Leopard and NIS and NFS

April 2008

Our Situation

I work at a research facility that does astrophysical research. Our users are scientists engaged in various research projects. Much of the software they use is developed within the community, and often the software is dedicated to individual projects. It's almost entirely Unix-based software, so, we're primarily a Solaris and Linux shop.

We still use NIS for our use authentication, and for distributing sun-style automount maps for NFS-mounted filesystems. Without getting into debates, we primarily still use NIS because we've dodged the bullet with respect to PC integration. We don't have to support single-sign-on for the PCs we have, and we don't have to export most of our filesystems to them. So, NIS still servers our needs.

NIS can also be perfectly secure, when used properly with firewalls, and securenets. It also helps to add in the Sun's c2 security on the NIS maps, which is a process we're working on now.

Mac laptops have been the preferred laptops amoung our users for some time now. All of the scientist's software can be ported and run on the macs. They generally have the horsepower the scientists need. The operating system is well-supported and does not have the sometimes complex support and configuration issues of Linux. It's also easier to use - while all of our scientists use Unix, many of them would prefer to learn as little as possible about the computer, and spend more time on astrophysics.

These laptops are typically self-supported by the users, and are not allowed access to the secure, NIS portion of our network. However, as more users become familiar with Macs, they are interested in using them as their desktop machines. Macs are as powerful, and arguably more powerful than Linux-based choices. The OS matches what they are used to on their laptops, and all the software has been ported.

We also have one group that has chosen Macs as their primary platform for software development, in support of the Hinode solar satelite.

In short, we are seeing a growing need to treat OS X systems as if they are traditional Unix-login desktops.

Tiger

Our process began with Tiger. Tiger would in theory work with NIS, however we ran into several problems. Tiger didn't support the sun-style automount maps. We worked on several methods to automout our maps.

Using scripts to convert our NIS maps into local automount maps in the default format. This worked more or less. But there was no clean way to make the automounter notice changes. A reboot worked, of course, but that wasn't fun. Killing and restarting the automounter seemed to work, but had problems.
Set up an fstab-style NIS map called mounts.byname. Tiger automount does support one NIS map for automounting. But it was a ridiculously large map when all of our other maps were combined into this one. And changes in the NIS map were apparently never noticed. And, it seemed generally buggy and unreliable.
am-utils' amd software. This is what we ended up using. amd would directly use our NIS maps, without changes. It generally worked ok. It was more configuration and setup than we would have liked. You end up with icons for your mount points, but I was never able to make these things browsable.

Throughout all of these solutions, we found the Finder to be very buggy with respect to automounted filesystems. You couldn't reliably click through a mount point to get a mount (in some of the above methods, this was simply impossible). And when an automounted directory was unmounted, this really left Finder in a very confused state.

This article used to continue, but I've broken out specific issues into separate articles:

Finder doesn't like automounting

Leopard autofs Finder Crashes

Make Leopard work with passwd.adjunct

autofs bugfix for NIS replicated mounts

More Mac OS X Stuff

Fine's Home

Send Me Email