- Reference 4.1 OS X Server Benefits
- Reference 4.2 OS X Server Setup
- Reference 4.3 TLS/SSL Certificates
- Exercise 4.1 Prepare Your Mac to Install OS X Server for El Capitan
- Exercise 4.2 Install OS X Server for El Capitan
- Exercise 4.3 Configure OS X Server for El Capitan
- Exercise 4.4 Configure Server on Your Client Computer (Optional)
This chapter is from the book
This chapter is from the book
This chapter is from the book
Exercise 4.3 Configure OS X Server for El Capitan
Challenge
Configure Apple Push Notifications. Configure and start services you will use for the rest of the course:
Open Directory, including importing users and groups
Mail
Calendar
Contacts
Wiki
Considerations
In the Server app’s list of services, Open Directory is hidden by default in a section of advanced services. The downloadable student materials contain user import files with eight users and a group import file with two groups.
Solution
Enable Apple Push Notifications
If necessary, open the Server app, authenticate to your server, select your server in the Server app sidebar, and then click the Settings tab.
If the Apple Push Notifications (APN) checkbox is not already selected, select it now.
Enter your administrator Apple ID credentials.
Click Get Certificate.
After the Server app successfully creates and processes the Apple Push Notification service certificates and displays their shared expiration date, click Done.
)
)
Configure Your Server as an Open Directory Master
In a production environment, you would definitely confirm or verify DNS records before configuring your server as an Open Directory master. However, because this environment uses Bonjour names, you can skip the usual DNS verification step.
If the Server app does not display the list of advanced services, hover the pointer above “Advanced” in the sidebar, and then click Show.
Click Open Directory.
Click the On/Off switch to turn on the Open Directory service.
Select “Create a new Open Directory domain,” and click Next.
Configure a password; you can leave the “Remember this password in my keychain” option selected.
If your server is not accessible from the Internet, in the Directory Administrator pane, enter diradminpw in the Password and Verify fields, and click Next.
Of course, in a production environment, you should use a secure password.
In the Organization Information pane, enter the appropriate information.
If the following fields do not already contain the information shown, enter it, and click Next:
Organization Name: MDM Project n (where n is your student number)
Admin Email Address: ladmin@servern.local (where n is your student number)
View the Confirm Settings pane, and click Set Up.
The Server app displays its progress in the lower-left corner of the Confirm Settings pane.
When the configuration is complete, the Server app displays the Servers section of the Open Directory pane, with your server listed as the master. It also displays any additional IPv4 addresses your Mac has in addition to your server’s primary IPv4 address (such as Wi-Fi).
Inspect the SSL Configuration
One of the benefits of configuring your server to be an Open Directory master is that it automatically creates a code-signing certificate for Profile Manager to use. Use the following steps to inspect your server’s Secure Sockets Layer configuration:
In the Server app sidebar, select Certificates.
Note that all the services are set to use the same certificate: servern.local certificate (where n is your student number), which is signed by your server’s OD intermediate CA.
Double-click the servern.local certificate (where n is your student number).
Inspect the details of the certificate.
Scroll to the end of the certificate information, and note that Purpose is Server Authentication.
Note the Renew button for the certificate. When the renewal date approaches, the Server app automatically generates an expiration alert for the certificate, and the alert offers a Renew button. You don’t have to wait for the alert; you can use this button to renew the certificate at any time.
Click OK to return to the list of certificates.
Double-click Code Signing Certificate.
Scroll to the end of the certificate information, and note that Purpose is Code Signing.
Click OK to return to the list of certificates.
)
Import Users into Your Server’s Shared Directory Node
To expedite the exercise, in the StudentMaterials folder is a text file with user accounts. This import file defines these users with a “net” password. Of course, in a production environment, each user should have a unique password or passphrase that is secret and secure.
Import the accounts into your server’s shared directory node.
In the Server app sidebar, select Users.
Click the Action (gear icon) pop-up menu, and choose Import Users.
In the sidebar, click Documents. Open StudentMaterials, and then open the Lesson4 folder.
Select the users.txt file.
Click the Directory pop-up menu, and choose Local Network Directory.
