NFSv4 on the Mac

From Linux NFS

Revision as of 17:31, 15 August 2007 by Hlpegg (Talk | contribs)
Jump to: navigation, search

Contents

Installing NFSv4 on the Mac

THIS ARTICLE ONLY APPLIES TO MACS RUNNING OS X 10.4 OR HIGHER

Adapted from The BSD/Mac OS X NFSv4 Software Page, using software developed by Rick Macklem. This set of instructions are adapted from those written by Rick, himself. Please visit his site at the before mentioned link to view the original set of instructions as they were written.


Preface

At this point, you have gotten the Mac to authenticate to eDirectory, but you are unable to mount the eDirectory user's home directories. We are going to accomplish this by setting the Mac up to be able to do NFSv4 mounts. However, NFS as a whole is insecure, as it sends plain text passwords over the network, and we can't have that. So, by using NFSv4, we will have the added functionality of Kerberos to encrypt user login information. The Mac is not ready to do NFSv4 out of the box. In fact, NFSv4 for the Mac is still quite experimental.

This procedure is not your run-of-the-mill upgrade on the Mac. You will be required to use the terminal window, and having a working knowledge of the basic bash commands will be most helpful. We will be rebuilding the Mac kernel, then patching it, and rebuilding it again.

You will need to have a connection to the internet on the Mac and the OS X installation CD/DVD to complete this procedure.

Kernel Preparation:

Step 1:


Install XCode Tools on the Mac.

  • Insert OS X DVD in DVD Drive
  • Open 'XCode Tools' Folder
  • Double Click 'XCodeTools.mpkg'
  • Follow Installer Instructions
  • Close DVD windows and eject DVD


Step 2:


Prepare the Mac to Build the Necessary Kernel Modules.

  • Enable Root user on the Mac
   *Click 'Finder' icon in Dock
   *In the top menu, click Go > Utilities
   *Open 'NetInfo Manager'
   *In the top menu, click Security > Authenticate 
   *Enter the Admin password.
   *In the top menu, click Security > Enable Root User
   *Follow prompts to set root password
   *Close NetInfo Manager and Finder
  • Dowload the Kernel Sources << Instructions Pending >>
  • Create the directory to build the sources in.
   *Open a terminal by clicking 'Finder' in the Dock
   *In the top menu, click Go > Utilities
   *Open terminal
   *Make yourself root by typing 'su' at the prompt
   *Enter password when prompted
   *Type 'mkdir /usr/src' then press <ENTER>
  • Set up the C++ compiler
   *Type 'cd /usr/bin' then press <ENTER>
   *Type 'rm cc gcc c++' then press <ENTER>
   *Type 'ln -s gcc-3.3 cc' then press <ENTER>
   *Type 'ln -s gcc-3.3 gcc' then press <ENTER>
   *Type 'ln -s g++-3.3 c++' then press <ENTER>
   *Type 'cd /usr/lib' then press <ENTER>
   *Type 'ln -s gcc/darwin/3.3/libcc_kext.a libcc_kext.a' then press <ENTER>
  • Copy all of the sources to the source directory.
   *Type 'cd /usr/src' then press <ENTER>
   *In the terminal type 'cp /Users/<your username>/Desktop/<sourcefile> .' then press <ENTER>
   *Do this for each source file.
  • Unpack the sources
   *For each source type:  (press <ENTER> after the sourcefile name)
      tar -zxvf <sourcefile> 
   *Remove the zip files.
      rm *.tar.gz

Step 3:


Build The Kernel Modules

At this point, we will assume that you understand how to open a terminal and make yourself root. It is also assumed at this point that you are familiar enough with the terminal to understand that <ENTER> must be pressed after each command. It is also assumed that you understand that in the command examples below, the '#' character represents the command prompt and it is NOT to be typed as part of a command. From this point forward, for the sake of being as brief as possible, only essential information will be given. If you do not understand a part of these instructions, it will be up to you to use the Macintosh documentation to find the answers you need.

