The root role does this during initial configuration of the system, as described in "Configuring a NIS or NIS+ Client" in Trusted Solaris Installation and Configuration
Assume the System Administrator role and go to an ADMIN_LOW
workspace.
Follow the procedures in "Connecting to the Name Server".
NIS+ ONLY: For root to administer NIS+ from a NIS+ client, go to the NIS+ client and add the NIS+ client to the admin group by double-clicking the Add to NIS+ Administrative Group action and filling in the fields.
For example, the following two invocations of the Add to NIS+ Administrative Group action enable root to administer the NIS+ domain from the good and good1 computers in the security.example.com domain.
Group Name: admin Principal Name: good.security.example.com. |
Group Name: admin Principal Name: good1.security.example.com. |
Before installing a new Trusted Solaris release, you can save the information in your name service and restore it to the system after installation.
Use ypcat(1) to dump NIS maps into flat files and then propagate NIS maps from the files.
See "Administering NIS" in Solaris Naming Administration Guide for how to propagate NIS maps from files.
Before installing a new Trusted Solaris release, you can save the information in your name service and restore it to the system after installation.
Create a script or use another means to dump the NIS+ tables into text files.
It is a good idea to dump the NIS+ tables into text files routinely, at least every time you make a change to NIS+.
To create a script, assume the security administrator role and use the Admin Editor action to create the script file at ADMIN_LOW
.
The following example shows a script called nisscript that the administrator role can create to do the dumps and to create a list of group members for later re-creation of the groups table.
#!/bin/sh # nisscript # nisplus tables into text files # mkdir -p /var/nis-backup chmod 700 /var/nis-backup cp /etc/.rootkey /var/nis-backup/dot-rootkey # standard Solaris and Trusted Solaris tables # NOTE: Add any tables created at your site cd /var/nis/data for i in audit_user auth_attr aliases bootparams ethers \ exec_attr group hosts netgroup netmasks networks passwd \ prof_attr protocols rpc services timezone tnrhdb tnrhtp \ user_attr shadow do echo $i /usr/lib/nis/nisaddent -d $i >/var/nis-backup/$i done # Use the following if you have any key value tables for i in sendmailvars tntime do echo $i /usr/lib/nis/nisaddent -d -t $i.org_dir key-value >/var/nis-backup/$i done # get a list of each group and list each member in each group mkdir -p /var/nis-backup/groups.list chmod 700 /var/nis-backup/groups.list for i in `nisls groups_dir | grep -v `:'` do nisgrpadm -l $i >> /var/nis-backup/groups.list/group.members done |
Assume the root role and run the nisscript created in the previous step at ADMIN_LOW
.
For each group, execute the nisgrpadm -l command to list each of its members and save the output for use in Step 7.
$ nisgrpadm -l group_name |
Copy the directory containing the text dump files to a partition that you plan not to overwrite during installation or use tar to copy the files to tape or floppy.
After installation, if you did not save the text dump files in a saved partition, as root at ADMIN_LOW
, create a staging directory for the text file dumps of NIS+ tables and restore the files from tape or floppy.
The screen example illustrates what to do when restoring the text NIS+ files to a /setup/files directory from a tape.
# cd /setup/files # tar xv bootparams ethers . . . |
At the appropriate point in "Configuring the NIS+ Domain" in Trusted Solaris Installation and Configuration, re-create the NIS+ environment.
# nisserver -r -d domain-name. |
Make sure to include the final period (.) in the domain's name.
In the Security Administrator role, at ADMIN_LOW
, after running the nisserver command, run the nispopulate command in a profile shell with the -F and -p options followed by the name of
the directory where the text dump files reside.
$ nispopulate -F -p /setup/files |
Re-create the NIS+ groups and add members manually from the list of group members saved from the nisscript as described in Step 2.
There is no easy way to recreate the NIS+ groups automatically.
In an administrative role, open the System_Admin folder in the Application Manager.
To view the contents of tables or maps, use the actions View Table Contents or View NIS Map. Supply the table or map name when prompted.
To view the attributes of NIS+ tables, use the action View Table Attributes. Supply the table name when prompted.
To add a name service client, use the Create NIS+ Client or Create NIS Client actions.
To manage NIS+ administrative groups, use one of the following actions:
List Administrative Group
Add to NIS+ Administrative Group
Create NIS+ Administrative Group
Delete from NIS+ Administrative Group
Delete NIS+ Administrative Group