beautypg.com

Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 71

background image

Directory Services

71

Always remember: directory information is authoritative. It vitally affects everyone whose
computers use it.

Setting Up an Open Directory Domain and Password Server

You must thoughtfully decide how to set up Open Directory domains and a Password Server
before you set up user accounts and have your Mac OS X Server provide services to users. To
decide how to set up Open Directory domains and a Password Server, ask yourself the
following questions.

Q: Do you want your network users to be able to log in from more than one computer? Do
you want to manage user and group accounts centrally? Do you want to manage user and
group preference settings centrally?

A: If you answer yes to any of these questions, you must use a shared directory domain. If
no, then user and groups accounts will have to be managed separately on each network
computer.

Q: Will your network have more than one server?

A: If yes, you almost certainly need a shared directory domain. Set up the server that will
host the shared domain before setting up the other servers, which will use the shared
domain hosted by the first server.

Q: Will Windows computer users need to connect to any Mac OS X Server on your network,
either now or in the future? Will you want to enforce policies such as password expiration or
minimum password length? Will you need multiple authentication methods?

A: Unless you can answer emphatically and irrevocably no to all these questions, you need to
set up a Password Server. If your network will have more than one Mac OS X Server, you can
set up a Password Server on the first Mac OS X Server. Then you can configure the other
Mac OS X Servers to use the one Password Server.

You can use the Open Directory Assistant application to set up how a Mac OS X Server works
with directory information and a Password Server. Open Directory Assistant runs
automatically as part of the installation and setup process of Mac OS X Server. Subsequently
you can open Open Directory Assistant from the Finder.

If you create user accounts without a Password Server and later reconfigure to host or use a
Password Server, you will have to reset the user passwords to use the Password Server.

Important

If you are discontinuing use of a Password Server, first change the password

validation strategy of the Password Server administrator to basic so that the administrator can
continue to log in to Mac OS X Server. You should also make the same change to any
ordinary users whose passwords are validated using the Password Server. For instructions,
see “Resetting Passwords Before Discontinuing Use of a Password Server” on page 203 of
Chapter 3, “Users and Groups.”

LL0395.Book Page 71 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: