Mac OS X Installation Procedure

From CLONWiki
Revision as of 21:28, 13 September 2007 by Boiarino (talk | contribs)
Jump to navigation Jump to search

Configuring Domain Name System (DNS) server:

 1. Open the System Preferences application.     
 2. From the View menu, select Network.
 3. Select desired network connection and select Configure button.
 4. Select the TCP/IP button.
 5. After DNS Servers: enter the address of your DNS server(s) (clon00 etc).
 6. Click on the Apply Now button.


To create new group do following (unchecked):

NOTE: THIS SCRIPT IS WRITTEN FOR PANTHER (10.3)

#!/bin/bash
# Create a group.
# Takes a group name and gid and creates a new group in NetInfo groups
usage ()
{
  echo "Create a new group"
  echo "Usage: ${0##*/} groupname gid"
  if [ "$*" != "" ]; then echo "  Error: $*"; fi
  exit 1
}
# The script must be run as root
#
if [ "$USER" != "root" ]; then
  echo "Must be run as root."
  exit 1
fi
# Check parameters
#
if [ $# -ne 2 ]; then
  usage
fi
group=$1; gid=$2
# search NetInfo for the given group - it should not exist
str="$(nireport . /groups name | grep -w $group)"
if [ ! -z "$str" ]; then
  usage "Group $group already exists"
fi
# search NetInfo for the given gid - it should not exist
str="$(nireport . /groups gid | grep -w $gid)"
if [ ! -z "$str" ]; then
  usage "Group ID $gid already exists"
fi
# Add the new group to NetInfo
#
# add group and essential properties
dscl . create /groups/$group
dscl . create /groups/$group name $group
dscl . create /groups/$group passwd "*"
dscl . create /groups/$group gid $gid
#dscl . create /groups/$group users "" breaks add-user2group if added as a blank value
echo "New group $group created"
echo "Now add users to it with add-user2group"
exit 0


To create new user do following (unchecked):

NOTE: THIS SCRIPT IS WRITTEN FOR PANTHER (10.3)
#!/bin/bash
# Create a user.
# Takes the user's firstname (=shortname), lastname, uid, and staff|admin
# and creates:
#   a new user in NetInfo passwd
#   a new /Users/firstname home directory
usage ()
{
  echo "Create a new staff or admin user"
  echo "Usage: ${0##*/} firstname lastname uid staff|admin"
  if [ "$*" != "" ]; then echo "  Error: $*"; fi
  exit 1
}
# The script must be run by root
#
if [ "$USER" != "root" ]; then
  echo "Must be run as root."
  exit 1
fi
# Check parameters
#
if [ $# -ne 4 ]; then
  usage
fi
first=$1; last=$2; uid=$3; accnt=$4
# check that the users does not already have a home directory
if [ -e /Users/$first ]; then
  usage "User $first already exists at /Users/$first"
fi
# search NetInfo for the given user - it should not exist
str="$(nireport . /users name | grep -w $first)"
if [ ! -z "$str" ]; then
  usage "User $first already exists (but does not have a home directory)"
fi
# search NetInfo for the given uid - it should not exist
str="$(nireport . /users uid | grep -w $uid)"
if [ ! -z "$str" ]; then
  usage "User ID $uid already exists"
fi
# search NetInfo for the given group - it should not exist
str="$(nireport . /groups name | grep -w $first)"
if [ ! -z "$str" ]; then
  usage "Group $first already exists"
fi
# search NetInfo for the given gid - it should not exist
str="$(nireport . /groups gid | grep -w $uid)"
if [ ! -z "$str" ]; then
   usage "Group ID $uid already exists"
fi
# ensure either staff or admin is given
if [ $4 != staff ] && [ $4 != admin ]; then
  usage "Give account type as 'staff' or 'admin'"
fi
# Add the new user to NetInfo
#
# add user and essential properties
dscl . create /users/$first
dscl . create /users/$first name $first
dscl . create /users/$first passwd "*"
dscl . create /users/$first hint ""
dscl . create /users/$first uid $uid
dscl . create /users/$first gid $uid
dscl . create /users/$first home /Users/$first
dscl . create /users/$first shell /bin/bash
dscl . create /users/$first realname "$first $last"
dscl . create /users/$first picture "/Library/User Pictures/Fun/Smack.tif"
dscl . create /users/$first sharedDir Public
# add some other properties that are usually in NetInfo
dscl . create /users/$first _shadow_passwd ""
dscl . create /users/$first _writers_hint $first
dscl . create /users/$first _writers_real_name $first
# add the new group
dscl . create /groups/$first
dscl . create /groups/$first name $first
dscl . create /groups/$first passwd "*"
dscl . create /groups/$first gid $uid
echo "New user and group $first created"
# Add admin users to the admin group
#
if [ $4 = admin ]; then 
  dscl . merge /groups/admin users $first 
  dscl . merge /groups/appserverusr users $first 
  dscl . merge /groups/appserveradm users $first 
  echo "$first added to groups admin, appserverusr, appserveradm"
fi
# Create the home directory, populate from the template, and set owners
#
mkdir /Users/$first
if [ ! -d /Users/$first ]; then
  echo "Unable to create the user's home directory /Users/$first"
  exit
fi
ditto -rsrc /System/Library/User\ Template/English.lproj/ /Users/$first
chown -R ${first}:$first /Users/$first
echo "Home directory /Users/$first created and populated"
# Now give the user a password
#
echo "A password for this account must be given, it is currently blank"
passwd $first
exit 0


