Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Running an NIS master on a NetInfo master UNIX

I've put together an article about running an NIS master from a NetInfo master.

This may be of use to people who want to create simple NAS type devices using Linux which need to share configuration information with OS X machines without the overhead of LDAP.

[robg adds: The host machine linked above was quite slow when I loaded it this morning (perhaps due to the US -> UK connection?), so I've recreated the text of the article in the main body of the hint, as well as hosted the download file that's mentioned in the article (both with g_nix's permission, of course!). Read the rest of the hint to see the entire article...]

Why run NIS on OS X

In a mainly OS X environment, where directory information is stored in NetInfo, introducing a single Linux machine brings a raft of headaches as far as authentication information is concerned. One has to either move to LDAP based directory information, or manually synchronise the account databases between the systems. Running an NIS master on the OS X netinfo master make Linux (and other UNIX) integration trivial.

How to run NIS on OS X

Download this Makefile (right click or control-click and Save Target / Download Link, etc), and replace the existing /var -> yp -> Makefile.yp with it. Remember to backup the existing Makefile.main if you wish to return to the defaults.

Open the Makefile.main in your favourite editor. At the top are the configurable options - MINUID, MINGID and NETINFODOMAIN. Configure these as required:
  • MINUID: this is the minimum Userid to include in the passwd map. A sensible value for this is the first non system UID; usually 100 or 500 on OS X.
  • MINGID: this is the minimum Group id to include in the group map. This defaults to 80, which is the OS X admin group, so that sudo can be set up on the linux machines to mimic the OS X behaivour. If you don't want this, set it to 100.
  • NETINFODOMAIN: this is the NetInfo domain to extract information from.
To configure the the NIS maps, run (sudo or as root) /usr/sbin/ -m domainname (where domainname is the NIS domainname you wish to use). Then cd to /var/yp/domainname and run make. To activate the NIS system, edit /etc/hostconfig to set NISDOMAIN to the same value as you chose for domainname above, and restart your computer. To check that it works, try ypcat passwd at a command line. Your password info should now be dumped to the screen.

Known Problems

The automounter maps don't yet work. This is because I am still figuring out how to convert OS X automount info to amd style mountmaps. In the meantime, all nfs exported home directories need to be manually mounted on the Linux system. There is no timestamp information, so the maps will be regenerated every time make is run in the /var/yp/domainname. This isn't a problem with small nis maps.
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)

Running an NIS master on a NetInfo master | 2 comments | Create New Account
Click here to return to the 'Running an NIS master on a NetInfo master' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Running an NIS master on a NetInfo master
Authored by: digitalone on Jun 18, '03 03:07:16AM

Can you pass on some information or links that will help me sort out this LDAP/NetInfo/BSD subsystem mess? If you are unsure about anything while in the command line, you can really fsck everything up fast, and lick you said, Linux integration is not easy. This tip helps, but I have never heard of NIS (new to *NIX), I don't know NetInfo worth a darn (the documentation sucks) and I can't find much on MOSX's LDAP implementation, especially how it interacts with NetInfo.

I really need help here, I am trashing configurations on many machines right and left.

Thank you sooooo much in advance,


[ Reply to This | # ]
Panther update
Authored by: g_nix on Dec 11, '03 09:48:46AM

Out of the box, this hint is broken with Panther. I've put some notes about it on my website, but basically it's broken by Apple's shadow passwords and Open Directory.

My experience was that it is easier and more secure to get ldap authentication working on the Linux side than to resolve the underlying problems.

In time, I'll document my efforts at using ldap on Linux to interoperate with Open Directory.

[ Reply to This | # ]