Overall Installation Experience
Apple OSX Server Snow Leopard set up problems
As a newbie to setting up an web and mail server I naturally thought that the new Mac mini server was the right way to go. Hardware wise and cost wise I was right. Software wise however I'm afraid even the great Apple (and I am a long term fan) has a long way to go before making this technology easily accessible to small companies.
I already had a domain, fixed IP address and MX records pointing to an older Windows server at my site, so expected the installation of OSX Server to go like a dream and on first blush the software looked great, with the server set up tool seemingly taking you through all the steps to set it up. However the first result was far from what I wanted and I was surprised at how much to and fro was required between the various server applications and DNS, in particular, to get the thing working. Not very Apple-like, I would have expected the server to take care of keeping the various applications linked.
I didn't like my first attempt but found no way to fall back to a clean installation without a reload of the disks. Searching the Apple Forum showed a few different Terminal type ways of getting there but none of them seemed to work with the confidence that I wanted and there seemed to be a fair bit of debate on the forum as to how to do it. So clean install from DVD was performed (actually this was done several times over my few days of learning) and yes, this is a long way around of removing root details from a server.
My simple objective was to make a multi-service web, mail and fileserver. The following is an outline spec:
• email addresses of the form firstname.lastname@domain.com
• email servers of the form smtp.domain.com, mail.domain.com and imap.domain.com
• ichat and address book servers of similar form
• automatic application configuration in clients
• web server accessed via www.domain.com
My first big lesson was the naming of the server itself. This name will re-appear inside a number of other applications (mail, ichat, addressbook etc) so make sure you chose something that works for all. As far as I can tell it is not possible (through Server Admin) to chose different names for each of the services. This could be frustrating later on if the site grows and I want to split different services to different servers as it will mean reconfiguring all the clients. Perhaps someone on the Forum knows a way of doing this. I eventually chose the name "services" which seems to fit most applications.
Second big lesson was trying to get the email address down to firstname.lastname@domain.com. If you follow the instructions in MacOSX Server Essentials or the manual that comes with the Server you will end up with email addresses that look like firstnamelastname@services.domain.com - yuck!
Server Admin seems to use the combination of the Users shortname plus the Host name setting for the email address.
Firstly, for Host name, instead of entering services.domain.com, enter simply domain.com, same as the Domain name entered in the field above. This seems to fix the last part of the address - and is much simpler than the Terminal commands for Squirrel mail suggested elsewhere in the Forum.
Secondly, for the username, I'm afraid you can't just enter a dot in the middle of the automatically generated shortname within Server Preferences-Users. Well, in fact, you can do that - (turning FirstnameLastname into Firstname.Lastname) and it will work in email, but unfortunately the presence of the dot inside the username seems to screw up the automatic client application configuration - and will frustrate users somewhat.
The best solution I found to this was a convoluted method for creating user identities.
1) Create the username within Server Preferences - Users.
2) Leave the shortname as automatically generated.
3) Go to the Contact Info tab and now enter the extra dot in the email address that has already been generated.
4) Now go to WorkGroup Manager and add a new shortname in the form firstname.lastname and Save. This results in each user having 2 shortnames.
5) Don't forget whilst in WorkGroup Manager to set the Mail quota for the user up to something reasonable like 500Mbytes. Apple's default setting of 0MB ain't not good to man nor beast. Why didn't they set a more sensible starting position?
For some reason, trying to do all the User creation within WorkGroup Manager didn't allow the email addresses to be populated correctly, whilst trying to do all the User creation within Server Preferences - Users, didn't allow addition of extra shortnames.
But doing the convoluted method does seem to allow email address and application set up using a common set of User details - though right now I am having problems with automatic application set up - but I hope that is a client issue.
Next issue was adding users into WorkGroup manager. This requires that you log on to the LDAP server, however what is not so obvious is that the username/password is not the root username/password that you use for administering the rest of the server, but it is diradmin/password (where the password is the same as the root password). I think just that one issue caused a couple of re-installs of the system with me thinking that I'd lost or forgotten a password somewhere.
Another significant issue was DNS configuration. Eventually the addition of Primary Zones, Machine Records and Aliases becomes a bit clearer (after about 20 attempts and reading 3 books on the subject). I do believe this could be made much simpler with the server applications and server itself automatically populating with the right information. I seem to remember using the Server Install programme and having a primary zone name inserted automatically of server.domain.com, whereas what is really needed in my situation is simply domain.com. Once that was done the rest became much simpler.
