• No results found

A user provided external FW or USB drive is needed to explore Time Machine and the new External account feature for Mobile Accounts.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "A user provided external FW or USB drive is needed to explore Time Machine and the new External account feature for Mobile Accounts."

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

A. Equipment needed:

The minimum gear needed to set up these demos is a Macbook with 2Gb of ram for the server, a Macbook with 1Gb of ram as a client, a switch and a pair of EN cables.

A user provided external FW or USB drive is needed to explore Time Machine and the new External account feature for Mobile Accounts. B. Demos covered in this guide

• Time Machine (client/server)

• Collaboration Services (aka Teams) (client/server) • iCal • Wiki • Blog • Mail • WebMail • Directory app • Spaces • Parental Controls • Client Management • Folder Redirection • Limited administrators • Guest accounts

• Mobile accounts w/ PHDs / FileVault / Expiry / External accounts Yesterday’s class included Podcast Producer and Armin Breigel covered all of the features of user management. This guide is designed to be expanded and corrected, so adding your own notes can enhance this experience.

All of the naming conventions used here are ASTE based. You are welcome to change the settings as you see fit - just be consistent. Remember, these notes are for demonstration purposes, you will want to adapt for production

environments.

2. Server Setup

Leopard Server v10.5 or better must have been installed. We will start in the Setup Assistant:

(2)

A. Core Server setup

Select “Advanced” from the Server Configuration options. Keyboard layout - “US”

Serial Number - XSVR-105-000-N-M7C-DY3-FHS-6JY-YCX-42Y-H (This serial number expires on 12/31/08.)

Owner/Company info - Apple / Apple Skip Registration screen

Skip Survey (“A Few More Questions...”)

Administrator Account - “Apple” / password - “apple”

Manually configure Network Address (If wireless dialog comes up, dismiss it.) IP address - 10.0.1.11

Subnet - 255.255.255.0

Router - 10.0.1.11 (to avoid server hang at startup)

Leave the DNS and search domain fields empty. (Important!) Network Names

Primary DNS name - “pserve1.aste.org” Computer name - “pserve1”

Leave “Enable Remote Management” checked.

Time Zone - Set to the appropriate timezone (Anchorage for class) Directory Usage - Leave at “Standalone” for now

Confirm Settings -Apply

B. Server Admin basic setup

The system will boot to the Finder and autolaunch Server Admin (SA) which will pop up a dialog telling you that there is no server at that location. It is trying to find “pserve1.aste.org” without a dns to guide it.

(3)

Select “Remove”, then under File, select “Add Server…” The dialog will then display “pserve1.local” as the choice. Enter the password (‘apple’).

At the dialog “This server does not have any services...” select “Choose Configured Services” Select -at least -

AFP / DHCP / DNS / iCal / iChat / Mail / Open Directory / Web Selecting the buttons does not activate any of the services, it just shows the service in the menu for that server.

Save the selections.

In the General tab, select “Server Side File Tracking for Mobile Home Sync” Save the settings.

At the Finder menubar, turn off Airport. C. DNS

Leopard server DNS is a vast improvement over Tiger and earlier. Setup is easy and clean. Select the DNS service under “pserve1.local”

Select the Zones button.

Under “Add Zone” choose “Add Primary Zone (Master)”

Click on “example.com” and in the lower window, select the

‘example.com.’ entry in Primary Zone Name. Change it to ‘aste.org.’ - do not forget the trailing dot.

(4)

Double click on the ‘ns’ entry in Nameservers and change it to ‘pserve1’ Press Tab between entries to make sure the values stick

In the upper window, click on the triangle next to ‘aste.org. and select the ‘ns’ Machine record. In the lower window, change the Machine Name to ‘pserve1’ and the IP address to ’10.0.1.11’ Save the settings.

You will notice that the reverse dns record automatically updates to show the new info. Locate the “Start DNS” button and click on it.

In System Preferences/Network/Ethernet, add “10.0.1.11” and “aste.org” as the DNS Server and Search Domain.

D. DHCP

Since we are running this “mini lab” as an isolated network, turning on DHCP is a necessity. If you shift to using an Airport Base Station to provide DHCP services, you’ll just stop this service and leave everything else running.

Select the DHCP service. Select the Subnet button.

