|
|
nis_manual_setup(7)
Contents
|
nis_manual_setup - Describes how to manually set up the
Network Information Service (NIS)
Setting up NIS includes configuring the following: Master
server Slave servers Clients
Note
You must have the Additional Networking Services subset
installed to create an NIS master or slave server.
To configure NIS with support for enhanced security, and
optionally create secure versions of NIS maps, carefully
read the instructions in the Security Administration guide
before proceeding with the setup described in this reference
page.
SETTING UP THE MASTER SERVER [Toc] [Back] There can be only one master server in an NIS domain. To
set up a master server, log in as superuser and perform
the following steps: Create the /var/yp/src/mail.aliases
file.
The mail.aliases file defines networkwide mail
aliases. Creating this file is optional. However,
if you want to define and distribute mail aliases
on your network, you must create it. If you do not
create a mail.aliases file, when the NIS maps are
built, a message telling you that the mail.aliases
file could not be found is displayed on the screen.
For information on defining mail aliases, see the
aliases(4) reference page. Create the
/var/yp/src/netgroup file.
The netgroup file defines networkwide groups and is
used for permission checking when doing remote
mounts, remote logins, and accessing remote shells.
Creating this file is optional. However, if you
want to define and distribute network group information
on your network, you must create it. If you
do not create a netgroup file, when the NIS maps
are built, a message telling you that the netgroup
file could not be found is displayed on the screen.
For information on defining network groups, see the
netgroup(4) reference page. Copy into the
/var/yp/src directory the local /etc files that you
intend to make into NIS maps for distribution. Be
sure that the information in the files is up to
date.
When the default set of NIS maps is created, the
following file names are recognized in the
/var/yp/src directory: aliases, group, hosts,
mail.aliases, netgroup, networks, passwd, protocols,
rpc, and services. If you do not want to distribute
one of the default maps, do not copy the
local /etc file for it into the /var/yp/src directory.
If a file is absent from the /var/yp/src
directory, when the NIS maps are built, a message
telling you that the file could not be found is
displayed on the screen. Remove the entry for root
from the passwd file after you copy it into the
/var/yp/src directory. Copy Automount and AutoFS
maps, or other site-specific maps, into the
/var/yp/src directory. For information on creating
these maps, see the Network Administration: Services
manual. Create the domain directory by
entering the following command, replacing
test_domain with the name of your domain: # mkdir
/var/yp/test_domain
Note
A NIS domain name is not the same as a BIND domain
name. If you configure the system with an incorrect
NIS domain name, all NIS-related operations
(such as logging in and the ls -l command) hang for
several minutes, then fail. Determine the appropriate
method for building the NIS maps. The
available database formats are as follows: btree
(b) -- Recommended when creating and maintaining
very large maps. dbm/ndbm (d) -- For backward compatibility.
This is the default. hash (h) -- A
potentially quicker method for managing small maps.
Choose a method and set the NIS_SERVERARGS parameter
in the /etc/rc.config.common file by issuing
the following command: # /usr/sbin/rcmgr -c set
NIS_SERVERARGS method
Replace method with the letter (b, d, or h) that
corresponds to the database format. Create the
ypservers map.
The ypservers map is a list of all of the domain's
slave servers. To create this map, enter the following
command: # /var/yp/makedbm -a method -
/var/yp/test_domain/ypservers slave1 slave1 slave2
slave2 slaveN slaveN [Ctrl/d]
Replace test_domain with the name of your domain,
replace method with the corresponding letter for
the database format as determined in the previous
step, and replace slave1 through slaveN with the
names of the slave servers. (For each entry, you
must type the slave server's name twice, as shown.)
Be sure to include all of the slave servers in your
domain. If you add a slave server to your domain,
you must remake this list. Prepare the Makefile to
use for creating the maps you want to distribute
throughout the NIS domain.
Open the /var/yp/Makefile file in a text editor and
do the following: In the DOM section of the file,
set the domain name you have chosen. For example,
if your domain name is market, edit the
/var/yp/Makefile file in the following way:
. . # # ***** DOM must be filled in with the
domain name !! # DOM=market . . Scroll down to
the METHOD section of the file and set the same
database format you specified for the NIS_SERVERARGS
parameter in the /etc/rc.config.common file:
. . # by default use dbm/ndbm to store and maintain
the # databases other options include, "b" for
"btree", # and "h" for "hash". If you're curious,
see dbopen(3), # btree(3), hash(3). We strongly
recommend "b" # (for btree) for large maps #
METHOD=method . .
Replace method with the letter (b, d, or h) that
corresponds to the appropriate database format.
(Note that all of your maps, including the
ypservers map, must be maintained in the same format.)
If you are using the NIS master server to
serve the auto.master map, the auto.home map, or
both, you must place a number sign (#) at the
beginning of the following lines to comment them
out:
all: passwd group hosts networks rpc services protocols
netgroup \
aliases
Then, remove the number sign (#) from the beginning
of the following lines to enable the creation of
the auto.master and auto.home maps:
#all: passwd group hosts networks rpc services protocols
netgroup \ # aliases auto.home auto.master
.