If directory administrator credentials are not automatically provided thanks to the keychain item, provide directory administrator credentials in the Admin Name and Password fields.
Click Import.
At the “Importing users and groups may take several minutes. Are you sure you want to continue?” dialog, click Continue.
After the import has completed, select Local Network Users from the pop-up menu, and confirm that there are eight new local network users.
)
)
)
You now have added eight local network user accounts.
Import Groups into Your Server’s Shared Directory Node
To expedite the exercise, you have two import files: one that defines some of the imported users as members of the Marketing group and another that defines users as members of the Engineering group.
In the Server app sidebar, select Groups.
Click the Action (gear icon) pop-up menu, and choose Import Groups.
If necessary, in the sidebar, click Documents. Open StudentMaterials, and then open the Lesson4 folder.
If necessary, select Local Network Directory from the Directory pop-up menu, and provide directory administrator credentials in the Admin Name and Password fields.
Double-click the groups.txt file to start importing the file.
At the “Importing users and groups may take several minutes. Are you sure you want to continue?” dialog, click Continue.
After the import has completed, select Local Network Groups from the pop-up menu, and confirm that there are two new local network groups, each containing four members.
)
You now have two new local network groups populated with the local network users you previously imported.
Configure and Start the Mail Service
Once you’ve configured the Mail service, you can use it in other parts of this guide for configuration profile examples and to mail VPP notification invitations. This is not a production server, so to expedite the setup, you will disable virus and junk mail filtering.
In the Server app sidebar, select Mail.
Click Filtering Settings.
Deselect the “Enable virus filtering” checkbox.
Deselect the “Enable junk mail filtering” checkbox.
Click OK to close the Mail Filtering pane.
Under the Domains field, click the Add (+) button.
In the Domain field, enter servern.local (where n is your student number).
Press Command-B to display the accounts browser window.
Select an account in the accounts browser, and then press Command-A to select all users and groups.
Drag the accounts to the field that lists the Members and Email columns.
Press Command-B to hide the accounts browser window.
Click Create.
Click the On/Off switch to start the Mail service.
Wait for the Mail service to become available (green status indicator in the Status field).
)
)
Verify the Mail Service
Open Mail on either your server Mac or your client Mac.
In the “Choose a Mail account provider” pane, select Other Mail Account, and click Continue.
In the Add a Mail Account pane, confirm that the import file includes an email address for your server, for example:
Name: Barbara Green
Email Address: barbara@servern.local (where n is your student number)
Password: net
Click Sign In. The pane will display the message “Unable to verify account name or password.”
In the Incoming Mail Server and Outgoing Mail Server fields, enter servern.local (where n is your student number).
The User Name and Password fields should already be populated.
Click Sign In.
If you see the Verify Certificate window, click Show Certificate, select the “Always trust” checkbox, and click Connect.
If necessary, enter the local administrator credentials, and then click Update Settings.
In the “Select the apps you want to use with this account” pane, deselect Notes, and click Done.
)
Send and Receive a Test Message
Choose File > New Message.
In the To field, enter barbara@servern.local (where n is your student number).
Enter Test Message in the Subject field.
Enter some text in the main body field.
Click the Send button in the upper-left corner of the message.
Confirm that the message is delivered. If necessary, choose Window > Message Viewer.
Quit Mail.
Turn On the Calendar Service
To have another service available for the Settings for Everyone configuration profile, you can turn on the Calendar service.
In the Server app sidebar, select Calendar.
Click the On/Off switch to start the service.
You can leave all the settings at their defaults.
Turn On the Contacts Service
Using the Contacts service allows you to quickly look up information, such as email addresses, for the users hosted by your server.
In the Server app sidebar, select Contacts.
Select the checkbox “Allow users to search the directory using the Contacts application.”
Click the On/Off switch to start the service.
You can leave all the other settings at their defaults.
Turn On the Wiki Service
By default, the Wiki service allows iOS users to edit files on the wiki using iWork.
In the Server app sidebar, select Wiki.
Click the On/Off switch to start the service.
You can leave all the other settings at their defaults.
Quit Server.
In this exercise, you turned on Apple Push Notifications on your server computer, configured the server as an Open Directory master, imported users and groups, and turned on a few key services.