Select the “”169.254.Ethernet” entry and delete it. (Use the (-) button at the bottom of the window.

Click the (+) button to create a new subnet, and enter the following values:

Subnet name: “Mobile Lab” Starting IP Address: 10.0.1.101 Ending IP Address: 10.0.1.200 Subnet Mask: 255.255.255.0

(5)

Router: 10.0.1.11

Leave the lease time as is.

Select DNS tab and add “10.0.1.11” and “aste.org”

Select the “Enable” checkbox for the “Mobile Lab” subnet. Save settings and start DHCP.

E. Open Directory

With DNS and DHCP running, the server can now support itself as an Open Directory master. Check to make sure you have added the DNS and search domain settings to the Network/Ethernet settings before

completing this section.

Select the Open Directory service.

Select the Settings button and click “Change” Choose “Open Directory Master” (Continue)

Enter password for diradmin - ‘diradmin’ (We are not into complexity at this point.)

In Master Domain Info, you should see both a Kerberos Realm: PSERVE1.ASTE.ORG and a Search Base: ‘dc=pserve1,dc=aste,dc=org’ Confirm the settings.

If you don’t see this, then check your Network settings for proper dns. Close the Assistant window and verify settings in the Overview pane.

(6)

F. AFP

The only real change noticeable in AFP is that we no longer need to have Guest Access turned on automounts. So you can just select the AFP service and click on the “Start AFP” button.

G. Activating AutoFS (Automounts)

Under Leopard, the automount code was replaced with the new ‘AutoFS’ process.

Select the server entry itself in Server Admin (pserve1.local). Select the “File Sharing” button, then the “Share Points” tab.

Select the “Users” sharepoint, and the “Share Point” tab in the lower window.

Click on the “Enable Automount” checkbox. Go with the default settings as shown.

Authenticate as ‘diradmin’, password ‘diradmin’ and click “Ok.” Save the settings.

At this point, the server is set to be your DNS / DHCP / ODM / HomeDir server for the demo network.

(7)

3. Adding Services

In order to use many of the Leopard services, you need to activate more than just the core services, as well as creating network accounts and management settings. Here are the key services needed for a basic infrastructure.

A. iCal

Select service, click on “Start iCal”. B. iChat

Select service, click on “Start iChat”. C. Mail

Select service, then “Overview” and “Configure Mail Service” button. In Assistant, turn off “Enable POP” and turn on “Enable SMTP”

Do not turn on filters unless you are going to be connected to the Internet.

Leave Security settings as they are. Leave Mail Storage as is.

Confirm, Continue, and Close.

Select the “Settings” button in the toolbar.

In the “Mailing Lists” pane, enable server group mailing lists and set the update to every 3 minutes (for demo). Save settings.

Select the Overview button and check to see if the services are running. The group mailing list does not show as running in Overview.

D. Web and Collaboration services

Select the Web service, Settings, and the Web Services tab.

Choose a default Wiki and Blog Theme. Note - Pick one of the simpler ones with a smaller footprint. The dark ones do not project well. Save settings.

Select the SItes button and click on the generic site already available. Leave most of the settings alone for now. Change the Host Description to “Teams Site”. Select the Web Services tab and turn on all of the services

(8)

listed (Users - Webmail, Blog; Groups - Wiki and Blog, Web calendar, Mailing list web archive). Save settings.

Click on “Start Web”

The server can be further configured to support other services that were covered in training; however, you may have to modify account

information, network settings, and naming conventions in order to apply those setups to this lab.

4. Client Setup

Setting up the client system for most of the services is pretty straight forward. The client system(s) will be configured to be bound to the demo server and have the basic services available. The clients should be at the Welcome screen of the Setup Assistant. If not, then just adjust the settings from within System Preferences and Directory Utility as needed.

A. Basic client setup

At the Welcome screen, select “United States” - continue Select “Do not transfer my information now” - continue Select US keyboard - continue

Skip setting an Apple ID - continue

At Registration Information, type command-Q and select “Skip” Create a local admin account - “Apple” with password “apple” Pick a picture - or take one, your choice.

Select “Anchorage” for timezone Set Date/Time if needed.

Done.

B. Client core settings

Optional - Install Server Admin tools from the Server Install image, if desired.

