System Administration Guide: IP Services

DHCP Client Systems and Name Services

Oracle Solaris systems support the following name services: DNS, NIS, NIS+, and a local file store (/etc/inet/hosts). Each name service requires some configuration before it is usable. The name service switch configuration file (see nsswitch.conf(4)) must also be set up appropriately to indicate the name services to be used.

Before a DHCP client system can use a name service, you must configure the system as a client of the name service. By default, and unless configured otherwise during system installation, only local files are used.

The following table summarizes issues that are related to each name service and DHCP. The table includes links to documentation that can help you set up clients for each name service.

Table 16–1 Name Service Client Setup Information for DHCP Client Systems

Name Service  

Client Setup Information 


If you are using Oracle Solaris DHCP to send Oracle Solaris network install information to a client system, you can use a configuration macro that contains the NISservs and NISdmain options. These options pass the IP addresses of NIS servers and the NIS domain name to the client. The client then automatically becomes an NIS client.

If a DHCP client system is already running Oracle Solaris, the NIS client is not automatically configured on that system when the DHCP server sends NIS information to the client. 

If the DHCP server is configured to send NIS information to the DHCP client system, you can see the values given to the client if you use the dhcpinfo command on the client as follows:

# /sbin/dhcpinfo NISdmain

# /sbin/dhcpinfo NISservs

Note –

For DHCPv6, include -v6, and different protocol keywords in the command.

# /sbin/dhcpinfo -v6 NISDomain

# /sbin/dhcpinfo -v6 NISServers

Use the values returned for the NIS domain name and NIS servers when you set up the system as an NIS client. 

You set up an NIS client for an Oracle Solaris DHCP client system in the standard way, as documented in Chapter 5, Setting Up and Configuring NIS Service, in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Tip –

You can write a script that uses dhcpinfo and ypinit to automate NIS client configuration on DHCP client systems.


If the NIS+ client for a DHCP client system is set up in the conventional way, then the DHCP server might give the client different addresses from time to time. This creates security issues, because NIS+ security includes IP address as part of the configuration. To assure that your client has the same address every time, set up the NIS+ client for a DHCP client system in a nonstandard way, which is documented in Setting Up DHCP Clients as NIS+ Clients.

If the DHCP client system has been manually assigned an IP address, the client's address is always the same. You can set up the NIS+ client in the standard way, which is documented in Setting Up NIS+ Client Machines in System Administration Guide: Naming and Directory Services (NIS+).


You must set up the /etc/inet/hosts file for a DHCP client system that is to use /etc/inet/hosts for its name service.

The DHCP client system's host name is added to its own /etc/inet/hosts file by the DHCP tools. However, you must manually add the host name to the /etc/inet/hosts files of other systems in the network. If the DHCP server system uses /etc/inet/hosts for name resolution, you must also manually add the client's host name on the system.


If the DHCP client system receives the DNS domain name through DHCP, the client system's /etc/resolv.conf file is configured automatically. The /etc/nsswitch.conf file is also automatically updated to append dns to the hosts line after any other name services in the search order. See System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for more information about DNS.

Setting Up DHCP Clients as NIS+ Clients

You can use the NIS+ name service on Oracle Solaris systems that are DHCP clients. However, if your DHCP server can provide different addresses at different times, this partially circumvents one of the security-enhancing features of NIS+, the creation of Data Encryption Standard (DES) credentials. For the sake of security, configure the DHCP server to provide the same address all the time. When you set up an NIS+ client that is not using DHCP, you add unique DES credentials for the client to the NIS+ server. There are several ways to create credentials, such as using the nisclient script or the nisaddcred command.

NIS+ credential generation requires a client to have a static host name to create and store the credentials. If you want to use NIS+ and DHCP, you must create identical credentials to be used for all the host names of DHCP clients. In this way, no matter what IP address and associated host name that a DHCP client receives, the client can use the same DES credentials.

The following procedure shows you how to create identical credentials for all DHCP host names. This procedure is valid only if you know the host names that DHCP clients use. For example, when the DHCP server generates the host names, you know the possible host names that a client can receive.

