| Skip Navigation Links | |
| Exit Print View | |
|
System Administration Guide: Naming and Directory Services (NIS+) |
| Skip Navigation Links | |
| Exit Print View | |
|
|
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
NIS+ Standard Configuration and NIS-Compatible Configuration of an NIS+ Server
Security Considerations When Configuring NIS+ Servers
Prerequisites to Configuring NIS+ Servers
Information You Need to Configure an NIS+ Server
How to Configure an NIS+ Server
Adding a Replica to an Existing NIS+ Domain
Using NIS+ Commands to Configure a Replica Server
How to Configure a Replica Server With NIS+ Commands
Using nisrestore to Load Data Onto an NIS+ Replica Server
How to Load NIS+ Namespace Data by Using the nisrestore Command
Using nisping to Load Data Onto an NIS+ Replica Server
How to Load NIS+ Namespace Data by Using the nisping Command
NIS+ Server Configuration Summary
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
To have regularly available NIS+ service, you should always create one or more replica servers for each domain. Having replicas can also speed network-request resolution because multiple servers are available to handle requests.
For performance reasons, you should have no more than a few replicas per domain.
If your network includes multiple subnets or different sites connected by a Wide Area Network (WAN), you might need additional replicas:
Subnets. If you have a domain that spans multiple subnets, it is a good idea to have at least one replica server within each subnet so that, if the connection between nets is temporarily out of service, each subnet can continue to function until the connection is restored.
Remote sites. If you have a domain spanning multiple sites linked over a WAN, it is a good idea to have at least one replica server on each side of the WAN link. For example, it may make sense from an organizational point of view to have two physically distant sites in the same NIS+ domain. If the domain's master server and all of its replicas are at the first site, there will be much NIS+ network traffic between the first and second sites. Creating an additional replica at the second site should reduce network traffic.
See Creating an NIS+ Root Replica Server for more information on replica distribution and on how to determine the optimum number of replicas. To add a replica to an existing domain you must first configure the new replica, then load the NIS+ data set for your namespace.
The two ways to configure and load a new replica server are:
Scripts. You can use the nisserver script, as described in Creating an NIS+ Root Replica Server. This method automatically performs a full re-sync to load the NIS+ data set on to the new replica server. This is the preferred method because it is easiest, but it might be slower than using the NIS+ command set and backup/restore.
NIS+ command set. You can use the NIS+ command set to configure a replica, as described in Using NIS+ Commands to Configure a Replica Server. This requires more knowledge of NIS+ than using nisserver. One advantage of this method is that it gives you the maximum amount of control and monitoring. Another advantage is that you can bring up a replica by manually creating the domain directories, then loading the NIS+ data set using nisbackup and nisrestore. Using the NIS+ backup and restore capability loads data faster than that used by nisserver.
The two ways to load the NIS+ data set on to the newly configured replica server are:
nisping. When you configure a new replica server with either the nisserver script or the NIS+ command set, the master server automatically begins to load the namespace data set on to the new replica over the network using nisping. If your namespace is large, this could take a long time, during which requests for naming information could be delayed. See Using nisping to Load Data Onto an NIS+ Replica Server for details.
Backup and restore. You can interrupt the transfer of data by using the nisping command. You can then use the NIS+ backup and restore capabilities to load your namespace data on to a newly configured replica server, as described in Using nisrestore to Load Data Onto an NIS+ Replica Server. This is the preferred method because the replica's data set is downloaded on to the replica, which is much faster than having the master transfer the data set to the replica over the network.
This section describes how to add a replica server to an existing domain using the NIS+ command.
Use NIS+ commands to set up an NIS+ server. In this example, the master server is named master1, and the new replica is named replica2.
The NIS+ principal performing this operation must have modify rights to the domain's directory object.
The new replica server must already be configured as an NIS+ server, as described in Setting Up an NIS+ Server.
The domain must have already been configured and have a master server up and running.
You also need the following information:
Name of the server
Name of the domain
master1# svcs -l network/rpc/nisplus:default
Run the nismkdir command with the -s option. The example below adds the replica machine named replica2 to the doc.com.domain.
master1# nismkdir -s replica2 doc.com. master1# nismkdir -s replica2 org_dir.doc.com. master1# nismkdir -s replica2 groups_dir.doc.com.
