Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
Creating a Sample NIS+ Namespace
Summary of NIS+ Scripts Command Lines
Prerequisites to Running nisserver to Set Up a Root Server
How to Create an NIS+ Root Master Server
How to Change Incorrect Information When Setting Up NIS+
How to Set Up a Multihomed NIS+ Root Master Server
Prerequisites to Running nispopulate to Populate Root Server Tables
How to Populate the NIS+ Root Master Server Tables
Setting Up NIS+ Client Machines
How to Initialize a New NIS+ Client Machine
Creating Additional NIS+ Client Machines
Initializing NIS+ Client Users
How to Initialize an NIS+ User
Configuring a Client as an NIS+ Server
How to Configure an NIS+ Server Without NIS Compatibility
How to Configure an NIS+ Server With NIS Compatibility
How to Configure an NIS+ Server With DNS Forwarding and NIS Compatibility
Creating Additional NIS+ Servers
Creating an NIS+ Root Replica Server
How to Create an NIS+ Root Replica
How to Set Up Multihomed NIS+ Replica Servers
How to Create a New Non-Root NIS+ Domain
Creating Additional NIS+ Domains
Populating the New NIS+ Subdomain's Tables
Prerequisites to Populating a NIS+ Subdomain's Tables
Populating the NIS+ Master Server Tables
How to Populate the NIS+ Tables From Files
How to Populate the NIS+ Tables From NIS Maps
Creating NIS+ Subdomain Replicas
Initializing NIS+ Subdomain Client Machines
How to Initialize an NIS+ Subdomain Client Machine
Initializing an NIS+ Subdomain Client Users
How to Initialize an NIS+ Subdomain User
Summary of Commands for the Sample NIS+ Namespace
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
Using the configuration scripts is the recommended method of setting up and configuring an NIS+ namespace. Using these scripts is easier than to trying to set up an NIS+ namespace with the NIS+ command set, as described in Chapter 6, Configuring NIS+ Clients, Chapter 7, Configuring NIS+ Servers, and Chapter 8, Configuring an NIS+ Non-Root Domain.
(See the nisserver, nispopulate, and nisclient man pages for complete descriptions of the scripts. See the Glossary for definitions of terms and acronyms you do not recognize.)
You should not use the small sample NIS+ namespace referred to in this tutorial manual as a basis for your actual NIS+ namespace. You should destroy the sample namespace after you finish exploring it, instead of adding on to it. It is better to begin again and carefully plan your NIS+ hierarchy before you create your actual namespace.
Table 4-1 summarizes the recommended generic configuration procedure. The left column lists the major configuration activities, such as configuring the root domain or creating a client. The text in the middle describes the activities. The third column lists which script or commands accomplish each step.
Table 4-1 Recommended NIS+ Configuration Procedure Overview
|
The NIS+ scripts enable to you to skip most of the individual procedures included in the above activities.
Most of the command line administrative tasks associated with the NIS+ service are managed by the Service Management Facility (SMF). For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.
Administrative actions on the NIS+ service, such as enabling, disabling, or restarting, can be performed using the svcadm command. When the service is started or stopped, any dependent processes are also started or stopped.
Tip - Temporarily disabling a service by using the -t option provides some protection for the service configuration. If the service is disabled with the -t option, the original settings would be restored for the service after a reboot. If the service is disabled without -t, the service will remain disabled after reboot.
SMF automatically starts nis_cachemgr when it enables the NIS+ service, if it detects the /var/nis/NIS_COLD_START file.
The NIS+ Fault Managed Resource Identifier (FMRI) is svc:/network/rpc/nisplus:<instance>.
The FMRI for keyserv is svc:/network/rpc/keyserv:<instance>.
You can query the status of NIS+ by using the svcs command.
Example of svcs command and output.
# svcs \*nisplus\* STATE STIME FMRI disabled Sep_01 svc:/network/rpc/nisplus:default
Example of svcs -l command and output.
# svcs -l network/rpc/nisplus fmri svc:/network/rpc/nisplus:default enabled false state disabled next_state none restarter svc:/system/svc/restarter:default dependency require_all/none svc:/network/rpc/keyserv (online)
You can also use the svccfg utility to get more detailed information about a service. See the svccfg(1M) man page.
You can check a daemon's presence by using the ps command.
# ps -e | grep rpc.nisd
Note - Do not use the -f option with ps because this option attempts to translate user IDs to names, which causes more naming service lookups that might not succeed.
In general, the /usr/sbin/rpc.nisd daemon is administered using the svcadm command. However, when rpc.nisd is invoked with -x nisplusLDAPinitialUpdateOnly=yes, rpc.nisd performs the specified action, then exits. That is, rpc.nisd does not daemonize. SMF should not be used in conjunction with -x nisplusLDAPinitialUpdateOnly=yes. SMF can be used any other time you want to start, stop, or restart the rpc.nisd daemon.
The following example shows rpc.nisd used with -x nisplusLDAPinitialUpdateOnly=yes.
# /usr/sbin/rpc.nisd -m mappingfile \ -x nisplusLDAPinitialUpdateAction=from_ldap \ -x nisplusLDAPinitialUpdateOnly=yes
If you want to include specific options when you invoke the rpc.nisd daemon with SMF, add the options to the /lib/svc/method/nisplus file. The following list provides some commonly used options.
Sets the server's security level to 0, which is required at this point for bootstrapping.
Because no cred table exists yet, no NIS+ principals can have credentials. If you use a higher security level, you are locked out of the server.
Supports DNS forwarding
Starts the NIS+ daemon in NIS-compatibility mode
Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.
# svcadm disable network/rpc/nisplus:default
Use your preferred text editor.
Example –
Change:
/usr/sbin/rpc.nisd $nisd_flags || exit $?
To:
/usr/sbin/rpc.nisd $nisd_flags -Y -B || exit $?
In this example, the -Y and -B options are added to rpc.nisd, so the options are automatically implemented at startup.
# svcadm enable network/rpc/nisplus:default