Introduction

Product Overview

Installation & Use

Support & Troubleshooting

Links

 

 

updated: 6/17/98

 



 

 

Installation & Use

Configuring Users & Groups

This section will explain how to create Users & Groups for accessing ASIP services.

[Advanced]

Overview

By creating, or 'registering', Users and Group accounts on the server, you can control who has access to both the services and the data on the file server. The Users & Groups data file is used by all services--Web, File, FTP, Mail, and Print-- to enable or disable services for users.

The first time you open the Users & Groups List (from the Users menu in Web & File Server admin), you'll find some users are created for default:

 

  • The Administrator. When the administrator logs onto the server from a workstation, using the administrator's name and password (the ones set up in File Sharing control panel), he or she will have special privileges:

    • The administrator has full access to all volumes on the server, not only to those folders or disks that have been shared. In the Chooser, the volume list presented to the administrator is actually a list of all the disks mounted on the server's desktop. (Clients without administrative privileges only see the folders or disks that have been made a sharepoint.)

    • The administrator will be able to see into any folder when logged on from a client workstation, regardless of the access privileges that have been assigned to that folder.

    • The administrator can change privileges to any folder on the server.

  • Guest If you want to give clients access to the server without requiring a name or password, you enable "guest" access. Version 6.0 allows you to set up guest access for different services independently. You can allow guest access to the file server, Web services, SMB, and FTP server, or any combination of these. If you allow guest access to the server, you can still restrict "guests" from certain private areas, by limiting the access privileges on folders. Access privileges are discussed more fully later.

  • Mail Administrator, which is a user created only when mail services are running on the same machine. This user's Internet Alias is "PostMaster." It is common to have a postmaster user designated for SMTP services; undeliverable mail can be sent to the Postmaster for dispensation.

  • You can then create other registered users and groups, according to your needs.

Note that the user icon also indicates the 'kind' of user : administrators have a clipboard, the administrator who is also the "owner" of the server (name set up in File Sharing control panel) has a black border. The Guest has a little suitcase ('just visiting'). Groups are multi-headed.

Creating Users

To create a user, click on the "New User" button in the Users & Groups List.

Then enter the appropriate user settings under the categories listed below.

See below for shortcuts on creating multiple users.

 

User Settings

  • General

  • Name: Enter the name for the user. The name can be up to 31 characters long, and is not case sensitive.

  • Password: Enter the user's password. This can be up to 8 characters long, and password are case sensitive.

  • Internet Alias is the login name that the client could use when accessing Web, File, or FTP services from the Internet. There are certain characters that are invalid for Internet Aliases; don't use blank spaces within the name or any of the following characters:

! # $ % & ’ * + - / = ? ` { } | ^ _ ~


    If you want the Internet Alias to be the same as the "Name", make sure the entry in the "Name" field contains no blank spaces or invalid characters, and leave the Internet Alias blank.

  • Enable user to administer the server is essentially making that user a deputy administrator, or "superuser". When a superuser logs in, they have access to all volumes on the server, NOT just those that have been designated shared points. Superusers can change privileges of folders and see everything. Use this feature wisely.

  • Program linking is a feature which allows applications to use Apple Events to communicate with other applications. For example, if program linking were used with Hypercard, a user at one machine could use Hypercard to send a "mouseup" event to a button on another Hypercard stack on another user's computer. With Program Linking on, you could use AppleScript to tell the Finder of another machine across the network, to empty the trash, or delete one or all files (!). Obviously, this should be turned on with some care. See "Enabling Program Linking" for more information on how to turn on this feature on the server.

  • User may log on/Disable password/Change password/Require new password features allow you to have more control over user login security.

If your users are going to be logging in with FTP clients or Web browsers, they will not be able to receive the messaging that prompts them to change password, so its best to not use these features for those users.

 


Comment

The comment field will let you enter some information about the user, such as a clue as to who he is (i.e."summer intern").

 

 


 

Group Memberships

When assigning access privileges to folders on the server, it is helpful to create groups of users that have common file-sharing needs, and then give the entire group the appropriate level of access: every user in that group will have access.

Once you create the group (see below), you would drag one or more group icons to this field to give the user membership in that group.

 


 

Mail Settings

Here you can create a mail account for the user on this server. Once a user has an account, the mail server will either store the users mail till he picks it up with a mail client, or it can forward the mail immediately to another email account.

The email address of the user appears also in this window, based on the users Internet alias: smith.m. If the Internet alias was missing, and the name contained invalid characters, an alert would appear, warning you that the user may not be able to access all Internet services.

If you are not using DNS services, an IP address will appear in the E-Mail Address instead of a name. If you are set up for DNS services, but still see an IP address instead of a name, there may be a problem with the server or the entries. Verify that your TCP/IP control panel is set up correctly, has name servers entered, and that your ASIP Mail Server has been entered into the DNS tables. If using MacDNS, see the MacDNS Admin Guide or tutorial for more information on this.

When you select "Forward", you have the option of forwarding the mail to another Internet address (enter the email address where you want mail forwarded), or to another ASIP server on the network. For the latter, you can select the ASIP server using the "Chooser…" button, and enter the user's login name (AppleTalk User Name) on that server.

