Tải bản đầy đủ - 0 (trang)
Chapter 26.  Managing Classic Mac OS Workstations Using Mac Manager

Chapter 26.  Managing Classic Mac OS Workstations Using Mac Manager

Tải bản đầy đủ - 0trang

26.1.MacManagerandOpenDirectory

AlthoughMacOS9hasnobuilt-inwaytoaccessOpen

Directory,itdoesincludesupportformultiplelocalusers,each

withalocalhomefolderthatfunctionsmuchlikeaMacOSX

homedirectory(localornetwork).TheMacOS9multipleusers

featurealsoincludestheabilitytocreatedlimitedaccessusers.

TheMacManagerclientsoftwaretapsintothemultipleusers

featurebuttellstheoperatingsystemtolooktoaMacManager

serverforuseraccountinformationandhomedirectories.

Ontheclientside,MacManagerisfairlysimple;itjusttellsthe

operatingsystemwhereonanetworktolookforaccount

informationthatistypicallystoredintheSystemFolder.Onthe

serverside,thingsarealittlemorecomplicated.MacManager

predatesMacOSX,sotheMacManagerserverneedsto

providesomewaytomakeinformationinOpenDirectory

backwards-compatiblewithinformationthatwasinitiallyjust

storedinaseriesofflatdatabases.Atthesametime,there

needstobeawaytoprovideinteractionwithOpenDirectoryfor

usersthatloginonbothMacOS9andMacOSXcomputers

andwhomayalsorunapplicationsusingMacOSX'sClassic

environment.

MacManagerachievesthisbymaintainingseparateuser,group,

andcomputerdatabases(thesameflatfilesitusedpriortoMac

OSX)outsideofashareddirectorydomain.Inordertomanage

userswithMacManager,administratorsmustfirstimportuser

accountsfromadirectorydomainintoMacManager.Computer

listsforMacOS9workstationsmustbecreatedinMac

Manager.And,althoughgroupsusedforfileandsharepoint

permissionscreatedinWorkgroupManagerarestillusedfor

grantingpermissionstoresources,managedgroupscreatedfor

MacOSXclientshavenomeaningtoMacOS9clients.Instead

workgroupsneedtobecreatedinMacManagercontaining

userswhoseaccountshavebeenimportedintoMacManager.



EventhoughthemanagedenvironmentofferedwithMac

ManagerisindependentofOpenDirectory,MacManagerstill

doesneedtobeabletointeractwithadirectorydomainfor

someveryimportantthings.MacManagerisdesignedtocreate

amanagedenvironmentandprovidesomesecurityfeatures;it

isnotdesignedtotrulymanageuseraccounts.OpenDirectory

remainsthemeansforverifyingusernameandpassword

informationandforaccessinguserhomedirectories.Therefore,

theMacManagerservicedoesinteractwithadirectorydomain

everytimeauserlogsin.

Whentheuserlogsin,theusernameandpasswordaresentto

theMacManagerserver(whichcanbeanOpenDirectoryserver

orasupportingserverboundtoadirectorydomain).TheMac

Mangerserverusestheenteredusernametoaccesstheuser's

UID.ItqueriesOpenDirectorywiththeUIDandpassword.If

theymatch,thenMacManagerqueriesforthelocationofthe

user'shomedirectory.Ahomedirectoryisrequiredwhen

workingwithMacManageraccounts(unlikeMacOSX,where

userscanbeassignedtohavenohomedirectory).Withthe

user'saccessauthenticatedbyOpenDirectoryandthehome

directorylocation,MacManagerauthorizesloginandmounts

theuser'shomedirectory.Itthenprocessesanyadditionallogin

variablesconfigurefortheuser'sMacManageraccount(suchas

workgroupmembership,mountinganyMacManagershare

points,andpreferencesmanagement).

Inday-to-dayoperation,thisistheonlyinteractionbetween

OpenDirectoryandMacManager.However,becauseMac

Managerusesaseparatesetofdatabasesforuseraccounts

thanthedirectorydomain,itperiodicallycheckstoseewhether

theinformationinitsdatabasesandthedomainstillmatch.It

doesnotadduserstoMacManager(youmustimportusers

manually),butitverifiesthatallusersexistandthattheirUIDs

stillmatchtheinformationmaintainedintheMacManager

databases.Ifyouchangeauser'snameoraddashortname,

youcanalsoupdatetheMacManagerdatabasesmanually.



