Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
NIS+ and the Service Management Facility
Modifying the /lib/svc/method/nisplus File
Creating a Sample NIS+ Namespace
Summary of NIS+ Scripts Command Lines
Prerequisites to Running nisserver to Set Up a Root Server
How to Create an NIS+ Root Master Server
How to Change Incorrect Information When Setting Up NIS+
How to Set Up a Multihomed NIS+ Root Master Server
Prerequisites to Running nispopulate to Populate Root Server Tables
How to Populate the NIS+ Root Master Server Tables
Setting Up NIS+ Client Machines
How to Initialize a New NIS+ Client Machine
Creating Additional NIS+ Client Machines
Initializing NIS+ Client Users
How to Initialize an NIS+ User
Configuring a Client as an NIS+ Server
How to Configure an NIS+ Server Without NIS Compatibility
How to Configure an NIS+ Server With NIS Compatibility
How to Configure an NIS+ Server With DNS Forwarding and NIS Compatibility
Creating Additional NIS+ Servers
How to Create a New Non-Root NIS+ Domain
Creating Additional NIS+ Domains
Populating the New NIS+ Subdomain's Tables
Prerequisites to Populating a NIS+ Subdomain's Tables
Populating the NIS+ Master Server Tables
How to Populate the NIS+ Tables From Files
How to Populate the NIS+ Tables From NIS Maps
Creating NIS+ Subdomain Replicas
Initializing NIS+ Subdomain Client Machines
How to Initialize an NIS+ Subdomain Client Machine
Initializing an NIS+ Subdomain Client Users
How to Initialize an NIS+ Subdomain User
Summary of Commands for the Sample NIS+ Namespace
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
To have regularly available NIS+ service, you should always create one or more root replica servers. Having replicas can also speed network-request resolution because multiple servers are available to handle requests.
For performance reasons, you should have no more than a few replicas per domain.
If your network includes multiple subnets or different sites connected by a Wide Area Network (WAN), you may need additional replicas:
Subnets. If you have a domain that spans multiple subnets, it is a good idea to have at least one replica server within each subnet so that if the connection between nets is temporarily out of service, each subnet can continue to function until the connection is restored.
Remote sites. If you have a domain spanning multiple sites linked over a WAN, it is a good idea to have at least one replica server on each side of the WAN link. For example, it may make sense from an organizational point of view to have two physically distant sites in the same NIS+ domain. If the domain's master server and all of its replicas are at the first site, there will be much NIS+ network traffic between the first and second sites. Creating an additional replica at the second site should reduce network traffic.
See Creating an NIS+ Root Replica Server for additional information on how to determine the optimum number of replicas.
How to Create an NIS+ Root Replica shows the machine client1 being configured as a root replica for the doc.com. domain. This procedure uses the NIS+ nisserver script. (You can also use the NIS+ command set to configure a replica server as described in Using NIS+ Commands to Configure a Replica Server.)
You need the following information to run nisserver.
The domain name
The client machine name; (client1, in this example)
The superuser password for the root master server
Before you run nisserver to create a replica, be sure the following prerequisites have been met.
The domain must already have been configured and its master server must be running.
The tables of the master server must be populated. (At a minimum, the hosts table must have an entry for the new client machine.)
You must have initialized the new server as a client machine in the domain, as described in Setting Up NIS+ Client Machines.
You must have started the NIS+ service, rpc.nisd, on the new replica server, as described in Setting Up NIS+ Servers.
You must be logged in as root on the root master server. In this example, the root master machine is named master1.
master1# nisserver -R -d doc.com. -h client1 This script sets up an NIS+ replica server for domain doc.com. Domain name: :doc.com. NIS+ server : :client1 Is this information correct? (type 'y' to accept, 'n' to change)
The -R option indicates that a replica should be configured. The -d option specifies the NIS+ domain name (doc.com., in this example). The -h option specifies the client machine (client1, in this example) that will become the root replica.
Typing n causes the script to prompt you for the correct information. (See How to Change Incorrect Information When Setting Up NIS+ for what you need to do if you type n.)
