Many companies use NIS to distribute authentication data
(username/password, group, etc) along with automount maps to make
networks of servers all authenticate and mount shared NFS drives
uniformly. I’ve built hundreds of these networks, often mixing linux,
solaris, bsd, and usually a few windows systems. I recently was asked to
set up a Mac XServe box on a network of Linux and Solaris machines, and
integrate it to work alongside them. At first this was a bit baffling,
and there was really very little useful info on the net for how to do
this, but I eventually figured it out and it wasn’t that hard in the
end. I have very little recent Mac experience so maybe someone more
familiar with the Mac would have found this to be simple but I suspect
there are really very few people around with recent Mac server
experience outside of Apple itself.
The goal in this project was two-fold:
- Make the Mac X-Serve box authenticate users against either NIS or Active Directory (NIS preferred).
- Get automount to work using the NIS automount maps such that all the
NFS shares are available, including per-user home directories, matching
all the other machines on the network.
I did this on an Apple X-Serve box running Mac OS-X Server 10.5.6
patched up to date as of today. Networking was already set up, using
DHCP for IP address, default route, and DNS settings. I also distribute
the NIS domain name and server and NTP servers via DHCP but it appears
the Mac ignores those settings.
First, set up a NIS binding:
In the Mac GUI, Finder, Applications, Utilities, open the “Directory Utility”
- Click the lock to unlock
- Services tab, click “BSD Flat File and NIS” and click the pencil to edit the settings
- Enter the NIS domain name and servers (server hostname ok if DNS is
in use, or put in the IP addresses if you’re using NIS for hostname
- Check the “Use NIS domain for authentication” box.
- Search Policy tab, Authentication
- Set “Search:” to “Custom Path”
- Drag the “BSD/<domain>” item up as high as it’ll stick
- Apply everything and click the Lock when you’re done.
sets up and starts the NIS client (and appears to make it start at boot
correctly). It also appears to set up the equivalent of nsswitch.conf
to do the right things, although I wasn’t able to find the actual config
file to confirm this. At this point from a root shell you should be
able to ‘ypwhich’ and see that it found your NIS server. You can test a
map lookup, for example ‘ypmatch jeff passwd’ should produce the
Second, to set up Automount:
If you’re using automount maps you’ll probably have to edit some
files in the filesystem to make them work right. The Mac appears to use
Solaris/BSD style automount maps by default (auto_home, auto_master
etc.) so if you have a Linux infrastructure (auto.home, auto.master
etc.) then you have to edit /etc/auto_master on the Mac to fix it. This
may be as easy as changing the “+auto_master” to “+auto.master” and
deleting the rest of the lines in the file. This will take auto.master
from NIS and all it’s child maps get linked in from there. Make the
auto_master file do the right thing based on your network setup,
probably just copy one from another machine if yours is more complex or
if you don’t distribute auto.master via NIS.
Most NFS servers require mount requests to come from “secure” ports
(ports <1024) but it appears the Mac NFS client does not adhere to
this by default. So, to fix this edit /etc/autofs.conf and add
“resvport” to the options line:
Note you have to be root to edit that file. If you’re logged in as an
admin user you can “su” or “sudo /bin/sh” to get a real root shell.
You can probably just send a HUP to automountd to make it re-read the
conf file, but I rebooted the machine just to be sure everything came
up correctly after all these changes.
Once rebooted, you should be able to see the automounted directories.
For example, if you have an auto.home map with entries for each user
you should see /home be taken over by automount:
sh-3.2# df -h /home
Filesystem Size Used Avail Capacity Mounted on
map auto.home 0Bi 0Bi 0Bi 100% /home
and a user’s home dir should be mounted:
sh-3.2# df -h /home/jeff
Filesystem Size Used Avail Capacity Mounted on
homer:/disk/d2/home/jeff 2.7Ti 2.1Ti 299Gi 88% /home/jeff
can also statically mount NFS drives, there is a tool in the Directory
Services Utility to do it, just be sure to include the “resvport” option
(-P in some systems) if your nfs server requires it (most do).
It appears that the mac NIS config doesn’t know about netgroups, or
at least I couldn’t get sudo to work right using the netgroup-based
rules I use on all the other systems. The system does see the map (ypcat
on the map name does work for example) however either the OS doesn’t
know about netgroup maps or whatever it uses as the equivalent of
nsswitch.conf doesn’t get set up correctly to include NIS in the
netgroup lookups. I use netgroups heavily with sudo, so I had to juggle
things a bit to use groups instead of netgroups for this host. Luckily
this is the only Mac on the network so that wasn’t a big deal.
The bottom line… the Mac X-Serve does work as a NIS client, user
authentication and groups do work, as do automount via NIS automount
maps. However it appears that NIS netgroups do not work on the Mac.