 

 

 

Remote Access

The Remote Access option appears only when Apple Remote Access is also installed on the server machine. Instead of going to the Users & Groups control panel to set up dial in access for the users (as you would if you were running ARA on a regular desktop, non-server mac), you enable dial in and call back features here.

 

Shortcuts for creating/configuring users

There are different ways to create users.

 

  • New User... By clicking on the "New User" button as described above, you are given the standard template, where you manually enter all the user settings.

  • Duplicate User Once you create one user manually, you can select that user, and duplicate it. Then just change the name to create a new user. General attributes, such as those related to passwords and program linking will be captured for the new user; other entries, such as Internet Alias and Mail Enabling would need to be set up manually for the new user.

  • Duplicate multiple This works similarly to Duplicate User, but makes it easier to create lots of new users based on an existing user. You can elect to duplicate General Attributes, Comments, and Group Memberships. You are prompted for each new user name and password. When you click "done", you can return to the users and manually adjust their mail settings and Internet alias as needed.

 

Shortcuts for changing user attributes

An easy way to change attributes--note them on the right--for one or more users is to:

 

  • Select the users whose attributes you wish to change in the Users & Groups list. Shift-click to select multiple.

  • Select the appropriate attribute under the "Users:Attributes" submenu.

  • Enter the new value for that attribute.

 

Create groups

You can create groups of users who will have the same file-access needs. The groups will be used when you assign access privileges to folders on the server.

You can also use group names as email addresses: all users in that group (assuming they have mail enabled) will receive any email message sent to the group address.

  • Double-click the Group icon to create a group.

  • Enter the name of the new group.

  • To give users membership in that group, you can either:
    • Drag user icons from the U&G list into the Group window, or
    • Drag the user icon onto the group icon, or
    • Drag the group icon into the User's "Group" field.

  • To revoke membership, you can either
    • Open the group icon, select the user you want to remove from the group, and click the trash can, or
    • Open the user icon, select the group in the "Group" field, and click on the trash can.

Deleting users and groups

To delete users or groups, select the item in the Users & Groups list, and click on the Trash can icon.

You will be prompted to reassign all of the user's or group's folder privileges to another user or group. Make your selection wisely; the user or group may have some personal or confidential information on the server.

Moving User & Group information to another server.

It's often useful to be able to carry users & groups from one server to another, for example, if you wanted to move mail services to another computer. Instead of creating all users a second time on the new mail server, you can move the data from one server to another. There are different approaches to doing this.

Move the Users & Groups data file.

All the data on users & groups are stored in the Users & Groups data file, located in the System Folder:Preferences. Moving this file from one machine to another will move ALL users & groups, and will replace any user data that is currently set up on the second machine. To move this file from Server A to Server B, follow these steps:

  • Configure Server B with Mac OS and install ASIP.

  • Verify that the "Network identity" fields in the File Sharing control panel contain the name of the server (Server names for A and B do not need to be the same).

  • Drag Server B's existing Users & Groups data file to the desktop.

  • Drag a copy of Server A's Users & groups data file to Server B's System Folder:Preferences.

  • Restart the server

  • Open Web & File Admin program to verify that Users & Groups have successfully been carried over.

  • Warning: the Users & Groups data file also contains the serial number. If Web & File services are going to offered on both machines, be sure to change the serial number on one of them (Mail Services and Print Services don't look for the serial number). See "Duplicate Serial Numbers" for more info.

Export/Import Users & Group data

AppleShare IP allows you to export Users & Group data to a tab-delimited text file, then imported into another ASIP server.

 

  • To export data, select the Users you want to export. Shift-click to select multiple. Command-A will select all (but you will get a warning that 'Guest' and groups cannot be exported).

  • Select "Export Users & Groups" from the File menu of the Web & File Server Admin program. You can elect to export Internet Alias, Comments, and Email attributes. If you select Email attributes, you should also select Internet alias. The email attributes will be either "nomail", "hasmail", "forwardInternet" followed by the address. For example, user Mary Smith's exported file looks like this:

    Mary Smith smith.m HasMail NoRequireAPOP BothPOPIMAPShare NoNotification

 

Passwords are not exported for security reasons, but they can be imported. You can open the text file with a spreadsheet or word processing program, enter default passwords for the users in the appropriate field, and then import the passwords along with the other user information.

 

  • To import data, select "Import Users & Groups" from the File menu of the Web & File Server Admin program. In addition to the name, you have the option of importing Internet Alias, Password, Comment, and Email Attributes.

 

 

If importing users with passwords, be sure to add the passwords in the appropriate field. For example, if you wanted to import internet aliases and e-mail attributes (skipping "Comments"), the password would be entered between these two fields. Using Mary Smith as an example again, her record for importing with a password "secret1", would be as follows (note that tabs would separate the fields in the text file you were importing from. Here, the tabs are indicated with a "->". Each record would be indicated with a hard return or carriage return, here indicated with a <CR>.)

    Mary Smith ->smith.m -> secret1 -> HasMail-> NoRequireAPOP-> BothPOPIMAP->Share-> NoNotification <CR>

Related Topics