Set Up the NIS+ Domain

Setting up the NIS+ root master sets up the NIS+ domain for the Trusted Solaris NIS+ clients. Several NIS+ tables have been created or modified to hold Trusted Solaris data about label configuration, users, roles, execution profiles, and remote hosts.

To Set the Stage

1. As root, create a staging area for files you plan to use to populate the NIS+ databases.

   You can place the staging area wherever you have enough space. Usually a few megabytes is more than enough room to store some files temporarily.

   # mkdir -p /setup/files

2. Copy the sample /etc files into the staging area.

   Most of the files you need already exist on the installed system and have enough data in them to get you started. The following files in the /etc directory are usually not found on a newly installed system: bootparams, ethers, netgroup, netmasks, and timezone. You can create these with an editor, load them from a backup diskette, or merely create empty versions of these files, so that the NIS+ tables are created all at once. If you choose not to create these files, you can create them later, but the nispopulate(1M) command may print out a few warning messages.

   # cd /etc # touch bootparams ethers netgroup netmasks timezone # cp bootparams ethers netgroup netmasks timezone \ aliases auto_home auto_master group hosts networks \ protocols rpc services /setup/files

   Three Trusted Solaris files need to be renamed when copied into the staging area. Three others are copied without changing their names.

   # cp passwd.roles /setup/files/passwd # cp shadow.roles /setup/files/shadow # # cd /etc/security/tsol # # cp tsoluser.roles /setup/files/tsoluser # cp tsolprof tnrhdb tnrhtp /setup/files

3. Check that all the files are now in your staging area; there are 20.

   # cd /setup/files # ls | wc -l WARNING: Command operating outside of the Trusted Path! 20

4. Edit the hosts file in your staging area.

   1. Change the permissions on the file.

      # chmod u+w /setup/files/hosts

   2. Open the Admin Editor and enter /setup/files/hosts for editing.

      For more detailed instructions, see "To Create or Open a File from the Trusted Editor".

      The file already contains the NIS+ root master (that is, this host's address) and the static routers, if any.

      1. Add every workstation that will be in the Trusted Solaris 7 domain.

         There is no fallback mechanism here. The IP address of every workstation to be contacted must be in this file.

         ---

         Caution -

         Failure to include a workstation will cause client authentication to fail; the NIS+ client will have no credentials.

         ---

      2. Add every other workstation with which the domain can communicate.

      3. Write the file and exit the editor.

5. Modify other files in your staging area as necessary.

   ---

   Caution -

   Do not modify the files: tsolprof, tsoluser, passwd, or shadow. You will modify these using the User Manager and Profile Manager.

   ---

   There is enough information in your staging area to convert your host to a NIS+ master. However, if you are restoring a former NIS+ domain from files, you may want to merge some of your saved files with those in the staging area at this time.

   ---

   Caution -

   If you choose to edit any files, you must be very careful to provide all of the information necessary in the correct formats before populating the NIS+ tables. Failure to do so can result in the inability to further administer or use the system.

   ---

To Set Up NIS+ with Databases from the Staging Area

For fuller descriptions of NIS+ setup and administration, see

• NIS+ and DNS Setup and Configuration Guide and

• NIS+ and FNS Administration Guide

1. Double-click the Create NIS+ server action in the System_Admin folder.

   See "To Run a Script from the System_Admin Folder" if you are unfamiliar with using trusted actions.

2. Enter your NIS+ domain name.

   This workstation will be the root master. For example,

   Domain Name: aviary.eco.org.

   There is a period at the end of the domain name.

3. Answer the prompts ( y, y, rootpassword).

   You can ignore diagnostics printing out that the file /etc/defaultdomain cannot be located. The file will be created.

4. In the /setup/files directory, make sure that you have added all NIS+ clients to the hosts file.

   # cd /setup/files # more hosts

5. Populate the standard NIS+ databases from the /setup/files directory by running the Populate NIS+ Tables action.

6. Enter your staging area when prompted.

   Populate from which directory? /setup/files

7. Answer the prompts (y, y).

   ... Is this information correct? y ... Do you want to continue? y

8. Add the Trusted Solaris roles and system administrators to the NIS+ admin group.

   # nisgrpadm -a admin admin secadmin

   The first admin is the name of a NIS+ table. The last two arguments are the names of Trusted Solaris administrative roles, admin and secadmin.

9. Load any additional NIS+ tables you may have backed up.

   Procedures vary depending on the format of the backup and on what types of NIS+ tables they are. Refer to the NIS+ and DNS Setup and Configuration Guide for details of how to load your tables.