UsersthatarelistedintheMacManagerdatabasesbutarenot

foundinthedirectorydomainaredeletedfromtheMac

Managerdatabases.MacManageralsoupdatesreferencesto

usersbetweenitsdatabasesduringaconsistencycheck.



26.2.MacManagerEnvironmentTypes

RegardlessofthemanagedpreferencesconfiguredforMacOS

Xusersandworkstations,thebasicuserenvironmentremains

verymuchthesame.UsersstillloginandaccessMacOSXin

essentiallythesamewaywiththesamevisualinterfaceasif

theywereusingastandalonehomeinstallationofMacOSX.

WithMacManager,however,administratorscanchooseoneof

threeenvironmentsforusers.Theuserenvironmentsare

assignedbasedonworkgroupandvaryallthewayfromthe

standardMacOS9interfacetoacompletelydifferentuser

experiencecalledPanels.



26.2.1.Finder

FinderworkgroupshaveaccesstothetraditionalMacOS9

Finderinterface.UserscanaccessallthemajorFinder

commandsandhavethesamemenuoptionsasiftheywerenot

loggedintoamanagedenvironment.Usersalsohaveaccessto

allareasofthelocalharddrive,althoughitispossibletolimit

theusertoread-onlyaccesstotheSystemFolderandthe

applicationsfolder,aswellastheLibraryfolderintheirhome

directories.



26.2.2.RestrictedFinder

RestrictedFinderworkgroupsgiveusersthetraditionalMacOS

9interface,butenablefurthersecurityfunctionality.

AdministratorscanlimitaccesstoanumberofFinder

commandsandmenuitemsaswellaswhichapplicationsand

otheritemsusersareallowedtoopen.TheRestrictedFinder

environmentisthedefaultchoicewhenanewworkgroupis



createdinMacManagerbecauseitcombinesthefamiliarMac

OS9userinterfacewiththeabilitytoenforceaccessand

securityrestrictionsonthelocalworkstation.Theserestrictions

applyregardlessofpermissionsettingsthatareconfiguredfor

itemsonthelocalharddriveoftheworkstation.



26.2.3.Panels

Panelsworkgroupsuseaspecial,simplifieduserinterfaceand

donothaveanyaccesstothelocalharddrive.Thepanels

environmentusespanels,shapedlikegiantfolders.Eachpanel

relatestoaspecificsharepoint,folder,orinserteddisk.Ata

minimum,therearetwopanelsdisplayed:theApplications

panelandtheUserDocumentspanel(whichcontainsitems

storedintheuser'shomedirectory).Additionalpanelscanbe

usedforaworkgroup'ssharedfolder,additionalmountedshare

points,andCDs/DVDsandremovablemedia,dependingon

variousconfigurationoptions.Iconsaredisplayedonthepanels

fordocumentsorapplicationsandlookandfunctionlikethe

buttonvieworLauncherintheMacOS9Finder.Administrators

canrestrictmanyoftheFindercommandforPanels

workgroups.Generally,thePanelsenvironmentisusedfor

youngchildren,computernovices,orwhenyouwishtohaveas

muchaccessrestrictionandsimplicityofuserenvironmentas

possible(suchaswithGuestusers).



26.3.MacManagerSharePointsandFolders

WhenMacManagerisenabledonaMacOSXServer,it

automaticallycreatestheMacManagersharepointandtheMac

Manageruseraccount.MacManagerusesitemslocatedonthe

MacManagersharepointaswellasothersharepointsto

accomplishseveralofitstasks.Thefollowingsectionsdescribe

thevarioussharepointsandfoldersthatarecreatedand/or

usedbyMacManager.



