ABOUT BENCH FORUMS PODCAST LOGIN REGISTER
PC Components
Smartphones & tablets
Systems
ENTERPRISE & IT
GUIDES
DEALS

In-Depth with Mac OS X Lion Server

 by Andrew Cunningham on August 2, 2011 8:00 AM EST
77 Comments | Add A Comment
77 Comments

The first thing I want to walk through is Open Directory, OS X’s directory services implementation (roughly analogous to Microsoft’s Active Directory). Many of OS X Server’s other services rely upon or make use of a directory in some way, so it’s important to know how it works.

Veterans can probably skip this section, since the basics of Open Directory in Lion Server is basically identical to previous versions. Pick back up in the Profile Manager section for things that will be new to you.

For those of you who have no experiences with directory services, a brief explanation: imagine you’re the IT support person for a business of, say, 50 employees, and each of those employees has a computer. So you don’t have to manage all of the user accounts on those computers manually, you want to have all of their usernames and passwords stored on your server so that you can keep better track of them. You can also organize users into groups, so that if you have one particular attribute to apply to many different accounts, you can do it once to the group instead of once for every member of the group. This is the essence of Open Directory and other directory services.

It goes further than that: with centrally stored credentials, you can also more easily manage access permissions on file shares or enable your employees to use the same username and password to login to multiple computers. You can control password requirements and store relevant information (email addresses, etc.) about your users. You can also tie other products into your directory so that your users can use the same credentials to access email or internal websites. The list goes on.

OS X Server can either host its own directory (using Open Directory), tie into another, pre-existing directory service (like Active Directory), or both (using Active Directory to manage credentials but Open Directory to manage Apple-specific functionality - Apple calls this a “golden triangle” configuration, and it’s a bit outside the scope of this review). For our purposes, we’ll setup a standalone Open Directory that we’ll then use with other services throughout the review.

Open Directory setup is one of the few things that can still be done with both Server.app and Server Admin, though the approaches differ:

In Server.app: Go to the Manage menu and click Manage Network Accounts.

You’ll be asked to create a Directory Administrator account (which will differ from the local administrator account) - this is done to enable users to manage the directory without giving them control over other server functions. The default is diradmin, and that’s what we’ll go with.

Enter your organization’s name and your admin’s email address, and click through the rest of the prompts - you’ll have a quick and easy directory setup with a minimum of fuss.

In Server Admin: To enable Open Directory in Server Admin, make sure the Open Directory service is viewable, and select it. In the Settings tab, click the Change button next to the server’s Role.

Here, you’re given three choices. We’ll want to set up an Open Directory master, but you can also connect your Mac to another directory (like Active Directory) or set up an Open Directory replica here. For the uninitiated, an Open Directory replica connects to an existing Open Directory master and mirrors every change made to the master - this can provide for load balancing (in an organization with many Macs) or automatic failover in the event that one or the other server crashes (Macs connected to an Open Directory master will automatically fall back to the replica if the master fails and vice-versa).

Anyway, elect to setup an Open Directory master, input your desired Directory Administrator credentials, input your organization name and admin email address, and you’re set, same as with Server.app. If you want to set a different Kerberos realm or LDAP search base, you can also do it here (but if you don’t know what that means, the default settings are fine).
(screenshot)

You can also use Server Admin to backup or destroy a directory you’ve made - to backup, just use the Archive tab to save and restore copies of your directory’s data. To delete the directory, go to the Settings tab, click Change next to the server’s Role, and select Set up a standalone directory.

Once it's running, you can go ahead and bind client computers to it: in OS X, this is accomplished by going to the Accounts preference pane, clicking Login Options, and clicking the Join button next to Network Account Server.

Enter your server's address in the box that pops up and click OK. If successful, you should now see a green dot followed by your server's address, and you should be able to login to your client computer with any of the user accounts you create (we'll go over that next).

Now that you've got a working directory server with some clients attached, let's show you what you can do with it.
Server.app and Server Admin Overview Open Directory: Creating Users and Groups and using Workgroup Manager
PRINT THIS ARTICLE
Comments Locked

77 Comments

View All Comments

  • ltcommanderdata - Tuesday, August 2, 2011 - link

    Given the shift in corporate policy from being Blackberry focused to adopting other smartphone platforms including iOS, I think most CTOs would take a look at OS X Server if only for the easier iOS device management features. I don't really see it replacing existing Windows servers though, particularly since Apple doesn't sell dedicated server class hardware anymore.

  • quakerotis - Tuesday, August 2, 2011 - link

    This is simply not true. OS X Server has been for us a very good performer, both in stability and ease of use. B3an, you must be speaking anecdotally because I am not a fanboy. There are many server technologies to choose from. this is one of the better ones.