ProcedureHow to Set Up Oracle Solaris DHCP Clients as NIS+ Clients

A DHCP client system that is to be an NIS+ client must use credentials that belong to another NIS+ client system in the NIS+ domain. This procedure only produces credentials for the system, which apply only to the superuser logged in to the system. Other users who log in to the DHCP client system must have their own unique credentials in the NIS+ server. These credentials are created according to a procedure in the System Administration Guide: Naming and Directory Services (NIS+).

  1. Create the credentials for a client by typing the following command on the NIS+ server:

    # nisgrep nisplus-client-name cred.org_dir > /tmp/file

    This command writes the cred.org_dir table entry for the NIS+ client to a temporary file.

  2. Use the cat command to view the contents of the temporary file.

    Or, use a text editor.

  3. Copy the credentials to use for DHCP clients.

    You must copy the public key and private key, which are long strings of numbers and letters separated by colons. The credentials are to be pasted into the command issued in the next step.

  4. Add credentials for a DHCP client by typing the following command:

    # nistbladm -a cname=" dhcp-client-name@nisplus-domain" auth_type=DES \
    auth_name="unix.dhcp-client-name@nisplus-domain" \
    public_data=copied-public-key \ 

    For the copied-public-key, paste the public key information that you copied from the temporary file. For the copied-private-key, paste the private key information that you copied from the temporary file.

  5. Remote copy files from the NIS+ client system to the DHCP client system by typing the following commands on the DHCP client system:

    # rcp nisplus-client-name:/var/nis/NIS_COLD_START /var/nis
    # rcp nisplus-client-name:/etc/.rootkey /etc
    # rcp nisplus-client-name:/etc/defaultdomain /etc

    If you get a “permission denied” message, the systems might not be set up to allow remote copying. In this case, you can copy the files as a regular user to an intermediate location. As superuser, copy the files from the intermediate location to the proper location on the DHCP client system.

  6. Copy the correct name service switch file for NIS+ by typing the following command on the DHCP client system:

    # cp /etc/nsswitch.nisplus /etc/nsswitch.conf
  7. Reboot the DHCP client system.

    The DHCP client system should now be able to use NIS+ services.

Example 16–1 Setting up an Oracle Solaris DHCP Client System as an NIS+ Client

The following example assumes that you have one system nisei, which is an NIS+ client in the NIS+ domain You also have one DHCP client system, dhow, and you want dhow to be an NIS+ client.

(First log in as superuser on the NIS+ server)
# nisgrep nisei cred.org_dir > /tmp/nisei-cred
# cat /tmp/nisei-cred
# nistbladm -a cname="" \
auth_type=DES auth_name="" \
public_data=46199279911a84045b8e0c76822179138173a20edbd8eab4 \
# rlogin dhow
(Log in as superuser on dhow)
# rcp nisei:/var/nis/NIS_COLD_START /var/nis
# rcp nisei:/etc/.rootkey /etc
# rcp nisei:/etc/defaultdomain /etc
# cp /etc/nsswitch.nisplus /etc/nsswitch.conf
# reboot

The DHCP client system dhow should now be able to use NIS+ services.

Example 16–2 Adding Credentials With a Script

If you want to set up a large number of DHCP client systems as NIS+ clients, you can write a script. A script can quickly add the entries to the cred.org_dir NIS+ table. The following example shows a sample script.

#! /usr/bin/ksh  
# Copyright (c) by Sun Microsystems, Inc. All rights reserved. 
# Sample script for cloning a credential. Hosts file is already populated  
# with entries of the form dhcp-[0-9][0-9][0-9]. The entry we're cloning 
# is dhcp-001. 
i in 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019
     print - ${HOST}${i}         
     #nistbladm -r [cname="${HOST}${i}.${DOMAIN}."]cred.org_dir         
     nistbladm -a cname="${HOST}${i}.${DOMAIN}." \
         auth_type=DES auth_name="unix.${HOST}${i}@${DOMAIN}" \
         public_data=${PUBLIC_DATA} private_data=${PRIVATE_DTA} cred.org_Dir
exit 0