Another problem area was receiving incoming mail from the WAN. Apples Mail server seems to include some quite useful SPAM and Virus detection tools - but unfortunately they don't tell you (until you go searching through the user forums) that SPAM uses both BlackListing and GreyListing. GreyListing is well described on Wikipedia but the impact on your testing is that incoming mails will be rejected by your mail server and will rely on repeated submissions back again from the source smtp to try to avoid spammers. Whilst this may sound good, the result is that your test mails may not be received for hours, or even days - not good for real time testing purposes. Again, someone on the forum suggested a Terminal method of removing the GreyListing function but my checking the results show that this is functionally equivalent to turning off Junk Mail within the Filters section of Mail Settings inside Server Admin. For the moment I have removed both Junk Mail and Virus Mail filtering and this allows for a more responsive throughput of mails during the testing period. I yet have to work out how to train the Junk Mail filter so that I can put it back on again without causing unacceptable delays to mail delivery.
Of course these are just some of the issues and problems associated with setting up the Server. Any installation like this also seems to have tons of problems with the ADSL router (if that's what you are using in a small business) - making sure it is set to bridge mode and terminating the public IP address directly onto the Airport Extreme in my configuration. I don't know many telcos that really know how to have DSL Modems set up in a way that helps a small business get going. Prior to achieving bridge mode for the modem I suffered for a long time with problems associated with double NAT'ing. At least doing it this way around allows me to leave the OSX Server to administer the firewall in the Airport Extreme though it may make it harder for me to install a more secure firewall later on.
What surprises me, as a small, single site, business is that that Apple had not set up some very simple pre-configurations that would get me going more quickly. The only real variables needing user entry should be username, password, domainname, email address format and perhaps fixed IP address - the server should be able to populate everything else without user intervention. Perhaps, Apple, in your work in various standards committees, you could suggest the standardisation of a small set of DSL/LAN configurations that we could all use and could always rely on working.
So whilst this implementation might be a very significant improvement over having to administer a series of server programmes through CLI type interfaces it is still far from the Apple-like experience I had expected. It is certainly not for the uninitiated in the world of IP - but it could be so much better!
That said - some of the other web related stuff, wikis, blogs and the like, do look to be quite good - but early days there for me.
I hope these few comments on my user experience are of use to others setting up their OSX Servers.
Regards, Jim
As a newbie to setting up an web and mail server I naturally thought that the new Mac mini server was the right way to go. Hardware wise and cost wise I was right. Software wise however I'm afraid even the great Apple (and I am a long term fan) has a long way to go before making this technology easily accessible to small companies.
I already had a domain, fixed IP address and MX records pointing to an older Windows server at my site, so expected the installation of OSX Server to go like a dream and on first blush the software looked great, with the server set up tool seemingly taking you through all the steps to set it up. However the first result was far from what I wanted and I was surprised at how much to and fro was required between the various server applications and DNS, in particular, to get the thing working. Not very Apple-like, I would have expected the server to take care of keeping the various applications linked.
I didn't like my first attempt but found no way to fall back to a clean installation without a reload of the disks. Searching the Apple Forum showed a few different Terminal type ways of getting there but none of them seemed to work with the confidence that I wanted and there seemed to be a fair bit of debate on the forum as to how to do it. So clean install from DVD was performed (actually this was done several times over my few days of learning) and yes, this is a long way around of removing root details from a server.
My simple objective was to make a multi-service web, mail and fileserver. The following is an outline spec:
• email addresses of the form firstname.lastname@domain.com
• email servers of the form smtp.domain.com, mail.domain.com and imap.domain.com
• ichat and address book servers of similar form
• automatic application configuration in clients
• web server accessed via www.domain.com
My first big lesson was the naming of the server itself. This name will re-appear inside a number of other applications (mail, ichat, addressbook etc) so make sure you chose something that works for all. As far as I can tell it is not possible (through Server Admin) to chose different names for each of the services. This could be frustrating later on if the site grows and I want to split different services to different servers as it will mean reconfiguring all the clients. Perhaps someone on the Forum knows a way of doing this. I eventually chose the name "services" which seems to fit most applications.
Second big lesson was trying to get the email address down to firstname.lastname@domain.com. If you follow the instructions in MacOSX Server Essentials or the manual that comes with the Server you will end up with email addresses that look like firstnamelastname@services.domain.com - yuck!
Server Admin seems to use the combination of the Users shortname plus the Host name setting for the email address.
Firstly, for Host name, instead of entering services.domain.com, enter simply domain.com, same as the Domain name entered in the field above. This seems to fix the last part of the address - and is much simpler than the Terminal commands for Squirrel mail suggested elsewhere in the Forum.
