely unheard of here, but those Macs let us work so much more efficiently than we could with Windows, Solaris, or IRIX.
That said, SETIGuy's points are absolutely valid. I will personally vouch for everything he's saying. That's not to say that OS X Server is crap, simply that it needs more work.
In our setup, we have a G5 Power Mac running OS X Server 10.3.8 with an Xserve RAID hooked up to it. The Mac is serving NFS to our Suns, SGIs and Linux machines, SMB to the Windows machines, and AFP to the 2 PowerBooks. It is a member of our NIS network so all Unix accounts can login with NFS home directories. We use the automount daemon with automount maps provided via NIS. It runs a couple of local print queues. Remote login is available via ssh, telnet, and rlogin (we're on a firewalled internal network). Apache is serving a dynamic website that allows our team members to query and process data. I'm thinking of using MySQL, and moving our CVS server to this machine as well.
We don't use any of the other major services because the corporation at large provides those. The Power Mac is faster than any of the Suns or SGIs, so it also gets tapped for crunching through lots of data.
Let me say that this machine has been generally fantastic for us, but SETIGuy's points still stand:
So that going to any machine's name under the automount directory would mount that machine's /usr/people. I could add new machines to the network and it Just Works(tm). But with Apple, it doesn't. I had to explicitly enumerate each machine as a separate item in the mount map.
Furthermore, OS X's automounter won't take mount maps from NIS. I had to write a perl script that dumps the NIS mount map (via ypcat), compares it to the current file being used, and updates the automounter if the NIS map is different. I run this every 15 minutes from a cron job. Big kluge to get it to Just Work(tm).