YDL and Mac OSXS

nathan r. hruby yellowdog-general@lists.terrasoftsolutions.com
Tue Feb 4 09:44:01 2003 

On Tue, 4 Feb 2003, DongSoo Choi wrote:

> Hi, all
> 
> Does anybody have a set up with mac os x server as ldap server and YDL
> as an user home directory server?
> 
> Then what does it take to set up?
> 

No, but it shouldn't be too hard.

- Install OSX server
- Use OpenDirectory Setup to enable password server and to serve other 
  clients
- Use WGM to make a dummy NFS automount of a share in OSX
- Open network domain in netInfo manager, duplicate the dummy automount 
  (in /mounts) and edit the name and path for your YDL machine
- Delete dummy automount if desired
- Setup OSX Server with users and groups in the network domain, ensuring 
  that they have homedir listed in the home tab.  you may need to use 
  "Advanced" and hand enter their homedir.  you should be able to save 
  this as a preset.
- Install the openldap-client packages on YDL
- install the nfs-server, clients, portmap, and lockd as well
- Edit /etc/ldap.conf like so (salt to taste)

--- /etc/ldap.conf - sample from Luke Howard on macos-x-server@lists.apple.com
host 111.222.333.444
uri ldap://hostname.of.your.osx.server.here/
base dc=hostname,dc=of,dc=your,dc=server
ldap_version 3
pam_password crypt
nss_base_passwd cn=users,?one
nss_base_shadow cn=users,?one
nss_base_group cn=groups,?one
nss_base_hosts cn=machines,?one
nss_base_services cn=services,?one
nss_base_networks cn=networks,?one
nss_base_rpc cn=rpcs,?one
nss_base_ethers cn=machines,?one
nss_base_netmasks cn=networks,?one
nss_base_bootparams cn=machines,?one
nss_base_aliases cn=aliases,?one
nss_base_netgroup cn=netgroups,?one
--- end /etc/ldap.conf

- edit /etc/nssswitch.conf to include ldap in the lookups of desired maps
- edit /etc/exports to export your desired homedir structure via nfs
- use /usr/sbin/exporfs -a to make all exports active
- Setup clients with Directory Access to use your OSX LDAP server for 
  authentication and then reboot them.
- try login

(Note, you may need to yank the home_loc property from the client LDAP 
mapping in Directory access.  I've had problems with loginwindow suddenly 
deciding to ignore the home property which pointed at my NFS automoutns 
and try to make a afp mount using home_loc at login time.. why loginwindow 
thinks it should have the responsibility to automoutn things (and crush 
exsiting mounts in the process) if frelling beyond me - loginwindow is a 
big stupid poo-head.)

Basically, read the MacOSX admin guide and learn how to setup the clients, 
use WGM and understand NetInfo.  After that read the numerous Linux LDAP 
guides out there (start at www.padl.com's documentation section) for how 
to setup ldap on the YDL side, using the ldap.conf from above.  It's easy 
and powerful once you understand who's talking what.  Also get cosy with 
ldapsearch and keep an eye on the logs.  It might be handy to have one of 
your OSX clients (and server) forward logs to your linux machine so you 
only have to watch one file.  

You will need to use NFS as I do not think that netatalk is really up to
the challenge of serious homedir serving and AFP homedir's also mean that
were a user to ssh into their OSX machine, their homedir would not be
availible to them.  Plus there's the pesky permissions problem with AFP 
that can really be avoided using NFS.  Apple frowns at NFS'ed homedirs, 
but they are, in fact, within spec.

Also note that WGM puts info into the directory that's a little odd.  You 
may wish to agument that but you'll need to drop WGM and write a few 
custom scripts to do it.  This isn't that hard on OSX as there are CLI 
utils that will help you.  A brave sould might try writing to NetINfo 
though the LDAP Bridge.  I am not that brave (yet :)

HTH,

-n
-- 
----------------------------------------
nathan hruby <nathan@drama.uga.edu>
computer services specialist
uga drama
http://www.drama.uga.edu/support/
----------------------------------------