Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
This chapter is from the book

Exercise 4.3 Configure OS X Server for Yosemite

Challenge

Configure Apple Push Notification Service certificates. Configure and start services you will use for the rest of the course:

  • Open Directory, including importing or creating users and groups
  • Mail
  • Calendar
  • Contacts
  • Wiki

Considerations

In the Server app’s list of services, Open Directory is hidden by default in a section of advanced services. The downloadable student materials contain user import files with eight users and a group import file with two groups.

Solution

Enable Push Notifications

  1. If necessary, open the Server app, authenticate to your server, select your server in the Server app sidebar, and then click the Settings tab.
  2. If the “Enable Apple push notifications” checkbox is not already selected, select it now.
  3. Enter your administrator Apple ID credentials.

  4. Click Get Certificate.
  5. After the Server app successfully creates and processes the Apple Push Notification Service certificates and displays their shared expiration date, click Done.

Configure Your Server as an Open Directory Master

In a production environment you would definitely confirm or verify DNS records before configuring your server as an Open Directory master. However, because this environment uses Bonjour names, you can skip the usual DNS verification step.

  1. If the Server app does not display the list of advanced services, hover the pointer above “Advanced” in the sidebar, and then click Show.
  2. Click Open Directory.
  3. Click On to turn on the Open Directory service.
  4. Select “Create a new Open Directory domain,” and click Next.
  5. Configure a password; you can leave the “Remember this password in my keychain” option selected.

    If your server is not accessible from the Internet, in the Directory Administrator pane, enter diradminpw in the Password and Verify fields, and click Next.

    Of course, in a production environment, you should use a secure password.

  6. In the Organization Information pane, enter appropriate information.

    If the following fields do not already contain the information shown, enter it, and click Next:

    • Organization Name: MDM Project n (where n is your student number)
    • Admin Email Address: ladmin@server n .local (where n is your student number)
  7. View the Confirm Settings pane, and click Set Up.

    The Server app displays its progress in the lower-left corner of the Confirm Settings pane.

    When the configuration is complete, the Server app displays the Servers section of the Open Directory pane, with your server listed as the master. It also displays any additional IPv4 addresses your Mac has in addition to your server’s primary IPv4 address (such as Wi-Fi).

Inspect the SSL Configuration

One of the benefits of configuring your server to be an Open Directory master is that it automatically creates a code signing certificate for Profile Manager to use. Use the following steps to inspect your server’s Secure Sockets Layer configuration:

  1. In the Server app sidebar, select Certificates.

    Note that all the services are set to use the same certificate: servern.local certificate (where n is your student number), which is signed by your server’s OD intermediate CA.

By default, the Server app does not display all certificates. Use the Action pop-up menu to display all certificates, and then inspect the two certificates.

  1. Click the Action (gear icon) pop-up menu, and choose Show All Certificates.
  2. Double-click the servern.local certificate (where n is your student number).
  3. Inspect the details of the certificate.
  4. Scroll to the end of the certificate information, and note that Purpose is Server Authentication.

    Note the Renew button for the certificate. When the renewal date approaches, the Server app automatically generates an expiration alert for the certificate, and the alert offers a Renew button. You don’t have to wait for the alert; you can use this button to renew the certificate at any time.

  5. Click OK to return to the list of certificates.
  6. Double-click the Code Signing certificate.
  7. Scroll to the end of the certificate information, and note that Purpose is Code Signing.
  8. Click OK to return to the list of certificates.
  9. Click the Action (gear icon) pop-up menu, and choose Show All Certificates to deselect that item.

Import Users into Your Server’s Shared Directory Node

To expedite the exercise, in the StudentMaterials folder is a text file with user accounts. This import file defines these users with a “net” password. Of course, in a production environment, each user should have a unique password or passphrase that is secret and secure.

Import the accounts into your server’s shared directory node.

  1. In the Server app, choose Manage > Import Accounts from File.
  2. In the sidebar, click Documents. Open StudentMaterials, and then open the Lesson4 folder.
  3. Select the users.txt file.
  4. Click the Type pop-up menu, and choose Local Network Accounts.
  5. If directory administrator credentials are not automatically provided thanks to the keychain item, provide directory administrator credentials in the Admin Name and Password fields.

  6. Click Import.
  7. At the “Importing these accounts may take a long time. Are you sure you want to continue?” dialog, click Import.
  8. After the import has completed, select Users in the Server app sidebar, and confirm that there are eight new local network users.

