ABOUT BENCH FORUMS PODCAST LOGIN REGISTER
PC Components
Smartphones & tablets
Systems
ENTERPRISE & IT
GUIDES
DEALS

In-Depth with Mac OS X Lion Server

 by Andrew Cunningham on August 2, 2011 8:00 AM EST
77 Comments | Add A Comment
77 Comments

The first thing I want to walk through is Open Directory, OS X’s directory services implementation (roughly analogous to Microsoft’s Active Directory). Many of OS X Server’s other services rely upon or make use of a directory in some way, so it’s important to know how it works.

Veterans can probably skip this section, since the basics of Open Directory in Lion Server is basically identical to previous versions. Pick back up in the Profile Manager section for things that will be new to you.

For those of you who have no experiences with directory services, a brief explanation: imagine you’re the IT support person for a business of, say, 50 employees, and each of those employees has a computer. So you don’t have to manage all of the user accounts on those computers manually, you want to have all of their usernames and passwords stored on your server so that you can keep better track of them. You can also organize users into groups, so that if you have one particular attribute to apply to many different accounts, you can do it once to the group instead of once for every member of the group. This is the essence of Open Directory and other directory services.

It goes further than that: with centrally stored credentials, you can also more easily manage access permissions on file shares or enable your employees to use the same username and password to login to multiple computers. You can control password requirements and store relevant information (email addresses, etc.) about your users. You can also tie other products into your directory so that your users can use the same credentials to access email or internal websites. The list goes on.

OS X Server can either host its own directory (using Open Directory), tie into another, pre-existing directory service (like Active Directory), or both (using Active Directory to manage credentials but Open Directory to manage Apple-specific functionality - Apple calls this a “golden triangle” configuration, and it’s a bit outside the scope of this review). For our purposes, we’ll setup a standalone Open Directory that we’ll then use with other services throughout the review.

Open Directory setup is one of the few things that can still be done with both Server.app and Server Admin, though the approaches differ:

In Server.app: Go to the Manage menu and click Manage Network Accounts.

You’ll be asked to create a Directory Administrator account (which will differ from the local administrator account) - this is done to enable users to manage the directory without giving them control over other server functions. The default is diradmin, and that’s what we’ll go with.

Enter your organization’s name and your admin’s email address, and click through the rest of the prompts - you’ll have a quick and easy directory setup with a minimum of fuss.

In Server Admin: To enable Open Directory in Server Admin, make sure the Open Directory service is viewable, and select it. In the Settings tab, click the Change button next to the server’s Role.

Here, you’re given three choices. We’ll want to set up an Open Directory master, but you can also connect your Mac to another directory (like Active Directory) or set up an Open Directory replica here. For the uninitiated, an Open Directory replica connects to an existing Open Directory master and mirrors every change made to the master - this can provide for load balancing (in an organization with many Macs) or automatic failover in the event that one or the other server crashes (Macs connected to an Open Directory master will automatically fall back to the replica if the master fails and vice-versa).

Anyway, elect to setup an Open Directory master, input your desired Directory Administrator credentials, input your organization name and admin email address, and you’re set, same as with Server.app. If you want to set a different Kerberos realm or LDAP search base, you can also do it here (but if you don’t know what that means, the default settings are fine).
(screenshot)

You can also use Server Admin to backup or destroy a directory you’ve made - to backup, just use the Archive tab to save and restore copies of your directory’s data. To delete the directory, go to the Settings tab, click Change next to the server’s Role, and select Set up a standalone directory.

Once it's running, you can go ahead and bind client computers to it: in OS X, this is accomplished by going to the Accounts preference pane, clicking Login Options, and clicking the Join button next to Network Account Server.

Enter your server's address in the box that pops up and click OK. If successful, you should now see a green dot followed by your server's address, and you should be able to login to your client computer with any of the user accounts you create (we'll go over that next).

Now that you've got a working directory server with some clients attached, let's show you what you can do with it.
Server.app and Server Admin Overview Open Directory: Creating Users and Groups and using Workgroup Manager
PRINT THIS ARTICLE
Comments Locked

77 Comments

View All Comments

  • Wizzdo - Wednesday, August 3, 2011 - link

    Lion's web server IS Apache. LOL.

