[Macpartners] Leopard Server setup

Stephen Ragalevsky sfr at apple.com
Wed Nov 21 11:44:46 EST 2007 

Hi Allan,
With Leopard Server we have introduced three new configuration options  
to make setup and management of a server easier.  The three options  
are Standard, Workgroup and Advanced.
Standard configuration of Mac OS X Server features automated setup and  
simplified administration of an independent server for a small  
organization.

Workgroup configuration features automated setup and simplified  
administration of a server for a workgroup in an organization with an  
existing directory server.

Both configurations use the simplified administration application,  
System Preferences, to customize service settings, start and stop  
individual services, and monitor server status. You also use Server  
Preferences to manage users and groups.

The advanced configuration gives experienced system administrators  
complete control of service configuration to accommodate a wide  
variety of needs. After performing a basic initial setup, you use the  
Server Admin, Workgroup Manager and command-line tools to configure  
settings for more advanced services and deployment scenarios.

 From the scenario you have outlined, Workgroup is the best option.

Leopard client also features automatic client setup.  Just plug the  
new Mac into the network and launch the Directory Utility application.  
It will automatically detect and sign on to the server. After  
authenticating, the new computer will be configured to use the  
services offered by your server, and all your applications, such as  
Mail, iChat, and iCal, will also be configured and ready to use.  
Leopard Server will keep these settings updated, so you’ll never need  
to manually reconfigure a user’s account or computer again.

I have put additional notes below as well...


Best,
Steve

On Nov 20, 2007, at 9:47 AM, Patrick McNeal wrote:

>
> On Nov 16, 2007, at 11:25 AM, Allan Doyle wrote:
>
>> So at the very least, I'm interested in setting up services that are
>> private to those 20 people and that require a minimum of fuss to
>> connect to. So Kerberos is probably something I need.
>>
>> The kinds of things we'd do:
>>
>> - shared files (either the Mac OS way or maybe NFS, or maybe even
>> SMB so some Windows machines can also take advantage of our server)

Not a problem.  We now support kerberized NFSv3 in Leopard as well.

> It is possible to configure AFP to use kerberos for authentication.
> Once setup, any user with a local account will be able to access your
> server over AFP with a valid TGT.  I'm not sure about NFS or SMB.
>
>> - internal blog/wiki, etc. - i.e. Apache with authentication that
>> uses people's certificates to let them on and keep others out.
>

The new wiki server is perfect for this.
	http://www.apple.com/server/macosx/features/wikis.html
I don't believe we can utilize certificates for authentication in the  
wiki.
>
> I've not seen any Apple documentation that indicates they support this
> out of the box, but since it's just Apache underneath it all, it
> should be possible.  The biggest problem though with changing Apache
> settings is future Apple updates might overwrite your changes.
>
> Ideally, Apple would support single sign-on solutions such as
> touchstone, but I've not heard that they've done any work on that  
> front.
>
>> - iCal sharing (hopefully short term until MIT's new whizzy calendar
>> system rolls out)

iCal server is kerberized, but as Patrick points out you will not be  
able to setup meetings with those in TechTime.

> I've not played around much with iCal server, but according to the Mac
> OS Server Open Directory Administration guide ( page 50 ), iCal is not
> a kerberized service.  Another problem I see with an iCal Server setup
> is that users wouldn't be able to schedule meetings with people on
> techtime electroncially.
>
> Let me know if you want to explore any of these more, and we'll see
> what we can do.
>
> --Patrick
>
> ------------------------------------------------------------------------------
> Patrick McNeal
> Macintosh Platform Coordinator - Software Release Team
> Client Support Services, Information Services and Technology
> Massachusetts Institute of Technology
> N42-250E
> Cambridge, MA 02139
> +1 617 253-0196
> mcneal at mit.edu
>
> _______________________________________________
> Macpartners mailing list
> Macpartners at mit.edu
> http://mailman.mit.edu/mailman/listinfo/macpartners

Stephen Ragalevsky, ACSA & CCNA
Sr. Systems Engineer
Apple Inc.
(781) 648-3548

MacEnterprise.org
Community of IT professionals sharing information and solutions to  
support Macs
	http://www.macenterprise.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2409 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/macpartners/attachments/20071121/cb9cc15b/attachment.bin

More information about the Macpartners mailing list