9a344

[Embio]

I'm more intrigued by the new server version than the client - so whats new in it? I mean, from the earlier server build and Tiger.

[Adrian Fogge]

Standard and Workgroup Configurations of Leopard Server

On a workgroup server, you can now import a group (or set of groups) to your workgroup server's Open Directory domain from your corporate directory, and automatically import all users of that group. You can do this while setting up the server with Server Assistant. You can also import groups and users with the Server Preferences application after setup. When the membership of a group changes in the corporate directory, the changes will be periodically synchronized to your workgroup server.

 

On a workgroup server, you can now easily allow users from your corporate directory (who are not imported into your workgroup server's directory) access to the wiki, calendar, and file sharing services. You accomplish this by adding external users and groups to groups you created in the workgroup server's directory. In the Groups pane of Server Preferences, select a group and click + on the members list that appears to specify external users or groups from the corporate directory that you want to include in your workgroup server group. These external members will then have access to the workgroup server group's wiki, group calendar, and file sharing folder.

 

On a workgroup server, users who are imported from your corporate directory into the workgroup server directory will receive an email invitation to connect to the server. The email will include a file that will open Directory Utility on the user's computer. Directory Utility will discover the workgroup server and invite the user to connect to it. This will happen whether the user is imported with Server Assistant or with Server Preferences.

 

Automated client binding to a standard or workgroup server now offers the following capabilities:

• Bind the authentication credentials of a user account in the server's Open Directory domain to the local user account while setting up Mac OS X Leopard on a client

• Bind the authentication credentials of a user account in the server's Open Directory domain to a local user account by using the Accounts pane of System Preferences

• Automatically configure the client to enable making VPN connections to the server

• Automatically configure clients to back up to the server using the default client Time Machine settings

• The default client Time Machine settings that you make while setting up the server can be changed in the Time Machine pane of Server Preferences. Changes you make in this pane apply only to clients you set up subsequently. After a client is automatically configured with the default Time Machine settings from the server, they can be changed on the client in the Time Machine pane of System Preferences.

• You can select which services will be configured automatically for a particular client when you add the client's user in the User pane of Server Preferences. Click the Services tab in this pane to select the ones to configure on the client.

 

When setting up a Standard configuration, Server Assistant will configure a NAT device connected to the Internet. It will discover and present the external hostname and IP address if connected to a NAT.

 

Notes:

In some cases, clients won't be able to use Kerberos authentication for services of a standard or workgroup server. We can detect those cases and configure the client to use other authentication methods. The appropriate keychain items for the services are created.

 

Clients are now not automatically configured to use a standard or workgroup server for software update service. Server Assistant doesn't set up software update service on standard or workgroup servers due to network bandwith constraints. However, if you use advanced tools such as Server Admin to start software update service on a standard or workgroup server, clients that join the server will be automatically configured to use it for software update service.

 

Server Admin

• Added settings for managing Spotlight Indexing to the Sharing pane

• Improved server overview

• Improved DNS pane with a new user interface.  Record entry validation, Secondary Zone configuration, the Bonjour panel, and Settings panel (specifically, the zone recursion table) are not fully implemented.

• Improved VPN pane

• RADIUS server can now be set up using Service Configuration Assistant

• Improved Calendar pane

• Added settings for managing events and notifications

 

DNS Service

• In order to use the new Server Admin DNS plugin you must first:

1. Launch Terminal

2. Type:  sudo mv /etc/named.conf /etc/named.conf.old  and press the return key.

 

Server Assistant

• Performs network diagnostics at the end of setup, reports errors, and allows the user to address them

• Provides more setup choices for network connections, including static IP, DHCP with static IP, DHCP, PPPoE for DSL or cable modem, BootP, automatic or manual IPv6, automatic or manual Ethernet interface configuration, and lights-out management if server hardware supports it

 

iChat Service

• Supports multiple host domains

• Supports secure XMPP server-to-server federation

 

Web Service

Web pane of Server Admin allows:

• Creating location-based realms in addition to directory-based realms

• Turning on or off the link between Apache and PubSub user agents, on a site basis, and provide a separate instance of Apache to listen on a port other than 80 for connections from feed subscribers.

 

Directory Services

• Tiered administration now allows some users to have limited administration capabilities without being granted full access. Configure tiered administration with Workgroup Manager and Server Admin.

• Hierarchical replication allows configuring replicas in two tiers. Open Directory clients can be guided to an assigned replica or set of replicas. The clients contact the same server for LDAP, Password Server, and Kerberos.

• Multi-interface support allows clients to access the directory services via any of the server's network interfaces.

