I finally figured out how to get netgroups working (sort of) in 10.4.7 server. Netgroups are an important component of our distributed filesystem environment, used to control the export of 100’s of NFS mounts. The missing link was the netgroup LookupOrder that by default, is not part of the lookupd configuration. I created a LookupOrder in the default NetInfo location (/locations/lookupd/netgroups) that consisted of just the flat file agent (FFAgent).
Next, I created a simple netgroup in /etc/netgroup that contained a few hosts. I used this netgroup name to export an NFS filesystem and it all worked just fine. Only the hosts in the netgroup could mount the filesystem.
However, things start to fall apart when I tried more complex netgroup definitions. To be specific, the ‘\’ line continuation character is not parsed correctly by lookupd. I was able to verify this by running ‘lookupd -q netgroup’. This confirmed that lookupd ends up truncating the netgroup entries at the carriage return instead of handling ‘\’ correctly.
I then added NISAgent to my netgroup LookupOrder so I could try and use netgroups in our production NIS netgroup map. Similar problems of truncated netgroups.
I have opened up a bug report with Apple (#4677764).

——-
Yemi