When you run the nismkdir command on a directory object that already exists, it does not recreate the directory but modifies it, according to the flags you provide. In this case, the -s flag assigns the domain an additional replica server. You can verify that the replica was added by examining the directory object's definition, using the niscat -o command.
 | Caution - Never run nismkdir on the replica machine. Running nismkdir on a replica creates communications problems between the master and the replicas. |
Your new replica is now configured. You can now load your NIS+ data set on to the replica. You can do this in two ways:
nisping. If you do nothing, your master server will use the nisping command to load your namespace data on to your newly configured replica server. If your namespace is large, this process can take hours. During this process, requests for naming information can be delayed. See Using nisping to Load Data Onto an NIS+ Replica Server for details.
Backup and restore. You can interrupt the transfer of data by using the nisping command. You then use the NIS+ backup and restore capabilities to load your namespace data on to a newly configured replica server, as described in Using nisrestore to Load Data Onto an NIS+ Replica Server. Because it is so much faster and more efficient, this is the preferred method.
This section describes how to use the NIS+ backup and restore utilities to load namespace data onto a newly configured replica. This is the preferred method of loading data on to a replica.
Use the nisrestore command to load data on to a replica server. In this example, the master server is named master1, and the new replica is named replica2.
The NIS+ principal performing this operation must have modify rights to the domain's directory object.
The domain must have already been configured and have a master server up and running.
The new replica server must already be configured as an NIS+ server, as described in Setting Up an NIS+ Server.
The new replica server must be configured as a replica, as described in Using NIS+ Commands to Configure a Replica Server.
This interrupts the automatic transfer of namespace data from the master to the replica with the nisping command.
replica2# svcadm disable /network/rpc/nisplus:default
This step is described in more detail in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). The example below shows how to use the nisbackup command to backup up the master1 server to the /var/master1_bakup directory.
master1# nisbackup -a /var/master1_bakup
The most convenient method of using nisrestore to configure a new replica is to back up the master's data to an NFS mounted directory that the new replica can access. This example assumes that both the master and the new replica server have access to the /var/master1_bakup directory.
Another method is to use the tar command to copy the data from the /var/master1_bakup directory to some transferable storage media, such as a tape cartridge, then copy the data from storage media into a directory mounted on the new replica, then use that directory as the source for the nisrestore command, as described in Step 3.
This step is described in more detail in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). The example below shows how to use the nisrestore command to down load NIS+ data on to the client2 replica from the /var/master1_bakup directory.
replica2# nisrestore -a /var/master1_bakup
If the replica you are creating is for the root domain, or if you get an error message that nisrestore cannot verify or look up needed data, then use the nisrestore -f option. For example:
replica2# nisrestore -f -a /var/master1_bakup
See How to Configure an NIS+ Server for details.
This section describes how to use the nisping command to load namespace data onto a newly configured replica. In most cases, it is not necessary to actually run the nisping command because the process should begin automatically.
The problem with the nisping method is that it requires a full resync of data from the master to the replica over the network using NIS+ protocols. If your namespace is large, this process can take hours, during which requests for naming information can be delayed.
Normally, the loading for namespace data is automatically initiated by the master server. If that does not occur, run the nisping command as described in this procedure.
The NIS+ principal performing this operation must have modify rights to the domain's directory object.
The domain must have already been configured and have a master server up and running.
The new replica server must already be configured as an NIS+ server, as described in Setting Up an NIS+ Server.
The new replica server must be configured as a replica, as described in Using NIS+ Commands to Configure a Replica Server.
This step sends a message (a “ping”) to the new replica, telling it to ask the master server for an update. If the replica does not belong to the root domain, be sure to specify its domain name. (The example below includes the domain name only for completeness. Since the example used throughout this task adds a replica to the root domain, the doc.com. domain name in the example below is not necessary.)
master1# nisping doc.com. master1# nisping org_dir.doc.com. master1# nisping groups_dir.doc.com.
You should see results similar to these:
master1# nisping doc.com. Pinging replicas serving directory doc.com. : Master server is master1.doc.com. No last update time Replica server is replica1.doc.com. Last update seen was Wed Nov 18 11:24:32 1992 Pinging ... replica2.doc.com.
If your namespace is large, this process can take a significant amount of time. For more information about nisping, see Chapter 18, Administering NIS+ Directories.
|