« OS X To Unix | Main | Netscape 6 Final »

created 15 Nov. 2000

Integrating OS X into existing network systems

In the previous articles in this series, we've looked at connecting the PB to specific types of servers, AppleShareIP, Windows, Unix. But there's another aspect of network connectivity, and that is integration. In other words, besides just connecting to specific machines, how well does OS X fit in with other network management schemes? The answer is, it depends.

If you are talking about a NetInfo network, which is OS X's native networking management scheme, the answer is, almost perfectly. This is what we expect of course. OS X ships with NetInfo built into the OS. Indeed, most of the essential parts of the OS are managed via NetInfo. If you are running a NetInfo network, then OS X will fit in perfectly, with very few integration issues.

The problem is, not many networks are based on NetInfo. This is not a technical failure on NetInfo's part. As I have been digging up information on NetInfo, and wrapping my head around it, I am very impressed by much of what it can do. As a directory service, it is easily as capable as LDAP, or Novell's NDS, and head and shoulders above Microsoft's Active Directory. It uses a heirarchal domain model, ala LDAP and NDS, and one NetInfo domain can contain as many computers, printers and users as your server configuration will allow. But again, not many places use NetInfo, so we have to look at how OS X fits into other vendors systems.

NIS(+)

NIS, and NIS+ is the network management concept used primarily by Sun Microsystems. NIS, or Network Information Service allows for administrators to manage resources such as computers, printers, users, user rights, storage access, etc. from an NIS server. NIS runs on most Unix systems, and is widely used in the computing world. NIS+ is an enhancement to NIS that added encryption capabilities and security enhancements to NIS, and is usually only seen in Solaris networks, although it does retain backwards compatibility with NIS.

NetInfo in OS X can be configured to use NIS services, and ships with the basic components to set this up. I'm not going to go into the details here, as they can be quite extensive. An excellent 'howto' page can be found at http://www.bresink.de/osx/nis.html. This site not only covers the OS X public beta, but also MacOS X Server from 1.0 to 1.2, MacOS X DP4, and even Rhapsody DR2 for Intel, and there is some references to the Darwin OS as well. The NIS services in OS X currently allow for user/group management via NIS, and the site mentions how to set up the PB to automount any NIS home directories into the PB.

Having said that, there is almost nothing intuitive about setting up NIS in OS X, unless you have a solid background in NetInfo. Getting the necessary settings into NetInfo is a somewhat arcane and tedious process, and there is a very small, but necessary amount of config file editing required. As well, once you have set OS X up for NIS, if you boot it in a situation where you cannot connect to the NIS domain, then it will sit at the NIS part of the boot process, endlessly looking for the NIS domain. (It may time out eventually, I've only waited for a half-hour or so before rebooting.) This means that PowerBook owners, such as myself, get very good at EMACS and hostconfig files. Obviously, Apple needs to fix this process to a more intuitive way of connecting to NIS domains.

But once you get NIS working, it works fairly well, and doesn't seem to need a lot of care and feeding, which is the general idea.

LDAP

The next network management system that OS X supports is LDAP, or Lightweight Directory Access Protocol. The support here is less extensive than NIS, seemingly limited to user login authentication. Part of this may be due to LDAP's relative lack of experience as a network management directory, so I expect this will improve. Most of the available information on using LDAP with NetInfo is in this TIL from Apple. Even though LDAP is a newcomer to the network management arena, many other directory and management services are based on, or compatible with LDAP to varying degrees, such as NIS, Novell, and Microsoft.

LDAP has the advantage of being a public RFC, and as such is 'owned' by no one company, and you can find LDAP servers that run on almost every OS available, including one that runs on the current MacOS, ClickMail Central Directory, from Gracion Software. If you are unfamiliar with LDAP, and would like to know more, Gracion's site is a good place to start, as it explains many of the basics of LDAP in a concise, understandable manner.

Novell NDS

Third on our list of network management systems is Novell Directory Service, or NDS. This is not yet shipping, but was announced on November 7th. The actual product name is Native File Services for Macintosh, and will be a downloadable addon for NDS 5.X, and a native part of NDS 6.0. It promises to provide native support for MacOS clients on the server side, with no client software needed on the Macs. It will integrate Novell Modular Authentication Services with Apple's own authentication systems, and provide not only access to network storage, but user management and directory access as well. The product should be shipping in the first quarter of 2001, so you may be able to get a look at it at MacWorld Expo in San Francisco.

Again, this is only an announcement, not a shipping product, and as Mac administrators well know, especially with Novell's history of Mac support, much can change in 6 or so months, but it's a good announcement, and would give Novell an essentially uncontested foothold in the MacOS market. What that will translate to remains to be seen, but it's evidently quite tempting for Novell at least.

Microsoft AD

Our final entry is Active Directory from Microsoft. This is a quintessential Microsoft management product in that it really doesn't support much outside of Windows PCs beyond very basic file and print services. Luckily, it seems to support LDAP reasonably well, so you may be able to get away with having your OS X boxes treat the AD servers like LDAP servers. I have yet to really try this, but if anyone does, then please, let me know how it works.

I've probably left out a few other systems, but we've covered the 'big four' as far as MacOS X is concerned. It is good that systems other than NetInfo are supported natively, although the implementation procedures need a lot of work. The Novell announcement is good news for administrators using that system, or considering it, and if Microsoft's LDAP support is close to as complete as they indicate, then there is a way to at least partially integrate OS X into AD networks, although the reality of this remains to be seen. OS X is still a beta, so there is time for Apple to create proper interfaces for integrating with NIS and LDAP, and I would really like to see NetInfo made a lot more intuitive to use. I'd also like to see Apple release a LOT more documentation on NetInfo than it has. But the basics are there, so that's a good start.

Comments

Warning for Notes users: The commenting system uses HTML.
I know this will be scary for some of you, especially Notes fans. However, open standards, rah-rah.
If you want to use less-than or greater-than signs, or other similar charachters that HTML reserves,
you'll simply have to learn to do it the HTML way. Luckily, HTML is kind of popular, no matter what
your re-educators have told you, and you can easily find help on the intertubes.