Secondly, for the username, I'm afraid you can't just enter a dot in the middle of the automatically generated shortname within Server Preferences-Users. Well, in fact, you can do that - (turning FirstnameLastname into Firstname.Lastname) and it will work in email, but unfortunately the presence of the dot inside the username seems to screw up the automatic client application configuration - and will frustrate users somewhat.
The best solution I found to this was a convoluted method for creating user identities.
1) Create the username within Server Preferences - Users.
2) Leave the shortname as automatically generated.
3) Go to the Contact Info tab and now enter the extra dot in the email address that has already been generated.
4) Now go to WorkGroup Manager and add a new shortname in the form firstname.lastname and Save. This results in each user having 2 shortnames.
5) Don't forget whilst in WorkGroup Manager to set the Mail quota for the user up to something reasonable like 500Mbytes. Apple's default setting of 0MB ain't not good to man nor beast. Why didn't they set a more sensible starting position?
For some reason, trying to do all the User creation within WorkGroup Manager didn't allow the email addresses to be populated correctly, whilst trying to do all the User creation within Server Preferences - Users, didn't allow addition of extra shortnames.
But doing the convoluted method does seem to allow email address and application set up using a common set of User details - though right now I am having problems with automatic application set up - but I hope that is a client issue.
Next issue was adding users into WorkGroup manager. This requires that you log on to the LDAP server, however what is not so obvious is that the username/password is not the root username/password that you use for administering the rest of the server, but it is diradmin/password (where the password is the same as the root password). I think just that one issue caused a couple of re-installs of the system with me thinking that I'd lost or forgotten a password somewhere.
Another significant issue was DNS configuration. Eventually the addition of Primary Zones, Machine Records and Aliases becomes a bit clearer (after about 20 attempts and reading 3 books on the subject). I do believe this could be made much simpler with the server applications and server itself automatically populating with the right information. I seem to remember using the Server Install programme and having a primary zone name inserted automatically of server.domain.com, whereas what is really needed in my situation is simply domain.com. Once that was done the rest became much simpler.
Another problem area was receiving incoming mail from the WAN. Apples Mail server seems to include some quite useful SPAM and Virus detection tools - but unfortunately they don't tell you (until you go searching through the user forums) that SPAM uses both BlackListing and GreyListing. GreyListing is well described on Wikipedia but the impact on your testing is that incoming mails will be rejected by your mail server and will rely on repeated submissions back again from the source smtp to try to avoid spammers. Whilst this may sound good, the result is that your test mails may not be received for hours, or even days - not good for real time testing purposes. Again, someone on the forum suggested a Terminal method of removing the GreyListing function but my checking the results show that this is functionally equivalent to turning off Junk Mail within the Filters section of Mail Settings inside Server Admin. For the moment I have removed both Junk Mail and Virus Mail filtering and this allows for a more responsive throughput of mails during the testing period. I yet have to work out how to train the Junk Mail filter so that I can put it back on again without causing unacceptable delays to mail delivery.
Of course these are just some of the issues and problems associated with setting up the Server. Any installation like this also seems to have tons of problems with the ADSL router (if that's what you are using in a small business) - making sure it is set to bridge mode and terminating the public IP address directly onto the Airport Extreme in my configuration. I don't know many telcos that really know how to have DSL Modems set up in a way that helps a small business get going. Prior to achieving bridge mode for the modem I suffered for a long time with problems associated with double NAT'ing. At least doing it this way around allows me to leave the OSX Server to administer the firewall in the Airport Extreme though it may make it harder for me to install a more secure firewall later on.
What surprises me, as a small, single site, business is that that Apple had not set up some very simple pre-configurations that would get me going more quickly. The only real variables needing user entry should be username, password, domainname, email address format and perhaps fixed IP address - the server should be able to populate everything else without user intervention. Perhaps, Apple, in your work in various standards committees, you could suggest the standardisation of a small set of DSL/LAN configurations that we could all use and could always rely on working.
So whilst this implementation might be a very significant improvement over having to administer a series of server programmes through CLI type interfaces it is still far from the Apple-like experience I had expected. It is certainly not for the uninitiated in the world of IP - but it could be so much better!
That said - some of the other web related stuff, wikis, blogs and the like, do look to be quite good - but early days there for me.
I hope these few comments on my user experience are of use to others setting up their OSX Servers.
Regards, Jim
OSX Server Mini, Mac OS X (10.6.2)
