Two strategies to consider
I. Single Server - One server handles both Authentication and Documents services.
II. Multiple Servers - Two or more servers share the workload of Authentication and Documents services.
Brief listing of terms used in this document
Note: For more information on parent/child domain structures, see pages 39 to 55 of the Mac OS X Server Administrator's Guide. You can also review the Understanding and Using NetInfo whitepaper on the Mac OS X Server Web site (http://www.apple.com/macosx/server/).
Required Software and Hardware
Assumptions
I. Macintosh Manager 2.0 Single Server
Follow these steps if you wish to use a single computer to provide both of the main components of Macintosh Manager (authentication and documents service).
II. Macintosh Manager 2.0 Multiple Server Environment
The most common configuration used by Macintosh Manager 2.0 administrators is a multiple server environment, where the NetInfo hierarchy is leveraged to provide scalability and organization of user data. Initial user authentication occurs on a single server (Parent from a NetInfo perspective), and the users are split amongst one or more document servers (Child from a NetInfo perspective).
Note: Read through these steps completely before setting up your servers, so that you may appropriately plan how to deploy your users and network infrastructure.
Setting up the NetInfo Hierarchy
Allowing Users to Login as Macintosh Manager Users
I. Single Server - One server handles both Authentication and Documents services.
II. Multiple Servers - Two or more servers share the workload of Authentication and Documents services.
Brief listing of terms used in this document
- The term "Folder" may be used interchangeably with "Directory."
- Home directory - Directory bearing a user's name, where that given user is able to store files. Macintosh Manager users must have this feature enabled in the Server Admin, or they will be unable to save files easily on the Mac OS X Server.
- Users folder - Default share point for Macintosh Manager users' Home directories.
- Mac OS X Server - Refers to Mac OS X Server 10.0 or later, unless otherwise specified.
- Macintosh Manager - Refers to Macintosh Manager 2.0 or later, unless otherwise specified.
- NetInfo - A hierarchical distributed database that is used to keep track of administrative data in Mac OS X Server. It can store information on user and group accounts, email configurations, NFS (Network File System), printers, computers and other resources.
Note: For more information on parent/child domain structures, see pages 39 to 55 of the Mac OS X Server Administrator's Guide. You can also review the Understanding and Using NetInfo whitepaper on the Mac OS X Server Web site (http://www.apple.com/macosx/server/).
Required Software and Hardware
- Mac OS X Server 10.0.4 or later. Updates are located at: http://www.apple.com/swupdates/
- For the server: Any Macintosh computer which meets the system requirements defined in technical document 106430 "Mac OS X Server: System Requirements and Recommended AppleShare Client Software".
- For administration: A Macintosh computer that meets the system requirements defined in technical document 106350 "Mac OS X Server 10.0: Server Admin System Requirements and Installation". The Server Admin and Macintosh Manager applications must be installed on this computer.
- For clients: Macintosh computers using Mac OS 8.1 to 9.2.1 with Multiple Users client software installed.
Assumptions
- Your network provides Domain Name Services (DNS) with reverse lookup capability.
- If Domain Name Services are not enabled on the network, it is recommended that the hostname of the Mac OS X Server be entered manually into the "machines" property as a subdirectory using NetInfo Manager. The following properties will need to be present in this subdirectory:
ip_address (value will be valid ip address for your network)
name (value will be a hostname for your server)
- Mac OS X Server has been installed with working a network configuration on the computer(s) that will host the Parent NetInfo Domain and/or Child NetInfo Domain(s).
I. Macintosh Manager 2.0 Single Server
Follow these steps if you wish to use a single computer to provide both of the main components of Macintosh Manager (authentication and documents service).
- 1. Assigning the Default Home Directory location for your users
a. At your administration computer, log in to the Server Admin application.
b. Click the Users and Groups icon and select Home Directory Defaults from the menu.
c. Select the Local radio button and the Users share point. This is the default configuration for this scenario. You may use any share point that you have previously created.
2. Creating or Importing Users into Mac OS X Server Admin
a. Import Users (.xml file) into Mac OS X Server 10.0 using Mac OS Server Admin. These files can be generated/exported from within AppleShare IP or converted to XML from an exported tab-delimited text file using third party utilities such as Passenger or MM Helper.
3. Start services.
Make sure the Apple File Service and Macintosh Management Services have been started in Server Admin.
4. Adding Users to the Macintosh Manager Users List
a. Open the Macintosh Manager application and log in as an Admin user.
b. Click the Import All button. You may also selectively drag users from the Server Admin User & Groups list to the Macintosh Manager admin list.
5. Setup for users.
Set up users' workgroup membership, items, privileges, etc. as appropriate. These steps roughly mirror those found in versions of Macintosh Manager prior to 2.0 and are not covered in this section.
II. Macintosh Manager 2.0 Multiple Server Environment
The most common configuration used by Macintosh Manager 2.0 administrators is a multiple server environment, where the NetInfo hierarchy is leveraged to provide scalability and organization of user data. Initial user authentication occurs on a single server (Parent from a NetInfo perspective), and the users are split amongst one or more document servers (Child from a NetInfo perspective).
Note: Read through these steps completely before setting up your servers, so that you may appropriately plan how to deploy your users and network infrastructure.
