JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information

Preface

Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

NIS+ Configuration Overview

NIS+ and the Service Management Facility

Using svcadm With rpc.nisd -x

Modifying the /lib/svc/method/nisplus File

Creating a Sample NIS+ Namespace

Summary of NIS+ Scripts Command Lines

Setting Up NIS+ Root Servers

Prerequisites to Running nisserver to Set Up a Root Server

How to Create an NIS+ Root Master Server

How to Change Incorrect Information When Setting Up NIS+

How to Set Up a Multihomed NIS+ Root Master Server

Populating NIS+ Tables

Prerequisites to Running nispopulate to Populate Root Server Tables

How to Populate the NIS+ Root Master Server Tables

Setting Up NIS+ Client Machines

How to Initialize a New NIS+ Client Machine

Creating Additional NIS+ Client Machines

Initializing NIS+ Client Users

How to Initialize an NIS+ User

Setting Up NIS+ Servers

Configuring a Client as an NIS+ Server

How to Configure an NIS+ Server Without NIS Compatibility

How to Configure an NIS+ Server With NIS Compatibility

How to Configure an NIS+ Server With DNS Forwarding and NIS Compatibility

Creating Additional NIS+ Servers

Creating an NIS+ Root Replica Server

How to Create an NIS+ Root Replica

How to Set Up Multihomed NIS+ Replica Servers

Creating an NIS+ Subdomain

How to Create a New Non-Root NIS+ Domain

Creating Additional NIS+ Domains

Populating the New NIS+ Subdomain's Tables

Prerequisites to Populating a NIS+ Subdomain's Tables

Populating the NIS+ Master Server Tables

How to Populate the NIS+ Tables From Files

How to Populate the NIS+ Tables From NIS Maps

Creating NIS+ Subdomain Replicas

How to Create an NIS+ Replica

Initializing NIS+ Subdomain Client Machines

How to Initialize an NIS+ Subdomain Client Machine

Initializing an NIS+ Subdomain Client Users

How to Initialize an NIS+ Subdomain User

Summary of Commands for the Sample NIS+ Namespace

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+

Glossary

Index

Populating NIS+ Tables

After the root master server has been configured, you can populate its standard NIS+ tables with name services information. This section shows you how to populate the root master server's tables with data from files or NIS maps using the nispopulate script with default settings.

The script uses:


Note - The shadow file's contents are merged with the passwd file's to create the passwd table when files are the tables' information source. No shadow table is created.


Prerequisites to Running nispopulate to Populate Root Server Tables

Before you run the nispopulate script, be sure the following prerequisites have been met.

How to Populate the NIS+ Root Master Server Tables

Before You Begin

Note - The NIS domain name is case-sensitive, while the NIS+ domain name is not.


If populating from files, you need the following information.

If populating from NIS maps, you need:

  1. Perform either substep a or b to populate the root master server tables, then continue with Step 2.

    Substep a shows you how to populate tables from files. Substep b shows you how to populate tables from NIS maps. Type these commands in a scrolling window; otherwise, the script's output might scroll off the screen.


    Note - The nispopulate script can fail if there is insufficient /tmp space on the system. To keep this from happening, you can set the environment variable TMPDIR to a different directory. If TMPDIR is not set to a valid directory, the script uses the /tmp directory.


    1. Type the following command to populate the tables from files.
      master1# nispopulate -F -p /nis+files -d doc.com.
      NIS+ domain name : doc.com.
      Directory Path : /nis+files
      Is this information correct? (type 'y' to accept, 'n' to change)

      The -F option indicates that the tables take their data from files. The -p option specifies the directory search path for the source files. (In this case, the path is /nis+files.) The -d option specifies the NIS+ domain name. (In this case, the domain name is doc.com.)

      The NIS+ principal user is root. You must perform this task as superuser in this instance because this is the first time that you are going to populate the root master server's tables. The nispopulate script adds credentials for all members of the NIS+ admin group.

    2. Type the following command to populate the tables from NIS maps.
      master1# nispopulate -Y -d doc.com. -h salesmaster -a 130.48.58.111 
      -y sales.doc.com.
      NIS+ domain name : doc.com.
      NIS (YP) domain : sales.doc.com.
      NIS (YP) server hostname : salesmaster
      Is this information correct? (type 'y' to accept, 'n' to change)

      The -Y option indicates that the tables take their data from NIS maps. The -d option specifies the NIS+ domain name. The -h option specifies the NIS server's machine name. (In this case, the NIS server's name is salesmaster. You have to insert the name of a real NIS server at your site to create the sample domain.) The -a option specifies the NIS server's IP address. (In this case, the address is 130.48.58.111. You have to insert the IP address of a real NIS server at your site to create the sample domain.) The -y option specifies the NIS domain name. (In this case, the domain's name is sales.doc.com.; you have to insert the NIS domain name of the real NIS domain at your site to create the sample domain.)

      The NIS+ principal user is root. You must perform this task as superuser in this instance because this is the first time that you are going to populate the root master server's tables. The nispopulate script also adds credentials for all members of the NIS+ admin group.

  2. Type y (if the information returned on the screen is correct).

    Typing n causes the script to prompt you for the correct information. (See How to Change Incorrect Information When Setting Up NIS+ for what you need to do if the information is incorrect.)