(9)

• Sharing - Set name to “macbook1” (Set others to be unique numbers) • Accounts - Login Options, disable Automatic login

• Network - If not provided by DHCP, add “10.0.1.11” and “aste.org” to DNS/Search Path settings for Ethernet and/or Airport (if used) (For Airport settings, see section on Mods, otherwise, turn off Airport) • Energy Saver - Set Sleep to Never, display sleep to 1 hour to avoid

problems during demos.

• Screen Saver - Set time to sleep to no less than 20 minutes. C. Binding to ODM

Launch Directory Utility, authenticate and click on the (+) to add a directory server.

Enter “pserve1.aste.org” and click ‘Ok’ Quit from Directory Utility.

Client system is now set to work within the bounds of the server domain you have for demos.

D. Additional client settings

Adjust the Desktop, Dock and Sidebar as desired.

Many of the possible additional settings will be taken care of during the demos when managed client and/or Parental Control settings will be applied.

5. Account setup

Launch Workgroup Manager at either the server or, if installed, at the client system. Connect to demo server at “pserve1.aste.org” as ‘diradmin’ with password ‘diradmin’ You should show as authenticated to directory “/LDAPv3/127.0.0.1”

A. Create user accounts

Select the Accounts/Users tab. Click on the (+) New User button. Enter the following information:

(10)

• Password: test

• Advanced - select “Enable calendaring” and choose ‘pserve1.aste.org’ • Leave “Allow simultaneous login...” on for now (still being tested) • Home - Select afp://pserve1.aste.org/Users

• Mail - Enabled • Save

Select “Save Preset…” in the Presets menu, name it “alphas” and click “Ok” Select the “alphas” preset so it shows in the menu

Create two additional users with the preset active • “Bravo” with password “test”

• “Charlie” with password “test” Go to the Info tab for each user account

Add email account info for each user, be creative. B. Create Computer Group account

In Leopard, you can add individual computers to the directory, use a “Guest” computer account, and create computer groups. For this exercise, we will create a computer group to keep from accidentally setting management values for the server.

Select the Computer Groups tab - Click on (+) New Computer Group Name the new group “Demo Lab”

Select the Members tab and click on the ellipsis (…) to view available systems.

Select “macbook1” (or whatever you named your client system(s). Add other clients as needed. Save settings.

(11)

C. Address Book setup

In order to make this flow, you need to have your Address Book set up on the client system(s).

On a client system, log in as “alpha” and launch Address Book. Select “Directories” and type “bra” in the search window.

Drag the “Bravo” entry that appears to the “All” Group Repeat this for the other user accounts you created. Edit each account to add their email address

“<account>@pserve1.aste.org”

Log out of client system and back in as any of the other accounts you will use for demos, set up their Address Book.

The client and server are now set up with the key Leopard infrastructure features.

D. Guest Account

The Guest Account is a temporary account designed to allow random, non-tracked usage of the system. The account is created and deleted for each login.

Prerequisite setup: None

On a client, log in as local admin and open System Preferences.

In Accounts, authenticate and select Guest Account. Enable “Allow guests to log into this computer”

Select “Login Options” and set login window display to “List of users” Log out and log back in as “Guest Account” (You can login in the name/ pwd field window by typing in “Guest Account” also.

Note that the Guest Account behaves the same as any local account. Select “Log Out Guest Account” from Finder menu.

(12)

E. iChat (client/server)

Leopard iChat features many new capabilities, including federation.

Prerequisite setup: iChat server enabled at “pserve1.aste.org” If you want to speed up the demos, you can activate the buddy lists in advance with the following command sequence: (Optional)

At the server, launch Terminal (or use ARD, remote login, w/e), type in: sudo -u _jabber jabber_autobuddy -i [email protected] Enter ‘apple’ as password, then

sudo -u _jabber jabber_autobuddy -i [email protected] sudo -u _jabber jabber_autobuddy -i

[email protected] Then finish with:

sudo -u _jabber jabber_autobuddy -m Quit out of Terminal.

Log into client system as network user (alpha, bravo, or charlie)

Launch iChat and setup Jabber account as “[email protected]”with password “test”. Do not select server options.

At second client machine, log in as another network user and launch iChat, set up Jabber account.