    You now have added eight local network user accounts.

Import Groups into Your Server’s Shared Directory Node

To expedite the exercise, you have two import files, one that defines some of the imported users as members of the Marketing group and another that defines users as members of the Engineering group.

  1. In the Server app, choose Manage > Import Accounts from File.
  2. Click the Type pop-up menu, and choose Local Network Accounts.
  3. If necessary, provide directory administrator credentials in the Admin Name and Password fields.
  4. Double-click the groups.txt file to start importing the file.
  5. At the “Importing these accounts may take a long time. Are you sure you want to continue?” dialog, click Import.
  6. After the import has completed, select Groups in the Server app sidebar.
  7. Double-click the Engineering group.
  8. Confirm that there are four members of the Engineering group.
  9. Click Cancel to return to the list of groups.
  10. Double-click the Marketing group.
  11. Confirm that there are four members of the Marketing group.
  12. Click Cancel to return to the list of groups.

You now have two new local network groups populated with the local network users you previously imported.

Configure and Start the Mail Service

Once you’ve configured the Mail service, you can use it in other parts of this guide for configuration profile examples and to mail VPP notification invitations. This is not a production server, so to expedite the setup, you will disable virus and junk mail filtering.

  1. In the Server app sidebar, select Mail.
  2. Click Edit Filtering Settings.
  3. Deselect the “Enable virus filtering” checkbox.
  4. Deselect the “Enable junk mail filtering” checkbox.
  5. Click OK to close the Mail Filtering pane.
  6. Under the Domains field, click the Add (+) button.
  7. In the Domain field, enter server n .local (where n is your student number).
  8. Click the Add (+) button.
  9. Press Command-B to display the accounts browser window.
  10. Select an account in the accounts browser, and then press Command-A to select all users and groups.
  11. Drag the accounts to the field that lists the Members and Email columns.

  12. Press Command-B to hide the accounts browser window.
  13. Click Create.
  14. Click On to start the Mail service.
  15. Wait for the mail service to become available (green status indicator in the Status field).

Verify the Mail Service

  1. Open Mail on either your server Mac or your client Mac.
  2. In the “Choose a mail account to add” pane, select Add Other Mail Account, and click Continue.
  3. In the Add a Mail Account pane, confirm that the import file includes an email address for your server, for example:

    • Full Name: Barbara Green
    • Email Address: barbara@servern.local (where n is your student number)
    • Password: net
  4. Click Create.
  5. After the pane displays the message “Account must be manually configured,” click Next.
  6. In the Incoming Server Info pane, on the IMAP tab, in the Mail Server field, enter servern.local (where n is your student number).

    The User Name and Password fields should already be populated.

  7. Click Next.
  8. If you see the Verify Certificate window, click Show Certificate, select the “Always trust” checkbox, and click Connect.
  9. If necessary, enter the local administrator credentials, and then click Update Settings.
  10. In the Outgoing Mail Server Info pane, use the following information to fill in any empty fields:

    • Mail Server: servern.local (where n is your student number)
    • User Name: barbara
    • Password: net
  11. Click Create.

Send and Receive a Test Message

  1. Choose File > New Message.
  2. In the To field, enter barbara@servern.local (where n is your student number).
  3. Enter some text in the Subject field.
  4. Enter some text in the main body field.
  5. Click the Send button in the upper-left corner of the message.
  6. Confirm that the message is delivered. If necessary, choose Window > Message Viewer.
  7. Quit Mail.

Turn On the Calendar Service

To have another service available for the Settings for Everyone configuration profile, you can turn on the Calendar service.

  1. In the Server app sidebar, select Calendar.
  2. Click On to start the service.

    You can leave all the settings at their defaults.

Turn On the Contacts Service

Using the Contacts service allows you to quickly look up information, such as email addresses, for the users hosted by your server.

  1. In the Server app sidebar, select Contacts.
  2. Select the checkbox “Allow users to search the directory using the Contacts application.”
  3. Click On to start the service.

    You can leave all the other settings at their defaults.

Turn On the Wiki Service

By default, the Wiki service allows iOS users to edit files on the wiki using iWork.

  1. In the Server app sidebar, select Wiki.
  2. Click On to start the service.

    You can leave all the other settings at their defaults.

In this exercise, you turned on push notifications on your server computer, configured the server as an Open Directory master, imported or created users and groups, and turned on a few key services.

  • + Share This
  • 🔖 Save To Your Account