Os X server for small business
Download 293.14 Kb.
|
Note: The VLAN area of the Network pane is visible only if your hardware supports this feature.
This VLAN tag designates the VLAN ID (VID). Each logical network has a unique VID. Interfaces configured with the same VID are on the same virtual network.
Manage Wi-Fi The Server app can manage an AirPort device to give Internet computers access to selected services, and to let users log in to your wireless network with their name and password. The Server app can manage an AirPort Extreme Base Station (802.11n) or a Time Capsule. To be managed, your AirPort device must have its Connection Sharing option set to “Share a public IP address” (that is, an Internet connection). The advanced option IPv6 Mode must be set to Tunnel. The “default host” option should also be turned off, which is the default setting. If you don’t use the Server app to manage your router, you can use the router’s configuration software to protect your server and your intranet. For more information, see this help topic: Router port mapping. HideAdd or remove public services You can use the Server app to designate public services that can be accessed by computers on the Internet. OS X Server configures your AirPort device to expose those public services on the Internet. The process of exposing individual services to the Internet is called port mapping or port forwarding. For more information, see this help topic: Port mapping for network and server protection.
If the service you want to add isn’t listed in the pop-up menu, choose Other, and then enter the service name and port. For a list of services, see this help topic: Services and ports. Note: Exposing Websites service also exposes Wiki, web calendar, and Profile Manager services.
Important: Restarting your AirPort device interrupts its services for all computers on your intranet for up to a minute. AirPort device services may include Internet access, DHCP service, and a shared disk for Time Machine backup or other uses. When entering the password to authorize restarting the AirPort device, use the password for the device, not the password for your Wi-Fi network. OS X Server remembers this password, so you don’t have to enter it again unless you change it on your AirPort device. Services that aren’t in the Public Services list can get incoming connections only from the server’s intranet. HideAllow user name and password login over Wi-Fi You can let users log in to your wireless network with their user name and password instead of the Wi-Fi network password. In this case, your server provides Remote Authentication Dial In User Service (RADIUS) for your AirPort device and authorizes all user accounts on the server to access your wireless network. For more information, see this help topic: About RADIUS for AirPort.
Important: Your server will lose its connection to the AirPort device, unless the two are connected via a wired Ethernet network. Don’t select this option if you want to let users log in to your wireless network with the Wi-Fi network password. You can turn off RADIUS using the AirPort Utility app.
Important: Restarting your AirPort device interrupts its services for all computers on your intranet for up to a minute. AirPort device services may include Internet access, DHCP service, and a shared disk for Time Machine backup or other uses. When entering the password to authorize restarting the AirPort device, use the password for the device, not the password for your Wi-Fi network. OS X Server remembers this password, so you don’t have to enter it again unless your change it on your AirPort device. Selecting this option starts RADIUS on your server, registers the selected AirPort device with RADIUS, and authorizes all user accounts on the server to access your wireless network.
Configure LDAP directory access Using Directory Utility, you can specify how your Mac computer accesses an LDAPv3 directory if you know the DNS host name or IP address of the LDAP directory server. If the directory is not hosted by a server that supplies its own mappings (such as a Mac server) you must know the search base and the template for mapping OS X data to the directory’s data. Supported mapping templates are:
The LDAPv3 plug-in fully supports Open Directory replication and failover. If the Open Directory master becomes unavailable, the plug-in falls back to a nearby replica. To specify custom mappings for the directory data, follow the instructions in Configure access to an LDAP directory manually instead of the instructions here. Important: If your computer name contains a hyphen, you might not be able to join or bind to a Directory Domain such as LDAP or Active Directory. To establish binding, use a computer name that does not contain a hyphen.
If you see an Edit button, your computer has at least one connection to a directory server.
By default, the new directory connection is enabled. For more information about enabling or disabling a directory connection, see Enable or disable directory service.
Before you select this, ask your Open Directory administrator to determine if SSL is needed. If Directory Utility can’t contact the LDAP server, you might need to adjust your configuration access settings. For more information, see Change the connection settings for an LDAP or Open Directory server.
Typically, the search base suffix is derived from the server’s DNS host name. For example, the search base suffix could be “dc=ods,dc=example,dc=com” for a server whose DNS host name is ods.example.com.
The binding might be optional. Trusted binding is mutual; each time the computer connects to the LDAP directory, they authenticate each other. If trusted binding is set up or the LDAP directory doesn’t support trusted binding, the Bind button does not appear. Make sure you supplied the correct computer name. If you see an alert saying that a computer record exists, try again using a different computer name, or click Overwrite to replace the existing computer record. The existing computer record might be abandoned, or it might belong to another computer. If you replace an existing computer record, notify the LDAP directory administrator in case replacing the record disables another computer. In this case, the LDAP directory administrator must give the disabled computer a different name and add it back to the computer group it belonged to.
If the LDAP directory requires authentication to connect, select the “Use authentication when connecting” checkbox and enter the distinguished name and password of a user account in the directory. An authentication connection is not mutual; the LDAP server authenticates the client but the client doesn’t authenticate the server. The distinguished name can specify any user account that has permission to see data in the directory. For example, a user account whose short name is dirauth on an LDAP server and whose address is ods.example.com would have the distinguished name uid=dirauth,cn=users,dc=ods,dc=example,dc=com.