To setup NIS service type following as root:

 rpcinfo -p

If the portmapper is not running, you'll get the message

 rpcinfo: can't contact portmapper: RPC: remote system error - Connection refused

To fix that type:

 sudo launchctl start com.apple.portmap

Repeat check, you should see something like:

 program vers proto   port
   100000    2   tcp    111  portmapper
   100000    2   udp    111  portmapper

Type following:

 sudo domainname CCCHP
 sudo ypbind

If last command does not return after 10 seconds, Ctrl-C and run it in debug mode:

 sudo ypbind -d

It should return error message, one of following:

 1. Unknown domain CCCHP: a NIS server was found but it doesn't know the NIS domain
    name you have specified. Check the name and reenter the domainname command.
 2. Dead domain CCCHP: a NIS server was found and it knows the domain name you've
    specified. However, this domain is currently marked inactive and cannot be used.
    Check if you should specify another domain and repeat the domainname command with
    its name.
 3. Domainname not set. Aborting: You forgot or mistyped the domainname command. Enter
    it correctly and repeat the test.
 4. /var/yp/binding/CCCHP.ypservers does not exist, defaulting to broadcast: The system
    has sent out a broadcast message to search for a NIS server, but no server has responded.
    This can have different reasons:
   4.1. The NIS server is not running: Make sure that the NIS server really is there. If you
        know its name, you can use the ping command to see if it's alive.
   4.2. The NIS server and your machine are in two different IP subnets: In this case it's
        impossible that your machine can find the NIS server automatically. Create a file
        /var/yp/binding/CCCHP.ypservers that contains the IP address(es) of your NIS server(s).
   4.3. The administrator of the NIS server disabled server recovery through broadcasts for
        security reasons: In this case, do the same as in the "different IP subnet" situation.
   4.4. There is an error in the IP netmask of your ethernet interface: Enter ifconfig -a to get
        a list of all your network interfaces and check whether the netmasks are set correctly.
        Perhaps there was a simple typo during system installation. Many network features will
        work correctly even with this error, but services that rely on broadcasts certainly will not.

In case of clonpc7 (subnet 68) file CCCHP.ypservers must contains IP address of clon00, because of clon00 is on subnet 167. In general it make sense to put both our servers: 129.57.167.5 (clon00), 129.57.167.14 (clon10) and central JLAB server(s). If machine is not on 167 subnet, corresponding clon00's port can be specified as well, for example 129.57.68.1 (clon00-daq1).

Now try again:

 sudo ypbind -d

Every about 10 seconds tt should return something like that:

 ypbind: returned from 129.57.68.1 about CCCHP

Type Ctrl-C and start the same without debug flag:

 sudo ypbind

It should return after about 10 seconds. Make sure everything is configured correctly by command:

 ypwhich

It should return the name of NIS server, for example:

 clon00-daq1.jlab.org

All above actions were just tests. Not we can make NIS configuration permanent:

 1. Launch the application Directory Access in the folder Utilities in Applications.
 2. If the key icon in the lower left corner is locked, click on the lock to authenticate
    with Directory Access in order to make changes.
 3. Make sure the checkmark at the item BSD Flat File and NIS is set and select
    the corresponding line. If the checkmark was not set, you must press the Apply button
    before you continue to the next step.
 4. Click the Configure... button.
 5. Enter the name of your NIS domain at Domain Name (must be already set to CCCHP).
 6. If the NIS severs are located in a different subnet, or the NIS administrator has
    deactivated server recovery through broadcast messages, enter the IP address(es) of
    your server(s) into the NIS Servers table (must be already set). It is recommended
    to use IP addresses instead of computer names because otherwise we would create
    dependencies between NIS and name resolution: NIS could only start if the name resolver
    is running yet what cannot be guaranteed under all circumstances.
 7. Press OK.
 8. In Directory Access go to the tab view item Authentication.
 9. In the Search menu, select the option Custom Path.
10. Press the Add... button
11. Select your NIS domain as valid source for the authentication of users. Among other
    directory services, the NIS domain should be displayed in the form /BSD/CCCHP in
    the overview. Add this entry. After that, it should appear at the end of the list
    Directory Node (also see the picture below).
12. Now click on Apply at the lower right corner of the window. The configuration will be
    saved. It becomes active after a few seconds without restarting the computer.


