Mac OS X Server 1.x: Using Apple File Services Remote Administration
Using Remote Administration requires the following:
- Set up the following in the Mac OS X Server Setup Assistant:
- TCP/IP services must be enabled on Mac OS X Server.
- The Apache Web server must be enabled on Mac OS X Server.
- Apple File Services must be enabled on Mac OS X Server.
- You must have a client computer with a TCP/IP connection to the server. This connection can be over a LAN, WAN, or a dial-up connection. If you are accessing it through a firewall, make sure that port 311 is not filtered.
- Netscape 4.0 and Internet Explorer 4.0.1 or higher. Note, that the current version of OmniWeb does not work with Remote Administration.
Users of Remote Administration in AppleShare IP 6.1 should be immediately familiar with Apple File Services Remote Administration. To Access the Remote Administration program, enter in the following URL:
where "www.yourserver.com" is the hostname of the server,
- or -
where nnn.nnn.nnn.nnn represents the IP address of the server.
You are prompted to enter the Administrator name and password:
Figure 1, Remote Server Administration login
For the initial login, use the root password. The root user may log in with the name "root", "Administrator", or "administrator." Remote Administration uses a Java Applet to encrypt all transactions containing a password, so administrators need not worry about sending the root password over the network. After the initial login, the administrator can create other users who are administrators of Apple File Services, but do not hold any special privilege within Mac OS X Server.
Note: Unlike versions of AppleShare for Mac OS 8, the user name is case sensitive. This applies to both logins in the Remote Administration, and through the Chooser.
Once you have logged on, the status screen appears:
Figure 2, Remote Server Administration status screen
The toolbar at the top of the page appears on every page within Remote Administration. It is in many respects identical to AppleShare IP 6.1 Remote Admin. However, you cannot administer the Web server, mail server, or print server applications in Mac OS X Server, with this version of Remote Administration.
Administering Users & Groups
Adding, editing, and deleting Users and Groups within Remote Admin is mostly self-explanatory. The following options, available in AppleShare 6, are not available for Apple File Services:
- Program Linking
- Disable Log on as of ______
- User may change Password (This is always enabled)
- Require new password on next log on
When you create users within Remote Administration, these users are kept in the NetInfo database. The user's AppleShare name is entered into NetInfo as the "realname." The Internet alias is entered into NetInfo as "name." If you fail to give a user an Internet alias, Remote Admin will give the user a default name of "uXXX", where XXX is the Unix-style User ID. For example, User ID (uid) 810 would have a name of "u810". Following is a user's account from the NetInfo database (as shown in NetInfo Manager). This user has the realname "Teacher", no name, and is an Administrator of Apple File Services. In the Network Manager application (which uses the same database), the NetInfo name property is called "Internet Alias" and the NetInfo realname property is called "Full Name".
Figure 3, NetInfo Manager user's account example
While NetInfo is where all the Unix-style users are kept, users created with Remote Administration do not have access to the Mac OS X Server console; they are only allowed to log on to the Apple File Services server.
Conversely, when you create users within Mac OS X Server using Network Manager, that user has access to AFP services, in addition to other logon privileges the user may have (to the console, FTP, and so forth).
When you create an administrative user from Remote Administration, that user is only an Administrator over Apple File Services. That means that the user can log into Remote Administration, and that when the user logs in througgh the Chooser, she sees mounted HFS and HFS+ volumes, rather than share points. However, this administrative user has no special privileges in Mac OS X Server other Apple File Services.
Setting up Share Points
Apple File Services will allow you to create a share point on any Mac OS Extended format disk. You can make either the entire disk - or specific folders on the disk - share points. You can also make removable disks (such as CD-ROM discs) or folders on removable disks share points. Hard drives formatted as Standard HFS are not supported under Apple File Services.
When you set up share points in AppleShare IP, all of the share points and privileges information is kept in one location: the AppleShare PDS file. With Mac OS X Server, these two preferences are kept in distinct places:
- Sharepoint information is kept in the NetInfo database. This is only the information about which directories are shared.
- Privileges are kept in the filesystem itself.
With HFS+, Apple included the ability to define privileges within the file's header block in the filesystem. There is no separate file to track privileges as there were with Mac OS versions of AppleShare. These privileges are identical to Unix-style permissions and are accessible via command-line utilities such and chown and chmod.
Another difference from AppleShare IP is the Group field. In previous versions of AppleShare, there were three classes of users: Owner, User/Group, and Everyone. The User/Group could either be an individual user or a group of users. With Apple File Services, this field must be a group.
Because of the difference in the way privileges are stored in AppleShare for the Mac OS and Apple File Services, disks that were previously set up for sharing over AppleShare will not maintain privileges when shared with Apple File Services. Apple File Services will not recognize information located in the AppleShare PDS file, nor is there any way to convert that information into privileges understood by Apple File Services.
Since privilege information is kept in the filesystem itself, Apple File Services does not support privileges on read-only volumes, such as CD-ROMs. However, it is still possible to share this volume. The privileges look like this:
Figure 4, Apple File Services privileges
Privileges for read-only volumes will be read-only for everybody, and there is no way to change them.
Other Server Settings
These are the other server options available under Remote Administration:
Figure 5, Remote Administration Server Settings
These changes require a server restart to take effect. Note: Toggling guest access is immediately active over TCP/IP. Guest logon over AppleTalk only changes after a restart. TIP: Since these settings are also entered into NetInfo, NetInfo Manager is a good place to check for correct information, when troubleshooting AFP issues.
Figure 6, Checking information in NetInfo Manager
Backing up and Restoring Users & Group and Privileges.
A backup option includes the command line tools, part of BSD 4.4. The most common is the tar command. Tar does not retain user and group privileges like backing up an ASIP server. These only backup UFS volumes. To back up HFS volumes, use a third-party utility.