  • Prepare the Mac for the build by setting up the necessary directories
   # cd /usr/local
         -->/usr/local may not exist.  If it does not, create it by typing 'mkdir /usr/local'
   # mkdir bin lib include include/streams
   # cd /usr/src/Libstreams-X.Y
   # cp *.h /usr/local/include/streams
   # cd /usr/src/bootstrap_cmds-X
   # make
         --> when it completes
   # cd /tmp/bootstrap_cmds
   # cp relpath /usr/local/bin
   # cd /usr/src/cctools-X.Y.Z
   # cp /usr/include/ar.h include
   # make
        -->this will fail when it can't find seg_hack
   # cd misc
   # cp seg_hack.NEW /usr/local/bin/seg_hack
   # cd /usr/bin
   # ln -s /usr/local/bin/seg_hack seg_hack
   # cd /usr/src/cctools-X.Y.Z
   # make
   # cd ld/statid_kld
   # cp libkld.a /usr/local/lib
   # ranlib /usr/local/lib/libkld.a

Step 4:


Build the Kernel

  • Change to Kernel build directory:
  # cd /usr/src/xnu-792.X.Y
  # make
     --> this should fail because it can't find kextsymboltool,
         but that's ok, because the kernel has been built.
  # cd BUILD/obj/RELEASE_PPC
  # cp /mach_kernel /mach_kernel.orig
  # cp mach_kernel /mach_kernel
  # touch /System/Library/Extensions
  # reboot


Step 5:


Patching the Kernel for NFSv4

  • Download the NFSv4 Sources <<Instructions Pending>>
  • Copy the sources to /usr/src (use cp as root in a terminal window)
  • Unpack the sources (tar -zxvf) and dispose of the tarball (rm *.tar.gz or rm *.tar)
  • Patch the Kernel
   # cd /usr/src/xnu-792.X.Y
   # patch -p1 < ../xnu-client/xnu-792.X.Y.patch
  • Rebuild the Kernel
   # . SETUP/setup.sh
   # make exporthdrs
   # make
     --> this should fail because it can't find kextsymboltool,
         but that's ok, because the kernel has been built.
   # cd BUILD/obj/RELEASE_PPC
   # cp /mach_kernel /mach_kernel.orig
   # cp mach_kernel /mach_kernel
   # touch /System/Library/Extensions
   # reboot

Installing NFSv4:

If the newly patched kernel booted without any trouble, you are now ready to get NFSv4 going.

  • Create a symlink in /usr/include to newnfs and sys, so the NFSv4 utility sources can find the current include files:
   # cd /usr/include
   # ln -s /usr/src/xnu-792.X.Y/bsd/newnfs newnfs
   # mv sys sys.orig
   # ln -s /usr/src/xnu-792.X.Y/bsd/sys sys
  • Build nfsuserd and mount_newsdl by going into their source dirs and runnig the build-darwin.sh file.
   # mv /usr/src/xnu-client/nfsv4utils /usr/src/
   # cd /usr/src/nfsv4utils/nfsuserd
   # ./build-darwin.sh
   # cd ../mount_newnfs
   # ./build-darwin.sh
  • You may test the functionality of this by opening a separate terminal window:
   # /usr/src/nfsv4utils/nfsuserd/nfsuserd -verbose -domain <Your.dns.Domain> 1
   This should print out a line with your domain name in it.  
   The domain name is used by NFSv4 for user/group names.  
   To end the process, close the terminal window that you ran the test in.
  • If your test ran OK, you are ready to set nfsuserd to be started by launchd.
   # cp /usr/src/nfsv4utils/nfsuserd/nfsuserd /usr/sbin/nfsuserd
   # chmod 555 /usr/sbin/nfsuserd
   - Edit ca.uoguelph.newnfs.nfsuserd.plist and replace cis.uoguelph.ca with
     <Your.dns.Domain> and then copy it into /Library/LaunchDaemons:
   # cp ca.uoguelph.newnfs.nfsuserd /Library/LaunchDaemons
   - Now, reboot and then use "ps ax" to see if it is running
  • If it is running, you can try a mount via:
   # cd /usr/src/nfsv4utils/mount_newnfs
   # ./build-darwin.sh
   # cp mount_newnfs /sbin
   # chmod 555 /sbin/mount_newnfs
   # mkdir /mnt
   # chmod 777 /mnt
   # /sbin/mount_newnfs -4 -T nfsv4-server:/export /mnt
   Note:  You must have a NFSv4 server set up, somewhere


                       You can now use the mount command instead, if you prefer.
                       For example, the following two commands should do the same
                       mount:
                       # /sbin/mount_newnfs -4 -T nfsv4-server:/export /mnt
                                               and
                       # mount -t newnfs -o -4,-T nfsv4-server:/export /mnt


  • You can build newnfsstat and set it up via: (This command isn't critical and doesn't work on an Intel Mac.)
   # cd /usr/src/nfsv4utils/newnfsstat
   # ./build-darwin.sh
   # cp newnfsstat /usr/local/bin
   # chmod 555 /usr/local/bin/newnfsstat
   

Congratulations, you now have NFSv4 set up on the Mac!

The next step is to make NFSv4 work with Kerberos on the Mac

Personal tools