Solaris DHCP Administration Guide

How to Set Up Solaris DHCP Clients as NIS+ Clients

A DHCP client workstation that is to be a NIS+ client must use credentials copied from another NIS+ client workstation in the NIS+ domain. This procedure only produces credentials for the workstation, which apply only to the superuser logged in to the workstation. Other users logged in to the DHCP client workstation must have their own unique credentials in the NIS+ server, created according to the procedure in the Solaris Naming Administration Guide.

  1. Type the following command on the NIS+ server to write the cred table entry for the NIS+ client to a temporary file.


    # nisgrep nisplus-client-name cred.org_dir > /tmp/file
    
  2. View the contents of the temporary file so you can copy the credentials and use them to create credentials for DHCP clients.

    You must copy the public key and private key, which are long strings of numbers and letters separated by colons.

  3. Type the following commands to add credentials for a DHCP client. Copy the public and private key information from the temporary file.


    # nistbladm -a cname=" dhcp-client-name@nisplus-domain" auth_type=DES \
    auth_name="unix.dhcp-client-name@nisplus-domain" \
    public_data=copied-public-data \ 
    private_data=copied-private-data
    
  4. Type the following commands on each DHCP client system to remote copy NIS+ client files to the DHCP client system.


    # rcp nisplus-client-name:/var/nis/NIS_COLD_START /var/nis
    # rcp nisplus-client-name:/etc/.rootkey /etc
    # rcp nisplus-client-name:/etc/defaultdomain /etc
    

    If you get a “permission denied” message, the systems may not be set up to allow remote copying. You can copy the files as a regular user to an intermediate location and then copy them to the proper location as root on the DHCP client systems.

  5. Type the following command on the DHCP client system to use the correct name service switch file for NIS+:


    # cp /etc/nisswitch.nisplus /etc/nisswitch.conf
    
  6. Reboot the DHCP client system.

    The DHCP client system should now be able to use NIS+ services.

Example – Setting up a Solaris DHCP Client as an NIS+ Client

The following example assumes that you have one workstation, nisei, which is a NIS+ client in the NIS+ domain dev.purple.net, and one DHCP client, dhow, that you want to be a NIS+ client.


(first log in as root on the NIS+ server)
# nisgrep nisei cred.org_dir > /tmp/nisei-cred
# cat /tmp/nisei-cred
nisei.dev.purple.net.:DES:unix.nisei@dev.purple.net:46199279911a84045b8e0
c76822179138173a20edbd8eab4:90f2e2bb6ffe7e3547346dda624ec4c7f0fe1d5f37e21cff63830
c05bc1c724b
# nistbladm -a cname="dhow@dev.purple.net." \
auth_type=DES auth_name="unix.dhow@dev.purple.net" \
public_data=46199279911a84045b8e0c76822179138173a20edbd8eab4 \
private_data=90f2e2bb6ffe7e3547346dda624ec4c7f0fe1d5f37e21cff63830\
c05bc1c724b
# rlogin dhow
(log in as root on dhow)
# rcp nisei:/var/nis/NIS_COLD_START /var/nis
# rcp nisei:/etc/.rootkey /etc
# rcp nisei:/etc/defaultdomain /etc
# cp /etc/nisswitch.nisplus /etc/nisswitch.conf
# reboot

The DHCP client system dhow should now be able to use NIS+ services.

Adding Credentials With a Script

If you want to set up a large number of DHCP clients as NIS+ clients, you can write a script to quickly add the entries to the cred table. The following sample shows how this might be done.


Example 4–2 Sample Script for Adding Credentials for DHCP Clients

#! /usr/bin/ksh  
# 
# Copyright (c) by Sun Microsystems, Inc. All rights reserved. 
# 
# Sample script for cloning a credential. Hosts file is already populated  
# with entries of the form dhcp-[0-9][0-9][0-9]. The entry we're cloning 
# is dhcp-001. 
#  
#  
PUBLIC_DATA=6e72878d8dc095a8b5aea951733d6ea91b4ec59e136bd3b3 
PRIVATE_DATA=3a86729b685e2b2320cd7e26d4f1519ee070a60620a93e48a8682c5031058df4
HOST="dhcp-" 
DOMAIN="mydomain.nisplus.com"  
 
for 
i in 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019
do         
     print - ${HOST}${i}         
     #nistbladm -r [cname="${HOST}${i}.${DOMAIN}."]cred.org_dir         
     nistbladm -a cname="${HOST}${i}.${DOMAIN}." \
	    					auth_type=DES auth_name="unix.${HOST}${i}@${DOMAIN}" \
							public_data=${PUBLIC_DATA} private_data=${PRIVATE_DTA} cred.org_Dir
done  
 
exit 0