Setting up the NetInfo Hierarchy
- 1. First, the Parent server must be configured.
a. Open NetInfo Domain Setup (Applications/Utilities/) at the Mac OS X Server where your users' NetInfo records are to be maintained.
b. Click the lock and enter the Admin user name and password. You may additionally be asked to authenticate as the root user. For more information on the root user, see technical document 106361.
c. Edit the settings to reflect the following:
This machine: is a NetInfo Parent
Find NetInfo Parent via: Static Address
NetInfo Parent Address: 10.0.1.1
NetInfo Server Tag: network
Note: Where the example shows 10.0.1.1, type the actual IP address of your authentication server.
Figure 1
d. Click Save and wait until the pointer stops spinning.
e. Quit NetInfo Domain Setup and Restart the computer.
2. Next, the Child server must be configured.
a. Open NetInfo Domain Setup on the Mac OS X Server where your users Home directories (documents) are to be maintained.
b. Click the lock and enter the Admin user name and password. You may additionally be asked to authenticate as the root user. For more information on the root user, see technical document 106361.
c. Edit the settings to reflect the following:
This machine: connects to a NetInfo Parent
Find NetInfo Parent via: Static Address
NetInfo Parent Address: 10.0.1.1
NetInfo Server Tag: network
Note: Where the example shows 10.0.1.1, type the actual IP address of your authentication server.
Figure 2
d. Click Save and wait until the cursor stops spinning.
e. Quit NetInfo Domain Setup and Restart the Server.
3. Verify parent to network binding
The local NetInfo database on the parent should automatically bind (connect) to the network database after Step 1 above. To verify this has occurred, follow these steps:
a. Log in to the authentication Server as admin (or root)
b. Open NetInfo Manager.
c. The local NetInfo domain should open automatically.
d. The Globe-Arrow (Open Parent Domain) button should be active.
Figure 3
e. This Globe-Arrow button opens the parent NetInfo domain of the NetInfo domain you are currently viewing (local).
Figure 4
f. Click the button and open the parent, "network @ yourdomain...". This shows that yourdomain is publishing the network domain and that the local domain is a child of yourdomain/network.
g. Click on the machine entry for yourdomain. There are 3 properties shown: name, ip_address and serves. The serves property lists the NetInfo domains being hosted on yourdomain. NetInfo Domain Setup automatically populated these fields in the above steps.
h. If the above steps fail, try Steps 1 and 2 again and verify the settings in NetInfo Domain Setup on both servers.
4. Verify child to parent binding
To verify the child (client or server) binds to the parent NetInfo domain. Follow the above steps in item 3, but on the Document Server (the NetInfo child). The Globe-Arrow button should also be active and not grayed out when viewing the local NetInfo pane.
5. Assign the Default Home Directory location for your users in your NetInfo root domain.
a. Log in on the Document Server (NetInfo child) and launch Mac OS X Server Admin.
b. Open Mac OS X Server Admin and connect to the Documents Server.
c. In Server Admin, select "Home Directory Defaults..." by clicking the "Users and Groups" icon.
d. Select the "Local" radio button and the "Users" share point. This is the default configuration for this scenario. You may use any share point that you have previously created.
6. Create or Import Users using Mac OS X Server Admin on the Documents Server (NetInfo child).
a. Import Users (.xml file) into Mac OS X Server 10.0 using Mac OS Server Admin. These files can be generated/exported from within AppleShare IP or converted to XML from an exported tab-delimited text file using third party utilities such as Passenger or MM Helper.
b. The Users folder will automatically populate with the Home Directories from the above step. If you would like to verify that this step was successful, navigate to /YourStartupVolume/Users and see that there are newly created Home Directories.
c. Users must then be deleted from the User's & Groups list on the Documents Server (the NetInfo child).
7. Users
Create or Import Users using Mac OS X Server Admin on the Authentication Server (NetInfo parent).
a. Log in on the Authentication Server (NetInfo parent) and launch Mac OS X Server Admin.
b. Launch Mac OS X Server Admin and connect to the Authentication Server.
c. In Server Admin, select "Home Directory Defaults..." from /NetInfo/root by clicking the "Users and Groups" icon.
d. Select the Custom radio button and edit the fields to read:
Server: server.yourdomain.edu
Share Point: Users
Path:
Note: Leave the Path field blank. It should be populated automatically. Where the example says server.yourdomain.edu, type either the IP address or DNS name of the documents server.
Figure 5
e. The above is the default configuration for this scenario. You may use any share point located on the top (root) level of a server volume that you have previously created. This will allow Macintosh Manager to find the user's Home Directories on any Documents Server that has been previously configured.
f. Repeat Step 6-a above, except connect to the authenticationsServer (NetInfo Parent). Pay particular attention to where these users are created. These users must be created/imported into /NetInfo/root in order for Macintosh Manager to authenticate users properly.
8. Start services.
Make sure the Apple File Service and Macintosh Management Services are started in Mac OS X Server Admin.
9. Additional child domains
Repeat steps two through 8 for each NetInfo child (to be used as a Macintosh Manager Document Server).
Allowing Users to Login as Macintosh Manager Users
- 1. Add Users to the Macintosh Manager Users List
a. Open Macintosh Manager Admin and log into the Mac OS X Server.
b. Click Import All. You may also selectively drag users from the Mac OS X Server Admin User & Groups list to the Macintosh Manager Admin list.
2. Set up user's workgroup membership, items, privileges, etc. as appropriate. These configuration steps roughly mirror those found in versions of Macintosh Manager prior to 2.0 and are not covered in this section.