  • jigglywiggly - Tuesday, August 2, 2011 - link

    I am too much of an elitist fag to succumb to this.
    I just installed my Debian GUI-less server today to replace my o'll ubuntu 10.04 LTS GUI server, got everyhting setup, mysql, apache, php, samba settings, everything gud to go with only 100 megs of ram usage.
    Sure it took much longer to setup, but I am an elitist fag

  • don_k - Wednesday, August 3, 2011 - link

    Since when is netboot unique to OSX server? Last I checked all *nix variants have had that ability for decades.

    But really, organisations concerned about the sticker price on their server software are not going to go get an apple 'server' for $1k when they can download an iso in 5min and get going are they?
    Not to mention the complete lack of necessary system tools (archiving, compiing especially) without installing macports or something.

    Call it like it is - 1k to manage all those damn pads and phones everyone in the company demands they are able to access the company intranet.

  • johnbouy - Wednesday, August 3, 2011 - link

    Time Machine took a big step backwards with Lion Server. In Snow Leopard Server you could allow time machine backups on individual share points. This allows you to partition a disk and set up individual partitions for specific Time Machine backups. I use this to control how much disk space is allocated for a backup. In Lion you get to nominate one share point/partition as the Time Machine backup storage point. Hence any client that backs up to the server uses the same disk space. A real step backwards!

    Another issue is that Server.app rewets .config files when started up so you potentially lose any changes you were forced to make due to the lousy Lion Web service interface.

  • digitalzombie - Wednesday, August 3, 2011 - link

    I like the idea but still... I wouldn't do it. Apparently they got desperate enough to offer it for 50 bucks. Good job for noticing that no one give a damn since Linux is free and both Linux and Window is established already. I still wouldn't give em my money when they tried to charge in the past an arm and a leg. Who the hell do they think they're going fool? The platform isn't the most active for server development tools. Linux got cloud all up in there and it's actively evolving in many area especially server. Don't even try to bring out that pathetic iCloud. It's not open so nothing is going to back that crap other than Apple, openstack have 50 vendors, big companies, backing that project up compare to iCloud. Apple probably won't ever be able to compete in the server sector but they can leverage their UI and simplicity for their user base, such as the gui sys admin tools described in this articles. They should just stick with consumer base products, trying to compete in the server space market is going to kill em.

  • matthi - Wednesday, August 3, 2011 - link

    On page 4 of this review, it says ".. our next entries are Accounts and Stats under the Status heading". 'Accounts' should be replaced with 'Alerts'.

  • slayernine - Wednesday, August 3, 2011 - link

    If only this was a review of Windows Server it might be useful. I have never met a fellow tech person/geek who uses any version of Apple Server products. (aside from one customer about 3 years ago who was curious about them).

    It is just the simple facts that apple products are know for a lack of an ability to upgrade, locked to features that Apple thinks you should have and a lack of price efficiency. Windows and Linux offer far superior server products that will run on pretty much any hardware that suits your needs and the only reason I can see there being a point to review this product is due to Apple padding your pockets.

  • Schafdog - Wednesday, August 3, 2011 - link

    I know that it seems like Apple (or Steve) has lost faith in the PC as a hub, but I would really love seeing a iTunes Server that multiple users can control using iOS devices playing on Airplay or iOS device itself.

    Some NAS is now getting this features, so I might drop the OS X Server for one of those instead.

  • sodi - Wednesday, August 3, 2011 - link

    What kind of crazy organization would use a Lion Server? At works, standard is a necessity. A Lion Server is just oddball.

  • Oscarcharliezulu - Thursday, August 4, 2011 - link

    This seems a bit like OSX Server Lite and Easy rather than a true upgrade to Snow Leopard Server. I wasPthinking of converting an older 'mini to Lion Server (to serve a small business which has MBPs and iMacs, but now I think getting a copy of Snow Leopard Server would be better if I could somehow get it cheap (yet legal).
Copyright © 2024. All rights reserved.
BENCH
TOPICS
FOLLOW
ABOUT

Log in

Don't have an account? Sign up now