JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

NIS+ Configuration Overview

NIS+ and the Service Management Facility

Using svcadm With rpc.nisd -x

Modifying the /lib/svc/method/nisplus File

Creating a Sample NIS+ Namespace

Summary of NIS+ Scripts Command Lines

Setting Up NIS+ Root Servers

Prerequisites to Running nisserver to Set Up a Root Server

How to Create an NIS+ Root Master Server

How to Change Incorrect Information When Setting Up NIS+

How to Set Up a Multihomed NIS+ Root Master Server

Populating NIS+ Tables

Prerequisites to Running nispopulate to Populate Root Server Tables

How to Populate the NIS+ Root Master Server Tables

Setting Up NIS+ Client Machines

How to Initialize a New NIS+ Client Machine

Creating Additional NIS+ Client Machines

Initializing NIS+ Client Users

How to Initialize an NIS+ User

Setting Up NIS+ Servers

Configuring a Client as an NIS+ Server

How to Configure an NIS+ Server Without NIS Compatibility

How to Configure an NIS+ Server With NIS Compatibility

How to Configure an NIS+ Server With DNS Forwarding and NIS Compatibility

Creating Additional NIS+ Servers

Creating an NIS+ Root Replica Server

How to Create an NIS+ Root Replica

How to Set Up Multihomed NIS+ Replica Servers

Creating an NIS+ Subdomain

How to Create a New Non-Root NIS+ Domain

Creating Additional NIS+ Domains

Populating the New NIS+ Subdomain's Tables

Prerequisites to Populating a NIS+ Subdomain's Tables

Populating the NIS+ Master Server Tables

How to Populate the NIS+ Tables From Files

How to Populate the NIS+ Tables From NIS Maps

Creating NIS+ Subdomain Replicas

How to Create an NIS+ Replica

Initializing NIS+ Subdomain Client Machines

How to Initialize an NIS+ Subdomain Client Machine

Initializing an NIS+ Subdomain Client Users

How to Initialize an NIS+ Subdomain User

Summary of Commands for the Sample NIS+ Namespace

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



NIS+ Configuration Overview

Using the configuration scripts is the recommended method of setting up and configuring an NIS+ namespace. Using these scripts is easier than to trying to set up an NIS+ namespace with the NIS+ command set, as described in Chapter 6, Configuring NIS+ Clients, Chapter 7, Configuring NIS+ Servers, and Chapter 8, Configuring an NIS+ Non-Root Domain.

(See the nisserver, nispopulate, and nisclient man pages for complete descriptions of the scripts. See the Glossary for definitions of terms and acronyms you do not recognize.)

You should not use the small sample NIS+ namespace referred to in this tutorial manual as a basis for your actual NIS+ namespace. You should destroy the sample namespace after you finish exploring it, instead of adding on to it. It is better to begin again and carefully plan your NIS+ hierarchy before you create your actual namespace.

Table 4-1 summarizes the recommended generic configuration procedure. The left column lists the major configuration activities, such as configuring the root domain or creating a client. The text in the middle describes the activities. The third column lists which script or commands accomplish each step.

Table 4-1 Recommended NIS+ Configuration Procedure Overview

Script/ Commands
Plan your new NIS+ namespace
Plan your new NIS+ namespace. See Chapter 2, NIS+: An Introduction for a full discussion of planning requirements and steps. (If you are just following the NIS+ tutorial in a test-bed network, this step has been done for you.)
Prepare your existing namespace
In order for the scripts to work best, your current namespace (if any) must be properly prepared. See Preparing the Existing Namespace for NIS+ for a description of necessary preparations. (If you are just following the NIS+ tutorial in a test-bed network, this step has been done for you.)
Configure the Diffie-Hellman key length
If you intend to use DES authentication, consider using Diffie-Hellman keys longer than the 192-bit default. The extended key length must be the same on all machines in the domain. Specify the desired key length before running the respective initialization scripts.
Configure root Domain
Create the root domain. Configure and initialize the root master server. Create the root domain admin group.
Populate tables
Populate the NIS+ tables of the root domain from text files or NIS maps. Create credentials for root domain clients. Create administrator credentials.



Configure root domain clients
Configure the client machines. (Some of them will subsequently be converted into servers.) Initialize users as NIS+ clients.
Enable servers
Enable some clients of the root domain to become servers. Some servers will later become root replicas; others will support lower-level domains.
svcadm enable
Configure root replicas
Designate one or more of the servers you just configured as replicas of the root domain.


Configure non-root domains
Create a new domain. Designate a previously enabled server as its master. Create its admin group and admin credentials.
Populate tables
Create credentials for clients of the new domain. Populate the NIS+ tables of the new domain from text files or NIS maps.
Configure non-root domain clients
Configure the clients of the new domain. (Some may subsequently be converted into servers for lower-level domains.) Initialize users as NIS+ clients.

The NIS+ scripts enable to you to skip most of the individual procedures included in the above activities.

NIS+ and the Service Management Facility

Most of the command line administrative tasks associated with the NIS+ service are managed by the Service Management Facility (SMF). For an overview of SMF, refer to Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. Also refer to the svcadm(1M) and svcs(1) man pages for more details.

Using svcadm With rpc.nisd -x

In general, the /usr/sbin/rpc.nisd daemon is administered using the svcadm command. However, when rpc.nisd is invoked with -x nisplusLDAPinitialUpdateOnly=yes, rpc.nisd performs the specified action, then exits. That is, rpc.nisd does not daemonize. SMF should not be used in conjunction with -x nisplusLDAPinitialUpdateOnly=yes. SMF can be used any other time you want to start, stop, or restart the rpc.nisd daemon.

The following example shows rpc.nisd used with -x nisplusLDAPinitialUpdateOnly=yes.

# /usr/sbin/rpc.nisd -m mappingfile \
-x nisplusLDAPinitialUpdateAction=from_ldap \
-x nisplusLDAPinitialUpdateOnly=yes
Modifying the /lib/svc/method/nisplus File

If you want to include specific options when you invoke the rpc.nisd daemon with SMF, add the options to the /lib/svc/method/nisplus file. The following list provides some commonly used options.

-S 0

Sets the server's security level to 0, which is required at this point for bootstrapping.

Because no cred table exists yet, no NIS+ principals can have credentials. If you use a higher security level, you are locked out of the server.


Supports DNS forwarding


Starts the NIS+ daemon in NIS-compatibility mode

How to Modify the /lib/svc/method/nisplus File

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

  2. Stop the NIS+ service.
    # svcadm disable network/rpc/nisplus:default
  3. Open the /lib/svc/method/nisplus file.

    Use your preferred text editor.

  4. Edit the file to add the desired options.

    Example –


    /usr/sbin/rpc.nisd $nisd_flags || exit $?


    /usr/sbin/rpc.nisd $nisd_flags -Y -B || exit $?

    In this example, the -Y and -B options are added to rpc.nisd, so the options are automatically implemented at startup.

  5. Save and quit.
  6. Start the NIS+ service.
    # svcadm enable network/rpc/nisplus:default