 

Xgrid Service

Simple Superuser ACL: You can set up administrator ACLs to enable users to modify Xgrid settings in Server Admin, and set up Xgrid service ACLs to enable users to log in to Xgrid. Set up these ACLs by using the Access Control pane for the server in Server Admin. Users allowed by the Xgrid service ACL to log in to Xgrid who are also members of the local "admin" group or members of the Xgrid administrator ACL have "superuser" elevated privileges. The rest of the users allowed by the Xgrid service ACL to log in to Xgrid have regular lowered privileges. A superuser can create, view, retrieve, and modify all resources managed by Xgrid. A regular user can only create jobs (not other resources such as grids or agents), and can only retrieve and modify their own jobs (not jobs created by other users). Regular users can still view all grids and their agent and job lists.

 

QT Streaming Service

QTSS now provides Open directory based user authentication.

 

Group Web Services

• The Calendar Server now provides drop box support. This only works with iCal.

• New functionality in the Wiki Server includes:

• Atom Feeds and Publishing.

• Personal Weblogs (Non-Blojsom).

• Tag Management allowing for editing and synching Tags set within Group Web Services.

• Shared contacts and groups, mailing lists, etc. via Web Directory specifically for Group Web Services.

• Mailing Lists to support group communications.

 

Managed Client

• Support for managing Time Machine on client systems.

• Support for managing printer headers of client print jobs.

 

Portable Home Directories

PHD now allows FileVault account creation for Portable Home Directory accounts.

 

NetBoot and NetInstall

Using the new System Image Utility, you can create new NetInstall images from DVD media and serve them using Server Admin. The images cannot be customizable for this seed release. Existing Mac OS X 10.4 Tiger based images can also be served from the Leopard Server.

 

Miscellaneous

The server's IP address can be changed without changeip being invoked from the command line. Whenever a network address change is detected, no matter how the change happened, changeip is now automatically invoked. Users can now change the IP address in the Network pane of System Preferences without any issues.

 

 

Known Limitations and Workarounds

 

• Remote installs are not functional in this seed release.

 

• Installing in Japanese is not functional. Proceed through the install and setup in English and then the primary language to Japanese using System Preferences -> International -> Language.

 

• Use Leopard Safari browser or Firefox to edit the Wiki content.

 

• Editing subordinates, pictures, resources, or locations in Directory.app are not working.

 

• Searching in Web Directory is not working.

 

• Unable to delete an imported user in Server Preferences.

 

• Icons in Mac OS X Server installer pane are not displayed correctly.

 

• Cannot login to FTP Server.

 

• For Advanced Configurations, Mail Server Settings panel is greyed out.

 

• Cannot add users in Server Preferences. Use Workgroup Manager to add users.

 

• Application launch restrictions in Parental Controls are not enforced.

 

• Disconnecting from the network while connected to the server may hang the machine.

 

•For a few configurations, Spotlight can consume resources on the system and mak

 it unresponsive. If you encounter this problem, disable mds with the following 

ommand and reboot:

mv /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework/Support/mds /

 

• The Apple Remote Desktop application is not functional in this seed release however the ARD client service is functional on Leopard and only runs when a user session is active. The ARD client service can not be properly  started or configured using the Sharing Preferences pane, so use this workaround to start and use ARD client software with this seed release.

 

To start the ARD client software:

• In a terminal window execute the following:

• sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate

• Now log out of that session and then log in to a new session and the ARD client service will be running.

 

To add remote access to a client for a user with the short name "admin":

• In a terminal window execute the following:

• sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -privs -all -users admin

 

The Screen Sharing service, when running, will allow screen control access to the console for any valid username/password for the computer.  Currently, the Screen Sharing service only runs when a user session is active.   The Screen Sharing service can not be properly started or configured using the Sharing Preferences pane.

 

To start the Screen Sharing service:

• In a terminal window execute the following:

• sudo touch /Library/Preferences/com.apple.ScreenSharing.launchd

• Now log out of that session and then log in to a new session and the Screen Sharing service will be running.

[alloutmacstoday]

wow, that's a lot of stuff

[mr.manatane]

Is Server Admin in Java or still in objective-c ?

What a shame not to use Java when you see that server admin is only using basic OS output such as list view, pane, etc...

[Embio]

thank you Mr. Fogge, thats exactly what I was looking for - almost makes me wish I had a server and a room full of users to administrate

[aPpLeFrEaKpEePs]

wyd luv 2 use leo server..

[Adrian Fogge]

9a344's Netboot and Image Creator is severely messed up.