26.3.1.TheMacManagerSharePointandMultiUserItemsFolder

TheMacManagersharepointiscreatedintheLibraryfolderof

thestartupdrivefortheserveronwhichMacManagerhasbeen

enabled.YoucanchangethelocationoftheMacManagershare

point(toprovidefaulttolerance,performance,orincreased

storagespace).Todoso,createtheappropriatesharepoint

namedMacManageronanothervolumeandsetthemmuser

account(theshortnameassignedtotheMacManagerUser

account)astheownerofthesharepointandconfigurethis

accountandtheadmingrouptohaveread/writeaccesstothe

sharepointandtheeveryonegroup'saccesstonone.The

alternatevolumewillneedtobeconnectedtotheMacManager

serveranditmustbeformattedasaMacOSExtended(HFS+)

volumewithanamecontainingonlyASCIIcharacters.

TheMacManagersharepointcontainstheMulti-UserItems

folder.Thisfoldercontainsthedatabasesandconfigurationfiles

neededforMacManagertofunction.AcopyoftheMulti-User

Itemsfolderiscopiedtoeachworkstationthatisconfiguredto

usetheMacManagerserverandstoredintheSystemFolder.

BykeepinglocalcopiesoftheMulti-UserItemsfolder,

workstationscanmorequicklyrespondtoMacManagerrelated



requestsandreducethenetworktrafficandtheneedforserver

resources.Italsoenablesuserstoworkoffline,maintaininga

managedenvironmentifaconnectionerroroccursbetweenthe

serverandtheworkstation.Workstationswillquerytheserver

tocheckforanddownloadupdatestotheircopyoftheMultiUserItemsfolderperiodicallywhennouserisloggedin.They

willalsodownloadafreshcopyifthecopyintheSystemFolder

isdeleted.

Generallyspeaking,youshouldnotmakechangestothe

contentsoftheMulti-UserItemsfolderdirectly.Editing,moving,

ordeletingthesefilescanhaveunexpectedconsequencesand

cancauseproblemswiththeMacManagerserveraswellas

individualworkstations.YoushouldusetheMacintoshManager

applicationtoedittheMacManagerconfiguration.



26.3.2.GroupDocumentsVolumes

Thegroupdocumentsvolumeisasharepointthatisusedto

storeworkgroupsharedfoldersandaglobalsharedfolder.You

canuseanysharepointasagroupdocumentsvolumeandyou

canhavemultiplegroupdocumentsfolders.Ifyouconfigure

MacManagerworkgroupstomirrorMacOSXmanagedgroups

orpermissiongroupsthatuseagroupfolder,youwillideally

wanttousethesamesharepoint(s)thathoststhosefoldersas

ayourgroupdocumentsvolume.

Bydefault,MacManagerusestheMacManagersharepointas

thegroupdocumentsvolume.Thisisaneffectivestrategyonly

iftheusersofMacManagerworkgroupsdonotalsologinto

MacOSXworkstations(wheretheywillnothaveaccesstothe

MacManagersharepoint).Thereforeyouwillprobablywishto

useothergroupdocumentvolumes.



26.3.2.1Workgroupsharedfolders



Workgroupsharedfoldersarefoldersdesignedforusersofa

MacManagerworkgrouptosharedocuments.Inadditionto

shareditems,theyincludethemanagedpreferencesfoldersfor

thatworkgroup(we'lldiscussthesefoldersinamoment)and

canincludeahand-infolder(seefollowingexplanation).You

shouldspecifythepermissionsonasharedfoldertolimitaccess

usingapermissionsgroupforusersthatcanaccesstheshare

pointfromoutsideofMacManager.Thesharepointhostingthe

workgroupsharedfolderismountedautomaticallywhenusers

loginaspartofaworkgroup.

Ahand-infolderisafolderthatiswrite-onlyforallusersbut

administrators.ItcanbeusedinRestrictedFinderandPanels

workgroupsforuserstohand-infiles(suchaspersonnel

reviewsinacompanyorhomeworkinaschool)withoutbeing

abletoseefilesthatotherusershavehandedin,similartothe

functionalityofadrop-boxfolder.InRestrictedFinder

workgroups,hand-infoldersappearaswrite-onlyfolder,while

inPanelsworkgroups,theyareaccessedbyacommandinthe

Specialmenu.Createahand-infolderwhenconfiguringa

workgroupintheMacManagerapplication.



