Support User Manuals

Apple 10.6 Server User Manual

Open as PDF

of 197

Chapter 7 Ongoing System Management 13 5

Changing the DNS name of the directory server requires that all bound machines be

rebound to the new directory name and address.

If you have set up a Kerberos environment, the Kerberos realm does not change when

the hostname is changed.

Firewall

Changing the IP address of the Firewall can signicantly alter the eectiveness of the

service. In Mac OS X Server v10.6, IP rewall rules are stored and referenced as address

groups. A change to the IP address of the rewall server might prevent trac to the

address groups from being routed, and therefore none of the specic rewall rules

would be applied.

Check all rewall rules when changing the IP address of the rewall server.

Mobile Access (Proxy Services)

Most proxy services should remain relatively unaected by a change to IP address or

domain name. If you have edited the com.apple.securityproxy_mail.plist manually to

have the proxy server connect to itself for some service by some other address than

the link-local address (127.0.0.1 or localhost), you must change it manually again.

However, proxy services are aected if the IP address or DNS name of the destination

servers changes. If you change a proxied services’ name or address, you must

recongure Proxy Service.

If you congured an HTTP Secure Proxy virtual host, you must delete and re-create the

proxy mappings of any proxied servers.

NAT

NAT should not be aected by a change to the server’s IP address or DNS name.

All clients behind the NAT server still have contact with the NAT router by the internal

IP address. If you made manual modications to the NAT service conguration les,

make sure those changes are compatible with the new IP address or DNS name.

NetBoot

NetBoot does not require reconguration after changing the IP address or DNS name.

However, all clients that use it must reselect the server after the changes.

RADIUS

If you change the RADIUS server IP address, you might need to check or recongure

the IP addresses of the associated base stations. Additionally, if you’re using SSL

certicates, you must regenerate or repurchase the certicates. You must use Server

Admin to import the new certicates, and then congure the service’s new certicate.

previous next