If you skipped the ‘autobuddy’ setup, then do the following: Select “Add Buddy” from Buddies menu or Jabber list. Enter “<account>@pserve1.aste.org” (whoever is at the other client)

(13)

Note the “Waiting for authorization” dialog. Have other person accept the connection.

Start a video chat with that person. Select “Video Effects”

Select an effect and experiment.

Try the “Share a File with iChat Theater” Stop playing and move on.

F. Directory

The Directory application is the tool you need to use to set up collaboration services.

Prerequisite setup: ODM with user accounts established, collaboration services enabled at server

Log into a client system as “alpha”

Locate Directory in the Utilities folder and add it to your Dock Launch Directory and note the OD list is available.

Create a new group called “Wickers” adding alpha and bravo to the group Check the “Allow people to add themselves to the group” checkbox

Select “Publish membership list” (if not already selected)

Select the “Services” tab, enable all services and then set ‘view’ to “Anyone”

(14)

Feel free to create a location or resource to use for iCal scheduling At this point, move to the next demo sequence to continue.

G. iCal (client/Server)

iCal can be used as the server-based individual calendar system. Prerequisite setup: iCal server component active on pserve1.aste.org Log into client system as user “alpha” and launch iCal

Open “Preferences/Accounts” and click (+) to add a new account.

Create new account “NetCal” with username “Alpha”, click on triangle for ‘Server options’ and select “Use Kerberos” checkbox. Do not touch the ‘Account URL’ entry (leave it at ‘auto’).

Note that the ‘Server settings’ are already filled in. Ignore the ‘Delegation’ tab for now.

Create some events for this week for yourself inside your network calendar account.

Create an event and invite ‘bravo’ and/or ‘charlie’ - then select “Availability Panel” under the ‘Window’ menu.

At a second client, log in as ‘bravo’ and launch iCal. Set up a network account as you did for ‘alpha’

(15)

Note the invites/notifications available based on alpha’s calendar events. At this point, you can experiment with delegation - adding others to your calendar to see what they are up to as well as adding events for them. H. Collaboration services - wiki / blog / calendar

Prerequisite setup: Configure Directory.app (previous ‘Directory’ demo), and you must be logged in as “alpha” with Directory app running.

In Directory, select the “Wickers” group and select the “Services” tab Click on the arrow next to ‘wiki’ - Safari will launch and connect you to the group wiki

Click on “Log In” at the bottom of the wiki page, authenticate as “Alpha” Select the ‘pencil (edit)’ button and make some basic changes to the page.

Add a new line “See Ellen here”, select the ‘New Page” item from the URL tool

Add comment “Added link to Ellen page”, select “Save”

Click on the url link to the new “Ellen” page, edit the page and insert movie from demo files, comment and save. Test.

Select ‘wiki’ from the main toolbar, select ‘Settings’ from ‘Admin Functions’, select ‘edit(pencil)’

Change Comments/Moderation to ‘All comments’, save. Select ‘blog’ from main toolbar

Select (+) to add a new blog

Get creative - “Alpha’s Musings”, add a line of content, save.

Log out “alpha” and log in as “bravo” (either do a complete logout of the system for authenticity, or just log out of the collaboration page then back in. If you totally log out, you’ll need to open Safari and go to http:// pserve1.aste.org/groups/wickers/ or go through Directory.)

(16)

Create and save comment, note that the comment is tagged as awaiting moderator approval.

Log out and back in as “Alpha”, go to Admin Functions / Moderate comments and approve comment (or not :-).

Select ‘calendar’ in main toolbar

Create a calendar entry, log out and back in as another user to see entry. (Once Mail is working correctly, you will be able to use iCal to generate group entries also.)

I. Account Management - Mobile / PHD / External

Prerequisite setup: ODM with basic accounts created. For network

accounts, review Folder Redirection section. For External accounts a user provided USB key, FW drive, or a second client system is needed.

Set up

Launch WGM from either a client or server. Authenticate as ‘diradmin’ to ‘pserve1.aste.org’

Select Preferences and the ‘Demo Lab’ computer group Select “Login” and the ‘Options’ tab, set to ‘Always’

Turn off “Enable automatic login” and activate “Local admin...may refresh...”, “Enable external accounts”, and “Enable Guest account” Select “Apply Now” and “Done”

Select Preferences / Users / ‘Bravo’ / Mobility

Select ‘Always’, “Create mobile account...” and turn off “Require

confirmation...” and “Show ...checkbox” (Those items let the user opt out of the mobile settings - not something allowed in a school or admin-defined setting.)

