Configuring NIS+ With Scripts
This chapter describes how to configure a basic NIS+ namespace using the nisserver, nispopulate, and nisclient scripts in combination with a few NIS+ commands.
Note - NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment (see Part V). For more information, visit http://www.sun.com/directory/nisplus/transition.html.
NIS+ Configuration Overview
Using the configuration scripts is the recommended method of setting up and configuring an NIS+ namespace. Using these scripts is easier than to trying to set up an NIS+ namespace with the NIS+ command set, as described in Chapter 6, Configuring NIS+ Clients, Chapter 7, Configuring NIS+ Servers, and Chapter 8, Configuring a Non-Root Domain
(See the nisserver, nispopulate, and nisclient man pages for complete descriptions of the scripts. See the Glossaryfor definitions of terms and acronyms you do not recognize.)
You should not use the small sample NIS+ namespace referred to in this tutorial manual as a basis for your actual NIS+ namespace. You should destroy the sample namespace after you finish exploring it, instead of adding on to it. It is better to begin again and carefully plan your NIS+ hierarchy before you create your actual namespace.
Table 4-1 summarizes the recommended generic configuration procedure. The left column lists the major configuration activities, such as configuring the root domain or creating a client. The text in the middle describes the activities. The third column lists which script or NIS+ commands accomplish each step.
Table 4-1 Recommended NIS+ Configuration Procedure Overview
Activity | Description | Script/NIS+ Commands |
|---|---|---|
Plan your new NIS+ namespace | Plan your new NIS+ namespace. See "Planning the NIS+ Namespace: Identifying the Goals of Your Administrative Model" for a full discussion of planning requirements and steps. (If you are just following the NIS+ tutorial in a test-bed network, this step has been done for you.) |
|
Prepare your existing namespace | In order for the scripts to work best, your current namespace (if any) must be properly prepared. See and the "Planning the NIS+ Namespace: Identifying the Goals of Your Administrative Model"for a description of necessary preparations. (If you are just following the NIS+ tutorial in a test-bed network, this step has been done for you.) |
|
Configure the Diffie-Hellman key length | If you intend to use DES authentication, consider using Diffie-Hellman keys longer than the 192-bit default. The extended key length must be the same on all machines in the domain. Specify the desired key length before running the respective initialization scripts. | nisauthconf |
Configure root Domain | Create the root domain. Configure and initialize the root master server. Create the root domain admin group. | nisserver |
Populate tables | Populate the NIS+ tables of the root domain from text files or NIS maps. Create credentials for root domain clients. Create administrator credentials. | nispopulate nisgrpadm nisping |
Configure root domain clients | Configure the client machines. (Some of them will subsequently be converted into servers.) Initialize users as NIS+ clients. | nisclient |
Enable servers | Enable some clients of the root domain to become servers. Some servers will later become root replicas; others will support lower-level domains. | rpc.nisd |
Configure root replicas | Designate one or more of the servers you just configured as replicas of the root domain. | rpc.nisd nisserver |
Configure non-root domains | Create a new domain. Designate a previously enabled server as its master. Create its admin group and admin credentials. | rpc.nisd nisserver |
Populate tables | Create credentials for clients of the new domain. Populate the NIS+ tables of the new domain from text files or NIS maps. | nispopulate |
Configure non-root domain clients | Configure the clients of the new domain. (Some may subsequently be converted into servers for lower-level domains.) Initialize users as NIS+ clients. | nisclient |
The NIS+ scripts enable to you to skip most of the individual procedures included in the above activities.
Creating a Sample NIS+ Namespace
The procedures in this chapter show you how to create a sample NIS+ namespace. The sample NIS+ namespace will be created from /etc files and NIS maps. This sample shows you how to use the scripts both when your site is not running NIS and when NIS is running at your site. You can set your servers to NIS-compatibility mode if they will be serving NIS clients. See the Chapter 26, Transitioning from NIS to NIS+ for more information on NIS-compatibility mode.
Note - Your site's actual NIS+ namespace and its domain hierarchy probably differs from the sample namespace's, and yours probably contains a different number of servers, clients, and domains. Do not expect any resemblance between your final domain configuration or hierarchy and the sample one. The sample namespace is only an illustration of how to use the NIS+ scripts. After you have created this sample namespace, you should have a clear idea about how to create domains, servers, and clients at your site.
The sample namespace contains the following components:
A root master server named master for the doc.com. domain
Four clients of the root domain, doc.com.:
The first client, client1, will become a root replica (for the doc.com. domain).