    • If you performed substep a of Step a, you will see the following:

      Is this information correct?
      (type 'y' to accept, 'n' to change) 
      y
      
      This script will populate the following NIS+ tables for domain doc.com. from 
      the files in /nis+files: auto_master auto_home ethers group hosts networks 
      passwd protocols services rpc netmasks bootparams netgroup aliases shadow
      **WARNING: Interrupting this script after choosing to continue may leave 
      the tables only partially populated. This script does not do any automatic 
      recovery or cleanup.
      Do you want to continue? (type 'y' to continue, 'n' to exit this script)
    • If you performed substep b of Step b, you will see the following:

      Is this information correct? (type 'y' to accept, 'n' to change)
      y
      This script will populate the following NIS+ tables for domain doc.com. from the 
      NIS (YP) maps in domain sales: auto_master auto_home ethers group hosts networks 
      passwd protocols services rpc netmasks bootparams netgroup aliases
      **WARNING: Interrupting this script after choosing to continue may leave the
       tables only partially populated. This script does not do any automatic recovery 
      or cleanup.
      Do you want to continue? (type 'y' to continue, 'n' to exit this script)
  3. Type y to continue populating the tables.

    By typing n, you can safely stop the script. If you interrupt the script after you have chosen y, while the script's running, the script stops running and can leave the tables only partially populated. The script does not do any automatic recovery or cleaning up.

    When you rerun the script, the tables are overwritten with the latest information.

    • If you are populating tables from files, you see messages like the following as the script uses hosts and passwd information to create the credentials for hosts and users:

      Do you want to continue? (type 'y' to continue, 'n' to exit this script) 
      y
      populating auto_master table from file /nis+files/auto_master
      ... auto_master table done. 
      populating auto_home table from file /nis+files/auto_home
      ... auto_home table done.
      Credentials have been added for the entries in the hosts and passwd table(s).
      Each entry was given a default network password (also known as a Secure-
      RPC password). This password is: nisplus
      Use this password when the nisclient script requests the network password.
      Done!

      Note and remember the Secure RPC password (nisplus, in the above example). Use this password when prompted for your network or Secure RPC password.

      The script continues until it has searched for all the files it expects and loads all the tables it can from the available files.

    • If you are populating tables from NIS maps, you will see messages like the following as the script uses hosts and passwd information to create the credentials for hosts and users:

      Do you want to continue? (type 'y' to continue, 'n' to exit this script)
      y
      populating auto_master table from sales.doc.com. NIS(YP) domain... 
      auto_master table done. 
      populating auto_home table from file sales.doc.com. NIS(YP) domain...
      auto_home table done.
      ....
      Credentials have been added for the entries in the hosts and passwd table(s).
      Each entry was given a default network password (also known as a Secure-RPC password). 
      This password is: nisplus
      Use this password when the nisclient script requests the network password.
      Done!

      Note and remember the Secure RPC password (nisplus, in the above example). Use this password when prompted for your network or Secure RPC password.

      All the tables are now populated. You can ignore any parse error warnings. Such errors indicate that NIS+ found empty or unexpected values in a field of a particular NIS map. You may want to verify the data later after the script completes.

  4. (Optional) Add yourself and others to the root domain's admin group.

    For example, if your login ID is topadm and your co-worker's ID is secondadmin, you enter:

    master1# nisgrpadm -a admin.doc.com. topadm.doc.com. secondadm.doc.com.
    Added “topadm.doc.com.” to group “admin.doc.com.”.
    Added “secondadm.doc.com.” to group “admin.doc.com.”.

    The admin.doc.com. argument in the nisgrpadm -a command above is the group name, which must come first. The remaining two arguments are the names of the administrators.


    Note - This step is necessary only if you want to add additional users to the admin group now, which is a good time to add administrators to the root server. You can also add users to the admin group after you have configured NIS+.


    You do not have to wait for the other administrators to change their default passwords to perform this step; however, they must already be listed in the passwd table before you can add them to the admin group. Members of the admin group will be unable to act as NIS+ principals until they add themselves to the domain. See How to Initialize an NIS+ User for more information on initializing users. The group cache also has to expire before the new members become active.

  5. Type the following command to checkpoint the domain.
    master1# nisping -C doc.com.
    Checkpointing replicas serving directory doc.com.
    Master server is master1.doc.com.
     Last update occurred at date
    Master server is master1.doc.com.
    checkpoint scheduled on master1.doc.com.

    This step ensures that all the servers supporting the domain transfer the new information from their initialization (.log) files to the disk-based copies of the tables. Since you have just configured the root domain, this step affects only the root master server, as the root domain does not yet have replicas.


    Caution

    Caution - If you do not have enough swap or disk space, the server will be unable to checkpoint properly, but it will not notify you. One way to make sure everything is correct is to list the contents of a table with the niscat command. For example, to check the contents of the rpc table, type:

    master1# niscat rpc.org_dir
    rpcbind rpcbind 100000
    rpcbind portmap 100000
    rpcbind sunrpc 100000

    If you do not have enough swap space, you will see the following error message instead of the sort of output you see above.

    can't list table: Server busy, Try Again.

    Even though it does not say so, in this context this message indicates that you do not have enough swap space. Increase the swap space and checkpoint the domain again.