Manage LDAP directory access You can change, duplicate, or delete configuration settings for an LDAP server. If your LDAP server access settings change, you can change them. If you are adding a similar LDAP server that only needs minor connection setting changes, you can duplicate the settings of an existing LDAP connection. If you need to delete an LDAP connection, you can delete it. HideChange a configuration for accessing an LDAP directory You can use Directory Utility to change the settings of an LDAP directory configuration. The configuration settings specify how Open Directory accesses an LDAPv2 or LDAPv3 directory. If the LDAP configuration is provided by DHCP, you can’t change it, so this type of configuration is dimmed in the LDAP configurations list.
If you see an Edit button, your computer has at least one connection to a directory server.
If you choose a template, you must enter a search base suffix or the computer can’t find information in the LDAP directory. Typically, the search base suffix is derived from the server’s DNS host name. For example, for a server whose DNS host name is ods.example.com, the search base suffix is “dc=ods,dc=example,dc=com.” If you choose From Server instead of a template, a search base suffix is not needed. In this case, Open Directory assumes the search base suffix is the first level of the LDAP directory. If you choose Custom, you must set up mappings between the OS X record types and attributes and the classes and attributes of the LDAP directory you’re connecting to. For more information, see Configure LDAP Searches & Mappings.
HideDuplicate a configuration for accessing an LDAP directory You can use Directory Utility to duplicate a configuration that specifies how OS X accesses an LDAPv3 or LDAPv2 directory. After duplicating an LDAP directory configuration, you can change its settings to make it different from the original configuration.
If you see an Edit button, your computer has at least one connection to a directory server.
If you choose a template, you must enter a search base suffix or the computer can’t find information in the LDAP directory. Typically, the search base suffix is derived from the server’s DNS host name. For example, for a server whose DNS host name is ods.example.com, the search base suffix is “dc=ods,dc=example,dc=com.“ If you choose From Server instead of a template, a search base suffix is not needed. In this case, Open Directory assumes the search base suffix is the first level of the LDAP directory. If you choose Custom, you must set up mappings between the OS X record types and attributes and the classes and attributes of the LDAP directory you’re connecting to. For more information, see Configure LDAP Searches & Mappings.
For more information, see Enable or disable directory service, and Define search policies. HideDelete a configuration for accessing an LDAP or Open Directory server You can use Directory Utility to delete a configuration that specifies how the computer accesses an LDAPv3 or LDAPv2 directory. If the LDAP configuration is provided by DHCP, you can’t change it, so this configuration option is dimmed in the LDAP configurations list.
If you see an Edit button, your computer has at least one connection to a directory server.
The deleted configuration is removed from the custom search policies for authentication and contacts.
Set up trusted binding for an LDAP directory You can use Directory Utility to set up trusted binding between the computer and an LDAP directory that supports trusted binding. The binding is mutually authenticated by an authenticated computer record that’s created in the directory when you set up trusted binding. You can’t configure a computer to use trusted LDAP binding with a DHCP-supplied LDAP directory. Trusted LDAP binding is inherently static, and DHCP-supplied LDAP is dynamic.
Several options appear, including the Bind button. If the Bind button doesn’t appear, the LDAP directory doesn’t support trusted binding.
Enter the name of the computer and the name and password of an LDAP directory domain administrator. The computer name can’t be in use by another computer for trusted binding or other network services.
If you see an alert saying that a computer record exists, click Cancel to go back and change the computer name, or click Overwrite to replace the existing computer record. The existing computer record might be abandoned or it might belong to another computer. If you replace an existing computer record, notify the LDAP directory administrator so that replacing the record won't disable another computer. In such a situation, the LDAP directory administrator must give the disabled computer another name and add it to the computer group it belonged to, using a different name for that computer.
Change the LDAP connection security policy Using Directory Utility, you can configure a stricter security policy for an LDAPv3 connection than the security policy of the LDAP directory. For example, if the LDAP directory’s security policy permits clear-text passwords, you can set an LDAPv3 connection to not permit clear-text passwords. Setting a stricter security policy protects your computer from a malicious hacker trying to use a rogue LDAP server to gain control of your computer. The computer must communicate with the LDAP server to show the state of the security options. Therefore, when you change security options for an LDAPv3 connection, the computer’s authentication search policy should include the LDAPv3 connection. The permissible settings of an LDAPv3 connection’s security options are subject to the LDAP server’s security capabilities and requirements. For example, if the LDAP server doesn’t support Kerberos authentication, several LDAPv3 connection security options are disabled.
For more information about adding the LDAPv3 directory to the authentication search policy, see Define search policies.
Directory: 2012 2012 -> The Case Against the nypd’s Quota-Driven ‘Broken Windows’ Policing What Is It? 2012 -> Annual InStructional unit plan 2012 -> University of Hawai‘i Maui College dental assisting program review october 21, 2013 2012 -> Committee on the rights of the child the rights of all children in the context of international migration 2012 -> Background on the Haitian Earthquake 2012 -> The Collected Wisdom of Science Olympiad Coaches 2012 -> Federal Communications Commission fcc 12-81 Before the Federal Communications Commission 2012 -> Aa and na members Dying from Tobacco 2012 -> [Baby Crying] 01: 04 [Ching Download 293.14 Kb. Share with your friends:
|