In an earlier post I detailed how to set up a Leopard server as a NIS client with automount. That procedure required editing a couple files in the /etc/ directory. The upgrade to Snow Leopard replaced those files (auto_master and autofs.conf) with new files, wiping out my changes. It should be easy enough to just put the changes back, right? Wrong.

Setting the “resvport” option in autofs.conf works fine, as before, to get the automountd to use reserved ports so it can mount NFS filesystems from non-mac servers.

The problem is /etc/auto_master. In my previous instructions I had to simply change “+auto_master” to “+auto.master” to get automountd to load the NIS auto.master map to pick up all the other auto-maps. Well, making that change in Snow Leopard DOES NOT WORK. The automount daemon does not load the NIS auto.master map, so nothing works.

In my case I need this machine to see only two direct maps, auto.home and auto.project, so I modified the /etc/auto_master file to reference them directly as if they were local:

#
# Automounter master map
#
/home            auto_home    -nobrowse,hidefromfinder
/project        auto_project    -nobrowse,hidefromfinder

Then edited the two files /etc/auto_home and /etc/auto_project:

/etc/auto_home:

#
# Automounter map for /home
#
+auto.home    # Use directory service

/etc/auto_project:

#
# Automounter map for /project
#
+auto.project    # Use directory service

Those two direct maps pull in the NIS maps, and both work. After making those changes run ‘automount -vc’ as root to tell automountd to relaod its maps. I spoke with Apple support, and while they were friendly the response was that one has to pay them $695 in order to open a support case on something which is outside their normal support scope, whatever that is. Since I have a workaround I chose to just file bug feedback at http://www.apple.com/feedback/server.html.

Also changed in Snow Leopard is the Directory Utility, which no longer lives in the Applications->Utilities folder. Now it lives under a link in System Preferences, Accounts, there is a button on the middle right side of the pane to get to the Directory Utility, which at first glance appears to be about the same as in Leopard 10.5.

• Make the Mac X-Serve box authenticate users against either NIS or Active Directory (NIS preferred).
• Get automount to work using the NIS automount maps such that all the NFS shares are available, including per-user home directories, matching all the other machines on the network.

I did this on an Apple X-Serve box running Mac OS-X Server 10.5.6 patched up to date as of today. Networking was already set up, using DHCP for IP address, default route, and DNS settings. I also distribute the NIS domain name and server and NTP servers via DHCP but it appears the Mac ignores those settings.

First, set up a NIS binding:

In the Mac GUI, Finder, Applications, Utilities, open the “Directory Utility”

1. Click the lock to unlock
2. Services tab, click “BSD Flat File and NIS” and click the pencil to edit the settings
3. Enter the NIS domain name and servers (server hostname ok if DNS is in use, or put in the IP addresses if you’re using NIS for hostname resolution).
4. Check the “Use NIS domain for authentication” box.
5. Search Policy tab, Authentication
6. Set “Search:” to “Custom Path”
7. Drag the “BSD/<domain>” item up as high as it’ll stick
8. Apply everything and click the Lock when you’re done.

This sets up and starts the NIS client (and appears to make it start at boot correctly). It also appears to set up the equivalent of nsswitch.conf to do the right things, although I wasn’t able to find the actual config file to confirm this. At this point from a root shell you should be able to ‘ypwhich’ and see that it found your NIS server. You can test a map lookup, for example ‘ypmatch jeff passwd’ should produce the password entry.

Second, to set up Automount:

If you’re using automount maps you’ll probably have to edit some files in the filesystem to make them work right. The Mac appears to use Solaris/BSD style automount maps by default (auto_home, auto_master etc.) so if you have a Linux infrastructure (auto.home, auto.master etc.) then you have to edit /etc/auto_master on the Mac to fix it. This may be as easy as changing the “+auto_master” to “+auto.master” and deleting the rest of the lines in the file. This will take auto.master from NIS and all it’s child maps get linked in from there. Make the auto_master file do the right thing based on your network setup, probably just copy one from another machine if yours is more complex or if you don’t distribute auto.master via NIS.

Most NFS servers require mount requests to come from “secure” ports (ports <1024) but it appears the Mac NFS client does not adhere to this by default. So, to fix this edit /etc/autofs.conf and add “resvport” to the options line:

AUTOMOUNTD_MNTOPTS=nosuid,nodev,resvport

Note you have to be root to edit that file. If you’re logged in as an admin user you can “su” or “sudo /bin/sh” to get a real root shell.

You can probably just send a HUP to automountd to make it re-read the conf file, but I rebooted the machine just to be sure everything came up correctly after all these changes.

Once rebooted, you should be able to see the automounted directories. For example, if you have an auto.home map with entries for each user you should see /home be taken over by automount:

sh-3.2# df -h /home
Filesystem      Size   Used  Avail Capacity  Mounted on
map auto.home    0Bi    0Bi    0Bi   100%    /home

and a user’s home dir should be mounted:

sh-3.2# df -h /home/jeff
Filesystem                 Size   Used  Avail Capacity  Mounted on
homer:/disk/d2/home/jeff  2.7Ti  2.1Ti  299Gi    88%    /home/jeff

You can also statically mount NFS drives, there is a tool in the Directory Services Utility to do it, just be sure to include the “resvport” option (-P in some systems) if your nfs server requires it (most do).

It appears that the mac NIS config doesn’t know about netgroups, or at least I couldn’t get sudo to work right using the netgroup-based rules I use on all the other systems. The system does see the map (ypcat on the map name does work for example) however either the OS doesn’t know about netgroup maps or whatever it uses as the equivalent of nsswitch.conf doesn’t get set up correctly to include NIS in the netgroup lookups. I use netgroups heavily with sudo, so I had to juggle things a bit to use groups instead of netgroups for this host. Luckily this is the only Mac on the network so that wasn’t a big deal.

The bottom line… the Mac X-Serve does work as a NIS client, user authentication and groups do work, as do automount via NIS automount maps. However it appears that NIS netgroups do not work on the Mac.

DB9 Pin -> Color -> Signal

1 -> Orange -> DCD

2 -> Black -> RX

3 -> Yellow -> TX

4 -> Brown -> DTR

5 -> Red -> SGND

6 -> no connection

7 -> White -> RTS

8 -> Blue -> CTS

9 -> no connection

- -> Green -> no connection