Flashcards in Mac OS X Server 10.9 Deck (136)
Which volumes are shown in the Storage tab in the Server app?
All that are visible and mounted on the server.
Why use Time Machine to back up OS X Server?
Time Machine provides a simple backup system that’s capable of backing up OS X Server and restoring its services.
What files are not backed up by Time Machine that might be important in a server to a system administrator?
What kind of backup targets can be used for Time Machine?
Locally connected volumes and AFP file shares
If you don’t want to drop the oldest backups, what should you do?
Don’t let the backup target volumes fill up, or the oldest backups will be dropped.
What are three ways of recovering data from a Time Machine backup?
From the Time Machine graphical interface, directly from the backup volume, and via Restore from Time Machine Backup in the Recovery volume.
Describe the difference between authentication and authorization, and give an example of each.
Authentication is the process by which the system requires you to provide information before you can access a specific account. An example is entering a name and password while connecting to the Apple Filing Protocol service. Authorization refers to the process by which permissions are used to regulate a user’s access to specific resources, such as files and shared folders, once the user has been successfully authenticated.
What is the difference between user and administrator accounts on OS X Server?
User accounts provide basic access to a computer or server, whereas administrator accounts allow a person to administer the computer. On OS X Server, an administrator account is typically used for changing settings on the server computer itself, usually through the Server app.
Which applications can you use to configure OS X Server local user and group settings?
You can use the Users & Groups preferences and the Server app to create and configure local users and groups.
What tool can you use to import and export user accounts?
You can use the Server app to import user accounts. Additionally, as you’ll see in Lesson 10, you can use the Server app to import network users after you authenticate as a directory administrator.
Which two formats of files can you use to import users with the Server app?
You can use the Server app to import a character-delimited text file with user information, but you need a header line to define the characteristics of the information contained in the file. You can also import a text file that has a header line at the beginning of the file that defines the contents of the file.
If you decide to manually manage access to services, what are some services included in the list?
Services include Calendar, Contacts, File Sharing, FTP, Mail, Messages, Profile Manager, Time Machine, and VPN.
When you select the checkbox to grant authorization for a user to access File Sharing services, what file sharing protocols does this enable for the user?
Authorization to use File Sharing includes the AFP and SMB protocols.
When you click the Manage Service Access button, does this prevent users that you create in the future from being able to access your OS X Server services?
No, even after you choose to manage service access manually, new users that you create with the Server app automatically get authorization to access services. Of course, you can edit a user and remove authorization for that user to access a service.
What is the main function of directory services?
Directory services provide a central repository for information about the computers, applications, and users in an organization.
What standard is used for data access with Open Directory? What version and level of support is provided for this standard?
Open Directory uses OpenLDAP and the Lightweight Directory Access Protocol (LDAP) standard to provide a common language for directory access. Open Directory uses LDAPv3 to provide read and write access to the directory data.
In terms of Open Directory, what four roles can OS X Server play?
OS X Server Open Directory roles include Open Directory master, standalone server, connected to a directory system, and Open Directory replica.
What criterion determines the Open Directory locale with which an OS X Open Directory client associates?
If a Mac has an IPv4 address that’s in the range of a subnet associated with an Open Directory locale, that Mac should use any of the Open Directory servers associated with that locale. Otherwise, it will use the default locale.
What log shows successful and failed attempts to authenticate against the password service?
Password Service Server Log, located at /Library/Logs/ PasswordService /ApplePasswordServer.Server.log, shows successful and failed attempts to authenticate.
What tool can you use to check the ability to obtain a Kerberos ticket?
Ticket Viewer is in /System/Library/CoreServices, and you can use it to confirm the ability to obtain a Kerberos ticket.
2. How do you import local network users from a text file with a properly formatted header line?
Choose Manage > Import Accounts from the File menu, select the text file, choose Local Network Accounts in the pop-up menu, provide directory administrator credentials, and click Import.
What are some reasons that a client computer might not be able to use Kerberos authentication to access a service?
The client computer might not be bound to a directory service that provides Kerberos; the system time between the client computer and the server computer might be off by more than 5 minutes; there could be a DNS configuration issue; or the service might not be configured to use Kerberos.
In addition to authentication, what else can Kerberos provide?
Kerberos provides identification and authentication.
How can you disable a local network user account so that it cannot be used to access services or log in on a bound Mac?
In the User pane of the Server app, double-click the user to edit the user, and deselect the checkbox “Allow user to log in.”
What are some examples of global password policies that you can apply to users that apply the next time they change their password?
Some examples include that passwords must differ from account name; contain at least one letter; contain both uppercase and lowercase letters; contain at least one numeric character; contain a character that isn’t a letter or number; contain at least a given number of characters; or differ from the last given number of passwords used.
What are some examples of global password policies that you can configure to disable login after certain events occur?
Some examples include that the login will be disabled on a specific date; after using it for a given number of times; after inactive for a given number of days; or after a user makes a given number of failed attempts.
How does a user obtain a Kerberos service ticket?
Once a user has a ticket-granting ticket, OS X automatically attempts to obtain a service ticket when a user attempts to connect to a Kerberized service.
What tool is used to create profiles?
The Profile Manager web app is used to create profiles.
Why should a configuration profile be signed?
A configuration profile should be signed to validate the contents of the profile.