.
. #$(YPDBDIR)/$(DOM)/auto.home.time:
$(DIR)/auto.home # -@if [ -f
$(DIR)/auto.home ]; then \ # $(SED)
-e "/^#/d" -e s/#.*$$// $(DIR)/auto.home | \ #
$(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.home;
\ # $(TOUCH)
$(YPDBDIR)/$(DOM)/auto.home.time; \ #
$(ECHO) "updated auto.home"; \ # if
[ ! $(NOPUSH) ]; then \ #
$(YPPUSH) auto.home; \ #
$(ECHO) "pushed auto.home"; \ # else
\ # : ; \ # fi
\ # else \ # $(ECHO)
"couldn't find $(DIR)/auto.home"; \ # fi #
#$(YPDBDIR)/$(DOM)/auto.master.time:
$(DIR)/auto.master # -@if [ -f
$(DIR)/auto.master ]; then \ # $(SED)
-e "/^#/d" -e s/#.*$$// $(DIR)/auto.master | \ #
$(MAKEDBM) -a $(METHOD) - $(YPDBDIR)/$(DOM)/auto.master;
\ #
$(TOUCH) $(YPDBDIR)/$(DOM)/auto.master.time; \ #
$(ECHO) "updated auto.master"; \ #
if [ ! $(NOPUSH) ]; then \ #
$(YPPUSH) auto.master; \ #
$(ECHO) "pushed auto.master"; \ #
else \ # : ; \ #
fi \ # else \ # $(ECHO)
"couldn't find $(DIR)/auto.master"; \ # fi .
. . #auto.home: $(YPDBDIR)/$(DOM)/auto.home.time
#auto.master: $(YPDBDIR)/$(DOM)/auto.master.time .
. . #$(DIR)/auto.home: #$(DIR)/auto.master: Save
the /var/yp/Makefile file and exit the text editor.
Create the NIS maps.
Change to the /var/yp directory and enter the make
command, as follows: # cd /var/yp # make NOPUSH="Y"
Decide whether to run the yppasswdd daemon.
The yppasswdd daemon runs on the master server and
allows the master copy of the password file to be
updated remotely by using the yppasswd command.
You should run the yppasswdd daemon on your master
server.
If you decide to run the yppasswdd daemon, edit the
/etc/rc.config.common file by issuing the following
command: # /usr/sbin/rcmgr -c set NIS_PASSWDD YES
To complete setting up the master server, see the
"Setting Up NIS Clients" section in this reference
page.
SETTING UP SLAVE SERVERS [Toc] [Back] Use the following procedure to set up a slave server: Create
the domain directory by entering the following command,
replacing test_domain with the name of your domain:
# mkdir /var/yp/test_domain
A NIS domain name is not the same as a BIND domain
name. If you configure the system with an incorrect
NIS domain name, all NIS-related operations
(such as logging in and ls -l commands) hang for
several minutes, then fail. Copy the master's maps
to the slave server.
You must copy each map from the master individually,
using the following command format:
/var/yp/ypxfr -a method -h nis_master -c -d
nis_domain mapname
For example, to transfer dbm/ndbm-formatted passwd
maps from the master server, host1, to a slave
server, type the following commands. The domain in
this example is shark.
# /var/yp/ypxfr -h host1 -c -d shark passwd.byname
# /var/yp/ypxfr -h host1 -c -d shark passwd.byuid
The /var/yp/nis_domain directory on the master
server lists all of the maps that your slave server
can serve. You can also transfer btree and hash
format maps by using the -a switch. See the
ypxfr(8) reference page for more information. Edit
the /var/spool/cron/crontabs/root file by adding
the following lines. Note that there should be no
blank lines in the /var/spool/cron/crontabs/root
file.
. . . # Network Information Service: SLAVE
server entries 30 * * * * sh /var/yp/ypxfr_1perhour
31 1,13 * * * sh /var/yp/ypxfr_2perday 32 1 * * *
sh /var/yp/ypxfr_1perday
The first line is a comment. The second line runs
the following command once an hour at 30 minutes
past the hour:
sh /var/yp/ypxfr_1perhour The third line runs the
following command twice per day at 01:31 and 13:31:
sh /var/yp/ypxfr_2perday The fourth line runs the
following command once per day at 01:32:
sh /var/yp/ypxfr_1perday
See the crontab(1) reference page for more information.
To complete setting up a slave server, see
the "Setting Up NIS Clients" section in this reference
page.
SETTING UP NIS CLIENTS [Toc] [Back] This section explains how to set up an NIS client.
