Adding an Administrative Account to an OS X Machine

IBM Aspera Console supports the following versions of Mac OS X:

10.7 (Lion)
10.8 (Mountain Lion)
10.9 (Mavericks)
10.10 (Yosemite)

The node machine that you add to IBM Aspera Console as a managed node must have a properly configured administrative account. The following instructions assume that you are logged into the node machine you want to add to Console.

Important: These instructions require that your Aspera service account (svcAspera, by default) be set up as a transfer user on the server. If the node's transfer product was installed by upgrading from a previous installation of IBM Aspera Enterprise Server or IBM Aspera Connect Server, a transfer user corresponding to the service account is created automatically. However, if it was a "clean" install (not an upgrade from a previous installation), only the service account is created, not the corresponding transfer user. In this case, create the transfer user manually using the GUI. For more information on creating the transfer user, see the IBM Aspera Enterprise Server Admin Guide.

Configure the node machine's firewall as described in System and Firewall Requirements.
Create an administrative account on the OS X node machine for use with Console.
Go to System Preferences > Users & Groups. Click the lock button and enter your admin credentials to make changes. Click the add button. Select Administrative from the New Account drop-down menu. Name the account "console_user". Select Use separate password, then enter and confirm a password for the account. Click Create User.
Enable the administrative account as a root user.
Go to System Preferences > Users & Groups. Click the lock button and enter your admin credentials to make changes. Click Login Options (bottom of left panel). Then, click the Edit or Join button next to Network Account Server. Click Open Directory Utility. In the Directory Utility window, click the lock button and enter an administrator account and password to make changes. From the menu bar, select Edit > Enable Root User. Enter a password in the Password and Verify fields, and click OK.
Note: If your node runs runs El Capitan (OS X 10.11), you must also create the file /var/root/.ssh/environment with the following content:
```
PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/opt/pkgconfig/bin:/Library/Aspera/bin:/Library/Aspera/sbin
```
Add a node user associated with the system user.
Console authenticates to the node machine using a Node API username and password. The following command creates a Node API user and password and associates it with the system user you created.
```
$ sudo /Library/Aspera/bin/asnodeadmin -a -u node_api_username -p node_api_passwd -x svcAspera --acl-set impersonation
```
Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files. For more information on the Node API, see your transfer server's administrator guide.
Note: If the transfer server on your node is running a transfer product before 3.5.5, the node is not recent enough to support setting the "impersonation" ACL. You must upgrade the node to 3.5.5+ or obtain a patch from Aspera Support.

Verify that you correctly added the node user.

Run the following command:

$ sudo /Library/Aspera/bin/asnodeadmin -l

The output should look like the following:

                user       system/transfer user                    acls
====================    =======================    ====================
           node_user                    console          [impersonation]

Restart the Aspera Node API and Aspera Central services to load changed settings.

$ sudo launchctl stop com.aspera.asperacentral
$ sudo launchctl start com.aspera.asperacentral
$ sudo launchctl stop com.aspera.asperanoded
$ sudo launchctl start com.aspera.asperanoded

Now that your node machine is configured for use with Console, open the Console interface and create a new managed node following the instructions in Creating a Managed Node in Console.