JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Working With Naming and Directory Services in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I About Naming and Directory Services

1.  Naming and Directory Services (Overview)

2.  Name Service Switch (Overview)

3.  Managing DNS (Tasks)

4.  Setting Up Oracle Solaris Active Directory Clients (Tasks)

Part II NIS Setup and Administration

5.  Network Information Service (Overview)

6.  Setting Up and Configuring NIS (Tasks)

7.  Administering NIS (Tasks)

Password Files and Namespace Security

Administering NIS Users

How to Add a New NIS User to an NIS Domain

Setting User Passwords

NIS Netgroups

Working With NIS Maps

Obtaining Map Information

Changing a Map's Master Server

How to Change a Map's Master Server

Modifying Configuration Files

How to Modify Configuration Files

Modifying and Using /var/yp/Makefile

Working With the Makefile

Changing Makefile Macros/Variables

Modifying Makefile Entries

How to Modify /var/yp/Makefile to Use Specific Databases

How to Modify the Makefile to Delete Databases

Updating and Modifying Existing Maps

How to Update Maps Supplied With the Default Set

Maintaining Updated Maps

Propagating an NIS Map

Using the cron Command for Map Transfers

Using Shell Scripts With cron and ypxfr

Directly Invoking the ypxfr Command

Logging ypxfr Activity

Modifying Non-Default Maps

Using the makedbm Command to Modify a Non-Default Map

Creating New Maps From Text Files

Adding Entries to a File-Based Map

Creating Maps From Standard Input

Modifying Maps Made From Standard Input

Working With NIS Servers

Binding to a Specific NIS Server

How to Set a Machine's NIS Domain Name

How to Configure Machine Host Name and Address Lookup Through NIS and DNS

Turning Off NIS Services

8.  NIS Troubleshooting

Part III LDAP Naming Services

9.  Introduction to LDAP Naming Services (Overview)

10.  Planning Requirements for LDAP Naming Services (Tasks)

11.  Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)

12.  Setting Up LDAP Clients (Tasks)

13.  LDAP Troubleshooting (Reference)

14.  LDAP Naming Service (Reference)

15.  Transitioning From NIS to LDAP (Tasks)

Glossary

Index

Administering NIS Users

This section includes information about setting user passwords, adding new users to an NIS domain, and assigning users to netgroups.

How to Add a New NIS User to an NIS Domain

  1. Become an administrator on the NIS master server.

    For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.

  2. Create the new user's login ID with the useradd command.
    # useradd userID

    where userID is the login ID of the new user. This command creates entries in the /etc/passwd and /etc/shadow files on the master NIS server.

  3. Create the new user's initial password.

    To create an initial password that the new user can use to log in, run the passwd command.

    # passwd userID

    where userID is the login ID of the new user. You will be prompted for the password to assign to this user.

    This step is necessary because the password entry created by the useradd command is locked, which means that the new user cannot log in. By specifying an initial password, you unlock the entry.

  4. Copy the new entry into the master server's passwd map input files.

    The map source files on your master server should be in a directory other than /etc. Copy and paste the new lines from the /etc/passwd and /etc/shadow files into the passwd map input files on the server. See Password Files and Namespace Security for additional information.

    For example, if you added the new user brown, the line from /etc/passwd that you would copy to your passwd input file would look like the following.

    brown:x:123:10:User brown:/home/brown:/bin/csh:

    The line for brown that you would copy from /etc/shadow would look like:

    brown:$5$YiFpYWXb$6jJkG/gKdfkKtlTbemORnbeH.qsvO9MwBD3ulTihq9B:6445::::::
  5. Make sure that the Makefile correctly specifies the directory where the password input file resides.
  6. Delete the new user's entries from the/etc/passwd and /etc/shadow input files.

    For security reasons, do not keep user entries in the NIS master server /etc/passwd and /etc/shadow files. After copying the entries for the new user to the NIS map source files that are stored in some other directory, use the userdel command on the master server to delete the new user.

    For example, to delete the new user brown from the master server's /etc files, you would enter the following.

    # userdel brown

    For more information about userdel, see the userdel(1M) man page.

  7. Update the NIS passwd maps.

    After you have updated the passwd input file on the master server, update the passwd maps by running make in the directory containing the source file.

    # userdel brown
    # cd /var/yp
    # make passwd
  8. Tell the new user the initial password you have assigned to his or her login ID.

    After logging in, the new user can run passwd at any time to establish a different password.

Setting User Passwords

Users run passwd to change their passwords.

% passwd username

Before users can change their passwords, you must start the rpc.yppasswdd daemon on the master server to update the password file.

The rpc.yppasswdd daemon starts automatically on the master server. Notice that when the -m option is given to rpc.yppasswdd, the make command is run in /var/yp immediately following a modification of the file. If you want to avoid having the make command run each time the passwd file is changed, remove the -m option from the rpc.yppasswd command in the ypstart script and control the pushing of the passwd maps through the crontab file.

NIS Netgroups

NIS netgroups are groups (sets) of users or machines that you define for your administrative purposes. For example, you can create netgroups that do the following.

Each netgroup is given a netgroup name. Netgroups do not directly set permissions or access rights. Instead, the netgroup names are used by other NIS maps in places where a user name or machine name would normally be used. For example, suppose you created a netgroup of network administrators called netadmins. To grant all members of the netadmins netgroup access to a given machine, you only need to add a netadmin entry to that machine's /etc/passwd file. Netgroup names can also be added to the /etc/netgroup file and propagated to the NIS netgroup map. See the netgroup(4) man page for more detailed information on using netgroups.

On a network using NIS, the netgroup input file on the master NIS server is used for generating three maps: netgroup, netgroup.byuser, and netgroup.byhost. The netgroup map contains the basic information in the netgroup input file. The two other NIS maps contain information in a format that speeds lookups of netgroup information, given the machine or user name.

Entries in the netgroup input file are in the format: name ID, where name is the name you give to a netgroup, and ID identifies a machine or user who belongs to the netgroup. You can specify as many IDs (members) to a netgroup as you want, separated by commas. For example, to create a netgroup with three members, the netgroup input file entry would be in the format: name ID, ID, ID. The member IDs in a netgroup input file entry are in the following format.

([-|machine], [-|user], [domain])

Where machine is a machine name, user is a user ID, and domain is the machine or user's NIS domain. The domain element is optional and should only be used to identify machines or users in some other NIS domain. The machine and user element of each member's entry are required, but a dash (-) is used to denote a null. There is no necessary relationship between the machine and user elements in an entry.

The following are two sample netgroup input file entries, each of which create a netgroup named admins composed of the users hauri and juanita who is in the remote domain sales and the machines altair and sirius.

admins (altair, hauri), (sirius,juanita,sales)
admins (altair,-), (sirius,-), (-,hauri), (-,juanita,sales)

Various programs use the netgroup NIS maps for permission checking during login, remote mount, remote login, and remote shell creation. These programs include mountd, and login. The login command consults the netgroup maps for user classifications if it encounters netgroup names in the passwd database. The mountd daemon consults the netgroup maps for machine classifications if it encounters netgroup names in the /etc/dfs/dfstab file. In fact, any program that uses the ruserok interface checks the netgroup maps for both machine and user classifications if they encounter netgroup names in the /etc/hosts.equiv or .rhosts file.

If you add a new NIS user or machine to your network, be sure to add them to appropriate netgroups in the netgroup input file. Then use the make and yppush commands to create the netgroup maps and push them to all of your NIS servers. See the netgroup(4) man page for detailed information on using netgroups and netgroup input file syntax.