System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

The `nsswitch.conf` Template Files

Four switch template files are provided with the Solaris system to accommodate different naming services. Each file provides a different default set of information sources.

The four template files are the following.

LDAP template file. The nsswitch.ldap configuration file specifies the LDAP directory as the primary source of information for the machine.

Note –
In order to use LDAP naming services, you must also properly configure all LDAP client machines, in addition to modifying the nsswitch.conf. See Chapter 12, Setting Up LDAP Clients (Tasks) for more information.
NIS template file. The nsswitch.nis configuration file specifies NIS as the primary source for all information except passwd, group, automount, and aliases. For those four files, the primary source is local /etc files. The secondary source is an NIS map. The [NOTFOUND=return] search criterion instructs the switch to stop searching the NIS maps if the switch gets a “No such entry” message. The switch searches through local files only if the NIS server is unavailable.

Because the search order for passwd and group is files nis, you don't need to place the + entry in the /etc/passwd and /etc/group files.
Files template file. The nsswitch.files configuration file specifies local /etc files as the only source of information for the machine. There is no “files” source for netgroup, so the client does not use that entry in the switch file.

Copy the template file that most closely meets your requirements to the nsswitch.conf configuration file and then modify the file as needed.

For example, to use the LDAP template file, you would type the following command.

mymachine# cp /etc/nsswitch.ldap /etc/nsswitch.conf

The Default Switch Template Files

The following switch files are supplied with the Solaris product.

Example 2–1 NIS Switch File Template

#
# /etc/nsswitch.nis:
#
# An example file that could be copied over to /etc/nsswitch.conf;
# it uses NIS (YP) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet"
# transports.
#
# the following two lines obviate the "+" entry in /etc/passwd
# and /etc/group.
passwd: files nis
group: files nis
# consult /etc "files" only if nis is down. 
hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files	
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis
automount: files nis
aliases: files nis
# for efficient getservbyname() avoid nis
services: files nis
sendmailvars: files

Example 2–2 Files Switch File Template

#
# /etc/nsswitch.files:
#
# An example file that could be copied over to /etc/nsswitch.conf;
# it does not use any naming service.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet"
# transports.
passwd: files
group: files
hosts: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files	
bootparams: files
publickey: files
# At present there isn't a 'files' back end for netgroup;
# the system will figure it out pretty quickly, and will notuse
# netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
sendmailvars: files

Example 2–3 LDAP Switch File Template

#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

# the following two lines obviate the "+" entry in /etc/passwd 
and /etc/group.
passwd:     files ldap
group:      files ldap

hosts:      ldap [NOTFOUND=return] files

networks:   ldap [NOTFOUND=return] files
protocols:  ldap [NOTFOUND=return] files
rpc:        ldap [NOTFOUND=return] files
ethers:     ldap [NOTFOUND=return] files
netmasks:   ldap [NOTFOUND=return] files
bootparams: ldap [NOTFOUND=return] files
publickey:  ldap [NOTFOUND=return] files

netgroup:   ldap

automount:  files ldap
aliases:    files ldap

# for efficient getservbyname() avoid ldap
services:   files ldap
sendmailvars:   files

The `nsswitch.conf` File

The default nsswitch.conf file that is installed with the Solaris software is determined by which naming service you select during the installation process. Each line identifies a particular type of network information, such as host, password, and group, along with the information source, such as NIS maps, the DNS hosts table, or local /etc. When you chose a naming service, the switch template file for that service is copied to create the new nsswitch.conf file. For example, if you choose NIS, the nsswitch.nis file is copied to create a new nsswitch.conf file.

An nsswitch.conf file is automatically loaded into every machine's /etc directory by the Solaris 9 release software, along with the following alternate (template) versions.

/etc/nsswitch.nisplus
/etc/nsswitch.nis
/etc/nsswitch.files
/etc/nsswitch.ldap

These alternate template files contain the default switch configurations used by the NIS services, local files, and LDAP. No default file is provided for DNS, but you can edit any of these files to use DNS. When the Solaris software is first installed on a machine, the installer selects the machine's default naming service. During installation, the corresponding template file is copied to /etc/nsswitch.conf. For example, for a machine client using NIS, the installation process copies nsswitch.nis to nsswitch.conf.

If your network is connected to the Internet and users must access Internet hosts using DNS, you must enable DNS forwarding.

Unless you have an unusual namespace, the default template file as copied to nsswitch.conf should be sufficient for normal operation.