The second client, client2, will become a master server for a new subdomain (for the sub.doc.com. domain).
The third client, client3, will become a non-root replica server of the new subdomain (for the sub.doc.com.) domain.
The fourth client, client4, will remain solely a client of the root domain (doc.com.).
Two clients, subclient1 and subclient2, of the subdomain (sub.doc.com.).
This scenario shows the scripts being used to configure NIS+ at a site that uses both system information files, such as /etc/hosts, and NIS maps to store network service information. The sample NIS+ namespace uses such a mixed site purely for example purposes.
Summary of NIS+ Scripts Command Lines
Table 4-2 contains the generic sequence of NIS+ scripts and commands you will use to create a ample NIS+ domain. Subsequent sections describe these command lines in detail. After you are familiar with the tasks required to create NIS+ domains, servers, and clients, use Table 4-2 as a quick-reference guide to the appropriate command lines. Table 4-2 is a summary of the actual commands with the appropriate variables that you type to create the sample NIS+ namespace.
Table 4-2 NIS+ Domains Configuration Command Lines Summary
Action | Machine | Command |
|---|---|---|
Include /usr/lib/nis in root's path; C shell or Bourne shell. | Root master server and client machines as superuser | setenv PATH $PATH:/usr/lib/nis or PATH=$PATH:/usr/lib/nis; export PATH |
Optionally, if using DES authentication, select the Diffie-Hellman key length | Server and client machines as superuser | nisauthconf -dhkey-length-alg-type des |
Create a root master server without or with NIS (YP) compatibility. | Root master server as superuser | nisserver -r-dnewdomain. or nisserver -Y-r-d newdomain. |
Populate the root master server tables from files or from NIS maps. | Root master server as superuser | nispopulate -F-p /files -d newdomain. or nispopulate -Y-d newdomain. -h NISservername\ -a NIS_server_ipaddress -y NIS_domain |
Add additional users to the NIS+ admin group. | Root master server as superuser | nisgrpadm-aadmin.domain.name.domain. |
Make a checkpoint of the NIS+ database. | Root master server as superuser | nisping- C domain. |
Initialize a new client machine. | Client machine as superuser | nisclient- i-d domain . -h master1 |
Initialize user as an NIS+ client. | Client machine as user | nisclient-u |
Start the rpc.nisd daemon--required to convert a client to a server without or with NIS (and DNS) compatibility. | Client machine as superuser | rpc.nisd or rpc.nisd-Y or rpc.nisd -Y -B |
Convert a server to a root replica. | Root master server as superuser | nisserver-R-ddomain. -h clientname |
Convert a server to a non-root master server. | Root master server as superuser | nisserver -M-dnewsubdomain.domain. -h\clientmachine |
Populate the new master server tables from files or from NIS maps. | New subdomain master server as superuser | nispopulate -F-p/subdomaindirectory -d \ newsubdomain .domain . or nispopulate -Y-dnewsubdomain .domain.-h NISservername -aNIS_server_ipaddress -y NIS_domain |
Convert a client to a master server replica. | Subdomain master server as superuser | nisserver-R-dsubdomain .domain. - h clientname |
Initialize a new client of the subdomain. Clients can be converted to subdomain replicas or to another server. | New subdomain client machine as superuser | nisclient -i -d newsubdomain.domain. - h \ subdomainmaster |
Initialize user as an NIS+ client. | Client machine as user | nisclient -u |
Note - To see what commands an NIS+ script calls, without actually executing the commands, use the -x option. The -x option causes the command names and their approximate output to echo to the screen as if you were actually running the script. Running the scripts for the first time with -x can minimize unexpected results. For more information, see the man pages for the scripts.
Setting Up NIS+ Root Servers
Setting up the root master server is the first activity towards establishing NIS+ domain. This section shows you how to configure a root master server using the nisserver script with default settings. The root master server uses the following defaults:
Security level 2 (DES)--the highest level of NIS+ security
NIS compatibility set to OFF (instructions for setting NIS compatibility are included)
System information files (/etc) or NIS maps as the source of name services information
admin. domainname as the NIS+ group
Note - The nisserver script modifies the name service switch file for NIS+ when it sets up a root master server. The /etc/nsswitch.conf file can be changed later. See Chapter 1, The Name Service Switch for information on the name service switch.
Prerequisites to Running nisserver
Check to see that the /etc/passwd file on the machine you want to be root master server contains an entry for root.