Is this information correct? (type 'y' to accept, 'n' to change) y This script will set up machine “client1” as an NIS+ replica server for domain doc.com. without NIS compatibility. The NIS+ server daemon, rpc.nisd, must be running on client1 with the proper options to serve this domain. Do you want to continue? (type 'y' to continue, 'n' to exit this script)
Typing n safely stops the script. The script will exit on its own if rpc.nisd is not running on the client machine.
Is this information correct? (type 'y' to continue, 'n' to exit this script) y The system client1 is now configured as a replica server for domain doc.com.. The NIS+ server daemon, rpc.nisd, must be running on client1 with the proper options to serve this domain. ...
Note - If you want to run this replica in NIS (YP) compatibility mode, modify the /lib/svc/method/nisplus file to add the -Y option. The file needs modification only if you want the root replica to fulfill NIS client requests and it was not already configured as an NIS-compatible server. See Configuring a Client as an NIS+ Server for more information about creating NIS-compatible servers and NIS+ and the Service Management Facility for more information about using Service Management Facility commands with NIS+.
If you want this replica to run in NIS compatibility mode, follow these steps:
You can do this in two ways:
The preferred method of loading data on to a new replica server is to use the NIS+ backup and restore capabilities to back up the master server, then “restore” that data on to the new replica server. This step is described in detail in How to Load NIS+ Namespace Data by Using the nisrestore Command.
Run nisping. Running nisping initiates a full resynch of all NIS+ data from the master server to this new replica. If your namespace is large, this can take a long time, during which your master server is very busy and slow to respond and your new replica is unable to answer NIS+ requests. This step is described in detail in How to Load NIS+ Namespace Data by Using the nisping Command.
When you have finished loading your namespace data, the machine client1 is now an NIS+ root replica. The new root replica can handle requests from the clients of the root domain. Because there are now two servers available to the domain, information requests can be fulfilled faster.
Using these procedures, you can create as many root replicas as you need. You can also use these procedures to create replica servers for subdomains.
The procedure for setting up a multihomed NIS+ server is the same as setting up a single interface server. The only difference is that there are more interfaces that need to be defined in the hosts database, the /etc/hosts file and NIS+ hosts table.
Note - Prior to the Solaris 10 7/07 release, you also need to define interfaces in the /etc/inet/ipnodes file and ipnodes table.
Once the host information is defined, use the nisclient and nisserver scripts to set up the multihomed NIS+ server.
Caution - When setting up a multihomed NIS+ server, the server's primary name must be the same as the nodename for the system. This is a requirement of both Secured RPC and nisclient.
If these names are different, Secure RPC authentication will fail to work properly causing NIS+ problems. |
This procedure shows how to set up any NIS+ non-root master servers. The following example creates a replica for the root domain. For information about setting up a multihomed root server, see How to Set Up a Multihomed NIS+ Root Master Server.
Note - Prior to the Solaris 10 7/07 release, you must also load IPv6 server host information into the client's ipnodes file.
For example, for the hostB system with three interfaces:
192.168.11.y hostB hostB-11 192.168.12.x hostB hostB-12 192.168.14.z hostB hostB-14
Note - Prior to the Solaris 10 7/07 release, you must also load host IPv6 information into the client's ipnodes table.
For example:
hostA# nispopulate -F -d sun.com hosts
where the example shows sun.com as the NIS+ root domain name. Issue the nispopulate command specifying the name of your NIS+ root domain name.
hostA# nisclient -c -d sun.com hostB
where the example shows sun.com as the root domain name. Issue the nisclient command specifying the name of your root domain name.
For example:
hostB# nisclient -i -d sun.com
where the example shows sun.com as the root domain name. Issue the nisclient command specifying the name of your root domain name.
hostA# nisserver -M -d eng.sun.com -h hostB.sun.com.
where the example shows eng.sun.com as the NIS+ domain name and hostB.sun.com as the fully-qualified hostname for the NIS+ server. Issue the nisserver command specifying the name of your NIS+ domain and the fully-qualified hostname for the NIS+ server.
For example:
hostA# nisserver -R -d sun.com -h hostB.sun.com.
where the example shows sun.com as the replica server and hostB.sun.com as the fully-qualified hostname for the NIS+ server. Issue the nisserver command specifying the name of your replica server and NIS+ domain.
After completing the steps for setting up a multihome NIS+ replica server, the remainder of the setup is exactly the same as for a single interface server.