26.3.2.2Globalsharedfolders

AglobalsharedfolderisasharedfoldertowhichallMac

Managerusershaveaccess.Aswithworkgroupsharedfolders,

thedefaultlocationisontheMacManagersharepoint,though

youcanuseanysharepointtohostaglobalsharedfolder.A

globalsharedfolderisalsomountedatloginforallusers.The

useofaglobalsharedfolderisnotrequiredbyMacManager.



26.4.TheMacManagerClientSoftware

TheMacManagerclientsoftwareincludesaseriesofextensions

thatareinstalledintheMacOS9SystemFolder.These

extensionscannotbedisabledbyusingholdingtheShiftkey

downatstartup.Asmentionedearlier,ifaworkstationwithMac

ManagerenabledisstartedwithExtensionsOfforiftheMac

Managerextensionisbypassedatstartup,youarerequiredto

entertheownerpasswordfortheworkstation(asenteredinthe

FileSharingcontrolpanelortheMacOSSetupAssistant)in

ordertoaccesstheFinder.UnderMacOS9,MacManagerruns

inconjunctionwiththeMultipleUsersfeatureandisconfigured

throughtheMultipleUserscontrolpanel.



26.4.1.InstallingorUpdatingtheMacManager

Client

TheMacManagerservicerevisionthatisincludedwithMacOS

XServer10.3requiresthattheMacManagerclientversionon

workstationsbe2.2.2.ThisversionisincludedwithMacOS9.2

orhigheranditrequiresthataworkstationberunningMacOS

9.1orhigher.Ifyouhaveworkstationsrunninganearlier

versionofMacOS9,theywillneedtobeupdatedand/orhave

thenewMacManagerclientinstalledonthem(whichcanbe

downloadedfromApple'ssupportsite).

TherearetwowaystoupdatetheMacManager.Thefirstisto

installthenewclientmanuallybyrunningtheinstaller

applicationoneachworkstation.ThesecondistouseaMac

Managerupdatepackage.Thisoptionisavailableonlyifyou

haveanexistingMacManagerinfrastructure.Theupdate

package,includedwiththeMacManagerclient,canbeplacedin

theMulti-UserItemsfolderonyourMacManagerserver'sMac

Managersharepointpriortoupgradingtheserver.When



workstationsconnecttotheMacManagersharepoint,provided

nooneisloggedinonthem,theywilldownloadtheupdateand

applyitautomatically.Youcanthenupgradetheappropriate

MacManagerserverordeployanewone.



26.4.2.EnablingMacManager

OncetheMacManagerclientVersion2.2.2isinstalledonaMac

OS9workstation,enableMacManagerbyopeningtheMultiple

Userscontrolpanelandfollowingthesesteps:

1. Turnonthemultipleusersfeatureusingtheradio

buttonatthebottomoftheMultipleUserscontrol

panel'swindow.

2. ClicktheOptionsbutton.

3. SelecttheOptionstabanduseselecttheMacintosh

ManagerAccountradiobutton.

4. QuittheMultipleUserscontrolpanel.

5. Usethelogoutcommand,whichisnowincludedin

theSpecialmenutologoutoftheworkstation.

YouwillbeaskedtoselectaMacManagerserver.Serversthat

theworkstationcanlocateusingAppleTalkaredisplayedand

youhavetheoptiontoentertheIPaddressorDNSnameofan

alternativeserver.

Afteryouselectorentertheaddressoftheappropriateserver,

theworkstationwillcontacttheserver,downloadthe

appropriateitemsfromtheMacManagersharepoint,and

shouldthenpresentyouwiththeMacOS9loginscreen(as

definedbytheMacManagerconfiguration).Logintobesure

thateverythingisconfiguredproperly.TodisableMacManager,

youwillneedtologinwithSystemAccessandusetheMultiple



UserscontrolpaneltodisableMacManagerand/orturnoffthe

multipleusersfeature.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 26.  Managing Classic Mac OS Workstations Using Mac Manager

Tải bản đầy đủ ngay(0 tr)

×