Solaris DHCP Administration Guide

How to Set Up Solaris DHCP Clients as NIS+ Clients

A DHCP client workstation that is to be a NIS+ client must use credentials copied from another NIS+ client workstation in the NIS+ domain. This procedure only produces credentials for the workstation, which apply only to the superuser logged in to the workstation. Other users logged in to the DHCP client workstation must have their own unique credentials in the NIS+ server, created according to the procedure in the Solaris Naming Administration Guide.

  1. Type the following command on the NIS+ server to write the cred table entry for the NIS+ client to a temporary file.

    # nisgrep nisplus-client-name cred.org_dir > /tmp/file
  2. View the contents of the temporary file so you can copy the credentials and use them to create credentials for DHCP clients.

    You must copy the public key and private key, which are long strings of numbers and letters separated by colons.

  3. Type the following commands to add credentials for a DHCP client. Copy the public and private key information from the temporary file.

    # nistbladm -a cname=" dhcp-client-name@nisplus-domain" auth_type=DES \
    auth_name="unix.dhcp-client-name@nisplus-domain" \
    public_data=copied-public-data \ 
  4. Type the following commands on each DHCP client system to remote copy NIS+ client files to the DHCP client system.

    # rcp nisplus-client-name:/var/nis/NIS_COLD_START /var/nis
    # rcp nisplus-client-name:/etc/.rootkey /etc
    # rcp nisplus-client-name:/etc/defaultdomain /etc

    If you get a “permission denied” message, the systems may not be set up to allow remote copying. You can copy the files as a regular user to an intermediate location and then copy them to the proper location as root on the DHCP client systems.

  5. Type the following command on the DHCP client system to use the correct name service switch file for NIS+:

    # cp /etc/nisswitch.nisplus /etc/nisswitch.conf
  6. Reboot the DHCP client system.

    The DHCP client system should now be able to use NIS+ services.

Example – Setting up a Solaris DHCP Client as an NIS+ Client

The following example assumes that you have one workstation, nisei, which is a NIS+ client in the NIS+ domain, and one DHCP client, dhow, that you want to be a NIS+ client.

(first log in as root on the NIS+ server)
# nisgrep nisei cred.org_dir > /tmp/nisei-cred
# cat /tmp/nisei-cred
# nistbladm -a cname="" \
auth_type=DES auth_name="" \
public_data=46199279911a84045b8e0c76822179138173a20edbd8eab4 \
# rlogin dhow
(log in as root on dhow)
# rcp nisei:/var/nis/NIS_COLD_START /var/nis
# rcp nisei:/etc/.rootkey /etc
# rcp nisei:/etc/defaultdomain /etc
# cp /etc/nisswitch.nisplus /etc/nisswitch.conf
# reboot

The DHCP client system dhow should now be able to use NIS+ services.

Adding Credentials With a Script

If you want to set up a large number of DHCP clients as NIS+ clients, you can write a script to quickly add the entries to the cred table. The following sample shows how this might be done.

Example 4–2 Sample Script for Adding Credentials for DHCP Clients

#! /usr/bin/ksh  
# Copyright (c) by Sun Microsystems, Inc. All rights reserved. 
# Sample script for cloning a credential. Hosts file is already populated  
# with entries of the form dhcp-[0-9][0-9][0-9]. The entry we're cloning 
# is dhcp-001. 
i in 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019
     print - ${HOST}${i}         
     #nistbladm -r [cname="${HOST}${i}.${DOMAIN}."]cred.org_dir         
     nistbladm -a cname="${HOST}${i}.${DOMAIN}." \
	    					auth_type=DES auth_name="unix.${HOST}${i}@${DOMAIN}" \
							public_data=${PUBLIC_DATA} private_data=${PRIVATE_DTA} cred.org_Dir
exit 0