Keep the “Create home” settings at the default Select “Acct Creation /Options” and set to “Always” Select “Encrypt contents with FileVault”

(17)

Do not restrict size (it can cause failure to sync if set too small) Leave all other defaults (They get changed for the next user) Select “Account Expiry” and set to “Always”

Select “Delete mobile accounts” and set to 1 hour (this allows the “Rabbit Effect” to be controlled; but should be managed carefully. Each mobile account that is deleted will require a full resync (1st time sync) at next login.)

Select “Rules / Login & Logout Sync” and set to “Always”

Remove the defaults from the upper window and replace with only ‘~’ (tilde) (We want a full sync at login and logout.)

Select “Background Sync” and set to “Always” - leave sync defaults as they are.

Select “Options” and set to “Always” then set time to 5 minutes (for demo, need short time, in real world, it should be set to 11 minutes optimally). Click “Apply Now” and “Done”

Select “Charlie” and set up the same as “Bravo” but set the “Acct

(18)

This makes Charlie an External account - one whose home directory resides on an external volume, if you have a USB key or FW drive to store it on. If not, let Charlie choose the internal drive and we’ll use that

computer as his external volume in the demo.

For the “Charlie” account, do not set the “Account Expiry” Apply all settings and quit from WGM.

Demo of account types

You might want to review the Guest Account to show it’s temporary nature.

From Loginwindow, log into client as “Alpha” and point out the location of the home directory, note the redirected ~/Library/Caches folder. From Loginwindow, log into client as “Bravo” and note the mobility dialog. Select “Create Now” and watch the FileVault creation process. Later, if you have logged in as another user, take note of Bravo’s homedir in the local User’s folder - it’s a locked folder containing a FileVault

image.

Copy some files to the user’s home folders. Activate the sync process from the menubar.

Log out and log back in as “Charlie” Option One - Select the external device for the home directory. Note the behavior of the client during sync and during logout. Remove the external device while at the loginwindow. Re-attach the device - note the behavior of the loginwindow.

Option Two - Select the internal device as location for portable home. After logging in, copy a few files to home locations, then log out. Shut down the client and boot into target disk mode. Attach client system in TDM to another bound client, note the behavior of the new client system. This concept of the external account allows a 1-1 user to use their

(19)

portable as the external portable home when attaching to a different computer, such as in a computer lab.

J. Client Management

None of the demos to this point have any actual client management settings, despite the Mobility settings being established for certain accounts. Here is your chance to review many of the new capabilities of Leopard MCX including the new application controls, Parental Controls, Login access/options, and Details.

Log into client system or server and launch WGM, authenticate as ‘diradmin’ to ‘pserve1.aste.org’

Select Preferences / Computer Groups / Demo Lab • Applications - Select and set to “Always”

Add ‘TextEdit’ and ‘Directory’ to the list of ‘Always allow...’

Select ‘Folders’ and add “/Applications/” to the lower window (Allow) and add ‘~/’ and “/Applications/Utilities/” to the upper window (Disallow). Note that you are now refusing to allow users the right to put applications into their

homedirs and launch them. You are also allowing only ‘Directory’ to run from the Utilities folder.

Select the ‘Widgets’ tab and note how you can specify an exact list of Widgets that are allowed on the client.

Select the ‘Front Row’ tab and note that you can turn off use of that application uniquely.

The ‘Legacy’ tab contains the settings that apply to Tiger or earlier clients. •Login

Click done and choose the Demo Lab computer group.

Select ‘Login’ and set the ‘Window’ to “Always” Note that the

“AdminHostInfo” (Heading) is now a pull down menu, set it to ‘Directory Status’ Enter a message into the ‘Message’ window to identify your demo set.

Select “Options” and note that the “Log out users....” control has been moved to here. The “Local admin..disable management” has been updated - set this and when you try to log back in as “Apple” note the new dialog.