Because the master server and all slave servers are considered
NIS clients, you must also complete these steps to
set up these servers: Edit the /etc/rc.config.common file
by using the /usr/sbin/rcmgr utility. The syntax for the
/usr/sbin/rcmgr command is: /usr/sbin/rcmgr -c set variable
value
You should set the value of the NIS_CONF variable
and the NIS_ARGS in the /etc/rc.config.common file
to the following values for the master server,
slave servers, and clients:
NIS_CONF YES NIS_ARGS -S nisdomain,
server1,server2,server3
You must set the NIS_TYPE variable to the system
type: MASTER for master servers, SLAVE for slave
servers, and CLIENT for clients. The servers must
list themselves in the server list if the system is
running with the -S option.
For example, to set up host2 to be a client server
in the domain pacific, and run the ypbind daemon
with the -S option, enter the following commands:
# /usr/sbin/rcmgr -c set NIS_CONF YES #
/usr/sbin/rcmgr -c set NIS_TYPE CLIENT #
/usr/sbin/rcmgr -c set NIS_DOMAIN pacific #
/usr/sbin/rcmgr -c set NIS_ARGS \
"-S
pacific,host2,host1,host3" Start the NIS daemons by
issuing the following command:
# /sbin/init.d/nis start
To reconfigure NIS on your system, you must kill
the daemons that are running and the restart them.
To kill the daemons, enter the following command:
# /sbin/init.d/nis stop
Restart the daemons by using the "/sbin/init.d/nis
start" command. Prepare the local /etc files.
Edit the /etc/svc.conf file to enable NIS lookups.
The /etc/svc.conf file is the database service
selection configuration file that your system references
to determine what distributed database
lookup services are running on your system, which
databases are being served by them, and in what
order to query them. When enabling NIS, you must
edit the /etc/svc.conf file to tell your system
that you want NIS servers queried for distributed
database information. For information on editing
the /etc/svc.conf file, see svc.conf(4), svcsetup(8), or Network Administration: Services. If
necessary, edit the /etc/passwd file and /etc/group
files to enable NIS lookups.
If you want your system to query an NIS server for
password or group information, or both, a plus sign
followed by a colon (+:) must be the last line of
the /etc/passwd file, the /etc/group file, or both.
For example:
root:9Pf.mMEPUz08t:0:1:System PRIVILEGED
Account,,,:/:/bin/csh field:OnGgTH5moq4Yw:0:1:Field
Svc Account,,,:/usr/field:/bin/csh operator:Ni6WK/uqs0vaE:25:28:Operator
Account,,,:/etc/operator: guest:Nologin:100:31:Guest
account:/usr/spool/uucppublic:/bin/date
+:
Note
If +: is not the last line of the file, all entries
following the +: are ignored.
ADDING USERS IN A DISTRIBUTED ENVIRONMENT [Toc] [Back] In an NIS environment you can add a user account to either
the local passwd file or the NIS distributed passwd file.
Accounts added to the local passwd file are visible only
to the system to which they are added. Accounts added to
the NIS distributed passwd file are visible to all NIS
clients that have access to the distributed file.
Gathering Information [Toc] [Back]
Before adding new user accounts to the passwd database,
gather the following information: Determine whether you
want to add the account to the local passwd file or the
the NIS distributed passwd file. Gather the following
information on the users you want to add: Login names User
identification numbers (UIDs) Group identification numbers
(GIDs) Real names, office numbers, and telephone extensions
Initial working directories Program to use as a
shell
Adding User Accounts to the NIS Distributed passwd File [Toc] [Back]
To add user accounts in a distributed environment, you
must edit the master passwd file on the NIS master server.
To do this, perform the following steps: Log in as superuser
on the NIS master server. Change to the /var/yp/src
directory. Edit the passwd database to add an entry for
each new user.
The format for each entry is the same as the format
in the /etc/passwd file, which is as follows:
login-name:passwd field:UID:GID:user- info:initial-working-directory:shell-program
Leave the passwd field blank. Rebuild the passwd
database.
Change to the /var/yp directory and enter the make
passwd command, as follows: # cd /var/yp # make
passwd updated passwd pushed passwd Use the
yppasswd command to set the password for each new
user, as follows: # yppasswd new_user NIS password:
Return New password: password Retype new password:
password NIS passwd changed on NIS-master
Your system is not secure if no password is set.
Adding User Accounts to the Local passwd File in an NIS Dis-
tributed Environment
To add a user account to only the local system in an NIS
environment, you must add the account manually. (For more
information, see the System Administration manual.) These
entries must appear before the plus sign and colon (+:) at
the end of the file.
A user's account information may be partially distributed.
If the user's entry in the /etc/passwd file has a
prepended "+", both databases are read with the information
from the /etc/passwd file (except for the UID and gid
fields) overlaying the information from the NIS distributed
user account database.
If the user's entry in the /etc/passwd file has a
prepended "-", the user is excluded from the password
database.
See Security Administration for more information.
domainname(1), nis_intro(7), nissetup(8), svc.conf(4),
ypbind(8), yppasswd(1), ypserv(8), ypxfr(8)
System Administration, Network Administration: Services,
Security Administration
nis_manual_setup(7)
[ Back ] |