  • diskrete - Tuesday, August 2, 2011 - link

    As an IT manager for a small company, I would definitely use Lion Server to manage Macs and iPhones.

    It in no way replaces existing Windows/Linux infrastructure. But recycling a Mac mini to use for managing Apple devices? Absolutely. It’s worth it just for the ability to create machine-based 802.1X profiles.

    IT today is not about standardizing on one platform, it’s about using the right tool for the job.

  • sligett - Thursday, August 4, 2011 - link

    Unix isn't a server platform anyone in their right mind would use?

    There are thousands upon thousands of small and medium businesses as well as schools that are hostage to expensive windows "experts" that have put a Windows server in their business. The client can't do a thing with the server without the expensive help of the expert. You don't see that as a viable market?

    So many people speak out on the Internet as though "I can't use this" is equivalent to "no one can use this".

  • erple2 - Thursday, August 4, 2011 - link

    To be fair, any infrastructure that's put in place by an "expert" tends to continue to have to be maintained by another expensive expert. Non-techies have problems with Macs just as much as non-techies have problems with Linux, or Windows machines.

    BTW, I've found that the mac "experts" that have put a mac server in their business are also very expensive to hire back for help.

    There are some very very nice manageability features that OSX Server buys you that aren't all that simple to implement by relative novices in other environments...

  • cwatt - Monday, September 26, 2011 - link

    Ha ha, you are really ignorant! I am currently rolling this out to a big organization and this article is a really big help.. BTW ... those inferior products are actually extremely good quality and very easily managed and a lot more secure than other platforms... You should not let your opinion get in the way of your judgment, you should make the best decision based on the environment not because you are a fanboy or you randomly hate really good products!

  • blueeyesm - Tuesday, August 2, 2011 - link

    I have to agree that managing iOS devices using OS X Server is probably their only ace in the hole. The rest of what this offering serves can be replicated/managed better under Linux. That being said, if Apple wanted to be really smart, they'd help their community devise methods in which to enhance a shopping experience, or other interacive experiences with an iOS or tablet device.

    That is, until cloud computing becomes the de facto standard and Apple ceases to offer a server or client to download, you just are expected to do everything via iTunes/iLife Cloud edition.

  • badjohny - Tuesday, August 2, 2011 - link

    With its drop in price, and ability to install on any mac, I would love to see apple take OSX server and shape it into a WHS for mac. It looks like all or many of those things are available in OSX server, but the ease and convenience of using a WHS is unreal. Push the Home server aspect of OSX server and really make a use for it in a standard home. itunes server edition, Apple TV media server, IOS update manager, Shared home calendars, email, and family based websites come to mind. These are all things that It can currently do, but they all need some "apple magic" to make them very powerful and at the same time very easy for anyone to setup. Apple could easy include a option in the setup of a mac to have it search your network for a server. If it finds one have it ask if you want to enable the features. They could even leverage the icloud system and have it linked by your itunes account. They all the data could sync through the icloud service. enter your apple ID and your client is setup to use your server instantly.

    They could even make a personal iCloud options. Every picture/video you take have it saved over to the server also.

    I understand that OSX server is a niche item in big business. Apple should admit defeat in enterprise setups and push server to a more person level. Have it compete with windows SBS and WHS but make it have the apple easy of use. They have a real product here, but like most home server options it seems to be more of a niche item.

  • Ratman6161 - Tuesday, August 2, 2011 - link

    Basically Apple does not make or sell server grade hardware. Sure, if you look on their online store you will find a version of the Mac Pro that calls itself a server and comes with OSX Server installed. But there are a variety of things about it that make it not enterprise ready and more suited to small business or home servers. If Apple really wanted to be in the enterprise market then what they would absolutely have to do is to allow it to run as a virtual machine on all the major virtualization platforms. For example where I work we are a VMWare shop and no server software is coming in our door that will not run on VMWare Esx server.

    Its my theory thought hat they have no intention or desire to compete in the enterprise server market. If they did, there would be no reason for a price drop as most businesses in that market place would not have blinked at the $499 price or even the $999 price - both are a drop in the bucket compared to all the other costs associated with a data center. No, the price drop to me definitely signals that its their intent to be in the small business and home server market.

  • HMTK - Wednesday, August 3, 2011 - link

    You're right, Apple does not have anything that could even remotely be called server hardware.

    There have been rumors that Mac OS can run as a vm on vSphere 5 (if you're ok with the licensing). If true you could run it on real servers and real SANs and use nice features like high availability. The only show stopper is probably licensing but I would think that is VMware were taking the trouble of making OS X run on their hypervisor they would have a deal with Apple.

    AFAIC Max OS X Server would be interesting only for managing iOS devices.
Copyright © 2024. All rights reserved.
BENCH
TOPICS
FOLLOW
ABOUT

Log in

Don't have an account? Sign up now