NFS mount:

Make sure you have the same UID and GID on both computers (if NIS works properly it must be enforced ??). To change it manually do following:

 1. Go to the NetInfo  Manager (Applications -> Utilities)
 2. Authenticate as an administrator by clicking the lock in the lower left corner
 3. Click on Users in the list, and find your username.
 4. When you click on it, you should see info about it at the bottom of the screen… 
    scroll down until you see UID and GID and change those appropriately.
    Make sure you keep track of your old UID so that you can change permissions on your files.

In any case, id UID is changed, use a command like the following to change file permissions over to you again (do it as root):

 find / -xdev -user <old uid> -print -exec chown <new uid> {} \;

Mount desired partitions as shown in following examples:

 mkdir /data
 mkdir /work
 mkdir /scratch
 sudo mount -o -P clon10-daq1:/data /data
 sudo mount -o -P clon00-daq1:/work /work
 sudo mount -o -P clon00-daq1:/scratch /scratch

To mount from a GUI program: There is a program called NFSManager (http://www.bresink.de/osx/NFSManager.html) available for use, if this would make things easier. It’s shareware, so if you don’t pay, you’ll have demo notices popping up, but it doesn’t limit the features of the program. Authenticate first, then add a new entry to the NFS Connections. Enter your server and NFS share. You can leave it as the default to mount in the network folder. Activate changes when you are done. You should now be able to browse to your mount through the Network area (NetInfo Manager -> mounts).

NOTE: I created directories first, then ran GUI, and everything looked fine except nothing was mounted ... I ran 'sudo mount ...' commands and it worked. Need to learn more ...

NOTE: after reboot everything mounted as following:

 work -> /automount/static/work

Maybe reboot needed after above procedure ? Will check next time ...


Another automount method (does not work !!!):

 Create file /etc/auto.nfs, for example it may contains following line (mounts /scratch from clon00):
   scratch -rw,bg,intr clon00:/scratch
 Type command:
   automount -m /nfs /etc/auto.nfs


VNC

After machine rebooted, start VNC server. First ssh to machine as root and type two following commands (we assume that VineServer was downloaded to /Users/boiarino/ :

 open /Users/boiarino/VineServer2.1.dmg
 open -a /Volumes/Vine\ Server/Vine\ Server.app/

Now you can run vnc viewer on another machine and access Mac, for example to access Mac OS X machine named clonpc7 do following:

 vncviewer clonpc7

To go through firewall use ssh tunneling, for example:

 ssh -L 5000:129.57.68.7:5900 username@jlab.org

where IP address belong to clonpc7. Port 5900 is default. If VNC server on clonpc7 was started for example on port 5904, ssh tunneling shell be done to that port, and vnc veiwer command will be

 vncviewer clonpc7:4


MORE VNC INFO (copy from www.cs.vassar.edu/SysNews/vnc/osx.html)

Using VNC on Mac OS X Setup Download and install a secure shell client

As you may have heard, the Mac OS X operating system is built off of a version of Unix, FreeBSD. You'll be happy to here that this means you already have a secure shell client installed, the Unix native ssh. You will find it from the Terminal - more on that later. Download and install a VNC client

We recommend using Chicken of the VNC, although other clients (try the official VNC site) should also work.

  1. Download Chicken of the VNC from the Chicken of the VNC website: http://sourceforge.net/projects/cotvnc/.
  2. To install Chicken of the VNC, mount the disk image by double-clicking on the DMG file. Then drag the application to the Applications directory on your hard drive.

Connecting Forward a port over a secure connection

Here, we set up a secure connection for VNC to talk over.

  1. On the Mac you're sitting at, open up a terminal (Applications/Utilities/Terminal).
  2. Now, you will start a secure connection over which VNC will travel. Grace Hopper would type:
     ssh -L 5901:localhost:5995 grhopper@mote33.cs.vassar.edu

Connect using your VNC client

  1. Start Chicken of the VNC on the Mac or if already running select Connection --> New Connection to bring up the Connect dialog box
  2. Fill in the Connect dialog box as follows:
         * In the Host field enter localhost
         * In the Display field enter 1
         * Leave the Password field blank
         * Leave the check boxes unchecked
         * Click the Connect button on the bottom of the diolog box
  3. You should now see a graphical Unix login screen. Log in as you would in the lab with your username and password
  4. To toggle between full-screen mode, type Ctrl-Command-Option-~.
  5. When you finish your Unix session, log out as you normally would, quit Chicken of the VNC, and exit your ssh session.

VNC help | User Info | CS Department

Back to VNC instruction page

File last modified on $Date: 2007/02/01 18:17:23 $ UTC