(20)

Select “Access” and set it to “Always”, add “Wickers” to the ACL as allowed and “TM Backup” as denied. This keeps someone from logging in as a non-user account. The checkbox “Combine available workgroup settings” now

concatenates all workgroup settings for any user logging in. This avoids users having to choose among different managed groups by pulling all of the settings into one list. Note other settings allowed.

• Network

Select “Network / Sharing & Interfaces” - note the controls to disable Internet Sharing, AirPort and Bluetooth. Demo these carefully.

• Parental Controls

Select “Parental Controls / Content Filtering” and set to “Always” (Note that the filter may pop up when you least expect it.)

Note that these settings match the local machine settings on any client system. Note that “Time Limits” now covers “Curfews” versus “Bedtimes” - in 1-1 situations, schools may find this setting appealing to parents who want the computers to be ‘unavailable’ after a certain time at night. Try setting usage to only 30 minutes and note the behavior during the lab.

6. Mods and Alts

A. Podcast Producer on this lab

Adding the ability to do PcP will involve turning on xgrid and PcP and will increase the load on the single MacBook server; but can be worth it from a collaboration point of view.

Check ‘Directory’ and make sure ‘Alpha’ is set as owner of the ‘Wickers’ group.

At the server, create a new folder on the Desktop labeled ‘sfs’

In Server Admin, select the Xgrid service and click on the “Configure Xgrid Service…” button.

Choose “Host a grid” and authenticate as ‘diradmin’ continue to finish. Xgrid should be running at this point.

Select the ‘Podcast Producer’ service. Set the ‘Shared File System’ to “/sfs”

(21)

Set ‘Xgrid Controller’ to “pserve1.aste.org”

Set ‘Xgrid User Name’ to “alpha” and enter password (‘test’) Under “Properties” change the following properties as noted:

- Group Short Name: “wickers” - Groups Admin Password: “test” - Groups Admin User: “alpha”

For this lab, we will leave out the Mail attributes. Feel free to add them on your own later.

In WGM, add “Podcast Capture” to the list of always allowed applications (if you are managing application access).

At a client system, log in as ‘charlie’, launch “Podcast Producer”

Connect to ‘pserve1.aste.org’ as ‘charlie’, select a style of podcast to create.

Publish as “Blog” with details as needed.

Launch Xgrid Admin from a client, and check on status of submission. You might see a failure if SMTP isn’t working yet.

Quit and launch ‘Directory’

References

Download now ( PDF - 21 Page - 340.30 KB )

Related documents

Medicine Shelf Stuff

○ If BP elevated, think primary aldosteronism, Cushing’s, renal artery stenosis, ○ If BP normal, think hypomagnesemia, severe hypoK, Bartter’s, NaHCO3,

Making Wine in Qvevri

Making sacramental wine requires special attention and care, starting with qvevri washing and marani hygiene and ending with fermentation, aging and storage. During

Classic Series Experience Boutique Show Service at a World Class Facility on the California Central Coast

Minors who do not have a valid driver’s license which allows them to operate a motorized vehicle in the state in which they reside will not be permitted to operate a motorized

A Qualitative and Quantitative Ion Mobility MS-Enabled, Data-Independent SILAC Workflow

The workflow of the complete process is shown in Figure 1, starting with the metabolic labeling of the samples, combining and digesting them, followed by the LC-MS analysis

The maternal hyperlactation syndrome

If breastfeeding by itself doesn’t effectively remove the thickened inspissated milk, then manual expression of the milk, or the use of an efficient breast pump after feeds will

Sample Policy For Employees

Favor you leave and sample policy employees use their job application for absence may take family and produce emails waste company it discusses email etiquette Deviation from

Constructing a BIM Climate–Based Framework: Regional Case Study in China

The case study was based on the regional comparison in terms of individual perceptions towards BIM implementation between two samples from Shanghai and Wenzhou, which

Two phenolic antioxidants in Suoyang enhance viability of •OH-damaged mesenchymal stem cells: comparison and mechanistic chemistry

ABTS: [2,2 ′ -azino-bis(3-ethylbenzo-thiazoline-6-sulfonic acid diam- monium salt)]; DMEM: Dulbecco’s modified Eagle’s medium; DPPH•: (1,1-diphenyl-2-picryl-hydrazl); ET: