After server setup is complete, you can take some additional steps to enhance the
security, accessibility, and overall usefulness of your new server. For information,
see “After Setting Up a Server”, next.
After Setting Up a Server
After setting up a server, you can:
Enhance the security, accessibility, and usefulness of your new server by following
Â
the advice in the Mac OS X Server Next Steps document that’s generated and placed
on the server’s desktop after initial setup.
Take a few steps to keep the server secure. For information, see the next two topics,
Â
“Keeping Your Server Secure” and “Protecting the System Administrator (root)
Account”.
If your organization has an Open Directory server, Active Directory server, or other
Â
directory server that you didn’t connect (bind) your new server to during initial
setup, you can connect it now. For instructions, see “Connecting Your Server to a
Directory Server” on page 71.
Use Software Update to install any available Mac OS X Server updates.
Â
For information, see “Keeping Snow Leopard Server Up to Date” on page 79.
Configure an AirPort Base Station or an Internet router to protect your network
Â
while allowing users to access selected services over the Internet. For information,
see “Protecting Your Network with AirPort Extreme” on page 36 and “Protecting Your
Network with a Router” on page 36.
70
Chapter 4
Setting Up Mac OS X Server
If you set up a single server for a small organization or a server for a workgroup
Â
in a medium or large organization, use Server Preferences to set up users and
groups, customize services and system information, and monitor server activity.
For information about these tasks, see Chapter 5, “Managing Your Server,” through
Chapter 10, “Managing Server Information,” or open Server Preferences and then use
the Help menu.
You can also use the Server Status widget with Dashboard to monitor your server.
For information, see “Using the Server Status Widget” on page 75.
Change advanced settings, configure advanced services, change advanced
Â
user and group settings, and manage users’ computers with Server Admin,
Workgroup Manager, other Mac OS X applications, or UNIX command-line tools.
For information about these applications and tools, open the application and
then use the Help menu, or see the Mac OS X Server Resources website at
www.apple.com/server/macosx/resources/.
Keeping Your Server Secure
For security, you should create a standard user account after completing server setup.
When you log in on the server, routinely use this standard account instead of an
administrator account. Then use your administrator account with each application
that requires administrator privileges. For example, use your administrator name and
password with Server Preferences when you need to manage users, groups, or services.
To create a standard user account, use the Accounts pane of System Preferences on the
server. For information, open System Preferences and then use the Help menu.
71
Chapter 4
Setting Up Mac OS X Server
Protecting the System Administrator (root) Account
The administrator password you enter during setup is also used for the server’s System
Administrator user account, whose short name is root. The System Administrator (root)
account can be used to move or delete any file in the system, including system files not
available to a server administrator account or any other user account. You don’t need
root user privileges to administer your server.
Important:
Protecting the root user password is very important, so it should not be the
same as another account’s password. After setting up the server, you should change
the password of the root user account.
To change the root user’s password, open the Accounts pane of System Preferences,
select Login Options, click the Edit button, click Open Directory Utility, and then choose
Edit > Change Root Password. If you don’t see an Edit button in Login Options, but do
see a Join button, click the Join button, click Open Directory Utility, and then choose
Edit > Change Root Password.
You can also change the root user’s password by opening Terminal (in /Applications/
Utilities/) and then entering
sudo passwd root
.
Connecting Your Server to a Directory Server
If your server can have its own users and groups, you can also set up your server to
import user accounts from an Open Directory server or Active Directory server in your
organization. To be able to import user accounts, your server must be connected to
the directory server. Imported user accounts have access to the same services as user
accounts you create on your server.
72
Chapter 4
Setting Up Mac OS X Server
If you don’t import some user accounts from the connected directory server, you can
make them external members of groups. You can also give them access to your server’s
private wikis. For more information, see “Importing Users” on page 91, “Adding or
Removing External Members of a Group” on page 123, and “Setting Up Web Services” on
page 140.
To connect to a directory server:
1
Open the Accounts pane of System Preferences on your server.
2
Click Login Options and then click Edit.
If you don’t see an Edit button but do see a Join button, you need to configure your
server to have its own users and groups before you can configure it to import users
from an existing directory server. For instructions, see “Setting Up Users and Groups
Management” on page 88.
3
Click the Add (+) button, and then choose the directory server from the pop-up menu
or enter the directory server’s DNS name or IP address.
4
If the dialog expands to show Client Computer ID, User Name, and Password fields,
enter the name and password of a user account on the directory server.
Â
For an Open Directory server, you can enter the name and password of a standard
user account; you don’t need to use a directory administrator account. If the dialog
says you can leave the name and password fields blank, you can connect without
authentication, although this is less secure.
Â
For an Active Directory server, you can enter the name and password of an Active
Directory administrator account or a standard user account that has the “Add
workstations to domain” privilege.
73
5