[box type="tick" style="rounded" border="full"]Download the Using Apple OS X Lion Server at Home eBook Now
If you've been enjoying our Using Apple OS X Lion Server as a Home Server series, then make sure you pick up a copy of the accompanying eBook. You'll find additional chapters and information on using OS X Lion Server to power your digital home that won't be available here on the site, and with all of our walkthroughs available in one convenient document (ePub or PDF), it's far easier to install and configure your server without having to click backward and forwards to the website.
[box type="info" style="rounded" border="full"]Articles in this series…
- Choosing Your Hardware
- The Server App
- Storage and Network Configuration
- Users and Groups Configuration
- Profile Manager and Macs [eBook Exclusive]
- Profile Manager and iOS Devices [eBook Exclusive]
- File and Folder Sharing
- Shared Address Book [eBook Exclusive]
- Shared Calendar [eBook Exclusive]
- iChat Server
- Time Machine Backup
- Windows PC Backup [eBook Exclusive]
- VPN Configuration [eBook Exclusive]
- Websites, Blogs and Wikis
Well, that last part was quite the walkthrough, wasn't it? Certificates, networking, port forwarding and all for a rather bland default remote access web page and a green tick next to some security certificate! In truth, whilst we haven't got a huge amount to show for our work on Lion Server so far, importantly, the configuration we've done so far means (in theory) we'll be saved a lot of trouble when we start configuring the fun stuff.
Talking of which, it's time to get our users set up on the server. OS X Lion Server allows configuration of both local and network accounts – local accounts are restricted to the server, whilst network accounts can be used on all Mac clients connected to the server as well as the server itself. As you'd expect, we're looking for centralised control of our family's user accounts from the server itself, making administration a lot easier. Well, that's what I expected going in to this part of the series. Let's walk through Lion Server's user account creation steps.
1. Configure the Server to Manage Network Accounts
There's not a lot of fun restricting our user accounts to local server access, so the first thing we want to set up is the ability to host network accounts on the server. To do so, open up your Server app, and head up to the top menu. Select Manage > Manage Network Accounts.
The image above shows the menu position you're looking for (our example here has a different menu option as I took the screenshot after setting up our Network Accounts).
The Configure Network Users and Groups assistant will appear, with an introductory message. The gist here is that to get Network Accounts working, we need to set up something called a Directory Service. You may have heard of Active Directory on Windows Server, which looks after user accounts, user groups and security settings across a business network. We're going to set up a similar feature here on OS X Lion Server, albeit at a smaller scale for the home. The Mac equivalent to Active Directory is called Open Directory, trivia fans. Click Next to get going.
Rule one of Network Accounts on OS X Lion Server – you have to set up a separate administrator account for managing network users and groups. This is a different account to the primary administrator account you've previously set up. An account name (diradmin) is pre-configured for you, but can be changed (and indeed, should from a security perspective). Drop in a password (which can be the same as your main administrator password if you wish, again, the security policy advise against that), verify and select Next.
The next step is primarily for business use – you're asked for an Organisation Name (go for your family name, or other identifying name) and an email address. Confirm the details, and your server will be configured for Network User management.
2. Add Your Accounts
OK, with Network User management set up, it's time to start setting up the user accounts for your family. In the Server app, click on Users in the left hand pane and you'll most likely see a lone account set up there, which will be your server administrator account. To add an account, click the plus (+) button at the bottom of the window.
Adding a user is pretty straightforward – complete the form with the user's full name, account name, email address and password, then click the check box if you'd like that user to have administration rights on the server (the answer to this question is generally no!) Hit the key icon next to the password field for a little help with password generation if it's needed – a nice touch. Finally, click the silhouette graphic at the top of the page and you can drop in a photograph of the family member, or an avatar.
Note the blue globe resting at the bottom of the photo allocated to each user – that denotes the user account is a network account.
3. Set Up Permissions
For each user, you can set permissions for allowing/denying access to specific services hosted on the server. To do so, highlight the user, and clock the Action icon, then select Edit access to services. The following window will appear, and you simply uncheck the features to which you wish to deny access.