Information You Need
You need the following:
The superuser password of the machine that will become the root master server
The name of the new root domain. The root domain name must have at least two elements (labels) and end in a dot (for example, something.com.). The last element may be anything you want, but in order to maintain Internet compatibility, the last element must be either an Internet organizational name (as shown in Table 4-3), or a two or three character geographic identifier such as .jp. for Japan.
Table 4-3 Internet Organizational Domains
Domain | Purpose |
|---|---|
com | Commercial organizations |
edu | Educational institutions |
gov | Government institutions |
mil | Military groups |
net | Major network support centers |
org | Nonprofit organizations and others |
int | International organizations |
In the following example, the machine that is designated as the root master server is called master1, and doc.com. becomes the new root domain.
Note - Domains and hosts should not have the same name. For example, if you have doc.com. as a root domain, you should not have a machine named doc in any of your domains. Similarly, if you have a machine named home, you do not want to create a domain named home. This caution also applies to subdomains; for example, if you have a machine named west, you do not want to create a sales.west.myco.com subdomain.
How to Create a Root Master Server
Set the superuser's PATH variable to include /usr/lib/nis.
Either add this path to root's .cshrc or .profile file or set the variable directly.
Optionally, if using DES authentication, specify the Diffie-Hellman key length.
To use 640-bit Diffie-Hellman keys as well as the default 192-bit keys, type:
nisauthconf dh640-0 des
To allow only 640-bit keys (rejects 192-bit keys), type:
nisauthconf dh640-0
Type the following command as superuser (root) to configure a root master server.
The -r option indicates that a root master server should be configure. The -d option specifies the NIS+ domain name.
master1# nisserver -r -d doc.com. This script sets up this machine "master1" as a NIS+ root master server for domain doc.com. Domain name : doc.com. NIS+ group : admin.doc.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)
"NIS+ group" refers to the group of users who are authorized to modify the information in the doc.com. domain. (Domain names always end with a period.) Modification includes deletion. admin.domainname is the default name of the group. See "How to Change Incorrect Information" for instructions on how to change this name.
"NIS compatibility" refers to whether an NIS+ server accepts information requests from NIS clients. When set to OFF, the default setting, the NIS+ server does not fulfill requests from NIS clients. When set to ON, an NIS+ server fulfills such requests. You can change the NIS-compatibility setting with this script. See "How to Change Incorrect Information".
Note - This script sets machines up only at security level 2, the highest level of NIS+ security. You cannot change the security level when using this script. After the script has completed, you can change the security level with the appropriate NIS+ command. See the rpc.nisd man page for more information on changing security levels.
Type y (if the information shown on the screen is correct).
Typing n causes the script to prompt you for the correct information. (See "How to Change Incorrect Information" for what you need to do if you type n.)
Is this information correct? (type 'y' to accept, 'n'' to change) y This script will set up your machine as a root master server for domain doc.com. without NIS compatibility at security level 2. Use "nisclient -r" to restore your current network service environment. Do you want to continue? (type `y' to continue, `n' to exit the script)
Type y to continue NIS+ configuration.
(Typing n safely stops the script.) If you interrupt the script after you have chosen y and while the script is running, the script stops running and leaves configured whatever it has created so far. The script does not do any automatic recovery or cleaning up. You can always rerun this script.
Do you want to continue? (type 'y' to continue, 'n' to exit the script y setting up domain information "doc.com." ... setting up switch information ... running nisinit ... This machine is in the doc.com. NIS+ domain. Setting up root server ... All done. starting root server at security level 0 to create credentials... running nissetup ... (creating standard directories & tables) org_dir.doc.com. created Enter login password:
The nissetup command creates the directories for each NIS+ table.
Type your machine's root password at the prompt and press Return.
In this case, the user typed the master1 machine's root password.
Wrote secret key into /etc/.rootkey setting NIS+ group to admin.doc.com. ... restarting root server at security level 2 ... This system is now configured as a root server for domain doc.com. You can now populate the standard NIS+ tables by using the nispopulate or /usr/lib/nis/nisaddent commands.
Your root master server is now configured and ready for you to populate the NIS+ standard tables. To continue with populating tables, skip to "Populating NIS+ Tables".
How to Change Incorrect Information
If you typed n because some or all of the information returned to you was wrong in Step 4 in the above procedure, you will see the following:
Is this information correct? (type 'y' to accept, 'n' to change) n Domain name: [doc.com.] |
Press Return if the domain name is correct; otherwise, type the correct domain name and press Return.
In this example, Return was pressed, confirming that the desired domain name is doc.com.. The script then prompts for the NIS+ group name.
Is this information correct? (type 'y' to accept, 'n' to change) n Domain name: [doc.com.] NIS+ group: [admin.doc.com.]
Press Return if NIS+ group is correct; otherwise, type the correct NIS+ group name and press Return.
In this example, the name was changed. The script then prompts for NIS compatibility.
NIS+ group: [admin.doc.com.] netadmin.doc.com. NIS (YP) compatibility (0=off, 1=on): [0]
Press Return if you do not want NIS compatibility; otherwise, type 1 and press Return.
In this example, Return was pressed, confirming that NIS compatibility status is correct. Once again, the script asks you if the information is correct.
Note - If you choose to make this server NIS compatible, you also need to edit a file and restart the rpc.nisd daemon before it will work. See "Configuring a Client as an NIS+ Server" for more information.
NIS (YP) compatibility (0=off, 1=on): [0] Domain name : doc.com. NIS+ group : netadmin.doc.com. NIS (YP) compatibility : OFF Security level : 2=DES Is this information correct? (type 'y' to accept, 'n' to change)
When the information is correct, continue with Step 3 in "How to Create a Root Master Server". You can keep choosing -n until the information is correct.