Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
NIS+ and the Service Management Facility
Modifying the /lib/svc/method/nisplus File
Creating a Sample NIS+ Namespace
Summary of NIS+ Scripts Command Lines
Prerequisites to Running nisserver to Set Up a Root Server
How to Create an NIS+ Root Master Server
How to Change Incorrect Information When Setting Up NIS+
How to Set Up a Multihomed NIS+ Root Master Server
Prerequisites to Running nispopulate to Populate Root Server Tables
How to Populate the NIS+ Root Master Server Tables
Initializing NIS+ Client Users
How to Initialize an NIS+ User
Configuring a Client as an NIS+ Server
How to Configure an NIS+ Server Without NIS Compatibility
How to Configure an NIS+ Server With NIS Compatibility
How to Configure an NIS+ Server With DNS Forwarding and NIS Compatibility
Creating Additional NIS+ Servers
Creating an NIS+ Root Replica Server
How to Create an NIS+ Root Replica
How to Set Up Multihomed NIS+ Replica Servers
How to Create a New Non-Root NIS+ Domain
Creating Additional NIS+ Domains
Populating the New NIS+ Subdomain's Tables
Prerequisites to Populating a NIS+ Subdomain's Tables
Populating the NIS+ Master Server Tables
How to Populate the NIS+ Tables From Files
How to Populate the NIS+ Tables From NIS Maps
Creating NIS+ Subdomain Replicas
Initializing NIS+ Subdomain Client Machines
How to Initialize an NIS+ Subdomain Client Machine
Initializing an NIS+ Subdomain Client Users
How to Initialize an NIS+ Subdomain User
Summary of Commands for the Sample NIS+ Namespace
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
After the root master server's tables have been populated from files or NIS maps, you can initialize NIS+ client machines. (Because the root master server is an NIS+ client of its own domain, no further steps are required to initialize it.) This section shows you how to initialize an NIS+ client by using the nisclient script with default settings.
The script uses:
The domain used in previous examples, doc.com.
The Secure RPC password (also known as the network password) created by the nispopulate script in the previous example (nisplus, the default password)
Note - The -i option used in How to Initialize a New NIS+ Client Machine does not configure an NIS+ client to resolve host names requiring DNS. You need to explicitly include DNS for clients in their name service switch files.
Before you use the nisclient script, be sure the following prerequisites have been met.
The domain must have already been configured and its master server must be running.
The master server of the domain's tables must be populated. (At a minimum, the hosts or, if you are running a system prior to the Solaris 10 7/07 release, the ipnodes table must have an entry for the new client machine.)
You must be logged in as superuser on the machine that is to become an NIS+ client. In this example, the new client machine is named client1.
You need the following information to run nisclient.
The domain name.
The default Secure RPC password (nisplus).
The root password of the machine that will become the client.
The IP address of the NIS+ server (in the client's home domain).
If DES authentication is used, note the Diffie-Hellman key length used on the master server. Use nisauthconf to ascertain the master server Diffie-Hellman key length.
On the master server, type
nisauthconf
Use the output as the arguments when running the nisauthconf command on the client. For example, if nisauthconf on the master server produces
dh640dh-0 des
type the following command on the client machine
nisauthconf dh640dh-0 des
The -i option initializes a client. The -d option specifies the new NIS+ domain name. (If the domain name is not specified, the default is the current domain name.) The -h option specifies the NIS+ server's host name.
client1# nisclient -i -d doc.com. -h master1 Initializing client client1 for domain “doc.com.”. Once initialization is done, you will need to reboot your machine. Do you want to continue? (type 'y' to continue, 'n' to exit this script)
Typing n exits the script. The script prompts you only for the root server's IP address if there is no entry for it in the client's /etc/hosts or, prior to the Solaris 10 7/07 release, in the client's /etc/inet/ipnodes file.
Do you want to continue? (type 'y' to continue, 'n' to exit this script) y Type server master1's IP address:
This example uses the hypothetical address 123.123.123.123.
Type server master1's IP address: 123.123.123.123 setting up the domain information... setting up the name service switch information... At the prompt below, type the network password (also known as the Secure-RPC password) that you obtained either from your administrator or from running the nispopulate script. Please enter the Secure-RPC password for root:
In this case, use the default, nisplus.
The password does not echo on the screen. If you mistype it, you are prompted for the correct one. If you mistype it twice, the script exits and restores your previous network service. If this happens, try running the script again.
Please enter the login password for root:
The password does not echo on the screen. (If the Secure RPC password and the root login password happen to be the same, you will not be prompted for the root login password.)
Typing the root password changes the credentials for this machine. The RPC password and the root password are now the same for this machine.
Please enter the login password for root: Wrote secret key into /etc/.rootkey Your network password has been changed to your login one. Your network and login passwords are now the same. Client initialization completed!! Please reboot your machine for changes to take effect.
Your changes do not take effect until you reboot the machine.
You can now have the users of this NIS+ client machine add themselves to the NIS+ domain.
Repeat the preceding client-initiation procedure on as many machines as you like. To initiate clients for another domain, repeat the procedure but change the domain and master server names appropriately.
The sample NIS+ domain described in this chapter assumes that you will initialize four clients in the doc.com. domain. You are then going to configure two of the clients as non-root NIS+ servers and a third client as a root replica of the root master server of the doc.com. domain.
Note - You always have to make a system into a client of the parent domain before you can make the same system a server of any type.